Index: head/sys/kern/kern_osd.c =================================================================== --- head/sys/kern/kern_osd.c (revision 191805) +++ head/sys/kern/kern_osd.c (revision 191806) @@ -1,402 +1,403 @@ /*- * Copyright (c) 2007 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include +#include #include #include #include #include #include #include #include #include /* OSD (Object Specific Data) */ static MALLOC_DEFINE(M_OSD, "osd", "Object Specific Data"); static int osd_debug = 0; TUNABLE_INT("debug.osd", &osd_debug); SYSCTL_INT(_debug, OID_AUTO, osd, CTLFLAG_RW, &osd_debug, 0, "OSD debug level"); #define OSD_DEBUG(...) do { \ if (osd_debug) { \ printf("OSD (%s:%u): ", __func__, __LINE__); \ printf(__VA_ARGS__); \ printf("\n"); \ } \ } while (0) static void do_osd_del(u_int type, struct osd *osd, u_int slot, int list_locked); /* * Lists of objects with OSD. * * Lock key: * (m) osd_module_lock * (o) osd_object_lock * (l) osd_list_lock */ static LIST_HEAD(, osd) osd_list[OSD_LAST + 1]; /* (m) */ static osd_method_t *osd_methods[OSD_LAST + 1]; /* (m) */ static u_int osd_nslots[OSD_LAST + 1]; /* (m) */ static osd_destructor_t *osd_destructors[OSD_LAST + 1]; /* (o) */ static const u_int osd_nmethods[OSD_LAST + 1] = { - [OSD_JAIL] = 5, + [OSD_JAIL] = PR_MAXMETHOD, }; static struct sx osd_module_lock[OSD_LAST + 1]; static struct rmlock osd_object_lock[OSD_LAST + 1]; static struct mtx osd_list_lock[OSD_LAST + 1]; static void osd_default_destructor(void *value __unused) { /* Do nothing. */ } int osd_register(u_int type, osd_destructor_t destructor, osd_method_t *methods) { void *newptr; u_int i, m; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); /* * If no destructor is given, use default one. We need to use some * destructor, because NULL destructor means unused slot. */ if (destructor == NULL) destructor = osd_default_destructor; sx_xlock(&osd_module_lock[type]); /* * First, we try to find unused slot. */ for (i = 0; i < osd_nslots[type]; i++) { if (osd_destructors[type][i] == NULL) { OSD_DEBUG("Unused slot found (type=%u, slot=%u).", type, i); break; } } /* * If no unused slot was found, allocate one. */ if (i == osd_nslots[type]) { osd_nslots[type]++; if (osd_nmethods[type] != 0) osd_methods[type] = realloc(osd_methods[type], sizeof(osd_method_t) * osd_nslots[type] * osd_nmethods[type], M_OSD, M_WAITOK); newptr = malloc(sizeof(osd_destructor_t) * osd_nslots[type], M_OSD, M_WAITOK); rm_wlock(&osd_object_lock[type]); bcopy(osd_destructors[type], newptr, sizeof(osd_destructor_t) * i); free(osd_destructors[type], M_OSD); osd_destructors[type] = newptr; rm_wunlock(&osd_object_lock[type]); OSD_DEBUG("New slot allocated (type=%u, slot=%u).", type, i + 1); } osd_destructors[type][i] = destructor; if (osd_nmethods[type] != 0) { for (m = 0; m < osd_nmethods[type]; m++) osd_methods[type][i * osd_nmethods[type] + m] = methods != NULL ? methods[m] : NULL; } sx_xunlock(&osd_module_lock[type]); return (i + 1); } void osd_deregister(u_int type, u_int slot) { struct osd *osd, *tosd; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); KASSERT(slot > 0, ("Invalid slot.")); KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot.")); sx_xlock(&osd_module_lock[type]); rm_wlock(&osd_object_lock[type]); /* * Free all OSD for the given slot. */ mtx_lock(&osd_list_lock[type]); LIST_FOREACH_SAFE(osd, &osd_list[type], osd_next, tosd) do_osd_del(type, osd, slot, 1); mtx_unlock(&osd_list_lock[type]); /* * Set destructor to NULL to free the slot. */ osd_destructors[type][slot - 1] = NULL; if (slot == osd_nslots[type]) { osd_nslots[type]--; osd_destructors[type] = realloc(osd_destructors[type], sizeof(osd_destructor_t) * osd_nslots[type], M_OSD, M_NOWAIT | M_ZERO); if (osd_nmethods[type] != 0) osd_methods[type] = realloc(osd_methods[type], sizeof(osd_method_t) * osd_nslots[type] * osd_nmethods[type], M_OSD, M_NOWAIT | M_ZERO); /* * We always reallocate to smaller size, so we assume it