Date: Tue, 3 Jan 2023 08:59:33 +0800 From: Zhenlei Huang <zlei.huang@gmail.com> To: Gleb Smirnoff <glebius@freebsd.org> Cc: Mark Johnston <markj@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org>, "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: What's going on with vnets and epairs w/ addresses? Message-ID: <BF155413-2253-4B13-AEF8-14632039266A@gmail.com> In-Reply-To: <Y6oHMofc1rG8K0kE@FreeBSD.org> References: <5r22os7n-ro15-27q-r356-rps331o06so5@mnoonqbm.arg> <B6C70A88-11F8-40D7-85E4-63BBA0F7931D@FreeBSD.org> <150A60D6-6757-46DD-988F-05A9FFA36821@FreeBSD.org> <Y6oHMofc1rG8K0kE@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Happy New Year 2023! > On Dec 27, 2022, at 4:42 AM, Gleb Smirnoff <glebius@freebsd.org> = wrote: >=20 > Zhenlei, Bjoern, Mark, >=20 > sorry for delayed response on this thread. Back when the problem > was first introduced, I made a code that forces purge of SMR zones. > However, I didn't push it in, hence the change on the test suite side > to remove interfaces from inside the jail before destroying it was > sufficient to close all leaks associated with the test suite. >=20 > I just rebased the code to fresh main and put it here: >=20 > https://github.com/glebius/FreeBSD/tree/smr-purge >=20 > The proof of concept based on the test from Zhenlei looks like this: >=20 > #!/bin/sh > n=3D"test_ref_leak" >=20 > jail -c name=3D$n path=3D/ vnet persist > # The following line trigger jail pr_ref leak > jexec $n ifconfig lo0 inet 127.0.0.1/8 >=20 > jail -R $n >=20 > for zone in tcp_inpcb udp_inpcb; do > sysctl vm.uma_zone_reclaim=3D${zone} > done >=20 > jls -j $n >=20 > At the point of the call to jls(8) the jail no longer exists. >=20 > My opinion on the whole problem matches Mark's opinion, that he = expressed > in his email on December 20. I like the idea of doing the prison > checks at a later stage of inpcb lookup, especially given new = discoveries > on the performance impact by Drew. The proper fix may take a while. >=20 > In addition to that I have strong opinion against the way we move = interfaces > between the jails. I claim that if did it right (tm), the problem we = are > talking about won't exist even with all the existing layering = violations > between inpcb+smr and jails+epoch. I will write a longer email on what = I > believe is the right (tm) way to manage interfaces/devices within = jails. > We already have had discussions on that with Alexander melifaro@ and = Warner > imp@. However, proper implementation will take a while. >=20 > We may use code from my smr-purge branch as a temporary solution. Any > thoughts on that? The code in smr-purge branch should also apply to non-vnet jails. I think it is OK as a temporary solution. >=20 > --=20 > Gleb Smirnoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BF155413-2253-4B13-AEF8-14632039266A>