Date: Thu, 13 Jul 2006 18:15:02 +0900 From: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp> To: "Wojciech A. Koszek" <wkoszek@FreeBSD.org> Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: kern/99758: chown/chmod pty slave side in kernel Message-ID: <200607130915.k6D9F2eg054212@smr00.gssm.otsuka.tsukuba.ac.jp> In-Reply-To: Your message of "Fri, 07 Jul 2006 16:56:43 GMT" References: <200607060842.k668gK2K021382@smr00.gssm.otsuka.tsukuba.ac.jp> <200607071139.k67BdTqH027312@smr00.gssm.otsuka.tsukuba.ac.jp> <20060707165643.GA60398@FreeBSD.czest.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote: > I got stress2.tgz and done `./run.sh pty.cfg' and got the message like > > Memory modified after free ... > Most recently used by DEVFS1 > > The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c. > As you see, devfs_close() eventually calls ptcclose()/ptsclose() > which calls pty_maybecleanup() destroying devs for ptc&pts, but > devfs_close() then calls dev_relthread() which may access just freeed dev. > > I'm afraid that devfs is not designed to handle destroing dev during > close operation. > > I'm working on this problem with the idea: > i) destory_dev() should not free dev, but just mark inactive. > ii) devfs_populate() should actually free an inactive dev. > iii) modify devfs_find() and other routines to take care of an inactive dev > . > But no success yet ;-< I achieved a little success. Now (really now!), pty test of stress2 is running. I modified as follow: i) destroy_dev() in cdevs' close routine is not appropriate. I introduced hide_dev() (in kern/kern_conf.c) and devfs_hide() (in fs/devfs/devfs_devs.c) to make dev invisible from userland. (via devfs_find(), devfs_readdir() and so on.) ii) pty_maybecleanup() no longer calls destroy_dev(), but calls hide_dev() to make pts/ptc invisible. when both of pts/ptc are closed, link them to pt_free_list as usual (structure dev for ptc/pts are not destroyied!). pty_new() now takes care of destorying dev for ptc/pts. when a new ptc/pts is requested, search pt_free_list to find a devs' which are free!(i.e. si_usecount == 0). if found, destroy existing devs. if not found, things goes by as before. I use the name ptsXX, ptcXX instead of pts/XX, ptc/XX. (original naming causes system hungup related to vnode operation. I must solve this problem.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607130915.k6D9F2eg054212>