Lines Matching full:pr
149 static int do_jail_attach(struct thread *td, struct prison *pr, int drflags);
151 static void prison_deref(struct prison *pr, int flags);
152 static void prison_deref_kill(struct prison *pr, struct prisonlist *freeprison);
153 static int prison_lock_xlock(struct prison *pr, int flags);
154 static void prison_cleanup(struct prison *pr);
155 static void prison_free_not_last(struct prison *pr);
156 static void prison_proc_free_not_last(struct prison *pr);
159 static void prison_set_allow_locked(struct prison *pr, unsigned flag,
163 static void prison_racct_attach(struct prison *pr);
164 static void prison_racct_modify(struct prison *pr);
165 static void prison_racct_detach(struct prison *pr);
674 prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af) in prison_ip_dup() argument
682 pr->pr_addrs[af] = pip; in prison_ip_dup()
736 prison_ip_conflict_check(const struct prison *ppr, const struct prison *pr, in prison_ip_conflict_check() argument
750 if (tpr == pr || in prison_ip_conflict_check()
790 prison_ip_set(struct prison *pr, const pr_family_t af, struct prison_ip *new) in prison_ip_set() argument
794 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_set()
796 mem = &pr->pr_addrs[af]; in prison_ip_set()
809 prison_ip_restrict(struct prison *pr, const pr_family_t af, in prison_ip_restrict() argument
812 struct prison_ip *ppip = pr->pr_parent->pr_addrs[af]; in prison_ip_restrict()
813 struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_restrict()
819 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_restrict()
830 prison_ip_set(pr, af, NULL); in prison_ip_restrict()
834 if (!(pr->pr_flags & pr_families[af].ip_flag)) { in prison_ip_restrict()
843 prison_ip_set(pr, af, new); in prison_ip_restrict()
906 prison_ip_set(pr, af, new); in prison_ip_restrict()
917 prison_ip_check(const struct prison *pr, const pr_family_t af, in prison_ip_check() argument
924 MPASS(mtx_owned(&pr->pr_mtx) || in prison_ip_check()
928 pip = atomic_load_ptr(&pr->pr_addrs[af]); in prison_ip_check()
961 prison_ip_get0(const struct prison *pr, const pr_family_t af) in prison_ip_get0() argument
963 const struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_get0()
965 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_get0()
972 prison_ip_cnt(const struct prison *pr, const pr_family_t af) in prison_ip_cnt() argument
975 return (pr->pr_addrs[af]->ips); in prison_ip_cnt()
991 struct prison *pr, *deadpr, *dinspr, *inspr, *mypr, *ppr, *tpr; in kern_jail_set() local
1416 pr = NULL; in kern_jail_set()
1449 pr = inspr; in kern_jail_set()
1450 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1459 if (cuflags == JAIL_CREATE && pr != NULL) { in kern_jail_set()
1468 if ((pr == NULL) in kern_jail_set()
1470 : !prison_ischild(mypr, pr)) { in kern_jail_set()
1500 if (pr != NULL) { in kern_jail_set()
1532 if (tpr == pr || !prison_isalive(tpr) || in kern_jail_set()
1535 if (cuflags == JAIL_CREATE || pr != NULL) { in kern_jail_set()
1546 pr = tpr; in kern_jail_set()
1547 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1557 if ((pr == NULL) in kern_jail_set()
1559 : !prison_isalive(pr)) { in kern_jail_set()
1568 else if (cuflags == JAIL_UPDATE && pr == NULL) { in kern_jail_set()
1575 created = pr == NULL; in kern_jail_set()
1619 pr = malloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO); in kern_jail_set()
1620 pr->pr_state = PRISON_STATE_INVALID; in kern_jail_set()
1621 refcount_init(&pr->pr_ref, 1); in kern_jail_set()
1622 refcount_init(&pr->pr_uref, 0); in kern_jail_set()
1624 LIST_INIT(&pr->pr_children); in kern_jail_set()
1625 mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); in kern_jail_set()
1626 TASK_INIT(&pr->pr_task, 0, prison_complete, pr); in kern_jail_set()
1628 pr->pr_id = jid; in kern_jail_set()
1630 TAILQ_INSERT_BEFORE(inspr, pr, pr_list); in kern_jail_set()
1632 TAILQ_INSERT_TAIL(&allprison, pr, pr_list); in kern_jail_set()
1634 pr->pr_parent = ppr; in kern_jail_set()
1637 LIST_INSERT_HEAD(&ppr->pr_children, pr, pr_sibling); in kern_jail_set()
