K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-02-24T01:43:39.074194Z
K 7
svn:log
V 832
MFC jail: Handle a possible race between jail_remove(2) and fork(2)

jail_remove(2) includes a loop that sends SIGKILL to all processes
in a jail, but skips processes in PRS_NEW state.  Thus it is possible
the a process in mid-fork(2) during jail removal can survive the jail
being removed.

Add a prison flag PR_REMOVE, which is checked before the new process
returns.  If the jail is being removed, the process will then exit.
Also check this flag in jail_attach(2) which has a similar issue.

Approved by:	so
Security:	CVE-2020-25581
Security:	FreeBSD-SA-21:04.jail_remove
Reported by:	mjg
Approved by:	kib

(cherry picked from commit cc7b73065302005ebc4a19503188c8d6d5eb923d)
(cherry picked from commit f7007a7d05255a6859dea0982b1f0a6d695e8881)

Git Hash:   b306be13a9c7ea0db8979a8a53dca93f90ec59cc
Git Author: jamie@FreeBSD.org
END