o Introduce pr_mtx into struct prison, providing protection for the

  mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb

1 files changed, 8 insertions, 2 deletions

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 01216bd..ef45c5b 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1278,9 +1278,12 @@ securelevel_gt(struct ucred *cr, int level)
 	active_securelevel = securelevel;
 	if (cr == NULL)
 		printf("securelevel_gt: cr is NULL\n");
-	if (cr->cr_prison != NULL)
+	if (cr->cr_prison != NULL) {
+		mtx_lock(&cr->cr_prison->pr_mtx);
 		active_securelevel = imax(cr->cr_prison->pr_securelevel,
 		    active_securelevel);
+		mtx_unlock(&cr->cr_prison->pr_mtx);
+	}
 	return (active_securelevel > level ? EPERM : 0);
 }
 
@@ -1292,9 +1295,12 @@ securelevel_ge(struct ucred *cr, int level)
 	active_securelevel = securelevel;
 	if (cr == NULL)
 		printf("securelevel_gt: cr is NULL\n");
-	if (cr->cr_prison != NULL)
+	if (cr->cr_prison != NULL) {
+		mtx_lock(&cr->cr_prison->pr_mtx);
 		active_securelevel = imax(cr->cr_prison->pr_securelevel,
 		    active_securelevel);
+		mtx_unlock(&cr->cr_prison->pr_mtx);
+	}
 	return (active_securelevel >= level ? EPERM : 0);
 }