From owner-cvs-all@FreeBSD.ORG Thu Apr 24 02:15:56 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C542637B401; Thu, 24 Apr 2003 02:15:56 -0700 (PDT) Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au [210.50.76.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E63F43FA3; Thu, 24 Apr 2003 02:15:56 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from dilbert.robbins.dropbear.id.au (210.50.216.159) by smtp02.syd.iprimus.net.au (7.0.012) id 3E8A1600004327B2; Thu, 24 Apr 2003 19:15:54 +1000 Received: by dilbert.robbins.dropbear.id.au (Postfix, from userid 1000) id B5A8DC90D; Thu, 24 Apr 2003 19:15:57 +1000 (EST) Date: Thu, 24 Apr 2003 19:15:57 +1000 From: Tim Robbins To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Message-ID: <20030424191557.A63073@dilbert.robbins.dropbear.id.au> References: <200304240816.h3O8G7U9072127@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200304240816.h3O8G7U9072127@repoman.freebsd.org>; from tjr@FreeBSD.org on Thu, Apr 24, 2003 at 01:16:07AM -0700 Subject: Re: cvs commit: src/sys/kern vfs_mount.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2003 09:15:57 -0000 On Thu, Apr 24, 2003 at 01:16:07AM -0700, Tim J. Robbins wrote: > tjr 2003/04/24 01:16:07 PDT > > FreeBSD src repository > > Modified files: > sys/kern vfs_mount.c > Log: > Free mount credentials (mnt_cred) when freeing the mount struct > in failure cases to avoid leaking struct ucreds, and ultimately > leaking struct uidinfo references. Here's the full log message, which explains the implications of the uidinfo refcount leak. //depot/user/tjr/freebsd-tjr/src/sys/kern/vfs_mount.c ... #3 change 29586 edit on 2003/04/23 by tjr@tjr_dev (text+ko) Free mount credentials (mnt_cred) when freeing the mount struct in failures cases to avoid leaking struct ucreds, and ultimately leaking struct uidinfo references. Since the uidinfo reference count was only a "u_short" until a few days ago, this leak could quite easily have caused an overflow after a few thousand failed mount attempts, leading to the struct uidinfo being freed prematurely and the panics in uifree() that Kris was seeing on the ports cluster. I'm not sure that this specific cred leak was causing the problems -- I will look for more. Tim