will * always succeed. */ KASSERT(osd_destructors[type] != NULL && (osd_nmethods[type] == 0 || osd_methods[type] != NULL), ("realloc() failed")); OSD_DEBUG("Deregistration of the last slot (type=%u, slot=%u).", type, slot); } else { OSD_DEBUG("Slot deregistration (type=%u, slot=%u).", type, slot); } rm_wunlock(&osd_object_lock[type]); sx_xunlock(&osd_module_lock[type]); } int osd_set(u_int type, struct osd *osd, u_int slot, void *value) { struct rm_priotracker tracker; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); KASSERT(slot > 0, ("Invalid slot.")); KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot.")); rm_rlock(&osd_object_lock[type], &tracker); if (slot > osd->osd_nslots) { if (value == NULL) { OSD_DEBUG( "Not allocating null slot (type=%u, slot=%u).", type, slot); rm_runlock(&osd_object_lock[type], &tracker); return (0); } else if (osd->osd_nslots == 0) { /* * First OSD for this object, so we need to allocate * space and put it onto the list. */ osd->osd_slots = malloc(sizeof(void *) * slot, M_OSD, M_NOWAIT | M_ZERO); if (osd->osd_slots == NULL) { rm_runlock(&osd_object_lock[type], &tracker); return (ENOMEM); } osd->osd_nslots = slot; mtx_lock(&osd_list_lock[type]); LIST_INSERT_HEAD(&osd_list[type], osd, osd_next); mtx_unlock(&osd_list_lock[type]); OSD_DEBUG("Setting first slot (type=%u).", type); } else { void *newptr; /* * Too few slots allocated here, needs to extend * the array. */ newptr = realloc(osd->osd_slots, sizeof(void *) * slot, M_OSD, M_NOWAIT | M_ZERO); if (newptr == NULL) { rm_runlock(&osd_object_lock[type], &tracker); return (ENOMEM); } osd->osd_slots = newptr; osd->osd_nslots = slot; OSD_DEBUG("Growing slots array (type=%u).", type); } } OSD_DEBUG("Setting slot value (type=%u, slot=%u, value=%p).", type, slot, value); osd->osd_slots[slot - 1] = value; rm_runlock(&osd_object_lock[type], &tracker); return (0); } void * osd_get(u_int type, struct osd *osd, u_int slot) { struct rm_priotracker tracker; void *value; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); KASSERT(slot > 0, ("Invalid slot.")); KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot.")); rm_rlock(&osd_object_lock[type], &tracker); if (slot > osd->osd_nslots) { value = NULL; OSD_DEBUG("Slot doesn't exist (type=%u, slot=%u).", type, slot); } else { value = osd->osd_slots[slot - 1]; OSD_DEBUG("Returning slot value (type=%u, slot=%u, value=%p).", type, slot, value); } rm_runlock(&osd_object_lock[type], &tracker); return (value); } void osd_del(u_int type, struct osd *osd, u_int slot) { struct rm_priotracker tracker; rm_rlock(&osd_object_lock[type], &tracker); do_osd_del(type, osd, slot, 0); rm_runlock(&osd_object_lock[type], &tracker); } static void do_osd_del(u_int type, struct osd *osd, u_int slot, int list_locked) { int i; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); KASSERT(slot > 0, ("Invalid slot.")); KASSERT(osd_destructors[type][slot - 1] != NULL, ("Unused slot.")); OSD_DEBUG("Deleting slot (type=%u, slot=%u).", type, slot); if (slot > osd->osd_nslots) { OSD_DEBUG("Slot doesn't exist (type=%u, slot=%u).", type, slot); return; } if (osd->osd_slots[slot - 1] != NULL) { osd_destructors[type][slot - 1](osd->osd_slots[slot - 1]); osd->osd_slots[slot - 1] = NULL; } for (i = osd->osd_nslots - 1; i >= 0; i--) { if (osd->osd_slots[i] != NULL) { OSD_DEBUG("Slot still has a value (type=%u, slot=%u).", type, i + 1); break; } } if (i == -1) { /* No values left for this object. */ OSD_DEBUG("No more slots left (type=%u).", type); if (!list_locked) mtx_lock(&osd_list_lock[type]); LIST_REMOVE(osd, osd_next); if (!list_locked) mtx_unlock(&osd_list_lock[type]); free(osd->osd_slots, M_OSD); osd->osd_slots = NULL; osd->osd_nslots = 0; } else if (slot == osd->osd_nslots) { /* This was the last slot. */ osd->osd_slots = realloc(osd->osd_slots, sizeof(void *) * (i + 1), M_OSD, M_NOWAIT | M_ZERO); /* * We always reallocate to smaller size, so we assume it will * always