Re: Is it possible to employ epoch to simplify managing prison lifecycle

On 2022-12-16 06:41, Zhenlei Huang wrote:
> While hacking `sys/kern/kern_jail.c` I got lost.
> 
> There're lots of ref / unref and flags to prevent visit invalid prison 
> while
>  concurrent modification is possible and some refs looks weird.
> 
> Is it possible to employ epoch(9) to simplify managing of prison 
> lifecycle ?

I imagine it could be used, though I'm not sure offhand if it would make 
things more or less complicated.  There are two issues with the 
prison_deref flags (which I assume you're talking about):

Much of it is tracking whether/how the allprison_lock is held, and I 
don't see that changing.  I want to make sure it remains locked as long 
as a half-formed prison is in the list, but I also want at least the 
exclusive holds to be as short as possible.  I probably don't want to 
wait for some epoch timeout to remove something that's not in a usable 
state, and it doesn't seem right to keep hold of an exclusive lock until 
then.

The other complexity is the two different kinds of reference counts, 
pr_uref for user-level visibility, and pr_ref for existing at all (and 
each with its prison_deref flag).  I don't think that will change with 
epochs.

I'm not very familiar with epoch(9), having only run into it by watching 
(but not really participating in) the changes with IP address lists 
falling under the network epoch.  So there's probably more to the 
underlying concept that what little I got from that, and from a perusal 
of the man page.

- Jamie