Lines Matching full:pr
143 static int do_jail_attach(struct thread *td, struct prison *pr, int drflags);
145 static void prison_deref(struct prison *pr, int flags);
146 static void prison_deref_kill(struct prison *pr, struct prisonlist *freeprison);
147 static int prison_lock_xlock(struct prison *pr, int flags);
148 static void prison_cleanup(struct prison *pr);
149 static void prison_free_not_last(struct prison *pr);
150 static void prison_proc_free_not_last(struct prison *pr);
153 static void prison_set_allow_locked(struct prison *pr, unsigned flag,
157 static void prison_racct_attach(struct prison *pr);
158 static void prison_racct_modify(struct prison *pr);
159 static void prison_racct_detach(struct prison *pr);
667 prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af) in prison_ip_dup() argument
675 pr->pr_addrs[af] = pip; in prison_ip_dup()
729 prison_ip_conflict_check(const struct prison *ppr, const struct prison *pr, in prison_ip_conflict_check() argument
743 if (tpr == pr || in prison_ip_conflict_check()
783 prison_ip_set(struct prison *pr, const pr_family_t af, struct prison_ip *new) in prison_ip_set() argument
787 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_set()
789 mem = &pr->pr_addrs[af]; in prison_ip_set()
802 prison_ip_restrict(struct prison *pr, const pr_family_t af, in prison_ip_restrict() argument
805 struct prison_ip *ppip = pr->pr_parent->pr_addrs[af]; in prison_ip_restrict()
806 struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_restrict()
812 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_restrict()
823 prison_ip_set(pr, af, NULL); in prison_ip_restrict()
827 if (!(pr->pr_flags & pr_families[af].ip_flag)) { in prison_ip_restrict()
836 prison_ip_set(pr, af, new); in prison_ip_restrict()
899 prison_ip_set(pr, af, new); in prison_ip_restrict()
910 prison_ip_check(const struct prison *pr, const pr_family_t af, in prison_ip_check() argument
917 MPASS(mtx_owned(&pr->pr_mtx) || in prison_ip_check()
921 pip = atomic_load_ptr(&pr->pr_addrs[af]); in prison_ip_check()
954 prison_ip_get0(const struct prison *pr, const pr_family_t af) in prison_ip_get0() argument
956 const struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_get0()
958 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_get0()
965 prison_ip_cnt(const struct prison *pr, const pr_family_t af) in prison_ip_cnt() argument
968 return (pr->pr_addrs[af]->ips); in prison_ip_cnt()
984 struct prison *pr, *deadpr, *dinspr, *inspr, *mypr, *ppr, *tpr; in kern_jail_set() local
1409 pr = NULL; in kern_jail_set()
1442 pr = inspr; in kern_jail_set()
1443 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1452 if (cuflags == JAIL_CREATE && pr != NULL) { in kern_jail_set()
1461 if ((pr == NULL) in kern_jail_set()
1463 : !prison_ischild(mypr, pr)) { in kern_jail_set()
1493 if (pr != NULL) { in kern_jail_set()
1525 if (tpr == pr || !prison_isalive(tpr) || in kern_jail_set()
1528 if (cuflags == JAIL_CREATE || pr != NULL) { in kern_jail_set()
1539 pr = tpr; in kern_jail_set()
1540 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1550 if ((pr == NULL) in kern_jail_set()
1552 : !prison_isalive(pr)) { in kern_jail_set()
1561 else if (cuflags == JAIL_UPDATE && pr == NULL) { in kern_jail_set()
1568 created = pr == NULL; in kern_jail_set()
1612 pr = malloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO); in kern_jail_set()
1613 pr->pr_state = PRISON_STATE_INVALID; in kern_jail_set()
1614 refcount_init(&pr->pr_ref, 1); in kern_jail_set()
1615 refcount_init(&pr->pr_uref, 0); in kern_jail_set()
1617 LIST_INIT(&pr->pr_children); in kern_jail_set()
1618 mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); in kern_jail_set()
1619 TASK_INIT(&pr->pr_task, 0, prison_complete, pr); in kern_jail_set()
1621 pr->pr_id = jid; in kern_jail_set()
1623 TAILQ_INSERT_BEFORE(inspr, pr, pr_list); in kern_jail_set()
1625 TAILQ_INSERT_TAIL(&allprison, pr, pr_list); in kern_jail_set()
1627 pr->pr_parent = ppr; in kern_jail_set()
