Date: Sun, 09 Jul 2006 22:19:42 +0900 From: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp> To: "Wojciech A. Koszek" <wkoszek@FreeBSD.org> Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: kern/99758: chown/chmod pty slave side in kernel Message-ID: <200607091319.k69DJg39036632@smr00.gssm.otsuka.tsukuba.ac.jp> In-Reply-To: Your message of "Fri, 07 Jul 2006 16:56:43 GMT" References: <200607060842.k668gK2K021382@smr00.gssm.otsuka.tsukuba.ac.jp> <200607071139.k67BdTqH027312@smr00.gssm.otsuka.tsukuba.ac.jp> <20060707165643.GA60398@FreeBSD.czest.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
"Wojciech A. Koszek" writes: > Sure. I'm willing to hear more about your changes and patches! To reproduce > problems I've seen, try to download Peter Wemm's stress suite, compile it, > and run PTY code. As I recall, after unpacking stress2.tgz you'll have > run.sh script and pty<some_extension>. You run it by typing: ./run > ./pty<some_extension_maybe_conf>. Try to switch to other virtual terminal > and login. I got stress2.tgz and done `./run.sh pty.cfg' and got the message like Memory modified after free ... Most recently used by DEVFS1 The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c. As you see, devfs_close() eventually calls ptcclose()/ptsclose() which calls pty_maybecleanup() destroying devs for ptc&pts, but devfs_close() then calls dev_relthread() which may access just freeed dev. I'm afraid that devfs is not designed to handle destroing dev during close operation. I'm working on this problem with the idea: i) destory_dev() should not free dev, but just mark inactive. ii) devfs_populate() should actually free an inactive dev. iii) modify devfs_find() and other routines to take care of an inactive dev. But no success yet ;-<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607091319.k69DJg39036632>