1649 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN); in kern_jail_set()
1650 pr->pr_flags |= PR_HOST; in kern_jail_set()
1658 pr->pr_flags |= PR_IP4 | PR_IP4_USER; in kern_jail_set()
1660 pr->pr_flags |= ppr->pr_flags & PR_IP4; in kern_jail_set()
1661 prison_ip_dup(ppr, pr, PR_INET); in kern_jail_set()
1666 pr->pr_flags |= PR_IP6 | PR_IP6_USER; in kern_jail_set()
1668 pr->pr_flags |= ppr->pr_flags & PR_IP6; in kern_jail_set()
1669 prison_ip_dup(ppr, pr, PR_INET6); in kern_jail_set()
1675 pr->pr_flags |= _PR_IP_SADDRSEL; in kern_jail_set()
1677 pr->pr_securelevel = ppr->pr_securelevel; in kern_jail_set()
1678 pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; in kern_jail_set()
1679 pr->pr_enforce_statfs = jail_default_enforce_statfs; in kern_jail_set()
1680 pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; in kern_jail_set()
1682 pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; in kern_jail_set()
1684 strlcpy(pr->pr_osrelease, ppr->pr_osrelease, in kern_jail_set()
1685 sizeof(pr->pr_osrelease)); in kern_jail_set()
1687 strlcpy(pr->pr_osrelease, osrelstr, in kern_jail_set()
1688 sizeof(pr->pr_osrelease)); in kern_jail_set()
1698 pr->pr_flags |= PR_VNET; in kern_jail_set()
1699 pr->pr_vnet = vnet_alloc(); in kern_jail_set()
1701 pr->pr_vnet = ppr->pr_vnet; in kern_jail_set()
1708 error = cpuset_create_root(ppr, &pr->pr_cpuset); in kern_jail_set()
1712 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1719 prison_hold(pr); in kern_jail_set()
1722 if ((pr->pr_flags & PR_VNET) && in kern_jail_set()
1731 if (PR_IP4_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1739 if (PR_IP6_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1794 if (!prison_ip_conflict_check(ppr, pr, ip4, PR_INET)) { in kern_jail_set()
1809 if (!prison_ip_conflict_check(ppr, pr, ip6, PR_INET6)) { in kern_jail_set()
1836 onamelen = strlen(pr->pr_name + pnamelen); in kern_jail_set()
1838 if (pnamelen + namelen + 1 > sizeof(pr->pr_name)) { in kern_jail_set()
1842 FOREACH_PRISON_DESCENDANT(pr, tpr, descend) { in kern_jail_set()
1844 sizeof(pr->pr_name)) { in kern_jail_set()
1861 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
1863 error = osd_jail_call(pr, PR_METHOD_CHECK, opts); in kern_jail_set()
1866 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1882 pr->pr_flags |= PR_IP4; in kern_jail_set()
1883 prison_ip_set(pr, PR_INET, ip4); in kern_jail_set()
1885 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1902 pr->pr_flags |= PR_IP6; in kern_jail_set()
1903 prison_ip_set(pr, PR_INET6, ip6); in kern_jail_set()
1905 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1920 pr->pr_securelevel = slevel; in kern_jail_set()
1922 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1927 pr->pr_childmax = childmax; in kern_jail_set()
1929 FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(pr, tpr, descend, level) in kern_jail_set()
1935 pr->pr_enforce_statfs = enforce; in kern_jail_set()
1937 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1942 pr->pr_devfs_rsnum = rsnum; in kern_jail_set()
1944 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) in kern_jail_set()
1949 strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name)); in kern_jail_set()
1951 snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s", in kern_jail_set()
1954 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1957 bcopy(pr->pr_name, tpr->pr_name, namelen); in kern_jail_set()
1962 strlcpy(pr->pr_path, path, sizeof(pr->pr_path)); in kern_jail_set()
1963 pr->pr_root = root; in kern_jail_set()
1967 if (pr->pr_flags & PR_HOST) { in kern_jail_set()
1974 strlcpy(pr->pr_hostname, pr->pr_parent->pr_hostname, in kern_jail_set()
1975 sizeof(pr->pr_hostname)); in kern_jail_set()
1976 strlcpy(pr->pr_domainname, pr->pr_parent->pr_domainname, in kern_jail_set()
1977 sizeof(pr->pr_domainname)); in kern_jail_set()
1978 strlcpy(pr->pr_hostuuid, pr->pr_parent->pr_hostuuid, in kern_jail_set()
1979 sizeof(pr->pr_hostuuid)); in kern_jail_set()
