On Thu, Apr 08, 2010 at 12:58:41AM +0300, Kostik Belousov wrote: > On Wed, Apr 07, 2010 at 11:52:56PM +0200, Aurelien Jarno wrote: > > On Wed, Apr 07, 2010 at 11:05:28PM +0200, Petr Salinger wrote: > > >>> What have to be logged ? > > >> Please look at ddb command "show files", implemented in > > >> kern/kern_descrip.c, > > >> lines 3284-3305 on HEAD. Instead of doing full dump, you can manually > > >> inspect the output. Or, you can write some code that would search the > > >> suspicious vnodes among the vnodes referenced from the processes > > >> opened files. Vnode is probably leaked if use count is > 0 but no > > >> process has vnode referenced by struct file. > > > > > > See attached file. > > > > > >>>> I think there should be something else going on. > > > > > > Bellow is leaking recipe tested under GNU/kFreeBSD. > > > I would expect it leaks vnodes also under plain FreeBSD. > > > > > > > I confirm it is reproducible on plain FreeBSD. Looks like a security > > issue, as a normal user can create a local DoS in a few dozen of > > seconds. > > I already posted the following patch in private.
Thanks, I confirm it fixes the problem, at least the testcase posted by Petr. > diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c > index 5cfbc71..e9dac77 100644 > --- a/sys/kern/tty_pts.c > +++ b/sys/kern/tty_pts.c > @@ -575,6 +575,9 @@ ptsdev_close(struct file *fp, struct thread *td) > tty_lock(tp); > tty_rel_gone(tp); > > + if (fp->f_vnode != NULL) > + return (vnops.fo_close(fp, td)); > + > return (0); > } > -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
