git: 90e09bfe799d - stable/14 - vfs: Let prison_enforce_statfs zero the fsid

Fri, 19 Dec 2025 10:06:36 -0800 

The branch stable/14 has been updated by des:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=90e09bfe799dc96e7e6e0071a053852cad152d96

commit 90e09bfe799dc96e7e6e0071a053852cad152d96
Author:     Dag-Erling Smørgrav <[email protected]>
AuthorDate: 2025-12-14 13:16:16 +0000
Commit:     Dag-Erling Smørgrav <[email protected]>
CommitDate: 2025-12-19 18:06:00 +0000

    vfs: Let prison_enforce_statfs zero the fsid
    
    Currently, we unconditionally zero the fsid before returning a struct
    statfs to a jailed process.  Move this into prison_enforce_statfs() so
    it only happens if enforce_statfs is greater than 1, or enforce_statfs
    is 1 but the mountpoint is outside the jail.
    
    PR:             291301
    MFC after:      1 week
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D54214
    
    (cherry picked from commit d4f25d0c7957f0f1960028eec82625c2d6405537)
---
 sys/kern/kern_jail.c    | 3 +++
 sys/kern/vfs_syscalls.c | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index ddfe742178c0..54b06ba803c5 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3751,11 +3751,14 @@ prison_enforce_statfs(struct ucred *cred, struct mount 
*mp, struct statfs *sp)
        if (pr->pr_enforce_statfs == 0)
                return;
        if (prison_canseemount(cred, mp) != 0) {
+               bzero(&sp->f_fsid, sizeof(sp->f_fsid));
                bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
                strlcpy(sp->f_mntonname, "[restricted]",
                    sizeof(sp->f_mntonname));
                return;
        }
+       if (pr->pr_enforce_statfs > 1)
+               bzero(&sp->f_fsid, sizeof(sp->f_fsid));
        if (pr->pr_root->v_mount == mp) {
                /*
                 * Clear current buffer data, so we are sure nothing from
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 9298d0202c5a..5c59d4dda2fd 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -293,10 +293,8 @@ kern_do_statfs(struct thread *td, struct mount *mp, struct 
statfs *buf)
        error = VFS_STATFS(mp, buf);
        if (error != 0)
                goto out;
-       if (priv_check_cred_vfs_generation(td->td_ucred)) {
-               buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
+       if (priv_check_cred_vfs_generation(td->td_ucred))
                prison_enforce_statfs(td->td_ucred, mp, buf);
-       }
 out:
        vfs_unbusy(mp);
        return (error);
@@ -548,7 +546,6 @@ restart:
                        sptmp = malloc(sizeof(struct statfs), M_STATFS,
                            M_WAITOK);
                        *sptmp = *sp;
-                       sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
                        prison_enforce_statfs(td->td_ucred, mp, sptmp);
                        sp = sptmp;
                } else

Reply via email to