1980 pr->pr_hostid = pr->pr_parent->pr_hostid; in kern_jail_set()
1985 strlcpy(pr->pr_hostname, host, sizeof(pr->pr_hostname)); in kern_jail_set()
1987 strlcpy(pr->pr_domainname, domain, in kern_jail_set()
1988 sizeof(pr->pr_domainname)); in kern_jail_set()
1990 strlcpy(pr->pr_hostuuid, uuid, sizeof(pr->pr_hostuuid)); in kern_jail_set()
1992 pr->pr_hostid = hid; in kern_jail_set()
1993 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
1999 pr->pr_hostname, in kern_jail_set()
2003 pr->pr_domainname, in kern_jail_set()
2007 pr->pr_hostuuid, in kern_jail_set()
2014 pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow; in kern_jail_set()
2016 prison_set_allow_locked(pr, tallow, 0); in kern_jail_set()
2021 if (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
2023 prison_hold(pr); in kern_jail_set()
2029 refcount_acquire(&pr->pr_uref); in kern_jail_set()
2032 prison_free_not_last(pr); in kern_jail_set()
2035 pr->pr_flags = (pr->pr_flags & ~ch_flags) | pr_flags; in kern_jail_set()
2036 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2047 prison_racct_attach(pr); in kern_jail_set()
2055 ip4s = pr->pr_addrs[PR_INET]->ips; in kern_jail_set()
2058 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2060 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
2070 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2075 ip6s = pr->pr_addrs[PR_INET6]->ips; in kern_jail_set()
2078 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2080 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { in kern_jail_set()
2090 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2096 error = osd_jail_call(pr, PR_METHOD_CREATE, opts); in kern_jail_set()
2100 error = osd_jail_call(pr, PR_METHOD_SET, opts); in kern_jail_set()
2109 drflags = prison_lock_xlock(pr, drflags); in kern_jail_set()
2110 pr->pr_state = PRISON_STATE_ALIVE; in kern_jail_set()
2115 error = do_jail_attach(td, pr, in kern_jail_set()
2116 prison_lock_xlock(pr, drflags & PD_LOCK_FLAGS)); in kern_jail_set()
2127 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2134 prison_racct_modify(pr); in kern_jail_set()
2138 if (created && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 && in kern_jail_set()
2139 (pr->pr_root->v_vflag & VV_ROOT) == 0) in kern_jail_set()
2141 " file system\n", pr->pr_id); in kern_jail_set()
2144 td->td_retval[0] = pr->pr_id; in kern_jail_set()
2148 if (pr != NULL) in kern_jail_set()
2149 prison_deref(pr, drflags); in kern_jail_set()
2327 struct prison *pr, *mypr; in kern_jail_get() local
2343 pr = NULL; in kern_jail_get()
2352 TAILQ_FOREACH(pr, &allprison, pr_list) { in kern_jail_get()
2353 if (pr->pr_id > jid && in kern_jail_get()
2354 ((flags & JAIL_DYING) || prison_isalive(pr)) && in kern_jail_get()
2355 prison_ischild(mypr, pr)) { in kern_jail_get()
2356 mtx_lock(&pr->pr_mtx); in kern_jail_get()
2370 pr = prison_find_child(mypr, jid); in kern_jail_get()
2371 if (pr != NULL) { in kern_jail_get()
2373 if (!(prison_isalive(pr) || in kern_jail_get()
2395 pr = prison_find_name(mypr, name); in kern_jail_get()
2396 if (pr != NULL) { in kern_jail_get()
2398 if (!(prison_isalive(pr) || (flags & JAIL_DYING))) { in kern_jail_get()
2418 prison_hold(pr); in kern_jail_get()
2420 td->td_retval[0] = pr->pr_id; in kern_jail_get()
2421 error = vfs_setopt(opts, "jid", &pr->pr_id, sizeof(pr->pr_id)); in kern_jail_get()
2424 i = (pr->pr_parent == mypr) ? 0 : pr->pr_parent->pr_id; in kern_jail_get()
2428 error = vfs_setopts(opts, "name", prison_name(mypr, pr)); in kern_jail_get()
2431 error = vfs_setopt(opts, "cpuset.id", &pr->pr_cpuset->cs_id, in kern_jail_get()
2432 sizeof(pr->pr_cpuset->cs_id)); in kern_jail_get()
2435 error = vfs_setopts(opts, "path", prison_path(mypr, pr)); in kern_jail_get()
2439 error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET]->pr_ip, in kern_jail_get()
2440 pr->pr_addrs[PR_INET] ? pr->pr_addrs[PR_INET]->ips * in kern_jail_get()
2446 error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6]->pr_ip, in kern_jail_get()
