From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 8 05:07:11 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 37FF7106564A for ; Thu, 8 Apr 2010 05:07:10 +0000 (UTC) (envelope-from Petr.Salinger@seznam.cz) Received: from relay.felk.cvut.cz (relay.felk.cvut.cz [147.32.80.7]) by mx1.freebsd.org (Postfix) with ESMTP id 77D1D8FC08 for ; Thu, 8 Apr 2010 05:07:09 +0000 (UTC) Received: from sci.felk.cvut.cz (sci.felk.cvut.cz [147.32.83.100]) by relay.felk.cvut.cz (8.14.3/8.14.3) with ESMTP id o3856x2n054888; Thu, 8 Apr 2010 07:06:59 +0200 (CEST) (envelope-from Petr.Salinger@seznam.cz) Date: Thu, 8 Apr 2010 09:12:58 +0200 (CEST) From: Petr Salinger X-X-Sender: salinger@sci.felk.cvut.cz To: Kostik Belousov In-Reply-To: <20100407233322.GA31481@hall.aurel32.net> Message-ID: References: <20100406140308.GY2415@deviant.kiev.zoral.com.ua> <20100406140852.GZ2415@deviant.kiev.zoral.com.ua> <20100406144402.GB2415@deviant.kiev.zoral.com.ua> <20100406210321.GE2415@deviant.kiev.zoral.com.ua> <20100407095928.GG2415@deviant.kiev.zoral.com.ua> <20100407215256.GA2739@hall.aurel32.net> <20100407215841.GL2415@deviant.kiev.zoral.com.ua> <20100407233322.GA31481@hall.aurel32.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-FELK-MailScanner-Information: X-MailScanner-ID: o3856x2n054888 X-FELK-MailScanner: Found to be clean X-FELK-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-1.111, required 5, BAYES_00 -1.90, SPF_NEUTRAL 0.78, T_FRT_BELOW2 0.01) X-FELK-MailScanner-From: petr.salinger@seznam.cz X-FELK-MailScanner-To: freebsd-hackers@freebsd.org, kostikbel@gmail.com X-FELK-MailScanner-Watermark: 1271308019.60791@GStaoJk3pCI9oggRfvsOKg X-Spam-Status: No Cc: freebsd-hackers@freebsd.org Subject: Re: leak of the vnodes X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 05:07:11 -0000 >>>> Bellow is leaking recipe tested under GNU/kFreeBSD. >>>> I would expect it leaks vnodes also under plain FreeBSD. >>>> >>> >>> I confirm it is reproducible on plain FreeBSD. Looks like a security >>> issue, as a normal user can create a local DoS in a few dozen of >>> seconds. >> >> I already posted the following patch in private. > > Thanks, I confirm it fixes the problem, at least the testcase posted by > Petr. > >> diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c >> index 5cfbc71..e9dac77 100644 >> --- a/sys/kern/tty_pts.c >> +++ b/sys/kern/tty_pts.c >> @@ -575,6 +575,9 @@ ptsdev_close(struct file *fp, struct thread *td) >> tty_lock(tp); >> tty_rel_gone(tp); >> >> + if (fp->f_vnode != NULL) >> + return (vnops.fo_close(fp, td)); >> + >> return (0); >> } It fixes also our original issue with testsuite of gcc-4.3 under 8.0-RELEASE. Many thanks for this patch and for your guidance during this bug hunt. Petr