1630 LIST_INSERT_HEAD(&ppr->pr_children, pr, pr_sibling); in kern_jail_set()
1642 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN); in kern_jail_set()
1643 pr->pr_flags |= PR_HOST; in kern_jail_set()
1651 pr->pr_flags |= PR_IP4 | PR_IP4_USER; in kern_jail_set()
1653 pr->pr_flags |= ppr->pr_flags & PR_IP4; in kern_jail_set()
1654 prison_ip_dup(ppr, pr, PR_INET); in kern_jail_set()
1659 pr->pr_flags |= PR_IP6 | PR_IP6_USER; in kern_jail_set()
1661 pr->pr_flags |= ppr->pr_flags & PR_IP6; in kern_jail_set()
1662 prison_ip_dup(ppr, pr, PR_INET6); in kern_jail_set()
1668 pr->pr_flags |= _PR_IP_SADDRSEL; in kern_jail_set()
1670 pr->pr_securelevel = ppr->pr_securelevel; in kern_jail_set()
1671 pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; in kern_jail_set()
1672 pr->pr_enforce_statfs = jail_default_enforce_statfs; in kern_jail_set()
1673 pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; in kern_jail_set()
1675 pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; in kern_jail_set()
1677 strlcpy(pr->pr_osrelease, ppr->pr_osrelease, in kern_jail_set()
1678 sizeof(pr->pr_osrelease)); in kern_jail_set()
1680 strlcpy(pr->pr_osrelease, osrelstr, in kern_jail_set()
1681 sizeof(pr->pr_osrelease)); in kern_jail_set()
1685 pr->pr_vnet = (pr_flags & PR_VNET) in kern_jail_set()
1692 error = cpuset_create_root(ppr, &pr->pr_cpuset); in kern_jail_set()
1696 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1703 prison_hold(pr); in kern_jail_set()
1706 if ((pr->pr_flags & PR_VNET) && in kern_jail_set()
1715 if (PR_IP4_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1723 if (PR_IP6_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1778 if (!prison_ip_conflict_check(ppr, pr, ip4, PR_INET)) { in kern_jail_set()
1793 if (!prison_ip_conflict_check(ppr, pr, ip6, PR_INET6)) { in kern_jail_set()
1820 onamelen = strlen(pr->pr_name + pnamelen); in kern_jail_set()
1822 if (pnamelen + namelen + 1 > sizeof(pr->pr_name)) { in kern_jail_set()
1826 FOREACH_PRISON_DESCENDANT(pr, tpr, descend) { in kern_jail_set()
1828 sizeof(pr->pr_name)) { in kern_jail_set()
1845 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
1847 error = osd_jail_call(pr, PR_METHOD_CHECK, opts); in kern_jail_set()
1850 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1866 pr->pr_flags |= PR_IP4; in kern_jail_set()
1867 prison_ip_set(pr, PR_INET, ip4); in kern_jail_set()
1869 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1886 pr->pr_flags |= PR_IP6; in kern_jail_set()
1887 prison_ip_set(pr, PR_INET6, ip6); in kern_jail_set()
1889 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1904 pr->pr_securelevel = slevel; in kern_jail_set()
1906 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1911 pr->pr_childmax = childmax; in kern_jail_set()
1913 FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(pr, tpr, descend, level) in kern_jail_set()
1919 pr->pr_enforce_statfs = enforce; in kern_jail_set()
1921 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1926 pr->pr_devfs_rsnum = rsnum; in kern_jail_set()
1928 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1933 strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name)); in kern_jail_set()
1935 snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s", in kern_jail_set()
1938 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1941 bcopy(pr->pr_name, tpr->pr_name, namelen); in kern_jail_set()
1946 strlcpy(pr->pr_path, path, sizeof(pr->pr_path)); in kern_jail_set()
1947 pr->pr_root = root; in kern_jail_set()
1951 if (pr->pr_flags & PR_HOST) { in kern_jail_set()
1958 strlcpy(pr->pr_hostname, pr->pr_parent->pr_hostname, in kern_jail_set()
1959 sizeof(pr->pr_hostname)); in kern_jail_set()
1960 strlcpy(pr->pr_domainname, pr->pr_parent->pr_domainname, in kern_jail_set()
1961 sizeof(pr->pr_domainname)); in kern_jail_set()
1962 strlcpy(pr->pr_hostuuid, pr->pr_parent->pr_hostuuid, in kern_jail_set()
1963 sizeof(pr->pr_hostuuid)); in kern_jail_set()
1964 pr->pr_hostid = pr->pr_parent->pr_hostid; in kern_jail_set()
