jail: Avoid multipurpose return value of function prison_ip_restrict()
ClosedPublic
Actions

Authored by zlei on Dec 31 2022, 7:58 AM.

Details

Reviewers

glebius
jamie
melifaro
kp

Commits

rG8bce8d28abe6: jail: Avoid multipurpose return value of function prison_ip_restrict()

Summary

Currently function prison_ip_restrict() returns true if the replacement buffer was used, or no buffer provided and allocation fails and should redo. The logic is confusion and cause possibly infinite loop from eb8dcdeac22d .

No functional change intended.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

zlei created this revision.Dec 31 2022, 7:58 AM

Herald added a subscriber: imp. · View Herald TranscriptDec 31 2022, 7:58 AM

zlei requested review of this revision.Dec 31 2022, 7:58 AM

zlei added a parent revision: D37906: jail: Fix regression panic from eb8dcdeac22d.

It took me longer to remember what I had done in the first place than it did to understand the new logic. I like this.

This revision is now accepted and ready to land.Dec 31 2022, 8:04 PM

Approved by: kp (mentor)

zlei mentioned this in D37906: jail: Fix regression panic from eb8dcdeac22d.Jan 1 2023, 1:56 PM

zlei retitled this revision from jail: Avoid multiple purpose return value of function prison_ip_restrict() to jail: Avoid multipurpose return value of function prison_ip_restrict().Jan 9 2023, 7:15 AM

zlei edited the summary of this revision. (Show Details)

glebius added inline comments.Jan 9 2023, 8:46 PM

sys/kern/kern_jail.c
2050–2051	Type of redo_ip4 can be changed to bool and this expression reduced to: redo_ip4 = !prison_ip_restrict(tpr, PR_INET, &ip4); Same applies to redo_ip6.

glebius accepted this revision.Jan 9 2023, 8:49 PM

I'm planning to do this on stable branches.

@glebius
Do you have any plans to MFC eb8dcdeac22d (and related fixes)?
If no I'd prefer commit this separately (from D37906) so it is easy to track and review.