From nobody Sat Feb 04 22:41:01 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P8SDF5XKGz3kVDL; Sat, 4 Feb 2023 22:41:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P8SDF55lBz3vNL; Sat, 4 Feb 2023 22:41:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675550461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3mLivc6qSd0frl8WO7O5M9MPHL3oglnRiMRAQWiMH0M=; b=jlSOypxLDHQv01af68//7IM4S4Ng57CeKbYr98fceILnzDn/wNAbijgTuDezJPUtvPnMBg f3LRTAN1kMt4tlxZxUI7t/f1L0lTUwCxUS80By0kWVgyM+0CpmqQuiimruN3SjEhQPsvk9 xDJcM99hZWjDNJvKOys1BmlEDgswNJ8edSmB9KiQfbgRBoB60Urefe6ZlLO5ReFwEbIf5y 0POKG1rDAKnAsYX/DgxkQrEuZf9lyb5vk9u11YTsSKT90qaX2JCVPWvgG2d9E8+PMS1P4Z /AAv+IJvb1Zyp4w8xCIIEjCUVPMBms9xfPCJYkS5iuCc1Co3cokvMn0JSzAMDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675550461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3mLivc6qSd0frl8WO7O5M9MPHL3oglnRiMRAQWiMH0M=; b=Mya/iGTbWph7YCvdyd9TAzo/t4JmEUdO61h6SVNPGKXnK22RAQAY4otwXimvMen1aud3fQ uLC2WZOn1FcNXzwH6/ZsOpJrzF3k6Jl3FNyqKFs9oklHwQwibZynXRgHWeejhlh3McZefS 23Vo+ucM3MvCDt0MHux2NpqdkBEmDRebH6dQY47LARqQMgwUAeuDLnSTAh3r+aYk1MopRl J+jtiwC1s9e5DbupH8Ym7ymt/+1chikBN8JIBzZVMqqbWsvn1JljjXNu/TCbm1OPYprLNH 5e9ppjg5AKjV0lvfr6RU5pW/CfXOgCEg7wtFt76MiB58ta8yzze42uwdgvHYwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675550461; a=rsa-sha256; cv=none; b=gWotxQ1lSgu7mFkpRBHqs00ohAovqUOEPIlNn2vBnEwIVW9fyZiJjwWuK1tr6CHDs7uG/k B247JfFz3KnCK3lfb0HdSb7WjkekPNkd2Ve2oxn5dQG4T0DhUd6iZb1BC95K+PyvQwhw7P PsHG5D2k+PIHBYuk5R/awFYZsG43niR2KZzannv3CPClYXBVqcoaRHSPS25TcfQcLvAMdg Ubmr+pfY7eWSqlXDdrtNoT5en9P4tiSTfM2WCDa9Ad8dqlKSEDiMj2hNNw78qw+xQCrVt7 vTpX5Z5qqdedA1kHJh1KaJOXoLNlPbiv3nVAQ6BFV30QnSk23+pTibC6BZWqHw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P8SDF48fLzX6l; Sat, 4 Feb 2023 22:41:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 314Mf18v055472; Sat, 4 Feb 2023 22:41:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 314Mf1Zg055471; Sat, 4 Feb 2023 22:41:01 GMT (envelope-from git) Date: Sat, 4 Feb 2023 22:41:01 GMT Message-Id: <202302042241.314Mf1Zg055471@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: d94e0bdc1498 - main - Revert "vfs_export: Add checks for correct prison when updating exports" List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d94e0bdc1498fa95d1de0b54dfa9af0d73c0fb21 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=d94e0bdc1498fa95d1de0b54dfa9af0d73c0fb21 commit d94e0bdc1498fa95d1de0b54dfa9af0d73c0fb21 Author: Rick Macklem AuthorDate: 2023-02-04 22:38:32 +0000 Commit: Rick Macklem CommitDate: 2023-02-04 22:38:32 +0000 Revert "vfs_export: Add checks for correct prison when updating exports" This reverts commit 7926a01ed7ae7cefd81ef4cc2142c35b84d81913. A new patch in D38371 is being considered for doing this. --- sys/kern/kern_jail.c | 32 ------------------------------- sys/kern/vfs_export.c | 53 +++++---------------------------------------------- sys/sys/jail.h | 2 -- sys/sys/mount.h | 5 +---- 4 files changed, 6 insertions(+), 86 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 293dd53d65c9..4c1e3ff40c58 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -118,7 +118,6 @@ struct prison prison0 = { .pr_flags = PR_HOST|_PR_IP_SADDRSEL, #endif .pr_allow = PR_ALLOW_ALL_STATIC, - .pr_permid = 1, }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); @@ -989,7 +988,6 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) uint64_t pr_allow_diff; unsigned tallow; char numbuf[12]; - static uint64_t init_permid = 2; error = priv_check(td, PRIV_JAIL_SET); if (!error && (flags & JAIL_ATTACH)) @@ -1619,7 +1617,6 