leak of the vnodes
Kostik Belousov
kostikbel at gmail.com
Wed Apr 7 21:58:56 UTC 2010
On Wed, Apr 07, 2010 at 11:52:56PM +0200, Aurelien Jarno wrote:
> On Wed, Apr 07, 2010 at 11:05:28PM +0200, Petr Salinger wrote:
> >>> What have to be logged ?
> >> Please look at ddb command "show files", implemented in kern/kern_descrip.c,
> >> lines 3284-3305 on HEAD. Instead of doing full dump, you can manually
> >> inspect the output. Or, you can write some code that would search the
> >> suspicious vnodes among the vnodes referenced from the processes
> >> opened files. Vnode is probably leaked if use count is > 0 but no
> >> process has vnode referenced by struct file.
> >
> > See attached file.
> >
> >>>> I think there should be something else going on.
> >
> > Bellow is leaking recipe tested under GNU/kFreeBSD.
> > I would expect it leaks vnodes also under plain FreeBSD.
> >
>
> I confirm it is reproducible on plain FreeBSD. Looks like a security
> issue, as a normal user can create a local DoS in a few dozen of
> seconds.
I already posted the following patch in private.
diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c
index 5cfbc71..e9dac77 100644
--- a/sys/kern/tty_pts.c
+++ b/sys/kern/tty_pts.c
@@ -575,6 +575,9 @@ ptsdev_close(struct file *fp, struct thread *td)
tty_lock(tp);
tty_rel_gone(tp);
+ if (fp->f_vnode != NULL)
+ return (vnops.fo_close(fp, td));
+
return (0);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20100407/1a465118/attachment.pgp
More information about the freebsd-hackers
mailing list