Page MenuHomeFreeBSD
Files F160307590

D57674.id180083.diff
No OneTemporary
Actions

D57674.id180083.diff
View Options

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -2300,7 +2300,10 @@
pr->pr_state = PRISON_STATE_ALIVE;
}
- /* Attach this process to the prison if requested. */
+ /*
+ * Attach this process to the prison if requested. This will
+ * unlock allprison_lock, meaning changes are now user-visible.
+ */
if (flags & JAIL_ATTACH) {
#ifdef MAC
error = mac_prison_check_attach(td->td_ucred, pr);
@@ -2310,8 +2313,7 @@
goto done_deref;
}
#endif
- error = do_jail_attach(td, pr,
- prison_lock_xlock(pr, drflags & PD_LOCK_FLAGS));
+ error = do_jail_attach(td, pr, drflags);
drflags &= ~(PD_LOCKED | PD_LIST_XLOCKED);
if (error) {
vfs_opterror(opts, "attach failed");
@@ -3105,7 +3107,7 @@
drflags = PD_LIST_SLOCKED;
error = jaildesc_find(td, uap->fd, &pr, &jdcred);
if (error)
- goto fail;
+ goto done;
drflags |= PD_DEREF;
error = priv_check_cred(jdcred, PRIV_JAIL_ATTACH);
#ifdef MAC
@@ -3114,23 +3116,30 @@
#endif
crfree(jdcred);
if (error)
- goto fail;
+ goto done;
mtx_lock(&pr->pr_mtx);
drflags |= PD_LOCKED;
/* Do not allow a process to attach to a prison that is not alive. */
if (!prison_isalive(pr)) {
error = EINVAL;
- goto fail;
+ goto done;
}
- return (do_jail_attach(td, pr, drflags));
+ error = do_jail_attach(td, pr, drflags);
+ drflags &= ~(PD_LOCKED | PD_LIST_SLOCKED);
- fail:
+ done:
prison_deref(pr, drflags);
return (error);
}
+/*
+ * Attach the current process to a prison. On entry, the allprison
+ * lock should be at least shared, and the prison should either be
+ * locked or held. On exit, both locks will be released. Return zero
+ * on success.
+ */
static int
do_jail_attach(struct thread *td, struct prison *pr, int drflags)
{
@@ -3138,8 +3147,8 @@
struct ucred *newcred, *oldcred;
int error;
- mtx_assert(&pr->pr_mtx, MA_OWNED);
sx_assert(&allprison_lock, SX_LOCKED);
+ KASSERT(prison_isvalid(pr), ("Attaching to invalid prison %p", pr));
drflags &= PD_LOCK_FLAGS;
/*
* XXX: Note that there is a slight race here if two threads
@@ -3149,14 +3158,14 @@
* a process root from one prison, but attached to the jail
* of another.
*/
- if (!(drflags & PD_DEREF)) {
+ if (drflags & PD_LOCKED) {
prison_hold(pr);
drflags |= PD_DEREF;
+ mtx_unlock(&pr->pr_mtx);
+ drflags &= ~PD_LOCKED;
}
refcount_acquire(&pr->pr_uref);
drflags |= PD_DEUREF;
- mtx_unlock(&pr->pr_mtx);
- drflags &= ~PD_LOCKED;
/* Let modules do whatever they need to prepare for attaching. */
error = osd_jail_call(pr, PR_METHOD_ATTACH, td);

File Metadata

Mime Type
text/plain
Expires
Wed, Jun 24, 2:47 AM (3 h, 22 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34124485
Default Alt Text
D57674.id180083.diff (2 KB)

Event Timeline