Date: Thu, 13 Jul 2006 18:15:02 +0900 From: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp> To: "Wojciech A. Koszek" <wkoszek@FreeBSD.org> Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: kern/99758: chown/chmod pty slave side in kernel Message-ID: <200607130915.k6D9F2eg054212@smr00.gssm.otsuka.tsukuba.ac.jp> In-Reply-To: Your message of "Fri, 07 Jul 2006 16:56:43 GMT" References: <200607060842.k668gK2K021382@smr00.gssm.otsuka.tsukuba.ac.jp> <200607071139.k67BdTqH027312@smr00.gssm.otsuka.tsukuba.ac.jp> <20060707165643.GA60398@FreeBSD.czest.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote:
> I got stress2.tgz and done `./run.sh pty.cfg' and got the message like
>
> Memory modified after free ...
> Most recently used by DEVFS1
>
> The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c.
> As you see, devfs_close() eventually calls ptcclose()/ptsclose()
> which calls pty_maybecleanup() destroying devs for ptc&pts, but
> devfs_close() then calls dev_relthread() which may access just freeed dev.
>
> I'm afraid that devfs is not designed to handle destroing dev during
> close operation.
>
> I'm working on this problem with the idea:
> i) destory_dev() should not free dev, but just mark inactive.
> ii) devfs_populate() should actually free an inactive dev.
> iii) modify devfs_find() and other routines to take care of an inactive dev
> .
> But no success yet ;-<
I achieved a little success.
Now (really now!), pty test of stress2 is running.
I modified as follow:
i) destroy_dev() in cdevs' close routine is not appropriate.
I introduced hide_dev() (in kern/kern_conf.c) and
devfs_hide() (in fs/devfs/devfs_devs.c) to make dev invisible
from userland. (via devfs_find(), devfs_readdir() and so on.)
ii) pty_maybecleanup() no longer calls destroy_dev(), but
calls hide_dev() to make pts/ptc invisible.
when both of pts/ptc are closed, link them to pt_free_list
as usual (structure dev for ptc/pts are not destroyied!).
pty_new() now takes care of destorying dev for ptc/pts.
when a new ptc/pts is requested, search pt_free_list to
find a devs' which are free!(i.e. si_usecount == 0).
if found, destroy existing devs.
if not found, things goes by as before.
I use the name ptsXX, ptcXX instead of pts/XX, ptc/XX.
(original naming causes system hungup related to vnode operation.
I must solve this problem.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607130915.k6D9F2eg054212>