From nobody Fri Jan 13 10:46:09 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NtdPY59Wjz2p5ts; Fri, 13 Jan 2023 10:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NtdPY4jPQz3qjq; Fri, 13 Jan 2023 10:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673606769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=v6OBJ245bZlKmBjYnx6wwhdwXhQ+230GStajQRoGEi8=; b=tGe5mjnpxSzeFN9HUewrycu8gQYuGHkMzJ4yPyPjmqT854aqW+7+7gPczo9SmmAI2HNTcb kMoMU0A3INZEAILMPhGgS9RL4BkeuigL3aDrb+yvlug4NQOh2BpEKDQPYArAT5NeVyP23y FqkGe4o8utHj+w9Ob394wrL440JajY9IQWbMSov1kOqnB9gKuv8RDX2LfJZDa6l23O//Cc 1TGLULv8sWetBGiFIaxcYx+/c0Bb/QZaNtJremdEiX6bvk0P3W11kHhGGXVx+pUDDESJGF M5RiiF6fgelvnNVoJG0F9wZ2XEtT9gPXAPAmjVSheEGpMUTSOckv2l2ZwbY7WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673606769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=v6OBJ245bZlKmBjYnx6wwhdwXhQ+230GStajQRoGEi8=; b=e5Wphuzwf6J94J0vyVpiXxi0RxaiV63sHv+tdGWxaUyEBmlZ47VfAuJAmx76wcUXHhwRQW qxiWJU1b2uhMZslUHJ437l+gW601Z24S9OeYwxBDxsZYh84bsTTjCb1LkDjC/A5n1B3dfY yUW/EavLYCx5MHfw2GaVuH/jnwT3sFaYBKmhuZNhFpWFOGS6Rc4sChjwemsZFNEWRKwcU7 gnTWmBVrcTCjGgwiz9motPmB2YNQf3ieN+Cvn8/4bfucraeOPhyHzrElnamjd+1E45zToD 3RxYklN0lKsTnRcjL2cy1m5pQbg3m5BJ8EURV7cmaaxQ64lJr6nE/WhtFnXuaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673606769; a=rsa-sha256; cv=none; b=vSArzo0RC5BkUcWNaATT/mT0woSUxn8Pts6KUVyhSo0mj1+VeFAtUP3DfcYUXIFGcZ+6NH /JcGbUL2IPhPblimfARpe3U6+NXah4RNUldPZtYzrqqciBZpb/y6ngHYTBni51R9d0Olzd 8mBL6HoRQ7vtpdnxgs50dJvaDC2h6OIk0XR22pQGVQOvMALFDH47aGiedUq5pwPi2dMyeh uq66XNGMkGIvEUfVPP3/v1s5C1SKwr+IXppKMgUHfT6jZkqaFM85QE7EEK8TwNZZ7Lec0o ct4SIXIwigr6KGUb7K3KTeRZA6A4sHglRMRecEHm3OpEsiE2G6i0IW77UB0pGA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NtdPY3psLz14wp; Fri, 13 Jan 2023 10:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30DAk9hJ024375; Fri, 13 Jan 2023 10:46:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30DAk9II024374; Fri, 13 Jan 2023 10:46:09 GMT (envelope-from git) Date: Fri, 13 Jan 2023 10:46:09 GMT Message-Id: <202301131046.30DAk9II024374@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Zhenlei Huang Subject: git: 89ddfbbac84c - main - jail: Fix regression panic from eb8dcdeac22d List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 89ddfbbac84cb923e41782c014dc581352e498a9 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=89ddfbbac84cb923e41782c014dc581352e498a9 commit 89ddfbbac84cb923e41782c014dc581352e498a9 Author: Zhenlei Huang AuthorDate: 2023-01-13 10:15:06 +0000 Commit: Zhenlei Huang CommitDate: 2023-01-13 10:45:14 +0000 jail: Fix regression panic from eb8dcdeac22d And possibly infinite loop calling prison_ip_restrict() in kern_jail_set() [2]. [1] It is possible that prisons do not have any IPv4 or IPv6 addresses. [2] If prison_ip_restrict() is not provided with prison_ip, when it allocates prison_ip successfully, then it should return false to indicate not redo prison_ip_restrict() later. Reviewed by: glebius Approved by: kp (mentor) Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists Differential Revision: https://reviews.freebsd.org/D37906 --- sys/kern/kern_jail.c | 55 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c8ae362c652c..e9fc8ddae144 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -777,7 +777,7 @@ prison_ip_set(struct prison *pr, const pr_family_t af, struct prison_ip *new) /* * Restrict a prison's IP address list with its parent's, possibly replacing - * it. Return true if the replacement buffer was used (or would have been). + * it. Return true if the replacement buffer was used (or should redo). * kern_jail_set() helper. */ static bool @@ -789,7 +789,7 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af, int (*const cmp)(const void *, const void *) = pr_families[af].cmp; const size_t size = pr_families[af].size; uint32_t ips; - bool alloced; + bool alloced, used; mtx_assert(&pr->pr_mtx, MA_OWNED); @@ -800,28 +800,44 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af, * screw up sorting, and in case of IPv6 we can't even atomically write * one. */ - ips = (pr->pr_flags & pr_families[af].ip_flag) ? pip->ips : ppip->ips; - if (ips == 0) { - prison_ip_set(pr, af, NULL); + if (ppip == NULL) { + if (pip != NULL) + prison_ip_set(pr, af, NULL); return (false); } - if (new == NULL) { - new = prison_ip_alloc(af, ips, M_NOWAIT); - if (new == NULL) - return (true); - alloced = true; - } else - alloced = false; + if (!(pr->pr_flags & pr_families[af].ip_flag)) { + if (new == NULL) { + new = prison_ip_alloc(af, ppip->ips, M_NOWAIT); + if (new == NULL) + return (true); /* redo */ + used = false; + } else + used = true; /* This has no user settings, so just copy the parent's list. */ - bcopy(ppip + 1, new + 1, ips * size); - } else { + MPASS(new->ips == ppip->ips); + bcopy(ppip + 1, new + 1, ppip->ips * size); + prison_ip_set(pr, af, new); + return (used); + } else if (pip != NULL) { /* Remove addresses that aren't in the parent. */ int i; i = 0; /* index in pip */ ips = 0; /* index in new */ + used = true; + if (new == NULL) { + new = prison_ip_alloc(af, pip->ips, M_NOWAIT); + if (new == NULL) + return (true); /* redo */ + used = false; + alloced = true; + } else { + used = true; + alloced = false; + } + for (int pi = 0; pi < ppip->ips; pi++) if (cmp(PR_IP(pip, 0), PR_IP(ppip, pi)) == 0) { /* Found our primary address in parent. */ @@ -860,10 +876,17 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af, if (alloced) prison_ip_free(new); new = NULL; + used = false; + } else { + /* Shrink to real size */ + KASSERT((new->ips >= ips), + ("Out-of-bounds write to prison_ip %p", new)); + new->ips = ips; } + prison_ip_set(pr, af, new); + return (used); } - prison_ip_set(pr, af, new); - return (new != NULL ? true : false); + return (false); } /*