kern/89528: [jail] impossible to kill a jail
John Baldwin
jhb at freebsd.org
Fri Jan 5 19:28:19 UTC 2007
On Thursday 04 January 2007 15:14, Ed Schouten wrote:
> Hello everyone,
>
> I decided to investigate this bug because I think the bug is quite
> irritating. After adding some ddb show commands to the source and
> reading a lot of code, I think I understand the problem:
>
> The tty code doesn't leak any ucreds, it's the devfs code that
> crhold()'s an ucred structure. When a new pty is needed, the tty_pty
> code allocates a new pty. It also runs make_dev_cred(), to which it
> passes the thread's ucred. This function calls make_dev_credv(), which
> finally runs crhold().
>
> As long as pty's have been allocated that have been created by threads
> in a jail, the prison structure has more references, causing the zombie
> jails to exist.
Why aren't the pty's destroyed? Once all references to the pty are closed it
should be destroyed and the resulting devfs_free() should drop the reference.
Is the pty somehow stuck on the dead_cdevsw?
--
John Baldwin
More information about the freebsd-hackers
mailing list