K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-02-24T01:41:41.245809Z
K 7
svn:log
V 832
MFC jail: Handle a possible race between jail_remove(2) and fork(2)

jail_remove(2) includes a loop that sends SIGKILL to all processes
in a jail, but skips processes in PRS_NEW state.  Thus it is possible
the a process in mid-fork(2) during jail removal can survive the jail
being removed.

Add a prison flag PR_REMOVE, which is checked before the new process
returns.  If the jail is being removed, the process will then exit.
Also check this flag in jail_attach(2) which has a similar issue.

Approved by:	so
Security:	CVE-2020-25581
Security:	FreeBSD-SA-21:04.jail_remove
Reported by:	mjg
Approved by:	kib

(cherry picked from commit cc7b73065302005ebc4a19503188c8d6d5eb923d)
(cherry picked from commit c837631bd47af73d03e3d8907f1e58b88403007c)

Git Hash:   491cafa9611306ec513c9cbcb766a49ff7167dad
Git Author: jamie@FreeBSD.org
END