2447 pr->pr_addrs[PR_INET6] ? pr->pr_addrs[PR_INET6]->ips * in kern_jail_get()
2452 error = vfs_setopt(opts, "securelevel", &pr->pr_securelevel, in kern_jail_get()
2453 sizeof(pr->pr_securelevel)); in kern_jail_get()
2456 error = vfs_setopt(opts, "children.cur", &pr->pr_childcount, in kern_jail_get()
2457 sizeof(pr->pr_childcount)); in kern_jail_get()
2460 error = vfs_setopt(opts, "children.max", &pr->pr_childmax, in kern_jail_get()
2461 sizeof(pr->pr_childmax)); in kern_jail_get()
2464 error = vfs_setopts(opts, "host.hostname", pr->pr_hostname); in kern_jail_get()
2467 error = vfs_setopts(opts, "host.domainname", pr->pr_domainname); in kern_jail_get()
2470 error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid); in kern_jail_get()
2475 uint32_t hid32 = pr->pr_hostid; in kern_jail_get()
2480 error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, in kern_jail_get()
2481 sizeof(pr->pr_hostid)); in kern_jail_get()
2484 error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs, in kern_jail_get()
2485 sizeof(pr->pr_enforce_statfs)); in kern_jail_get()
2488 error = vfs_setopt(opts, "devfs_ruleset", &pr->pr_devfs_rsnum, in kern_jail_get()
2489 sizeof(pr->pr_devfs_rsnum)); in kern_jail_get()
2495 i = (pr->pr_flags & bf->flag) ? 1 : 0; in kern_jail_get()
2507 f = pr->pr_flags & (jsf->disable | jsf->new); in kern_jail_get()
2519 i = (pr->pr_allow & bf->flag) ? 1 : 0; in kern_jail_get()
2528 i = !prison_isalive(pr); in kern_jail_get()
2536 error = vfs_setopt(opts, "osreldate", &pr->pr_osreldate, in kern_jail_get()
2537 sizeof(pr->pr_osreldate)); in kern_jail_get()
2540 error = vfs_setopts(opts, "osrelease", pr->pr_osrelease); in kern_jail_get()
2545 mtx_unlock(&pr->pr_mtx); in kern_jail_get()
2547 error = osd_jail_call(pr, PR_METHOD_GET, opts); in kern_jail_get()
2550 prison_deref(pr, drflags); in kern_jail_get()
2551 pr = NULL; in kern_jail_get()
2596 if (pr != NULL) in kern_jail_get()
2597 prison_deref(pr, drflags); in kern_jail_get()
2627 struct prison *pr; in sys_jail_remove() local
2635 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_remove()
2636 if (pr == NULL) { in sys_jail_remove()
2640 if (!prison_isalive(pr)) { in sys_jail_remove()
2642 mtx_unlock(&pr->pr_mtx); in sys_jail_remove()
2646 prison_deref(pr, PD_KILL | PD_LOCKED | PD_LIST_XLOCKED); in sys_jail_remove()
2658 struct prison *pr; in sys_jail_attach() local
2666 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_attach()
2667 if (pr == NULL) { in sys_jail_attach()
2673 if (!prison_isalive(pr)) { in sys_jail_attach()
2674 mtx_unlock(&pr->pr_mtx); in sys_jail_attach()
2679 return (do_jail_attach(td, pr, PD_LOCKED | PD_LIST_SLOCKED)); in sys_jail_attach()
2683 do_jail_attach(struct thread *td, struct prison *pr, int drflags) in do_jail_attach() argument
2689 mtx_assert(&pr->pr_mtx, MA_OWNED); in do_jail_attach()
2700 prison_hold(pr); in do_jail_attach()
2701 refcount_acquire(&pr->pr_uref); in do_jail_attach()
2703 mtx_unlock(&pr->pr_mtx); in do_jail_attach()
2707 error = osd_jail_call(pr, PR_METHOD_ATTACH, td); in do_jail_attach()
2709 prison_deref(pr, drflags); in do_jail_attach()
2719 error = cpuset_setproc_update_set(p, pr->pr_cpuset); in do_jail_attach()
2723 vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY); in do_jail_attach()
2724 if ((error = change_dir(pr->pr_root, td)) != 0) in do_jail_attach()
2727 if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root))) in do_jail_attach()
2730 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
2731 if ((error = pwd_chroot_chdir(td, pr->pr_root))) in do_jail_attach()
2737 newcred->cr_prison = pr; in do_jail_attach()
2749 prison_proc_relink(oldcred->cr_prison, pr, p); in do_jail_attach()
2757 if (!prison_isalive(pr)) { in do_jail_attach()
2766 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
2772 prison_deref(pr, drflags); in do_jail_attach()
2782 struct prison *pr; in prison_find() local
2785 TAILQ_FOREACH(pr, &allprison, pr_list) { in prison_find()
2786 if (pr->pr_id < prid) in prison_find()
2788 if (pr->pr_id > prid) in prison_find()