1969 strlcpy(pr->pr_hostname, host, sizeof(pr->pr_hostname)); in kern_jail_set()
1971 strlcpy(pr->pr_domainname, domain, in kern_jail_set()
1972 sizeof(pr->pr_domainname)); in kern_jail_set()
1974 strlcpy(pr->pr_hostuuid, uuid, sizeof(pr->pr_hostuuid)); in kern_jail_set()
1976 pr->pr_hostid = hid; in kern_jail_set()
1977 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1983 pr->pr_hostname, in kern_jail_set()
1987 pr->pr_domainname, in kern_jail_set()
1991 pr->pr_hostuuid, in kern_jail_set()
1998 pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow; in kern_jail_set()
2000 prison_set_allow_locked(pr, tallow, 0); in kern_jail_set()
2005 if (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
2007 prison_hold(pr); in kern_jail_set()
2013 refcount_acquire(&pr->pr_uref); in kern_jail_set()
2016 prison_free_not_last(pr); in kern_jail_set()
2019 pr->pr_flags = (pr->pr_flags & ~ch_flags) | pr_flags; in kern_jail_set()
2020 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2031 prison_racct_attach(pr); in kern_jail_set()
2039 ip4s = pr->pr_addrs[PR_INET]->ips; in kern_jail_set()
2042 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2044 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
2054 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2059 ip6s = pr->pr_addrs[PR_INET6]->ips; in kern_jail_set()
2062 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2064 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
2074 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2080 error = osd_jail_call(pr, PR_METHOD_CREATE, opts); in kern_jail_set()
2084 error = osd_jail_call(pr, PR_METHOD_SET, opts); in kern_jail_set()
2093 drflags = prison_lock_xlock(pr, drflags); in kern_jail_set()
2094 pr->pr_state = PRISON_STATE_ALIVE; in kern_jail_set()
2099 error = do_jail_attach(td, pr, in kern_jail_set()
2100 prison_lock_xlock(pr, drflags & PD_LOCK_FLAGS)); in kern_jail_set()
2111 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2118 prison_racct_modify(pr); in kern_jail_set()
2122 if (created && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 && in kern_jail_set()
2123 (pr->pr_root->v_vflag & VV_ROOT) == 0) in kern_jail_set()
2125 " file system\n", pr->pr_id); in kern_jail_set()
2128 td->td_retval[0] = pr->pr_id; in kern_jail_set()
2132 if (pr != NULL) in kern_jail_set()
2133 prison_deref(pr, drflags); in kern_jail_set()
2311 struct prison *pr, *mypr; in kern_jail_get() local
2327 pr = NULL; in kern_jail_get()
2336 TAILQ_FOREACH(pr, &allprison, pr_list) { in kern_jail_get()
2337 if (pr->pr_id > jid && in kern_jail_get()
2338 ((flags & JAIL_DYING) || prison_isalive(pr)) && in kern_jail_get()
2339 prison_ischild(mypr, pr)) { in kern_jail_get()
2340 mtx_lock(&pr->pr_mtx); in kern_jail_get()
2354 pr = prison_find_child(mypr, jid); in kern_jail_get()
2355 if (pr != NULL) { in kern_jail_get()
2357 if (!(prison_isalive(pr) || in kern_jail_get()
2379 pr = prison_find_name(mypr, name); in kern_jail_get()
2380 if (pr != NULL) { in kern_jail_get()
2382 if (!(prison_isalive(pr) || (flags & JAIL_DYING))) { in kern_jail_get()
2402 prison_hold(pr); in kern_jail_get()
2404 td->td_retval[0] = pr->pr_id; in kern_jail_get()
2405 error = vfs_setopt(opts, "jid", &pr->pr_id, sizeof(pr->pr_id)); in kern_jail_get()
2408 i = (pr->pr_parent == mypr) ? 0 : pr->pr_parent->pr_id; in kern_jail_get()
2412 error = vfs_setopts(opts, "name", prison_name(mypr, pr)); in kern_jail_get()
2415 error = vfs_setopt(opts, "cpuset.id", &pr->pr_cpuset->cs_id, in kern_jail_get()
2416 sizeof(pr->pr_cpuset->cs_id)); in kern_jail_get()
2419 error = vfs_setopts(opts, "path", prison_path(mypr, pr)); in kern_jail_get()
2423 error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET]->pr_ip, in kern_jail_get()
2424 pr->pr_addrs[PR_INET] ? pr->pr_addrs[PR_INET]->ips * in kern_jail_get()
2430 error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6]->pr_ip, in kern_jail_get()
2431 pr->pr_addrs[PR_INET6] ? pr->pr_addrs[PR_INET6]->ips * in kern_jail_get()
