aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2020-12-19 03:30:06 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-12-19 03:30:06 +0000
commit54a837c8cca109ad0d7ecb4b93379086f6f49275 (patch)
treeb25bafc4ef43df30c51f8757b7456fb41037fb04
parentdcc6f62526ad357f17fe030f6b9b4c3001add705 (diff)
downloadsrc-54a837c8cca109ad0d7ecb4b93379086f6f49275.tar.gz
src-54a837c8cca109ad0d7ecb4b93379086f6f49275.zip
kern: cpuset: allow jails to modify child jails' roots
This partially lifts a restriction imposed by r191639 ("Prevent a superuser inside a jail from modifying the dedicated root cpuset of that jail") that's perhaps beneficial after r192895 ("Add hierarchical jails."). Jails still cannot modify their own cpuset, but they can modify child jails' roots to further restrict them or widen them back to the modifying jails' own mask. As a side effect of this, the system root may once again widen the mask of jails as long as they're still using a subset of the parent jails' mask. This was previously prevented by the fact that cpuset_getroot of a root set will return that root, rather than the root's parent -- cpuset_modify uses cpuset_getroot since it was introduced in r327895, previously it was just validating against set->cs_parent which allowed the system root to widen jail masks. Reviewed by: jamie MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D27352
Notes
Notes: svn path=/head/; revision=368779
-rw-r--r--sys/kern/kern_cpuset.c25
1 files changed, 20 insertions, 5 deletions
diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c
index 8b962190a3fa..18cc0c56d697 100644
--- a/sys/kern/kern_cpuset.c
+++ b/sys/kern/kern_cpuset.c
@@ -688,19 +688,34 @@ cpuset_modify(struct cpuset *set, cpuset_t *mask)
if (error)
return (error);
/*
- * In case we are called from within the jail
+ * In case we are called from within the jail,
* we do not allow modifying the dedicated root
* cpuset of the jail but may still allow to
- * change child sets.
+ * change child sets, including subordinate jails'
+ * roots.
*/
- if (jailed(curthread->td_ucred) &&
- set->cs_flags & CPU_SET_ROOT)
+ if ((set->cs_flags & CPU_SET_ROOT) != 0 &&
+ jailed(curthread->td_ucred) &&
+ set == curthread->td_ucred->cr_prison->pr_cpuset)
return (EPERM);
/*
* Verify that we have access to this set of
* cpus.
*/
- root = cpuset_getroot(set);
+ if ((set->cs_flags & (CPU_SET_ROOT | CPU_SET_RDONLY)) == CPU_SET_ROOT) {
+ KASSERT(set->cs_parent != NULL,
+ ("jail.cpuset=%d is not a proper child of parent jail's root.",
+ set->cs_id));
+
+ /*
+ * cpuset_getroot() cannot work here due to how top-level jail
+ * roots are constructed. Top-level jails are parented to
+ * thread0's cpuset (i.e. cpuset 1) rather than the system root.
+ */
+ root = set->cs_parent;
+ } else {
+ root = cpuset_getroot(set);
+ }
mtx_lock_spin(&cpuset_lock);
if (root && !CPU_SUBSET(&root->cs_mask, mask)) {
error = EINVAL;