succeed. */ KASSERT(osd->osd_slots != NULL, ("realloc() failed")); osd->osd_nslots = i + 1; OSD_DEBUG("Reducing slots array to %u (type=%u).", osd->osd_nslots, type); } } int osd_call(u_int type, u_int method, void *obj, void *data) { osd_method_t methodfun; int error, i; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); KASSERT(method < osd_nmethods[type], ("Invalid method.")); /* * Call this method for every slot that defines it, stopping if an * error is encountered. */ error = 0; sx_slock(&osd_module_lock[type]); for (i = 0; i < osd_nslots[type]; i++) { methodfun = osd_methods[type][i * osd_nmethods[type] + method]; if (methodfun != NULL && (error = methodfun(obj, data)) != 0) break; } sx_sunlock(&osd_module_lock[type]); return (error); } void osd_exit(u_int type, struct osd *osd) { struct rm_priotracker tracker; u_int i; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); if (osd->osd_nslots == 0) { KASSERT(osd->osd_slots == NULL, ("Non-null osd_slots.")); /* No OSD attached, just leave. */ return; } rm_rlock(&osd_object_lock[type], &tracker); for (i = 1; i <= osd->osd_nslots; i++) { if (osd_destructors[type][i - 1] != NULL) do_osd_del(type, osd, i, 0); else OSD_DEBUG("Unused slot (type=%u, slot=%u).", type, i); } rm_runlock(&osd_object_lock[type], &tracker); OSD_DEBUG("Object exit (type=%u).", type); } static void osd_init(void *arg __unused) { u_int i; for (i = OSD_FIRST; i <= OSD_LAST; i++) { osd_nslots[i] = 0; LIST_INIT(&osd_list[i]); sx_init(&osd_module_lock[i], "osd_module"); rm_init(&osd_object_lock[i], "osd_object", 0); mtx_init(&osd_list_lock[i], "osd_list", NULL, MTX_DEF); osd_destructors[i] = NULL; osd_methods[i] = NULL; } } SYSINIT(osd, SI_SUB_LOCK, SI_ORDER_ANY, osd_init, NULL); Index: head/sys/sys/jail.h =================================================================== --- head/sys/sys/jail.h (revision 191805) +++ head/sys/sys/jail.h (revision 191806) @@ -1,265 +1,266 @@ /*- * Copyright (c) 1999 Poul-Henning Kamp. * Copyright (c) 2009 James Gritton. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ #ifdef _KERNEL struct jail_v0 { u_int32_t version; char *path; char *hostname; u_int32_t ip_number; }; #endif struct jail { uint32_t version; char *path; char *hostname; char *jailname; uint32_t ip4s; uint32_t ip6s; struct in_addr *ip4; struct in6_addr *ip6; }; #define JAIL_API_VERSION 2 /* * For all xprison structs, always keep the pr_version an int and * the first variable so userspace can easily distinguish them. */ #ifndef _KERNEL struct xprison_v1 { int pr_version; int pr_id; char pr_path[MAXPATHLEN]; char pr_host[MAXHOSTNAMELEN]; u_int32_t pr_ip; }; #endif struct xprison { int pr_version; int pr_id; int pr_state; cpusetid_t pr_cpusetid; char pr_path[MAXPATHLEN]; char pr_host[MAXHOSTNAMELEN]; char pr_name[MAXHOSTNAMELEN]; uint32_t pr_ip4s; uint32_t pr_ip6s; #if 0 /* * sizeof(xprison) will be malloced + size needed for all * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. */ struct in_addr pr_ip4[]; struct in6_addr pr_ip6[]; #endif }; #define XPRISON_VERSION 3 static const struct prison_state { int pr_state; const char * state_name; } prison_states[] = { #define PRISON_STATE_INVALID 0 { PRISON_STATE_INVALID, "INVALID" }, #define PRISON_STATE_ALIVE 1 { PRISON_STATE_ALIVE, "ALIVE" }, #define PRISON_STATE_DYING 2 { PRISON_STATE_DYING, "DYING" }, }; /* * Flags for jail_set and jail_get. */ #define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ #define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ #define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ #define JAIL_DYING 0x08 /* Allow getting a dying jail */ #define JAIL_SET_MASK 0x0f #define JAIL_GET_MASK 0x08 #ifndef _KERNEL struct iovec; int jail(struct jail *); int jail_set(struct iovec *, unsigned int, int); int jail_get(struct iovec *, unsigned int, int); int jail_attach(int); int jail_remove(int); #else /* _KERNEL */ #include #include #include #include #include #define JAIL_MAX 