From owner-freebsd-current@FreeBSD.ORG  Mon Feb 16 07:12:21 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B432D16A4CE; Mon, 16 Feb 2004 07:12:21 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 185A243D1F; Mon, 16 Feb 2004 07:12:21 -0800 (PST)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (zpc7v5b0@news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id i1GFCIo26276428;
	Mon, 16 Feb 2004 18:12:18 +0300 (MSK)
Date: Mon, 16 Feb 2004 18:12:18 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
In-Reply-To: <20040216140720.GE14639@garage.freebsd.pl>
Message-ID: <20040216175831.G39007@news1.macomnet.ru>
References: <200402151714.26631.freebsd-current@webteckies.org>
	<20040216133617.GD14639@garage.freebsd.pl>
	<20040216140720.GE14639@garage.freebsd.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: scottl@FreeBSD.org
cc: rwatson@FreeBSD.org
cc: current@FreeBSD.org
Subject: Re: Jails that keep hanging around
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2004 15:12:21 -0000

On Mon, 16 Feb 2004, 15:07+0100, Pawel Jakub Dawidek wrote:

> On Mon, Feb 16, 2004 at 04:47:25PM +0300, Maxim Konovalov wrote:
> +> > If there is no objections I'm going to commit it tomorrow.
> +>
> +> What I really do not understand why we do not leak in non-jail
> +> environment?
>
> I'm sure we are, this is just hard to check, because we don't have
> list with allocated 'cred' structures.
>
> But try to do your test without a jail and track 2nd column in:
>
> 	# sysctl kern.malloc | grep cred
>
> Number of objects grows when I'm killing daemon while connection
> exists. I'm wondering if this cannot be used to some DoS attack.

Can't reproduce:

$ vmstat -m | grep cred
         cred    38     5K      5K    22714  128

[ serveral nc & telnet tests I port early in non-jail environment ]

$ vmstat -m | grep cred
         cred    38     5K      5K    22833  128

[ same tests in jail ]

$ vmstat -m | grep cred
         cred    42     6K      6K    23034  128
$ jls
   JID  IP Address      Hostname                      Path
     4  127.0.0.1       j                             /
     3  127.0.0.1       j                             /
     2  127.0.0.1       j                             /
     1  127.0.0.1       j                             /

-- 
Maxim Konovalov