Page MenuHomeFreeBSD

jail: Avoid multipurpose return value of function prison_ip_restrict()
ClosedPublic

Authored by zlei on Dec 31 2022, 7:58 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 2, 1:36 AM
Unknown Object (File)
Mon, Dec 2, 1:36 AM
Unknown Object (File)
Mon, Dec 2, 1:36 AM
Unknown Object (File)
Mon, Dec 2, 1:15 AM
Unknown Object (File)
Nov 18 2024, 12:18 PM
Unknown Object (File)
Oct 10 2024, 6:31 AM
Unknown Object (File)
Oct 6 2024, 7:20 AM
Unknown Object (File)
Oct 6 2024, 6:47 AM
Subscribers

Details

Summary

Currently function prison_ip_restrict() returns true if the replacement buffer was used, or no buffer provided and allocation fails and should redo. The logic is confusion and cause possibly infinite loop from eb8dcdeac22d .

No functional change intended.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

It took me longer to remember what I had done in the first place than it did to understand the new logic. I like this.

This revision is now accepted and ready to land.Dec 31 2022, 8:04 PM
zlei retitled this revision from jail: Avoid multiple purpose return value of function prison_ip_restrict() to jail: Avoid multipurpose return value of function prison_ip_restrict().Jan 9 2023, 7:15 AM
zlei edited the summary of this revision. (Show Details)
sys/kern/kern_jail.c
2050–2051

Type of redo_ip4 can be changed to bool and this expression reduced to:

redo_ip4 = !prison_ip_restrict(tpr, PR_INET, &ip4);

Same applies to redo_ip6.

I'm planning to do this on stable branches.

@glebius
Do you have any plans to MFC eb8dcdeac22d (and related fixes)?
If no I'd prefer commit this separately (from D37906) so it is easy to track and review.

sys/kern/kern_jail.c
2050–2051

Good catch!