999999 #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_PRISON); #endif #endif /* _KERNEL */ #if defined(_KERNEL) || defined(_WANT_PRISON) #include struct cpuset; /* * This structure describes a prison. It is pointed to by all struct * ucreds's of the inmates. pr_ref keeps track of them and is used to * delete the struture when the last inmate is dead. * * Lock key: * (a) allprison_lock * (p) locked by pr_mtx * (c) set only during creation before the structure is shared, no mutex * required to read * (d) set only during destruction of jail, no mutex needed */ struct prison { TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ int pr_id; /* (c) prison id */ int pr_ref; /* (p) refcount */ int pr_uref; /* (p) user (alive) refcount */ unsigned pr_flags; /* (p) PR_* flags */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ struct cpuset *pr_cpuset; /* (p) cpuset */ struct vnode *pr_root; /* (c) vnode to rdir */ char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ void *pr_linux; /* (p) linux abi */ int pr_securelevel; /* (p) securelevel */ struct task pr_task; /* (d) destroy task */ struct mtx pr_mtx; struct osd pr_osd; /* (p) additional data */ int pr_ip4s; /* (p) number of v4 IPs */ struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ int pr_ip6s; /* (p) number of v6 IPs */ struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ }; #endif /* _KERNEL || _WANT_PRISON */ #ifdef _KERNEL /* * Flag bits set via options or internally */ #define PR_PERSIST 0x00000001 /* Can exist without processes */ #define PR_REMOVE 0x01000000 /* In process of being removed */ /* * OSD methods */ #define PR_METHOD_CREATE 0 #define PR_METHOD_GET 1 #define PR_METHOD_SET 2 #define PR_METHOD_CHECK 3 #define PR_METHOD_ATTACH 4 +#define PR_MAXMETHOD 5 /* * Sysctl-set variables that determine global jail policy * * XXX MIB entries will need to be protected by a mutex. */ extern int jail_set_hostname_allowed; extern int jail_socket_unixiproute_only; extern int jail_sysvipc_allowed; extern int jail_getfsstat_jailrootonly; extern int jail_allow_raw_sockets; extern int jail_chflags_allowed; TAILQ_HEAD(prisonlist, prison); extern struct prisonlist allprison; extern struct sx allprison_lock; /* * Sysctls to describe jail parameters. */ SYSCTL_DECL(_security_jail_param); #define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ sysctl_jail_param, "A", descr) #define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_NODE(module, descr) \ SYSCTL_NODE(_security_jail_param, OID_AUTO, module, CTLFLAG_RW, 0, descr) /* * Kernel support functions for jail(). */ struct ucred; struct mount; struct sockaddr; struct statfs; int jailed(struct ucred *cred); void getcredhostname(struct ucred *cred, char *, size_t); int prison_check(struct ucred *cred1, struct ucred *cred2); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp); struct prison *prison_find(int prid); struct prison *prison_find_name(const char *name); void prison_free(struct prison *pr); void prison_free_locked(struct prison *pr); void prison_hold(struct prison *pr); void prison_hold_locked(struct prison *pr); void prison_proc_hold(struct prison *); void prison_proc_free(struct prison *); int prison_get_ip4(struct ucred *cred, struct in_addr *ia); int prison_local_ip4(struct ucred *cred, struct in_addr *ia); int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); int prison_check_ip4(struct ucred *cred, struct in_addr *ia); #ifdef INET6 int prison_get_ip6(struct ucred *, struct in6_addr *); int prison_local_ip6(struct ucred *, struct in6_addr *, int); int prison_remote_ip6(struct ucred *, struct in6_addr *); int prison_check_ip6(struct ucred *, struct in6_addr *); #endif int prison_check_af(struct ucred *cred, int af); int prison_if(struct ucred *cred, struct sockaddr *sa); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(struct sysctl_oid *, void *, int , struct sysctl_req *); #endif /* _KERNEL */ #endif /* !_SYS_JAIL_H_ */