From owner-freebsd-hackers@FreeBSD.ORG Fri Jan 5 19:28:18 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F1FCF16A51E; Fri, 5 Jan 2007 19:28:18 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by mx1.freebsd.org (Postfix) with ESMTP id 9F04013C448; Fri, 5 Jan 2007 19:28:18 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.13.6/8.13.6) with ESMTP id l05JRXrA041343; Fri, 5 Jan 2007 14:28:07 -0500 (EST) (envelope-from jhb@freebsd.org) From: John Baldwin To: freebsd-hackers@freebsd.org Date: Fri, 5 Jan 2007 14:27:44 -0500 User-Agent: KMail/1.9.1 References: <20070104201434.GS1072@hoeg.nl> In-Reply-To: <20070104201434.GS1072@hoeg.nl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200701051427.46146.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Fri, 05 Jan 2007 14:28:10 -0500 (EST) X-Virus-Scanned: ClamAV 0.88.3/2414/Thu Jan 4 20:41:51 2007 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: philippe.lang@attiksystem.ch, Ed Schouten , bug-followup@freebsd.org Subject: Re: kern/89528: [jail] impossible to kill a jail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 19:28:19 -0000 On Thursday 04 January 2007 15:14, Ed Schouten wrote: > Hello everyone, > > I decided to investigate this bug because I think the bug is quite > irritating. After adding some ddb show commands to the source and > reading a lot of code, I think I understand the problem: > > The tty code doesn't leak any ucreds, it's the devfs code that > crhold()'s an ucred structure. When a new pty is needed, the tty_pty > code allocates a new pty. It also runs make_dev_cred(), to which it > passes the thread's ucred. This function calls make_dev_credv(), which > finally runs crhold(). > > As long as pty's have been allocated that have been created by threads > in a jail, the prison structure has more references, causing the zombie > jails to exist. Why aren't the pty's destroyed? Once all references to the pty are closed it should be destroyed and the resulting devfs_free() should drop the reference. Is the pty somehow stuck on the dead_cdevsw? -- John Baldwin