From nobody Mon Dec 26 20:42:26 2022 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ngqgk1gQsz1HwHB for ; Mon, 26 Dec 2022 20:50:58 +0000 (UTC) (envelope-from glebius@freebsd.org) Received: from glebi.us (glebi.us [162.251.186.162]) by mx1.freebsd.org (Postfix) with ESMTP id 4Ngqgj4l1Gz43RB; Mon, 26 Dec 2022 20:50:57 +0000 (UTC) (envelope-from glebius@freebsd.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=softfail (mx1.freebsd.org: 162.251.186.162 is neither permitted nor denied by domain of glebius@freebsd.org) smtp.mailfrom=glebius@freebsd.org; dmarc=none Received: by glebi.us (Postfix, from userid 1000) id D877429F68; Mon, 26 Dec 2022 12:42:26 -0800 (PST) Date: Mon, 26 Dec 2022 12:42:26 -0800 From: Gleb Smirnoff To: Zhenlei Huang Cc: Mark Johnston , "Bjoern A. Zeeb" , "freebsd-jail@freebsd.org" Subject: Re: What's going on with vnets and epairs w/ addresses? Message-ID: References: <5r22os7n-ro15-27q-r356-rps331o06so5@mnoonqbm.arg> <150A60D6-6757-46DD-988F-05A9FFA36821@FreeBSD.org> List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <150A60D6-6757-46DD-988F-05A9FFA36821@FreeBSD.org> X-Spamd-Result: default: False [1.52 / 15.00]; VIOLATED_DIRECT_SPF(3.50)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.977]; MIME_GOOD(-0.10)[text/plain]; RCVD_NO_TLS_LAST(0.10)[]; RCPT_COUNT_THREE(0.00)[4]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[freebsd.org]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; FREEFALL_USER(0.00)[glebius]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; R_SPF_SOFTFAIL(0.00)[~all:c]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:27348, ipnet:162.251.186.0/24, country:US]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; GREYLIST(0.00)[pass,body] X-Rspamd-Queue-Id: 4Ngqgj4l1Gz43RB X-Spamd-Bar: + X-ThisMailContainsUnwantedMimeParts: N Zhenlei, Bjoern, Mark, sorry for delayed response on this thread. Back when the problem was first introduced, I made a code that forces purge of SMR zones. However, I didn't push it in, hence the change on the test suite side to remove interfaces from inside the jail before destroying it was sufficient to close all leaks associated with the test suite. I just rebased the code to fresh main and put it here: https://github.com/glebius/FreeBSD/tree/smr-purge The proof of concept based on the test from Zhenlei looks like this: #!/bin/sh n="test_ref_leak" jail -c name=$n path=/ vnet persist # The following line trigger jail pr_ref leak jexec $n ifconfig lo0 inet 127.0.0.1/8 jail -R $n for zone in tcp_inpcb udp_inpcb; do sysctl vm.uma_zone_reclaim=${zone} done jls -j $n At the point of the call to jls(8) the jail no longer exists. My opinion on the whole problem matches Mark's opinion, that he expressed in his email on December 20. I like the idea of doing the prison checks at a later stage of inpcb lookup, especially given new discoveries on the performance impact by Drew. The proper fix may take a while. In addition to that I have strong opinion against the way we move interfaces between the jails. I claim that if did it right (tm), the problem we are talking about won't exist even with all the existing layering violations between inpcb+smr and jails+epoch. I will write a longer email on what I believe is the right (tm) way to manage interfaces/devices within jails. We already have had discussions on that with Alexander melifaro@ and Warner imp@. However, proper implementation will take a while. We may use code from my smr-purge branch as a temporary solution. Any thoughts on that? -- Gleb Smirnoff