jail: Fix redoing ip restricting

`prison_ip_restrict()` is called in loop FOREACH_PRISON_DESCENDANT_LOCKED.
While under low memory, it is still possible that in subsequent rounds
`prison_ip_restrict

jail: Fix redoing ip restricting

`prison_ip_restrict()` is called in loop FOREACH_PRISON_DESCENDANT_LOCKED.
While under low memory, it is still possible that in subsequent rounds
`prison_ip_restrict()` succeed and `redo_ip[46]` flip over from true to
false, thus leave some prisons's IPv[46] addresses unrestricted.

Reviewed by: jamie
Fixes: 8bce8d28abe6 jail: Avoid multipurpose return value of function prison_ip_restrict()
Differential Revision: https://reviews.freebsd.org/D38697

show more ...

jail: Use atomic(9) instead of CK atomics

There's no reason to use one over the other here, let's prefer the
interface that's used elsewhere in the kernel.

No functional change intended.

Reviewed

jail: Use atomic(9) instead of CK atomics

There's no reason to use one over the other here, let's prefer the
interface that's used elsewhere in the kernel.

No functional change intended.

Reviewed by: mjg
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38360

show more ...

Revert "vfs_export: Add checks for correct prison when updating exports"

This reverts commit 7926a01ed7ae7cefd81ef4cc2142c35b84d81913.

A new patch in D38371 is being considered for doing this.

vfs_export: Add checks for correct prison when updating exports

mountd(8) basically does the following:
getmntinfo()
for each mount
delete_exports
using nmount(2) to do the creation/deletion o

vfs_export: Add checks for correct prison when updating exports

mountd(8) basically does the following:
getmntinfo()
for each mount
delete_exports
using nmount(2) to do the creation/deletion of individual exports.

For prison0 (and for other prisons if enforce_statfs == 0) getmntinfo()
returns all mount points, including ones being used within other prisons.
This can cause confusion if the same file system is specified in the
exports(5) file for multiple prisons.

This patch adds a perminent identifier to each prison
and marks which prison did the exports in a field of
the mount structure called mnt_exjail. This field can
then be compared to the perminent identifier for the
prison that the thread's credentials is in.
Also required was a new function called prison_isalive_permid()
which returns if the prison is alive, so that the check can be
ignored for prisons that have been removed.

This prepares the system to allow mountd(8) to run in multiple
prisons, including prison0.

Future commits will complete the modifications to allow mountd(8)
to run in vnet prisons. Until then, these changes should not affect
semantics.

Reviewed by: markj
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D38144

show more ...

prison_check_nfsd: Add check for enforce_statfs != 0

Since mountd(8) will not be able to do exports
when running in a vnet prison if enforce_statfs is
set to 0, add a check for this to prison_check_

prison_check_nfsd: Add check for enforce_statfs != 0

Since mountd(8) will not be able to do exports
when running in a vnet prison if enforce_statfs is
set to 0, add a check for this to prison_check_nfsd().

Reviewed by: jamie, markj
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D38189

show more ...

jail: Avoid multipurpose return value of function prison_ip_restrict()

Currently function prison_ip_restrict() returns true if the replacement
buffer was used, or no buffer provided and allocation f

jail: Avoid multipurpose return value of function prison_ip_restrict()

Currently function prison_ip_restrict() returns true if the replacement
buffer was used, or no buffer provided and allocation fails and should
redo. The logic is confusing and cause possibly infinite loop from
eb8dcdeac22d .

Reviewed by: jamie, glebius
Approved by: kp (mentor)
Differential Revision: https://reviews.freebsd.org/D37918

show more ...

jail: Fix regression panic from eb8dcdeac22d

And possibly infinite loop calling prison_ip_restrict() in
kern_jail_set() [2].

[1] It is possible that prisons do not have any IPv4 or IPv6 addresses.

jail: Fix regression panic from eb8dcdeac22d

And possibly infinite loop calling prison_ip_restrict() in
kern_jail_set() [2].

[1] It is possible that prisons do not have any IPv4 or IPv6 addresses.
[2] If prison_ip_restrict() is not provided with prison_ip, when it
allocates prison_ip successfully, then it should return false to
indicate not redo prison_ip_restrict() later.

Reviewed by: glebius
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential Revision: https://reviews.freebsd.org/D37906

show more ...

jail: Correctly access IPv[46] addresses of prison_ip

* Fix wrong IPv[46] addresses inherited from parent jail
* Properly restrict the child jail's IPv[46] addresses

Reviewed by: melifaro, glebius

jail: Correctly access IPv[46] addresses of prison_ip

* Fix wrong IPv[46] addresses inherited from parent jail
* Properly restrict the child jail's IPv[46] addresses

Reviewed by: melifaro, glebius
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential Revision: https://reviews.freebsd.org/D37871
Differential Revision: https://reviews.freebsd.org/D37872

show more ...

jail: Fix output of IPv[46] addresses of DDB `show prison`

Reviewed by: melifaro, jamie
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential

jail: Fix output of IPv[46] addresses of DDB `show prison`

Reviewed by: melifaro, jamie
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential Revision: https://reviews.freebsd.org/D37732

show more ...

kern_jail.c: Allow mountd/nfsd to optionally run in a jail

This patch adds "allow.nfsd" to the jail code based on a
new kernel build option VNET_NFSD. This will not work
until future patches fix nm

kern_jail.c: Allow mountd/nfsd to optionally run in a jail

This patch adds "allow.nfsd" to the jail code based on a
new kernel build option VNET_NFSD. This will not work
until future patches fix nmount(2) to allow mountd to
run in a vnet prison and the NFS server code is patched
so that global variables are in a vnet.

