MFC jail: Add PD_KILL to remove a prison in prison_deref().
Add the PD_KILL flag that instructs prison_deref() to take steps
to actively kill a prison and its descendents, namely marking it
PRISON_STATE_DYING, clearing its PR_PERSIST flag, and killing any
attached processes.
This replaces a similar loop in sys_jail_remove(), bringing the
operation under the same single hold on allprison_lock that it already
has. It is also used to clean up failed jail (re-)creations in
kern_jail_set(), which didn't generally take all the proper steps.
Differential Revision: https://reviews.freebsd.org/D28473
(cherry picked from commit 811e27fa3c445664e36071a7d08228fc7fb85676)
MFC jail: back out 811e27fa3c44 until it doesn't break Jenkins
Reported by: arichardson
(cherry picked from commit ddfffb41a22d4798a036fe2d30e59694ba7cdad3)
MFC jail: re-commit 811e27fa3c44 with fixes
Make sure PD_KILL isn't passed to do_jail_attach, where it might end
up trying to kill the caller's prison (even prison0).
Fix the child jail loop in prison_deref_kill, which was doing the
post-order part during the pre-order part. That's not a system-
killer, but make jails not always die correctly.
(cherry picked from commit c861373bdff90d8167a0d998899ca718ccdb541b)
MFC jail: Add safety around prison_deref() flags.
do_jail_attach() now only uses the PD_XXX flags that refer to lock
status, so make sure that something else like PD_KILL doesn't slip
through.
Add a KASSERT() in prison_deref() to catch any further PD_KILL misuse.
(cherry picked from commit 589e4c1df4a6e4b1368f26fc7fef704a2e5cb42c)