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) TASK_INIT(&pr->pr_task, 0, prison_complete, pr); pr->pr_id = jid; - pr->pr_permid = init_permid++; if (inspr != NULL) TAILQ_INSERT_BEFORE(inspr, pr, pr_list); else @@ -3538,35 +3535,6 @@ prison_isalive(const struct prison *pr) return (true); } -/* - * Return true if the prison is currently alive. Identified by pr_permid. - */ -bool -prison_isalive_permid(const uint64_t prison_permid) -{ - struct prison *pr; - bool alive; - - /* - * permid == 0 --> never assigned to a prison - * permid == 1 --> assigned to prison0, always alive - */ - if (prison_permid == 0) - return (false); - else if (prison_permid == 1) - return (true); - sx_slock(&allprison_lock); - TAILQ_FOREACH(pr, &allprison, pr_list) { - if (pr->pr_permid == prison_permid) { - alive = prison_isalive(pr); - sx_unlock(&allprison_lock); - return (alive); - } - } - sx_unlock(&allprison_lock); - return (false); -} - /* * Return true if the prison is currently valid. A prison is valid if it has * been fully created, and is not being destroyed. Note that dying prisons diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c index 024adfe152d6..024011de4c89 100644 --- a/sys/kern/vfs_export.c +++ b/sys/kern/vfs_export.c @@ -52,7 +52,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -71,6 +70,7 @@ static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); static struct radix_node_head *vfs_create_addrlist_af( struct radix_node_head **prnh, int off); #endif +static void vfs_free_addrlist(struct netexport *nep); static int vfs_free_netcred(struct radix_node *rn, void *w); static void vfs_free_addrlist_af(struct radix_node_head **prnh); static int vfs_hang_addrlist(struct mount *mp, struct netexport *nep, @@ -274,7 +274,7 @@ vfs_free_addrlist_af(struct radix_node_head **prnh) /* * Free the net address hash lists that are hanging off the mount points. */ -void +static void vfs_free_addrlist(struct netexport *nep) { struct ucred *cred; @@ -285,10 +285,8 @@ vfs_free_addrlist(struct netexport *nep) vfs_free_addrlist_af(&nep->ne6); cred = nep->ne_defexported.netc_anon; - if (cred != NULL) { + if (cred != NULL) crfree(cred); - nep->ne_defexported.netc_anon = NULL; - } } @@ -303,8 +301,6 @@ vfs_export(struct mount *mp, struct export_args *argp) { struct netexport *nep; int error; - uint64_t jail_permid; - bool new_nep, prison_alive; if ((argp->ex_flags & (MNT_DELEXPORT | MNT_EXPORTED)) == 0) return (EINVAL); @@ -315,29 +311,13 @@ vfs_export(struct mount *mp, struct export_args *argp) return (EINVAL); error = 0; - jail_permid = curthread->td_ucred->cr_prison->pr_permid; lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL); nep = mp->mnt_export; - prison_alive = prison_isalive_permid(mp->mnt_exjail); if (argp->ex_flags & MNT_DELEXPORT) { if (nep == NULL) { - KASSERT(mp->mnt_exjail == 0, - ("vfs_export: mnt_exjail delexport not 0")); error = ENOENT; goto out; } - KASSERT(mp->mnt_exjail != 0, - ("vfs_export: mnt_exjail delexport 0")); - if (jail_permid == 1 && mp->mnt_exjail != jail_permid && - prison_alive) { - /* EXDEV will not get logged by mountd(8). */ - error = EXDEV; - goto out; - } else if (mp->mnt_exjail != jail_permid && prison_alive) { - /* EPERM will get logged by mountd(8). */ - error = EPERM; - goto out; - } if (mp->mnt_flag & MNT_EXPUBLIC) { vfs_setpublicfs(NULL, NULL, NULL); MNT_ILOCK(mp); @@ -346,37 +326,20 @@ vfs_export(struct mount *mp, struct export_args *argp) } vfs_free_addrlist(nep); mp->mnt_export = NULL; - mp->mnt_exjail = 0; free(nep, M_MOUNT); nep = NULL; MNT_ILOCK(mp); mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED); MNT_IUNLOCK(mp); } - new_nep = false; if (argp->ex_flags & MNT_EXPORTED) { if (nep == NULL) { - KASSERT(mp->mnt_exjail == 0, - ("vfs_export: mnt_exjail not 0")); nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO); mp->mnt_export = nep; - new_nep = true; - } else if (mp->mnt_exjail != jail_permid && prison_alive) { - KASSERT(mp->mnt_exjail != 0, - ("vfs_export: mnt_exjail 0")); - error = EPERM; - goto out; } if (argp->ex_flags & MNT_EXPUBLIC) { - if ((error = vfs_setpublicfs(mp, nep, argp)) != 0) { - if (new_nep) { - mp->mnt_export = NULL; - free(nep, M_MOUNT); - } + if ((error = vfs_setpublicfs(mp, nep, argp)) != 0) goto out; - } - new_nep = false; - mp->mnt_exjail = jail_permid; MNT_ILOCK(mp); mp->mnt_flag |= MNT_EXPUBLIC; MNT_IUNLOCK(mp); @@ -385,14 +348,8 @@ vfs_export(struct mount *mp, struct export_args *argp) argp->ex_numsecflavors = 1; argp->ex_secflavors[0] = AUTH_SYS; } - if ((error = vfs_hang_addrlist(mp, nep, argp))) { - if (new_nep) { - mp->mnt_export = NULL; - free(nep, M_MOUNT); - } + if ((error = vfs_hang_addrlist(mp, nep, argp))) goto out; - } - mp->mnt_exjail = jail_permid; MNT_ILOCK(mp); mp->mnt_flag |= MNT_EXPORTED; MNT_IUNLOCK(mp); diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 2031c698ff3d..c50c8607aa0a 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -199,7 +199,6 @@ struct prison { int pr_spare[2]; int pr_osreldate; /* (c) kern.osreldate value */ unsigned long pr_hostid; /* (p) jail hostid */ - uint64_t pr_permid; /* (c) permanent jail id */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ @@ -443,7 +442,6 @@ void prison_proc_iterate(struct prison *, void (*)(struct proc *, void *), void void prison_set_allow(struct ucred *cred, unsigned flag, int enable); int prison_ischild(struct prison *, struct prison *); bool prison_isalive(const struct prison *); -bool prison_isalive_permid(const uint64_t prison_permid); bool prison_isvalid(struct prison *); #if defined(INET) || defined(INET6) int prison_ip_check(const struct prison *, const pr_family_t, const void *); diff --git a/sys/sys/mount.h b/sys/sys/mount.h index 42247829d42e..4bfc77b7f1a1 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -216,7 +216,6 @@ struct mount_upper_node { * i - interlock * v - vnode freelist mutex * d - deferred unmount list mutex - * e - mnt_explock * * Unmarked fields are considered stable as long as a ref is held. * @@ -246,14 +245,13 @@ struct mount { void * mnt_data; /* private data */ time_t mnt_time; /* last time written*/ int mnt_iosize_max; /* max size for clusters, etc */ - struct netexport *mnt_export; /* (e) export list */ + struct netexport *mnt_export; /* export list */ struct label *mnt_label; /* MAC label for the fs */ u_int mnt_hashseed; /* Random seed for vfs_hash */ int mnt_lockref; /* (i) Lock reference count */ int mnt_secondary_writes; /* (i) # of secondary writes */ int mnt_secondary_accwrites;/* (i) secondary wr. starts */ struct thread *mnt_susp_owner; /* (i) thread owning suspension */ - uint64_t mnt_exjail; /* (e) exported in jail ident */ #define mnt_endzero mnt_gjprovider char *mnt_gjprovider; /* gjournal provider name */ struct mtx mnt_listmtx; @@ -1019,7 +1017,6 @@ void vfs_periodic(struct mount *, int); int vfs_busy(struct mount *, int); int vfs_export /* process mount export info */ (struct mount *, struct export_args *); -void vfs_free_addrlist(struct netexport *); void vfs_allocate_syncvnode(struct mount *); void vfs_deallocate_syncvnode(struct mount *); int vfs_donmount(struct thread *td, uint64_t fsflags,