2790 KASSERT(prison_isvalid(pr), ("Found invalid prison %p", pr)); in prison_find()
2791 mtx_lock(&pr->pr_mtx); in prison_find()
2792 return (pr); in prison_find()
2803 struct prison *pr; in prison_find_child() local
2807 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) { in prison_find_child()
2808 if (pr->pr_id == prid) { in prison_find_child()
2809 KASSERT(prison_isvalid(pr), in prison_find_child()
2810 ("Found invalid prison %p", pr)); in prison_find_child()
2811 mtx_lock(&pr->pr_mtx); in prison_find_child()
2812 return (pr); in prison_find_child()
2824 struct prison *pr, *deadpr; in prison_find_name() local
2831 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) { in prison_find_name()
2832 if (!strcmp(pr->pr_name + mylen, name)) { in prison_find_name()
2833 KASSERT(prison_isvalid(pr), in prison_find_name()
2834 ("Found invalid prison %p", pr)); in prison_find_name()
2835 if (prison_isalive(pr)) { in prison_find_name()
2836 mtx_lock(&pr->pr_mtx); in prison_find_name()
2837 return (pr); in prison_find_name()
2839 deadpr = pr; in prison_find_name()
2881 prison_hold_locked(struct prison *pr) in prison_hold_locked() argument
2885 prison_hold(pr); in prison_hold_locked()
2889 prison_hold(struct prison *pr) in prison_hold() argument
2892 int was_valid = refcount_acquire_if_not_zero(&pr->pr_ref); in prison_hold()
2895 ("Trying to hold dead prison %p (jid=%d).", pr, pr->pr_id)); in prison_hold()
2897 refcount_acquire(&pr->pr_ref); in prison_hold()
2906 prison_free_locked(struct prison *pr) in prison_free_locked() argument
2909 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_free_locked()
2914 mtx_unlock(&pr->pr_mtx); in prison_free_locked()
2915 prison_free(pr); in prison_free_locked()
2919 prison_free(struct prison *pr) in prison_free() argument
2922 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free()
2924 pr, pr->pr_id)); in prison_free()
2925 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_free()
2930 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); in prison_free()
2935 prison_free_not_last(struct prison *pr) in prison_free_not_last() argument
2940 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free_not_last()
2942 pr, pr->pr_id)); in prison_free_not_last()
2943 lastref = refcount_release(&pr->pr_ref); in prison_free_not_last()
2946 pr, pr->pr_id)); in prison_free_not_last()
2948 refcount_release(&pr->pr_ref); in prison_free_not_last()
2962 prison_proc_hold(struct prison *pr) in prison_proc_hold() argument
2965 int was_alive = refcount_acquire_if_not_zero(&pr->pr_uref); in prison_proc_hold()
2968 ("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id)); in prison_proc_hold()
2970 refcount_acquire(&pr->pr_uref); in prison_proc_hold()
2980 prison_proc_free(struct prison *pr) in prison_proc_free() argument
2988 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free()
2989 ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id)); in prison_proc_free()
2990 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_proc_free()
2997 prison_hold(pr); in prison_proc_free()
2998 mtx_lock(&pr->pr_mtx); in prison_proc_free()
2999 KASSERT(!(pr->pr_flags & PR_COMPLETE_PROC), in prison_proc_free()
3001 pr->pr_id)); in prison_proc_free()
3002 pr->pr_flags |= PR_COMPLETE_PROC; in prison_proc_free()
3003 mtx_unlock(&pr->pr_mtx); in prison_proc_free()
3004 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); in prison_proc_free()
3009 prison_proc_free_not_last(struct prison *pr) in prison_proc_free_not_last() argument
3014 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free_not_last()
3016 pr, pr->pr_id)); in prison_proc_free_not_last()
3017 lastref = refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
3020 pr, pr->pr_id)); in prison_proc_free_not_last()
3022 refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
3027 prison_proc_link(struct prison *pr, struct proc *p) in prison_proc_link() argument
3031 LIST_INSERT_HEAD(&pr->pr_proclist, p, p_jaillist); in prison_proc_link()
