jail: Fix redoing ip restricting
`prison_ip_restrict()` is called in loop FOREACH_PRISON_DESCENDANT_LOCKED.
While under low memory, it is still possible that in subsequent rounds
`prison_ip_restrict()` succeed and `redo_ip[46]` flip over from true to
false, thus leave some prisons's IPv[46] addresses unrestricted.
Reviewed by: jamie
Fixes: 8bce8d28ab
jail: Avoid multipurpose return value of function prison_ip_restrict()
Differential Revision: https://reviews.freebsd.org/D38697
This commit is contained in:
parent
192a001984
commit
b2d76b52fd
@ -2047,7 +2047,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
redo_ip4 = !prison_ip_restrict(tpr, PR_INET, &ip4);
|
||||
if (!prison_ip_restrict(tpr, PR_INET, &ip4))
|
||||
redo_ip4 = true;
|
||||
}
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
}
|
||||
@ -2066,7 +2067,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
redo_ip6 = !prison_ip_restrict(tpr, PR_INET6, &ip6);
|
||||
if (!prison_ip_restrict(tpr, PR_INET6, &ip6))
|
||||
redo_ip6 = true;
|
||||
}
|
||||
mtx_unlock(&pr->pr_mtx);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user