2436 error = vfs_setopt(opts, "securelevel", &pr->pr_securelevel, in kern_jail_get()
2437 sizeof(pr->pr_securelevel)); in kern_jail_get()
2440 error = vfs_setopt(opts, "children.cur", &pr->pr_childcount, in kern_jail_get()
2441 sizeof(pr->pr_childcount)); in kern_jail_get()
2444 error = vfs_setopt(opts, "children.max", &pr->pr_childmax, in kern_jail_get()
2445 sizeof(pr->pr_childmax)); in kern_jail_get()
2448 error = vfs_setopts(opts, "host.hostname", pr->pr_hostname); in kern_jail_get()
2451 error = vfs_setopts(opts, "host.domainname", pr->pr_domainname); in kern_jail_get()
2454 error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid); in kern_jail_get()
2459 uint32_t hid32 = pr->pr_hostid; in kern_jail_get()
2464 error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, in kern_jail_get()
2465 sizeof(pr->pr_hostid)); in kern_jail_get()
2468 error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs, in kern_jail_get()
2469 sizeof(pr->pr_enforce_statfs)); in kern_jail_get()
2472 error = vfs_setopt(opts, "devfs_ruleset", &pr->pr_devfs_rsnum, in kern_jail_get()
2473 sizeof(pr->pr_devfs_rsnum)); in kern_jail_get()
2479 i = (pr->pr_flags & bf->flag) ? 1 : 0; in kern_jail_get()
2491 f = pr->pr_flags & (jsf->disable | jsf->new); in kern_jail_get()
2503 i = (pr->pr_allow & bf->flag) ? 1 : 0; in kern_jail_get()
2512 i = !prison_isalive(pr); in kern_jail_get()
2520 error = vfs_setopt(opts, "osreldate", &pr->pr_osreldate, in kern_jail_get()
2521 sizeof(pr->pr_osreldate)); in kern_jail_get()
2524 error = vfs_setopts(opts, "osrelease", pr->pr_osrelease); in kern_jail_get()
2529 mtx_unlock(&pr->pr_mtx); in kern_jail_get()
2531 error = osd_jail_call(pr, PR_METHOD_GET, opts); in kern_jail_get()
2534 prison_deref(pr, drflags); in kern_jail_get()
2535 pr = NULL; in kern_jail_get()
2571 if (pr != NULL) in kern_jail_get()
2572 prison_deref(pr, drflags); in kern_jail_get()
2602 struct prison *pr; in sys_jail_remove() local
2610 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_remove()
2611 if (pr == NULL) { in sys_jail_remove()
2615 if (!prison_isalive(pr)) { in sys_jail_remove()
2617 mtx_unlock(&pr->pr_mtx); in sys_jail_remove()
2621 prison_deref(pr, PD_KILL | PD_LOCKED | PD_LIST_XLOCKED); in sys_jail_remove()
2633 struct prison *pr; in sys_jail_attach() local
2641 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_attach()
2642 if (pr == NULL) { in sys_jail_attach()
2648 if (!prison_isalive(pr)) { in sys_jail_attach()
2649 mtx_unlock(&pr->pr_mtx); in sys_jail_attach()
2654 return (do_jail_attach(td, pr, PD_LOCKED | PD_LIST_SLOCKED)); in sys_jail_attach()
2658 do_jail_attach(struct thread *td, struct prison *pr, int drflags) in do_jail_attach() argument
2664 mtx_assert(&pr->pr_mtx, MA_OWNED); in do_jail_attach()
2675 prison_hold(pr); in do_jail_attach()
2676 refcount_acquire(&pr->pr_uref); in do_jail_attach()
2678 mtx_unlock(&pr->pr_mtx); in do_jail_attach()
2682 error = osd_jail_call(pr, PR_METHOD_ATTACH, td); in do_jail_attach()
2684 prison_deref(pr, drflags); in do_jail_attach()
2694 error = cpuset_setproc_update_set(p, pr->pr_cpuset); in do_jail_attach()
2698 vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY); in do_jail_attach()
2699 if ((error = change_dir(pr->pr_root, td)) != 0) in do_jail_attach()
2702 if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root))) in do_jail_attach()
2705 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
2706 if ((error = pwd_chroot_chdir(td, pr->pr_root))) in do_jail_attach()
2712 newcred->cr_prison = pr; in do_jail_attach()
2724 prison_proc_relink(oldcred->cr_prison, pr, p); in do_jail_attach()
2732 if (!prison_isalive(pr)) { in do_jail_attach()
2741 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
2747 prison_deref(pr, drflags); in do_jail_attach()
2757 struct prison *pr; in prison_find() local
2760 TAILQ_FOREACH(pr, &allprison, pr_list) { in prison_find()
2761 if (pr->pr_id < prid) in prison_find()
2763 if (pr->pr_id > prid) in prison_find()
