Date: Thu, 8 Apr 2010 09:12:58 +0200 (CEST) From: Petr Salinger <Petr.Salinger@seznam.cz> To: Kostik Belousov <kostikbel@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: leak of the vnodes Message-ID: <Pine.LNX.4.62.1004080911200.30362@sci.felk.cvut.cz> In-Reply-To: <20100407233322.GA31481@hall.aurel32.net> References: <20100406140308.GY2415@deviant.kiev.zoral.com.ua> <20100406140852.GZ2415@deviant.kiev.zoral.com.ua> <20100406144402.GB2415@deviant.kiev.zoral.com.ua> <Pine.LNX.4.62.1004062154060.26438@sci.felk.cvut.cz> <20100406210321.GE2415@deviant.kiev.zoral.com.ua> <Pine.LNX.4.62.1004070838050.27621@sci.felk.cvut.cz> <20100407095928.GG2415@deviant.kiev.zoral.com.ua> <Pine.LNX.4.62.1004072256540.29016@sci.felk.cvut.cz> <20100407215256.GA2739@hall.aurel32.net> <20100407215841.GL2415@deviant.kiev.zoral.com.ua> <20100407233322.GA31481@hall.aurel32.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>> Bellow is leaking recipe tested under GNU/kFreeBSD. >>>> I would expect it leaks vnodes also under plain FreeBSD. >>>> >>> >>> I confirm it is reproducible on plain FreeBSD. Looks like a security >>> issue, as a normal user can create a local DoS in a few dozen of >>> seconds. >> >> I already posted the following patch in private. > > Thanks, I confirm it fixes the problem, at least the testcase posted by > Petr. > >> diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c >> index 5cfbc71..e9dac77 100644 >> --- a/sys/kern/tty_pts.c >> +++ b/sys/kern/tty_pts.c >> @@ -575,6 +575,9 @@ ptsdev_close(struct file *fp, struct thread *td) >> tty_lock(tp); >> tty_rel_gone(tp); >> >> + if (fp->f_vnode != NULL) >> + return (vnops.fo_close(fp, td)); >> + >> return (0); >> } It fixes also our original issue with testsuite of gcc-4.3 under 8.0-RELEASE. Many thanks for this patch and for your guidance during this bug hunt. Petr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.62.1004080911200.30362>