From owner-freebsd-current@FreeBSD.ORG  Mon Feb 16 07:00:58 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id A061816A4CE; Mon, 16 Feb 2004 07:00:58 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5DAA643D1F; Mon, 16 Feb 2004 07:00:58 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i1GF0TDL074033;
	Mon, 16 Feb 2004 10:00:29 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i1GF0T8T074029;
	Mon, 16 Feb 2004 10:00:29 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 16 Feb 2004 10:00:29 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
In-Reply-To: <20040216133617.GD14639@garage.freebsd.pl>
Message-ID: <Pine.NEB.3.96L.1040216095603.63057G-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: scottl@FreeBSD.org
cc: current@FreeBSD.org
Subject: Re: Jails that keep hanging around
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2004 15:00:58 -0000


On Mon, 16 Feb 2004, Pawel Jakub Dawidek wrote:

> Yeah, there is a cred leak and I am the one who track it down!:) 
> 
> 	http://garage.freebsd.pl/patches/tcp_subr.c.patch
> 
> Don't do 'jls' just after killing 'nc', because cred will be freed after
> timeout, so wait few minutes and then try 'jls'. 
> 
> If there is no objections I'm going to commit it tomorrow. 

Nice catch -- looks like that has been there since the introduction of
reduced state time wait in early 2003.  That was never merged to RELENG_4,
so isn't present there.  One request -- NULL the tw_cred pointer as is
done with the other fields, so that if there is a failure to initialize it
propery later, we get a panic instead of something less predictable.

As you point out, this is actually a relatively benign leak in most
systems, because credentials are reference counted copy-on-write, and
relatively small data structures.  In most cases, there are relatively few
unique credentials floating around the system, and they are heavily
reused.  Each time a jail is created, it results in several credential
modifications (one for the jail system call, then the setuid/etc calls
during the setup of processes in the jails), increasing the chances a leak
will be noticed, especially now that we have a tool to list instances of
ojects referenced by credentials.

Thanks,

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research