2765 KASSERT(prison_isvalid(pr), ("Found invalid prison %p", pr)); in prison_find()
2766 mtx_lock(&pr->pr_mtx); in prison_find()
2767 return (pr); in prison_find()
2778 struct prison *pr; in prison_find_child() local
2782 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) { in prison_find_child()
2783 if (pr->pr_id == prid) { in prison_find_child()
2784 KASSERT(prison_isvalid(pr), in prison_find_child()
2785 ("Found invalid prison %p", pr)); in prison_find_child()
2786 mtx_lock(&pr->pr_mtx); in prison_find_child()
2787 return (pr); in prison_find_child()
2799 struct prison *pr, *deadpr; in prison_find_name() local
2806 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) { in prison_find_name()
2807 if (!strcmp(pr->pr_name + mylen, name)) { in prison_find_name()
2808 KASSERT(prison_isvalid(pr), in prison_find_name()
2809 ("Found invalid prison %p", pr)); in prison_find_name()
2810 if (prison_isalive(pr)) { in prison_find_name()
2811 mtx_lock(&pr->pr_mtx); in prison_find_name()
2812 return (pr); in prison_find_name()
2814 deadpr = pr; in prison_find_name()
2856 prison_hold_locked(struct prison *pr) in prison_hold_locked() argument
2860 prison_hold(pr); in prison_hold_locked()
2864 prison_hold(struct prison *pr) in prison_hold() argument
2867 int was_valid = refcount_acquire_if_not_zero(&pr->pr_ref); in prison_hold()
2870 ("Trying to hold dead prison %p (jid=%d).", pr, pr->pr_id)); in prison_hold()
2872 refcount_acquire(&pr->pr_ref); in prison_hold()
2881 prison_free_locked(struct prison *pr) in prison_free_locked() argument
2884 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_free_locked()
2889 mtx_unlock(&pr->pr_mtx); in prison_free_locked()
2890 prison_free(pr); in prison_free_locked()
2894 prison_free(struct prison *pr) in prison_free() argument
2897 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free()
2899 pr, pr->pr_id)); in prison_free()
2900 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_free()
2905 taskqueue_enqueue(taskqueue_thread, &pr->pr_task); in prison_free()
2910 prison_free_not_last(struct prison *pr) in prison_free_not_last() argument
2915 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free_not_last()
2917 pr, pr->pr_id)); in prison_free_not_last()
2918 lastref = refcount_release(&pr->pr_ref); in prison_free_not_last()
2921 pr, pr->pr_id)); in prison_free_not_last()
2923 refcount_release(&pr->pr_ref); in prison_free_not_last()
2937 prison_proc_hold(struct prison *pr) in prison_proc_hold() argument
2940 int was_alive = refcount_acquire_if_not_zero(&pr->pr_uref); in prison_proc_hold()
2943 ("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id)); in prison_proc_hold()
2945 refcount_acquire(&pr->pr_uref); in prison_proc_hold()
2955 prison_proc_free(struct prison *pr) in prison_proc_free() argument
2963 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free()
2964 ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id)); in prison_proc_free()
2965 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_proc_free()
2972 prison_hold(pr); in prison_proc_free()
2973 mtx_lock(&pr->pr_mtx); in prison_proc_free()
2974 KASSERT(!(pr->pr_flags & PR_COMPLETE_PROC), in prison_proc_free()
2976 pr->pr_id)); in prison_proc_free()
2977 pr->pr_flags |= PR_COMPLETE_PROC; in prison_proc_free()
2978 mtx_unlock(&pr->pr_mtx); in prison_proc_free()
2979 taskqueue_enqueue(taskqueue_thread, &pr->pr_task); in prison_proc_free()
2984 prison_proc_free_not_last(struct prison *pr) in prison_proc_free_not_last() argument
2989 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free_not_last()
2991 pr, pr->pr_id)); in prison_proc_free_not_last()
2992 lastref = refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
2995 pr, pr->pr_id)); in prison_proc_free_not_last()
2997 refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
3002 prison_proc_link(struct prison *pr, struct proc *p) in prison_proc_link() argument
3006 LIST_INSERT_HEAD(&pr->pr_proclist, p, p_jaillist); in prison_proc_link()