3035 prison_proc_unlink(struct prison *pr, struct proc *p) in prison_proc_unlink() argument
3058 struct prison *pr = context; in prison_complete() local
3065 drflags = prison_lock_xlock(pr, PD_DEREF); in prison_complete()
3066 if (pr->pr_flags & PR_COMPLETE_PROC) { in prison_complete()
3067 pr->pr_flags &= ~PR_COMPLETE_PROC; in prison_complete()
3070 prison_deref(pr, drflags); in prison_complete()
3085 prison_proc_iterate(struct prison *pr, void (*cb)(struct proc *, void *), in prison_proc_iterate() argument
3091 if (atomic_load_int(&pr->pr_childcount) == 0) { in prison_proc_iterate()
3093 LIST_FOREACH(p, &pr->pr_proclist, p_jaillist) { in prison_proc_iterate()
3101 if (atomic_load_int(&pr->pr_childcount) == 0) in prison_proc_iterate()
3115 if (ppr == pr) { in prison_proc_iterate()
3135 prison_deref(struct prison *pr, int flags) in prison_deref() argument
3149 KASSERT(pr != &prison0, in prison_deref()
3152 prison_hold(pr); in prison_deref()
3155 flags = prison_lock_xlock(pr, flags); in prison_deref()
3156 prison_deref_kill(pr, &freeprison); in prison_deref()
3160 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_deref()
3162 pr->pr_id)); in prison_deref()
3163 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_deref()
3165 prison_hold(pr); in prison_deref()
3168 flags = prison_lock_xlock(pr, flags); in prison_deref()
3169 if (refcount_release(&pr->pr_uref) && in prison_deref()
3170 pr->pr_state == PRISON_STATE_ALIVE) { in prison_deref()
3178 pr->pr_state = PRISON_STATE_DYING; in prison_deref()
3179 mtx_unlock(&pr->pr_mtx); in prison_deref()
3181 prison_cleanup(pr); in prison_deref()
3191 if (refcount_load(&pr->pr_uref) > 0) in prison_deref()
3192 killpr = pr; in prison_deref()
3198 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref()
3200 pr->pr_id)); in prison_deref()
3201 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_deref()
3202 flags = prison_lock_xlock(pr, flags); in prison_deref()
3203 if (refcount_release(&pr->pr_ref)) { in prison_deref()
3209 refcount_load(&pr->pr_uref) == 0, in prison_deref()
3212 pr->pr_uref, pr->pr_id)); in prison_deref()
3216 pr->pr_state = PRISON_STATE_INVALID; in prison_deref()
3217 TAILQ_REMOVE(&allprison, pr, pr_list); in prison_deref()
3218 LIST_REMOVE(pr, pr_sibling); in prison_deref()
3219 TAILQ_INSERT_TAIL(&freeprison, pr, in prison_deref()
3221 for (ppr = pr->pr_parent; in prison_deref()
3229 ppr = pr->pr_parent; in prison_deref()
3230 pr->pr_parent = NULL; in prison_deref()
3231 mtx_unlock(&pr->pr_mtx); in prison_deref()
3233 pr = ppr; in prison_deref()
3245 mtx_unlock(&pr->pr_mtx); in prison_deref()
3290 prison_deref_kill(struct prison *pr, struct prisonlist *freeprison) in prison_deref_kill() argument
3300 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref_kill()
3302 pr, pr->pr_id)); in prison_deref_kill()
3303 refcount_acquire(&pr->pr_uref); in prison_deref_kill()
3304 pr->pr_state = PRISON_STATE_DYING; in prison_deref_kill()
3305 mtx_unlock(&pr->pr_mtx); in prison_deref_kill()
3308 FOREACH_PRISON_DESCENDANT_PRE_POST(pr, cpr, descend) { in prison_deref_kill()
3360 prison_cleanup(pr); in prison_deref_kill()
3361 mtx_lock(&pr->pr_mtx); in prison_deref_kill()
3362 if (pr->pr_flags & PR_PERSIST) { in prison_deref_kill()
3363 pr->pr_flags &= ~PR_PERSIST; in prison_deref_kill()
3364 prison_proc_free_not_last(pr); in prison_deref_kill()
3365 prison_free_not_last(pr); in prison_deref_kill()
3367 (void)refcount_release(&pr->pr_uref); in prison_deref_kill()
3376 prison_lock_xlock(struct prison *pr, int flags) in prison_lock_xlock() argument
3385 mtx_unlock(&pr->pr_mtx); in prison_lock_xlock()
3400 mtx_lock(&pr->pr_mtx); in prison_lock_xlock()
3411 prison_cleanup(struct prison *pr) in prison_cleanup() argument
3414 mtx_assert(&pr->pr_mtx, MA_NOTOWNED); in prison_cleanup()
3415 vfs_exjail_delete(pr); in prison_cleanup()
3416 shm_remove_prison(pr); in prison_cleanup()
3417 (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); in prison_cleanup()
3427 struct prison *pr; in prison_set_allow() local
