From owner-freebsd-hackers@FreeBSD.ORG  Thu Jan  4 20:32:04 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B40DC16A47B;
	Thu,  4 Jan 2007 20:32:04 +0000 (UTC) (envelope-from ed@hoeg.nl)
Received: from palm.hoeg.nl (palm.hoeg.nl [83.98.131.212])
	by mx1.freebsd.org (Postfix) with ESMTP id 7E49613C46A;
	Thu,  4 Jan 2007 20:32:04 +0000 (UTC) (envelope-from ed@hoeg.nl)
Received: by palm.hoeg.nl (Postfix, from userid 1000)
	id 6E94A1CC5D; Thu,  4 Jan 2007 21:14:34 +0100 (CET)
Date: Thu, 4 Jan 2007 21:14:34 +0100
From: Ed Schouten <ed@fxq.nl>
To: bug-followup@FreeBSD.org, philippe.lang@attiksystem.ch
Message-ID: <20070104201434.GS1072@hoeg.nl>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="OE5XN2KVoD5QaTkR"
Content-Disposition: inline
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Mailman-Approved-At: Thu, 04 Jan 2007 21:10:52 +0000
Cc: freebsd-hackers@freebsd.org
Subject: Re: kern/89528: [jail] impossible to kill a jail
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2007 20:32:04 -0000


--OE5XN2KVoD5QaTkR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello everyone,

I decided to investigate this bug because I think the bug is quite
irritating. After adding some ddb show commands to the source and
reading a lot of code, I think I understand the problem:

The tty code doesn't leak any ucreds, it's the devfs code that
crhold()'s an ucred structure. When a new pty is needed, the tty_pty
code allocates a new pty. It also runs make_dev_cred(), to which it
passes the thread's ucred. This function calls make_dev_credv(), which
finally runs crhold().

As long as pty's have been allocated that have been created by threads
in a jail, the prison structure has more references, causing the zombie
jails to exist.

Yours,
--=20
 Ed Schouten <ed@fxq.nl>
 WWW: http://g-rave.nl/

--OE5XN2KVoD5QaTkR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFnWAq52SDGA2eCwURAukZAJ4lGKkBlyXrtMLY/nN1EpH35f68hgCdHWSS
/KmDk8nFZrT/tyvNyQu2Zek=
=6L9c
-----END PGP SIGNATURE-----

--OE5XN2KVoD5QaTkR--