Date: Fri, 5 Jan 2007 14:27:44 -0500 From: John Baldwin <jhb@freebsd.org> To: freebsd-hackers@freebsd.org Cc: philippe.lang@attiksystem.ch, Ed Schouten <ed@fxq.nl>, bug-followup@freebsd.org Subject: Re: kern/89528: [jail] impossible to kill a jail Message-ID: <200701051427.46146.jhb@freebsd.org> In-Reply-To: <20070104201434.GS1072@hoeg.nl> References: <20070104201434.GS1072@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 04 January 2007 15:14, Ed Schouten wrote: > Hello everyone, > > I decided to investigate this bug because I think the bug is quite > irritating. After adding some ddb show commands to the source and > reading a lot of code, I think I understand the problem: > > The tty code doesn't leak any ucreds, it's the devfs code that > crhold()'s an ucred structure. When a new pty is needed, the tty_pty > code allocates a new pty. It also runs make_dev_cred(), to which it > passes the thread's ucred. This function calls make_dev_credv(), which > finally runs crhold(). > > As long as pty's have been allocated that have been created by threads > in a jail, the prison structure has more references, causing the zombie > jails to exist. Why aren't the pty's destroyed? Once all references to the pty are closed it should be destroyed and the resulting devfs_free() should drop the reference. Is the pty somehow stuck on the dead_cdevsw? -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701051427.46146.jhb>