3010 prison_proc_unlink(struct prison *pr, struct proc *p) in prison_proc_unlink() argument
3033 struct prison *pr = context; in prison_complete() local
3040 drflags = prison_lock_xlock(pr, PD_DEREF); in prison_complete()
3041 if (pr->pr_flags & PR_COMPLETE_PROC) { in prison_complete()
3042 pr->pr_flags &= ~PR_COMPLETE_PROC; in prison_complete()
3045 prison_deref(pr, drflags); in prison_complete()
3060 prison_proc_iterate(struct prison *pr, void (*cb)(struct proc *, void *), in prison_proc_iterate() argument
3066 if (atomic_load_int(&pr->pr_childcount) == 0) { in prison_proc_iterate()
3068 LIST_FOREACH(p, &pr->pr_proclist, p_jaillist) { in prison_proc_iterate()
3076 if (atomic_load_int(&pr->pr_childcount) == 0) in prison_proc_iterate()
3090 if (ppr == pr) { in prison_proc_iterate()
3110 prison_deref(struct prison *pr, int flags) in prison_deref() argument
3124 KASSERT(pr != &prison0, in prison_deref()
3127 prison_hold(pr); in prison_deref()
3130 flags = prison_lock_xlock(pr, flags); in prison_deref()
3131 prison_deref_kill(pr, &freeprison); in prison_deref()
3135 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_deref()
3137 pr->pr_id)); in prison_deref()
3138 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_deref()
3140 prison_hold(pr); in prison_deref()
3143 flags = prison_lock_xlock(pr, flags); in prison_deref()
3144 if (refcount_release(&pr->pr_uref) && in prison_deref()
3145 pr->pr_state == PRISON_STATE_ALIVE) { in prison_deref()
3153 pr->pr_state = PRISON_STATE_DYING; in prison_deref()
3154 mtx_unlock(&pr->pr_mtx); in prison_deref()
3156 prison_cleanup(pr); in prison_deref()
3166 if (refcount_load(&pr->pr_uref) > 0) in prison_deref()
3167 killpr = pr; in prison_deref()
3173 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref()
3175 pr->pr_id)); in prison_deref()
3176 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_deref()
3177 flags = prison_lock_xlock(pr, flags); in prison_deref()
3178 if (refcount_release(&pr->pr_ref)) { in prison_deref()
3184 refcount_load(&pr->pr_uref) == 0, in prison_deref()
3187 pr->pr_uref, pr->pr_id)); in prison_deref()
3191 pr->pr_state = PRISON_STATE_INVALID; in prison_deref()
3192 TAILQ_REMOVE(&allprison, pr, pr_list); in prison_deref()
3193 LIST_REMOVE(pr, pr_sibling); in prison_deref()
3194 TAILQ_INSERT_TAIL(&freeprison, pr, in prison_deref()
3196 for (ppr = pr->pr_parent; in prison_deref()
3204 mtx_unlock(&pr->pr_mtx); in prison_deref()
3206 pr = pr->pr_parent; in prison_deref()
3217 mtx_unlock(&pr->pr_mtx); in prison_deref()
3262 prison_deref_kill(struct prison *pr, struct prisonlist *freeprison) in prison_deref_kill() argument
3272 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref_kill()
3274 pr, pr->pr_id)); in prison_deref_kill()
3275 refcount_acquire(&pr->pr_uref); in prison_deref_kill()
3276 pr->pr_state = PRISON_STATE_DYING; in prison_deref_kill()
3277 mtx_unlock(&pr->pr_mtx); in prison_deref_kill()
3280 FOREACH_PRISON_DESCENDANT_PRE_POST(pr, cpr, descend) { in prison_deref_kill()
3332 prison_cleanup(pr); in prison_deref_kill()
3333 mtx_lock(&pr->pr_mtx); in prison_deref_kill()
3334 if (pr->pr_flags & PR_PERSIST) { in prison_deref_kill()
3335 pr->pr_flags &= ~PR_PERSIST; in prison_deref_kill()
3336 prison_proc_free_not_last(pr); in prison_deref_kill()
3337 prison_free_not_last(pr); in prison_deref_kill()
3339 (void)refcount_release(&pr->pr_uref); in prison_deref_kill()
3348 prison_lock_xlock(struct prison *pr, int flags) in prison_lock_xlock() argument
3357 mtx_unlock(&pr->pr_mtx); in prison_lock_xlock()
3372 mtx_lock(&pr->pr_mtx); in prison_lock_xlock()
3383 prison_cleanup(struct prison *pr) in prison_cleanup() argument
3386 mtx_assert(&pr->pr_mtx, MA_NOTOWNED); in prison_cleanup()
3387 vfs_exjail_delete(pr); in prison_cleanup()
3388 shm_remove_prison(pr); in prison_cleanup()
3389 (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); in prison_cleanup()
3399 struct prison *pr; in prison_set_allow() local
3401 pr = cred->cr_prison; in prison_set_allow()
