From owner-svn-src-stable-11@freebsd.org Thu Oct 18 22:14:50 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3CCDF76EFD; Thu, 18 Oct 2018 22:14:50 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 44DD1813D7; Thu, 18 Oct 2018 22:14:50 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local ([199.201.64.140]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w9IMEmKI006642 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 18 Oct 2018 15:14:48 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: svn commit: r339411 - stable/11/sys/kern To: Jamie Gritton , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org References: <201810171617.w9HGHvVx031753@repo.freebsd.org> From: Julian Elischer Message-ID: Date: Thu, 18 Oct 2018 15:14:42 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <201810171617.w9HGHvVx031753@repo.freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 22:14:50 -0000 On 17/10/18 9:17 am, Jamie Gritton wrote: > Author: jamie > Date: Wed Oct 17 16:17:57 2018 > New Revision: 339411 > URL: https://svnweb.freebsd.org/changeset/base/339411 > > Log: > MFC r339211: > > Fix the test prohibiting jails from sharing IP addresses. > > It's not supposed to be legal for two jails to contain the same IP address, > unless both jails contain only that one address. This is the behavior > documented in jail(8), and is there to prevent confusion when multiple > jails are listening on IADDR_ANY. > > VIMAGE jails (now the default for GENERIC kernels) test this correctly, > but non-VIMAGE jails have been performing an incomplete test when nested > jails are used. I think VIMAGE Jails should be able to have the same address optionally..  who says they are even in the same universe? > > Modified: > stable/11/sys/kern/kern_jail.c > Directory Properties: > stable/11/ (props changed) > > Modified: stable/11/sys/kern/kern_jail.c > ============================================================================== > --- stable/11/sys/kern/kern_jail.c Wed Oct 17 16:17:56 2018 (r339410) > +++ stable/11/sys/kern/kern_jail.c Wed Oct 17 16:17:57 2018 (r339411) > @@ -1411,11 +1411,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i > * there is a duplicate on a jail with more than one > * IP stop checking and return error. > */ > - tppr = ppr; > #ifdef VIMAGE > - for (; tppr != &prison0; tppr = tppr->pr_parent) > + for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent) > if (tppr->pr_flags & PR_VNET) > break; > +#else > + tppr = &prison0; > #endif > FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { > if (tpr == pr || > @@ -1478,11 +1479,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i > } > } > /* Check for conflicting IP addresses. */ > - tppr = ppr; > #ifdef VIMAGE > - for (; tppr != &prison0; tppr = tppr->pr_parent) > + for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent) > if (tppr->pr_flags & PR_VNET) > break; > +#else > + tppr = &prison0; > #endif > FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { > if (tpr == pr || > >