kern/99758: chown/chmod pty slave side in kernel

Atsuo Ohki ohki at gssm.otsuka.tsukuba.ac.jp
Thu Jul 13 09:20:27 UTC 2006 

The following reply was made to PR kern/99758; it has been noted by GNATS.

From: Atsuo Ohki <ohki at gssm.otsuka.tsukuba.ac.jp>
To: "Wojciech A. Koszek" <wkoszek at FreeBSD.org>
Cc: Robert Watson <rwatson at FreeBSD.org>, freebsd-gnats-submit at FreeBSD.org,
        freebsd-bugs at FreeBSD.org
Subject: Re: kern/99758: chown/chmod pty slave side in kernel
Date: Thu, 13 Jul 2006 18:15:02 +0900

 I wrote:
 >  I got stress2.tgz and done `./run.sh pty.cfg' and got the message like
 > 
 > 	Memory modified after free ...
 > 	Most recently used by DEVFS1
 > 
 >  The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c.
 >  As you see, devfs_close() eventually calls ptcclose()/ptsclose()
 >  which calls pty_maybecleanup() destroying devs for ptc&pts, but
 >  devfs_close() then calls dev_relthread() which may access just freeed dev.
 > 
 >  I'm afraid that devfs is not designed to handle destroing dev during
 >  close operation.
 > 
 >  I'm working on this problem with the idea:
 >   i) destory_dev() should not free dev, but just mark inactive.
 >   ii) devfs_populate() should actually free an inactive dev.
 >   iii) modify devfs_find() and other routines to take care of an inactive dev
 > .
 >  But no success yet ;-<
 
  I achieved a little success.
  Now (really now!),  pty test of stress2 is running.
 
  I modified as follow:
  
  i) destroy_dev() in cdevs' close routine is not appropriate.
     I introduced hide_dev() (in kern/kern_conf.c) and
     devfs_hide() (in fs/devfs/devfs_devs.c) to make dev invisible 
     from userland. (via devfs_find(), devfs_readdir() and so on.)
 
  ii) pty_maybecleanup() no longer calls destroy_dev(), but
      calls hide_dev() to make pts/ptc invisible.
      when both of pts/ptc are closed, link them to pt_free_list
      as usual (structure dev for ptc/pts are not destroyied!).
 
      pty_new() now takes care of destorying dev for ptc/pts.
      when a new ptc/pts is requested, search pt_free_list to
      find a devs' which are free!(i.e. si_usecount == 0).
      if found, destroy existing devs.
      if not found, things goes by as before.
 
      I use the name ptsXX, ptcXX instead of pts/XX, ptc/XX.
      (original naming causes system hungup related to vnode operation.
       I must solve this problem.)

More information about the freebsd-bugs mailing list