3403 mtx_lock(&pr->pr_mtx); in prison_set_allow()
3404 prison_set_allow_locked(pr, flag, enable); in prison_set_allow()
3405 mtx_unlock(&pr->pr_mtx); in prison_set_allow()
3410 prison_set_allow_locked(struct prison *pr, unsigned flag, int enable) in prison_set_allow_locked() argument
3416 pr->pr_allow |= flag; in prison_set_allow_locked()
3418 pr->pr_allow &= ~flag; in prison_set_allow_locked()
3419 FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) in prison_set_allow_locked()
3433 struct prison *pr; in prison_check_af() local
3438 pr = cred->cr_prison; in prison_check_af()
3450 if (pr->pr_flags & PR_IP4) in prison_check_af()
3452 mtx_lock(&pr->pr_mtx); in prison_check_af()
3453 if ((pr->pr_flags & PR_IP4) && in prison_check_af()
3454 pr->pr_addrs[PR_INET] == NULL) in prison_check_af()
3456 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3462 if (pr->pr_flags & PR_IP6) in prison_check_af()
3464 mtx_lock(&pr->pr_mtx); in prison_check_af()
3465 if ((pr->pr_flags & PR_IP6) && in prison_check_af()
3466 pr->pr_addrs[PR_INET6] == NULL) in prison_check_af()
3468 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3477 if (!(pr->pr_allow & PR_ALLOW_SOCKET_AF)) in prison_check_af()
3586 prison_isalive(const struct prison *pr) in prison_isalive() argument
3589 if (__predict_false(pr->pr_state != PRISON_STATE_ALIVE)) in prison_isalive()
3602 prison_isvalid(struct prison *pr) in prison_isvalid() argument
3605 if (__predict_false(pr->pr_state == PRISON_STATE_INVALID)) in prison_isvalid()
3607 if (__predict_false(refcount_load(&pr->pr_ref) == 0)) in prison_isvalid()
3636 struct prison *pr; in getcredhostname() local
3642 pr = (cred != NULL) ? cred->cr_prison : &prison0; in getcredhostname()
3643 mtx_lock(&pr->pr_mtx); in getcredhostname()
3644 strlcpy(buf, pr->pr_hostname, size); in getcredhostname()
3645 mtx_unlock(&pr->pr_mtx); in getcredhostname()
3713 struct prison *pr; in prison_canseemount() local
3717 pr = cred->cr_prison; in prison_canseemount()
3718 if (pr->pr_enforce_statfs == 0) in prison_canseemount()
3720 if (pr->pr_root->v_mount == mp) in prison_canseemount()
3722 if (pr->pr_enforce_statfs == 2) in prison_canseemount()
3730 if (strcmp(pr->pr_path, "/") == 0) in prison_canseemount()
3732 len = strlen(pr->pr_path); in prison_canseemount()
3734 if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0) in prison_canseemount()
3749 struct prison *pr; in prison_enforce_statfs() local
3752 pr = cred->cr_prison; in prison_enforce_statfs()
3753 if (pr->pr_enforce_statfs == 0) in prison_enforce_statfs()
3761 if (pr->pr_root->v_mount == mp) { in prison_enforce_statfs()
3774 if (strcmp(pr->pr_path, "/") == 0) in prison_enforce_statfs()
3776 len = strlen(pr->pr_path); in prison_enforce_statfs()
3798 struct prison *pr; in prison_priv_check() local
4080 pr = cred->cr_prison; in prison_priv_check()
4081 prison_lock(pr); in prison_priv_check()
4082 if (pr->pr_allow & PR_ALLOW_MOUNT && pr->pr_enforce_statfs < 2) in prison_priv_check()
4086 prison_unlock(pr); in prison_priv_check()
4266 prison_ip_copyout(struct prison *pr, const pr_family_t af, void **out, int *len) in prison_ip_copyout() argument
4272 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_copyout()
4273 if ((pip = pr->pr_addrs[af]) != NULL) { in prison_ip_copyout()
4276 mtx_unlock(&pr->pr_mtx); in prison_ip_copyout()
4278 mtx_lock(&pr->pr_mtx); in prison_ip_copyout()
4290 struct prison *pr, *cpr; in sysctl_jail_list() local
4302 pr = req->td->td_ucred->cr_prison; in sysctl_jail_list()
4305 FOREACH_PRISON_DESCENDANT(pr, cpr, descend) { in sysctl_jail_list()
4317 strlcpy(xp->pr_path, prison_path(pr, cpr), sizeof(xp->pr_path)); in sysctl_jail_list()
4319 strlcpy(xp->pr_name, prison_name(pr, cpr), sizeof(xp->pr_name)); in sysctl_jail_list()
4471 struct prison *pr; in sysctl_jail_default_level() local
4474 pr = req->td->td_ucred->cr_prison; in sysctl_jail_default_level()
4475 level = (pr == &prison0) ? *(int *)arg1 : *(int *)((char *)pr + arg2); in sysctl_jail_default_level()