3429 pr = cred->cr_prison; in prison_set_allow()
3431 mtx_lock(&pr->pr_mtx); in prison_set_allow()
3432 prison_set_allow_locked(pr, flag, enable); in prison_set_allow()
3433 mtx_unlock(&pr->pr_mtx); in prison_set_allow()
3438 prison_set_allow_locked(struct prison *pr, unsigned flag, int enable) in prison_set_allow_locked() argument
3444 pr->pr_allow |= flag; in prison_set_allow_locked()
3446 pr->pr_allow &= ~flag; in prison_set_allow_locked()
3447 FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) in prison_set_allow_locked()
3461 struct prison *pr; in prison_check_af() local
3466 pr = cred->cr_prison; in prison_check_af()
3478 if (pr->pr_flags & PR_IP4) in prison_check_af()
3480 mtx_lock(&pr->pr_mtx); in prison_check_af()
3481 if ((pr->pr_flags & PR_IP4) && in prison_check_af()
3482 pr->pr_addrs[PR_INET] == NULL) in prison_check_af()
3484 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3490 if (pr->pr_flags & PR_IP6) in prison_check_af()
3492 mtx_lock(&pr->pr_mtx); in prison_check_af()
3493 if ((pr->pr_flags & PR_IP6) && in prison_check_af()
3494 pr->pr_addrs[PR_INET6] == NULL) in prison_check_af()
3496 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3505 if (!(pr->pr_allow & PR_ALLOW_SOCKET_AF)) in prison_check_af()
3614 prison_isalive(const struct prison *pr) in prison_isalive() argument
3617 if (__predict_false(pr->pr_state != PRISON_STATE_ALIVE)) in prison_isalive()
3630 prison_isvalid(struct prison *pr) in prison_isvalid() argument
3633 if (__predict_false(pr->pr_state == PRISON_STATE_INVALID)) in prison_isvalid()
3635 if (__predict_false(refcount_load(&pr->pr_ref) == 0)) in prison_isvalid()
3664 struct prison *pr; in getcredhostname() local
3670 pr = (cred != NULL) ? cred->cr_prison : &prison0; in getcredhostname()
3671 mtx_lock(&pr->pr_mtx); in getcredhostname()
3672 strlcpy(buf, pr->pr_hostname, size); in getcredhostname()
3673 mtx_unlock(&pr->pr_mtx); in getcredhostname()
3741 struct prison *pr; in prison_canseemount() local
3745 pr = cred->cr_prison; in prison_canseemount()
3746 if (pr->pr_enforce_statfs == 0) in prison_canseemount()
3748 if (pr->pr_root->v_mount == mp) in prison_canseemount()
3750 if (pr->pr_enforce_statfs == 2) in prison_canseemount()
3758 if (strcmp(pr->pr_path, "/") == 0) in prison_canseemount()
3760 len = strlen(pr->pr_path); in prison_canseemount()
3762 if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0) in prison_canseemount()
3777 struct prison *pr; in prison_enforce_statfs() local
3780 pr = cred->cr_prison; in prison_enforce_statfs()
3781 if (pr->pr_enforce_statfs == 0) in prison_enforce_statfs()
3789 if (pr->pr_root->v_mount == mp) { in prison_enforce_statfs()
3802 if (strcmp(pr->pr_path, "/") == 0) in prison_enforce_statfs()
3804 len = strlen(pr->pr_path); in prison_enforce_statfs()
3826 struct prison *pr; in prison_priv_check() local
4113 pr = cred->cr_prison; in prison_priv_check()
4114 prison_lock(pr); in prison_priv_check()
4115 if (pr->pr_allow & PR_ALLOW_MOUNT && pr->pr_enforce_statfs < 2) in prison_priv_check()
4119 prison_unlock(pr); in prison_priv_check()
4310 prison_ip_copyout(struct prison *pr, const pr_family_t af, void **out, int *len) in prison_ip_copyout() argument
4316 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_copyout()
4317 if ((pip = pr->pr_addrs[af]) != NULL) { in prison_ip_copyout()
4320 mtx_unlock(&pr->pr_mtx); in prison_ip_copyout()
4322 mtx_lock(&pr->pr_mtx); in prison_ip_copyout()
4334 struct prison *pr, *cpr; in sysctl_jail_list() local
4346 pr = req->td->td_ucred->cr_prison; in sysctl_jail_list()
4349 FOREACH_PRISON_DESCENDANT(pr, cpr, descend) { in sysctl_jail_list()
4361 strlcpy(xp->pr_path, prison_path(pr, cpr), sizeof(xp->pr_path)); in sysctl_jail_list()
4363 strlcpy(xp->pr_name, prison_name(pr, cpr), sizeof(xp->pr_name)); in sysctl_jail_list()
4515 struct prison *pr; in sysctl_jail_default_level() local
4518 pr = req->td->td_ucred->cr_prison; in sysctl_jail_default_level()
4519 level = (pr == &prison0) ? *(int *)arg1 : *(int *)((char *)pr + arg2); in sysctl_jail_default_level()
