cvs commit: src/sys/kern tty_pty.c
Kris Kennaway
kris at obsecurity.org
Fri Sep 29 11:43:42 PDT 2006
On Fri, Sep 29, 2006 at 08:26:40PM +0200, Martin Blapp wrote:
>
> Hi all,
>
> > Free tty struct after last close. This should fix the pty-leak by numbers.
> > Remove workarounds for tty_refcount beeing 0, this will be fixed
> > differently
> > later.
> >
> > Back out rev 1.145 since we initialize the tty struct from scratch and bad
> > things can't happen anymore.
> >
>
> Sigh. Peter Holmes stress tests did show that we still have problems. With
> the beckout of rev. 1.145 we get again the same panics as the pty_pts code
> does.
> This is deep somewhere in the devfs code. It does happen with/without
> freeing
> struct tty.
>
> Memory modified after free 0xc45b7d00(252) val=deadc0dd @ 0xc45b7d70
> panic: Most recently used by DEVFS1
You can identify precisely where the use-after-free occurs by
configuring DEBUG_MEMGUARD; I posted a trace of what is probably the
same bug once to current@ once but don't have it to hand.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20060929/583acfca/attachment.pgp
More information about the cvs-all
mailing list