From nobody Fri Aug 08 04:27:17 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4byrbT5f7Kz647yS; Fri, 08 Aug 2025 04:27:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4byrbT4wv5z3Q4b; Fri, 08 Aug 2025 04:27:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754627237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hL5JNI4oZngKN84HPMbrZ+LT2nJZ8Qqx2yN/QUB4nhM=; b=lDjQIqLBayC2rIXyGeHT0NYSPkH6BTIHcEfDwKUcJR/5BWisWqtpGwtz6KQLSkeXGDXlN1 Bar4JvyQa0xfOmT7jSuHtkkOxFKho6LCzX5SPx58Ux9QT6pRVf1TzNUtAqA91HgjNbqw9N FUZLuam5iNL1eU41aS2KBqgJkn7mSeWd7VE4tvdcSETkle8GzYOZWGSaKlquaRAqo0RmX5 Nger7DEBGoXT22fNpxtUqgX1gMhVcaQTtcu7ii144CJtFISSu3KAsIUd0+9lSZ/vEaPyog IjIEFIdKXXPwHQIaJbiBz2k2Nhc0f1PyEQpxVrE2VaI9zWPxkRp8lKsR+WnoSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754627237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hL5JNI4oZngKN84HPMbrZ+LT2nJZ8Qqx2yN/QUB4nhM=; b=CFp+Ce0iK0P59iKCbEJZGqFqQX49WDC/aPeTYRwGvUC9P1xEhTlwZ1zfqPWVkLKupn0wlD v4aIfEHsjo2f72bpdL+pa1eWfl3KgqhIUT5YlG9iRluVsPR50FN+2NdPk+oeLlbeZwbJ6g kEblGmBiLXhmiH4tNn3eMwU9xQInf2LESJAn8I9XGIMjr0h15sxyIBcajVBIz3H4JSgywy ZX5E5zQH+MEY1uAkkXejaGqxr0J319FMLhqEBYqfGhucr3bNW1a38kGQ3p2YQ/kCOJO3oK N+kl5mW8ajSJquPi9WE1izFP5j9SMG8AVhmHHp7T2EU2Bx408a0zcq83L7pLiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754627237; a=rsa-sha256; cv=none; b=X5ci7P1+npXZ2tt822KR1Gn551c7O3eE18naCH3zjcEflXO8s/dVeAFQ13rQLI1CxbP1gu 9jEq5p1fbTblze0P6R2bwdkiVvspocUuWh1VhmVoOaAtisskngtnUfkVPcjT9GKFqdPFj2 VjxJ87MFS5WddHOi7plapRpaPD5oSl+8sDU7PrnGT87WCiW5uhe0VaxjEfm60Nw31dazlj 51HM36oprlvzU7/+n1D8fgOZj5OKeMCTzKCQsREsFKG/vjRvAh7IiRmDUzHSvTdYyW/Doz gyem/ZaD8MUGwqa03MMghtaVL8sHmhtkZZ8x0TPzsxXYzIUBlq51oaYJfFjd9w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4byrbT4X02z5Ng; Fri, 08 Aug 2025 04:27:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5784RHKm005150; Fri, 8 Aug 2025 04:27:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5784RHLE005147; Fri, 8 Aug 2025 04:27:17 GMT (envelope-from git) Date: Fri, 8 Aug 2025 04:27:17 GMT Message-Id: <202508080427.5784RHLE005147@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 58c92776d158 - main - jail: separate "statically valid allow flags" from "prison0 allow flags" List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 58c92776d1580717934e29ca2c0ef9bf2fbb7397 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=58c92776d1580717934e29ca2c0ef9bf2fbb7397 commit 58c92776d1580717934e29ca2c0ef9bf2fbb7397 Author: Kyle Evans AuthorDate: 2025-08-08 04:26:51 +0000 Commit: Kyle Evans CommitDate: 2025-08-08 04:26:51 +0000 jail: separate "statically valid allow flags" from "prison0 allow flags" The current setup means that we can't add an allow flag in sys/jail.h that's disabled by default without removing it from the pr_flags assignment in kern_jail.c. That's technically fine, but I think it's better to make it more prevalent at the PR_ALLOW_* definition site so that it's top-of-mind when adding a new flag. This is a preparatory change for adding an allow flag that prison0 will also have disabled by default, but with an allow.* knob and sysctl to enable it. Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D51656 --- sys/kern/kern_jail.c | 5 ++++- sys/sys/jail.h | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 7ef1d19f0ea8..14e6e735f8e7 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -115,8 +115,11 @@ struct prison prison0 = { #else .pr_flags = PR_HOST|_PR_IP_SADDRSEL, #endif - .pr_allow = PR_ALLOW_ALL_STATIC, + .pr_allow = PR_ALLOW_PRISON0, }; +_Static_assert((PR_ALLOW_PRISON0 & ~PR_ALLOW_ALL_STATIC) == 0, + "Bits enabled in PR_ALLOW_PRISON0 that are not statically reserved"); + MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); struct bool_flags { diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 24c420e2c976..efe5e3ee8db7 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -260,7 +260,15 @@ struct prison_racct { #define PR_ALLOW_ADJTIME 0x00080000 #define PR_ALLOW_SETTIME 0x00100000 #define PR_ALLOW_ROUTING 0x00200000 + +/* + * PR_ALLOW_PRISON0 are the allow flags that we apply by default to prison0, + * while PR_ALLOW_ALL_STATIC are all of the allow bits that we have allocated at + * build time. PR_ALLOW_ALL_STATIC should contain any bit above that we expect + * to be used on the system, while PR_ALLOW_PRISON0 will be some subset of that. + */ #define PR_ALLOW_ALL_STATIC 0x003f87ff +#define PR_ALLOW_PRISON0 (PR_ALLOW_ALL_STATIC) /* * PR_ALLOW_DIFFERENCES determines which flags are able to be