D24383.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D24383.diff
View Options

	Index: head/sys/kern/kern_jail.c
	===================================================================
	--- head/sys/kern/kern_jail.c
	+++ head/sys/kern/kern_jail.c
	@@ -2920,6 +2920,15 @@
	mtx_unlock(&cred->cr_prison->pr_mtx);
	}

	+void
	+getjailname(struct ucred cred, char name, size_t len)
	+{
	+
	+ mtx_lock(&cred->cr_prison->pr_mtx);
	+ strlcpy(name, cred->cr_prison->pr_name, len);
	+ mtx_unlock(&cred->cr_prison->pr_mtx);
	+}
	+
	#ifdef VIMAGE
	/*
	* Determine whether the prison represented by cred owns
	Index: head/sys/net/if_ethersubr.c
	===================================================================
	--- head/sys/net/if_ethersubr.c
	+++ head/sys/net/if_ethersubr.c
	@@ -1419,27 +1419,39 @@

	/*
	* Allocate an address from the FreeBSD Foundation OUI. This uses a
	- * cryptographic hash function on the containing jail's UUID and the interface
	- * name to attempt to provide a unique but stable address. Pseudo-interfaces
	- * which require a MAC address should use this function to allocate
	- * non-locally-administered addresses.
	+ * cryptographic hash function on the containing jail's name, UUID and the
	+ * interface name to attempt to provide a unique but stable address.
	+ * Pseudo-interfaces which require a MAC address should use this function to
	+ * allocate non-locally-administered addresses.
	*/
	void
	ether_gen_addr(struct ifnet ifp, struct ether_addr hwaddr)
	{
	-#define ETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2
	SHA1_CTX ctx;
	- char buf[ETHER_GEN_ADDR_BUFSIZ];
	+ char *buf;
	char uuid[HOSTUUIDLEN + 1];
	uint64_t addr;
	int i, sz;
	char digest[SHA1_RESULTLEN];
	+ char jailname[MAXHOSTNAMELEN];

	getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
	- sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname);
	+ /* If each (vnet) jail would also have a unique hostuuid this would not
	+ * be necessary. */
	+ getjailname(curthread->td_ucred, jailname, sizeof(jailname));
	+ sz = asprintf(&buf, M_TEMP, "%s-%s-%s", uuid, if_name(ifp),
	+ jailname);
	+ if (sz < 0) {
	+ /* Fall back to a random mac address. */
	+ arc4rand(hwaddr, sizeof(*hwaddr), 0);
	+ hwaddr->octet[0] = 0x02;
	+ return;
	+ }
	+
	SHA1Init(&ctx);
	SHA1Update(&ctx, buf, sz);
	SHA1Final(digest, &ctx);
	+ free(buf, M_TEMP);

	addr = ((digest[0] << 16) \| (digest[1] << 8) \| digest[2]) &
	OUI_FREEBSD_GENERATED_MASK;
	Index: head/sys/sys/jail.h
	===================================================================
	--- head/sys/sys/jail.h
	+++ head/sys/sys/jail.h
	@@ -382,6 +382,7 @@
	void getcreddomainname(struct ucred , char , size_t);
	void getcredhostuuid(struct ucred , char , size_t);
	void getcredhostid(struct ucred , unsigned long );
	+void getjailname(struct ucred cred, char name, size_t len);
	void prison0_init(void);
	int prison_allow(struct ucred *, unsigned);
	int prison_check(struct ucred cred1, struct ucred cred2);

File Metadata

Mime Type: text/plain
Expires: Fri, Jan 23, 11:22 PM (14 h, 33 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27891463
Default Alt Text: D24383.diff (2 KB)

D24383.diffNo OneTemporaryActions

D24383.diffView Options

File Metadata

Event Timeline

D24383.diff
No OneTemporary
Actions

D24383.diff
View Options