kern/99758: chown/chmod pty slave side in kernel

Atsuo Ohki ohki at
Sun Jul 9 13:19:47 UTC 2006

"Wojciech A. Koszek" writes:
> Sure. I'm willing to hear more about your changes and patches! To reproduce
> problems I've seen, try to download Peter Wemm's stress suite, compile it,
> and run PTY code. As I recall, after unpacking stress2.tgz you'll have
> script and pty<some_extension>. You run it by typing: ./run
> ./pty<some_extension_maybe_conf>. Try to switch to other virtual terminal
> and login.

 I got stress2.tgz and done `./ pty.cfg' and got the message like

	Memory modified after free ...
	Most recently used by DEVFS1

 The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c.
 As you see, devfs_close() eventually calls ptcclose()/ptsclose()
 which calls pty_maybecleanup() destroying devs for ptc&pts, but
 devfs_close() then calls dev_relthread() which may access just freeed dev.

 I'm afraid that devfs is not designed to handle destroing dev during
 close operation.

 I'm working on this problem with the idea:
  i) destory_dev() should not free dev, but just mark inactive.
  ii) devfs_populate() should actually free an inactive dev.
  iii) modify devfs_find() and other routines to take care of an inactive dev.
 But no success yet ;-<

More information about the freebsd-bugs mailing list