4501 struct prison *pr; in sysctl_jail_children() local
4504 pr = req->td->td_ucred->cr_prison; in sysctl_jail_children()
4508 i = *(int *)((char *)pr + arg2); in sysctl_jail_children()
4907 prison_racct_attach(struct prison *pr) in prison_racct_attach() argument
4914 prr = prison_racct_find_locked(pr->pr_name); in prison_racct_attach()
4917 pr->pr_prison_racct = prr; in prison_racct_attach()
4925 prison_racct_modify(struct prison *pr) in prison_racct_modify() argument
4938 if (strcmp(pr->pr_name, pr->pr_prison_racct->prr_name) == 0) { in prison_racct_modify()
4944 oldprr = pr->pr_prison_racct; in prison_racct_modify()
4945 pr->pr_prison_racct = NULL; in prison_racct_modify()
4947 prison_racct_attach(pr); in prison_racct_modify()
4952 racct_move(pr->pr_prison_racct->prr_racct, oldprr->prr_racct); in prison_racct_modify()
4973 prison_racct_detach(struct prison *pr) in prison_racct_detach() argument
4979 if (pr->pr_prison_racct == NULL) in prison_racct_detach()
4981 prison_racct_free(pr->pr_prison_racct); in prison_racct_detach()
4982 pr->pr_prison_racct = NULL; in prison_racct_detach()
4989 db_show_prison(struct prison *pr) in db_show_prison() argument
5005 db_printf("prison %p:\n", pr); in db_show_prison()
5006 db_printf(" jid = %d\n", pr->pr_id); in db_show_prison()
5007 db_printf(" name = %s\n", pr->pr_name); in db_show_prison()
5008 db_printf(" parent = %p\n", pr->pr_parent); in db_show_prison()
5009 db_printf(" ref = %d\n", pr->pr_ref); in db_show_prison()
5010 db_printf(" uref = %d\n", pr->pr_uref); in db_show_prison()
5012 pr->pr_state == PRISON_STATE_ALIVE ? "alive" : in db_show_prison()
5013 pr->pr_state == PRISON_STATE_DYING ? "dying" : in db_show_prison()
5015 db_printf(" path = %s\n", pr->pr_path); in db_show_prison()
5016 db_printf(" cpuset = %d\n", pr->pr_cpuset in db_show_prison()
5017 ? pr->pr_cpuset->cs_id : -1); in db_show_prison()
5019 db_printf(" vnet = %p\n", pr->pr_vnet); in db_show_prison()
5021 db_printf(" root = %p\n", pr->pr_root); in db_show_prison()
5022 db_printf(" securelevel = %d\n", pr->pr_securelevel); in db_show_prison()
5023 db_printf(" devfs_rsnum = %d\n", pr->pr_devfs_rsnum); in db_show_prison()
5024 db_printf(" children.max = %d\n", pr->pr_childmax); in db_show_prison()
5025 db_printf(" children.cur = %d\n", pr->pr_childcount); in db_show_prison()
5026 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children)); in db_show_prison()
5027 db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling)); in db_show_prison()
5028 db_printf(" flags = 0x%x", pr->pr_flags); in db_show_prison()
5030 if (pr->pr_flags & bf->flag) in db_show_prison()
5035 f = pr->pr_flags & (jsf->disable | jsf->new); in db_show_prison()
5041 db_printf(" allow = 0x%x", pr->pr_allow); in db_show_prison()
5046 if (pr->pr_allow & bf->flag) in db_show_prison()
5049 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); in db_show_prison()
5050 db_printf(" host.hostname = %s\n", pr->pr_hostname); in db_show_prison()
5051 db_printf(" host.domainname = %s\n", pr->pr_domainname); in db_show_prison()
5052 db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); in db_show_prison()
5053 db_printf(" host.hostid = %lu\n", pr->pr_hostid); in db_show_prison()
5055 if ((pip = pr->pr_addrs[PR_INET]) != NULL) { in db_show_prison()
5066 if ((pip = pr->pr_addrs[PR_INET6]) != NULL) { in db_show_prison()
5079 struct prison *pr; in DB_SHOW_COMMAND() local
5088 TAILQ_FOREACH(pr, &allprison, pr_list) { in DB_SHOW_COMMAND()
5089 db_show_prison(pr); in DB_SHOW_COMMAND()
5098 pr = &prison0; in DB_SHOW_COMMAND()
5101 TAILQ_FOREACH(pr, &allprison, pr_list) in DB_SHOW_COMMAND()
5102 if (pr->pr_id == addr && pr->pr_ref > 0) in DB_SHOW_COMMAND()
5104 if (pr == NULL) in DB_SHOW_COMMAND()
5106 TAILQ_FOREACH(pr, &allprison, pr_list) in DB_SHOW_COMMAND()
5107 if (pr->pr_id == addr) in DB_SHOW_COMMAND()
5109 if (pr == NULL) in DB_SHOW_COMMAND()
5111 pr = (struct prison *)addr; in DB_SHOW_COMMAND()
5113 db_show_prison(pr); in DB_SHOW_COMMAND()