From nobody Fri Dec 16 18:00:46 2022 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NYcN73ls3z1G5L2 for ; Fri, 16 Dec 2022 18:00:55 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "gritton.org", Issuer "gritton.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NYcN64Kb5z3hyB for ; Fri, 16 Dec 2022 18:00:54 +0000 (UTC) (envelope-from jamie@gritton.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of jamie@gritton.org designates 162.220.209.3 as permitted sender) smtp.mailfrom=jamie@gritton.org; dmarc=none Received: from gritton.org ([127.0.0.3]) (authenticated bits=0) by gritton.org (8.16.1/8.16.1) with ESMTPA id 2BGI0kYq098223; Fri, 16 Dec 2022 10:00:46 -0800 (PST) (envelope-from jamie@gritton.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Date: Fri, 16 Dec 2022 10:00:46 -0800 From: James Gritton To: freebsd-jail@freebsd.org Cc: Zhenlei Huang Subject: Re: Is it possible to employ epoch to simplify managing prison lifecycle In-Reply-To: <9BD54A54-A809-4D3E-BCBA-639E6C61FE37@FreeBSD.org> References: <9BD54A54-A809-4D3E-BCBA-639E6C61FE37@FreeBSD.org> User-Agent: Roundcube Webmail/1.4.11 Message-ID: <4e87ce0b5ea89835d0fa05a91d6e4774@gritton.org> X-Sender: jamie@gritton.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip4:162.220.209.0/28]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; FREEMAIL_CC(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:30247, ipnet:162.220.208.0/22, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[gritton.org]; FREEFALL_USER(0.00)[jamie]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4NYcN64Kb5z3hyB X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N On 2022-12-16 06:41, Zhenlei Huang wrote: > While hacking `sys/kern/kern_jail.c` I got lost. > > There're lots of ref / unref and flags to prevent visit invalid prison > while > concurrent modification is possible and some refs looks weird. > > Is it possible to employ epoch(9) to simplify managing of prison > lifecycle ? I imagine it could be used, though I'm not sure offhand if it would make things more or less complicated. There are two issues with the prison_deref flags (which I assume you're talking about): Much of it is tracking whether/how the allprison_lock is held, and I don't see that changing. I want to make sure it remains locked as long as a half-formed prison is in the list, but I also want at least the exclusive holds to be as short as possible. I probably don't want to wait for some epoch timeout to remove something that's not in a usable state, and it doesn't seem right to keep hold of an exclusive lock until then. The other complexity is the two different kinds of reference counts, pr_uref for user-level visibility, and pr_ref for existing at all (and each with its prison_deref flag). I don't think that will change with epochs. I'm not very familiar with epoch(9), having only run into it by watching (but not really participating in) the changes with IP address lists falling under the network epoch. So there's probably more to the underlying concept that what little I got from that, and from a perusal of the man page. - Jamie