The jail(8) man page will be patched in a future commit.

Reviewed by: jamie
MFC after: 4 months
Differential Revision: https://reviews.freebsd.org/D37637

show more ...

Import the WireGuard driver from zx2c4.com.

This commit brings back the driver from FreeBSD commit
f187d6dfbf633665ba6740fe22742aec60ce02a2 plus subsequent fixes from
upstream.

Relative to upstream

Import the WireGuard driver from zx2c4.com.

This commit brings back the driver from FreeBSD commit
f187d6dfbf633665ba6740fe22742aec60ce02a2 plus subsequent fixes from
upstream.

Relative to upstream this commit includes a few other small fixes such
as additional INET and INET6 #ifdef's, #include cleanups, and updates
for recent API changes in main.

Reviewed by: pauamma, gbe, kevans, emaste
Obtained from: git@git.zx2c4.com:wireguard-freebsd @ 3cc22b2
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36909

show more ...

if_me: Use dedicated network privilege

Separate if_me privileges from if_gif.

Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D36691

kern_jail: Fix a typo in a source code comment

- s/paramter/parameter/

MFC after: 3 days

jail: add process linkage

It allows iteration over processes belonging to given jail instead of
having to walk the entire allproc list.

Note the iteration can miss processes which remains bug-compa

jail: add process linkage

It allows iteration over processes belonging to given jail instead of
having to walk the entire allproc list.

Note the iteration can miss processes which remains bug-compatible
with previous code.

Reviewed by: jamie (previous version), markj (previous version)
Differential Revision: https://reviews.freebsd.org/D34522

show more ...

kern: Correct some typos in source code comments

- s/occured/occurred/
- s/the the/the/

MFC after: 3 days

jail: Remove a prison's shared memory when it dies

Add shm_remove_prison(), that removes all POSIX shared memory segments
belonging to a prison. Call it from prison_cleanup() so a prison
won't be s

jail: Remove a prison's shared memory when it dies

Add shm_remove_prison(), that removes all POSIX shared memory segments
belonging to a prison. Call it from prison_cleanup() so a prison
won't be stuck in a dying state due to the resources still held.

PR: 257555
Reported by: grembo

show more ...

jail: add prison_cleanup() to release resources held by a dying jail

Currently, when a jail starts dying, either by losing its last user
reference or by being explicitly killed,
osd_jail_call(...PR_

jail: add prison_cleanup() to release resources held by a dying jail

Currently, when a jail starts dying, either by losing its last user
reference or by being explicitly killed,
osd_jail_call(...PR_METHOD_REMOVE...) is called. Encapsulate this
into a function prison_cleanup() that can then do other cleanup.

show more ...

ovpn: Introduce OpenVPN DCO support

OpenVPN Data Channel Offload (DCO) moves OpenVPN data plane processing
(i.e. tunneling and cryptography) into the kernel, rather than using tap
devices.
This avoi

ovpn: Introduce OpenVPN DCO support

OpenVPN Data Channel Offload (DCO) moves OpenVPN data plane processing
(i.e. tunneling and cryptography) into the kernel, rather than using tap
devices.
This avoids significant copying and context switching overhead between
kernel and user space and improves OpenVPN throughput.

In my test setup throughput improved from around 660Mbit/s to around
2Gbit/s.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34340

show more ...

jail: Remove a double word in a source code comment

- s/a a/a/

MFC after: 3 days

vfs: NDFREE(&nd, NDF_ONLY_PNBUF) -> NDFREE_PNBUF(&nd)

jail: network epoch protection for IP address lists

Now struct prison has two pointers (IPv4 and IPv6) of struct
prison_ip type. Each points into epoch context, address count
and variable size arra

jail: network epoch protection for IP address lists

Now struct prison has two pointers (IPv4 and IPv6) of struct
prison_ip type. Each points into epoch context, address count
and variable size array of addresses. These structures are
freed with network epoch deferred free and are not edited in
place, instead a new structure is allocated and set.

While here, the change also generalizes a lot (but not enough)
of IPv4 and IPv6 processing. E.g. address family agnostic helpers
for kern_jail_set() are provided, that reduce v4-v6 copy-paste.

The fast-path prison_check_ip[46]_locked() is also generalized
into prison_ip_check() that can be executed with network epoch
protection only.

Reviewed by: jamie
Differential revision: https://reviews.freebsd.org/D33339

show more ...

Fix buffer overread in preloaded hostuuid parsing

Commit b6be9566d236 stopped prison0_init writing outside of the
preloaded hostuuid's bounds. However, the preloaded data will not
(normally) have a

Fix buffer overread in preloaded hostuuid parsing

Commit b6be9566d236 stopped prison0_init writing outside of the
preloaded hostuuid's bounds. However, the preloaded data will not
(normally) have a NUL in it, and so validate_uuid will walk off the end
of the buffer in its call to sscanf. Previously if there was any
whitespace in the string we'd at least know there's a NUL one past the
end due to the off-by-one error, but now no such byte is guaranteed.

Fix this by copying to a temporary buffer and explicitly adding a NUL.

Whilst here, change the strlcpy call to use a far less suspicious
argument for dstsize; in practice it's fine, but it's an unusual pattern
and not necessary.

Found by: CHERI
Reviewed by: emaste, kevans, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33616

show more ...

vfs: remove the unused thread argument from NDINIT*

See b4a58fbf640409a1 ("vfs: remove cn_thread")

Bump __FreeBSD_version to 1400043.

jail(8): Fix a few common typos in source code comments

- s/phyiscal/physical/

MFC after: 3 days

jail(9): Fix a typo in a comment

- s/erorr/error/

MFC after: 3 days