4545 struct prison *pr; in sysctl_jail_children() local
4548 pr = req->td->td_ucred->cr_prison; in sysctl_jail_children()
4552 i = *(int *)((char *)pr + arg2); in sysctl_jail_children()
4953 prison_racct_attach(struct prison *pr) in prison_racct_attach() argument
4960 prr = prison_racct_find_locked(pr->pr_name); in prison_racct_attach()
4963 pr->pr_prison_racct = prr; in prison_racct_attach()
4971 prison_racct_modify(struct prison *pr) in prison_racct_modify() argument
4984 if (strcmp(pr->pr_name, pr->pr_prison_racct->prr_name) == 0) { in prison_racct_modify()
4990 oldprr = pr->pr_prison_racct; in prison_racct_modify()
4991 pr->pr_prison_racct = NULL; in prison_racct_modify()
4993 prison_racct_attach(pr); in prison_racct_modify()
4998 racct_move(pr->pr_prison_racct->prr_racct, oldprr->prr_racct); in prison_racct_modify()
5019 prison_racct_detach(struct prison *pr) in prison_racct_detach() argument
5025 if (pr->pr_prison_racct == NULL) in prison_racct_detach()
5027 prison_racct_free(pr->pr_prison_racct); in prison_racct_detach()
5028 pr->pr_prison_racct = NULL; in prison_racct_detach()
5035 db_show_prison(struct prison *pr) in db_show_prison() argument
5051 db_printf("prison %p:\n", pr); in db_show_prison()
5052 db_printf(" jid = %d\n", pr->pr_id); in db_show_prison()
5053 db_printf(" name = %s\n", pr->pr_name); in db_show_prison()
5054 db_printf(" parent = %p\n", pr->pr_parent); in db_show_prison()
5055 db_printf(" ref = %d\n", pr->pr_ref); in db_show_prison()
5056 db_printf(" uref = %d\n", pr->pr_uref); in db_show_prison()
5058 pr->pr_state == PRISON_STATE_ALIVE ? "alive" : in db_show_prison()
5059 pr->pr_state == PRISON_STATE_DYING ? "dying" : in db_show_prison()
5061 db_printf(" path = %s\n", pr->pr_path); in db_show_prison()
5062 db_printf(" cpuset = %d\n", pr->pr_cpuset in db_show_prison()
5063 ? pr->pr_cpuset->cs_id : -1); in db_show_prison()
5065 db_printf(" vnet = %p\n", pr->pr_vnet); in db_show_prison()
5067 db_printf(" root = %p\n", pr->pr_root); in db_show_prison()
5068 db_printf(" securelevel = %d\n", pr->pr_securelevel); in db_show_prison()
5069 db_printf(" devfs_rsnum = %d\n", pr->pr_devfs_rsnum); in db_show_prison()
5070 db_printf(" children.max = %d\n", pr->pr_childmax); in db_show_prison()
5071 db_printf(" children.cur = %d\n", pr->pr_childcount); in db_show_prison()
5072 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children)); in db_show_prison()
5073 db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling)); in db_show_prison()
5074 db_printf(" flags = 0x%x", pr->pr_flags); in db_show_prison()
5076 if (pr->pr_flags & bf->flag) in db_show_prison()
5081 f = pr->pr_flags & (jsf->disable | jsf->new); in db_show_prison()
5087 db_printf(" allow = 0x%x", pr->pr_allow); in db_show_prison()
5092 if (pr->pr_allow & bf->flag) in db_show_prison()
5095 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); in db_show_prison()
5096 db_printf(" host.hostname = %s\n", pr->pr_hostname); in db_show_prison()
5097 db_printf(" host.domainname = %s\n", pr->pr_domainname); in db_show_prison()
5098 db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); in db_show_prison()
5099 db_printf(" host.hostid = %lu\n", pr->pr_hostid); in db_show_prison()
5101 if ((pip = pr->pr_addrs[PR_INET]) != NULL) { in db_show_prison()
5112 if ((pip = pr->pr_addrs[PR_INET6]) != NULL) { in db_show_prison()
5125 struct prison *pr; in DB_SHOW_COMMAND() local
5134 TAILQ_FOREACH(pr, &allprison, pr_list) { in DB_SHOW_COMMAND()
5135 db_show_prison(pr); in DB_SHOW_COMMAND()
5144 pr = &prison0; in DB_SHOW_COMMAND()
5147 TAILQ_FOREACH(pr, &allprison, pr_list) in DB_SHOW_COMMAND()
5148 if (pr->pr_id == addr && pr->pr_ref > 0) in DB_SHOW_COMMAND()
5150 if (pr == NULL) in DB_SHOW_COMMAND()
5152 TAILQ_FOREACH(pr, &allprison, pr_list) in DB_SHOW_COMMAND()
5153 if (pr->pr_id == addr) in DB_SHOW_COMMAND()
5155 if (pr == NULL) in DB_SHOW_COMMAND()
5157 pr = (struct prison *)addr; in DB_SHOW_COMMAND()
5159 db_show_prison(pr); in DB_SHOW_COMMAND()