From owner-freebsd-bugs@FreeBSD.ORG  Thu Jul 13 09:20:27 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD0F916A4DE
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 13 Jul 2006 09:20:27 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7CB7743D4C
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 13 Jul 2006 09:20:27 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k6D9KRRL058835
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 13 Jul 2006 09:20:27 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k6D9KRxP058834;
	Thu, 13 Jul 2006 09:20:27 GMT (envelope-from gnats)
Date: Thu, 13 Jul 2006 09:20:27 GMT
Message-Id: <200607130920.k6D9KRxP058834@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp>
Cc: 
Subject: Re: kern/99758: chown/chmod pty slave side in kernel
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2006 09:20:27 -0000

The following reply was made to PR kern/99758; it has been noted by GNATS.

From: Atsuo Ohki <ohki@gssm.otsuka.tsukuba.ac.jp>
To: "Wojciech A. Koszek" <wkoszek@FreeBSD.org>
Cc: Robert Watson <rwatson@FreeBSD.org>, freebsd-gnats-submit@FreeBSD.org,
        freebsd-bugs@FreeBSD.org
Subject: Re: kern/99758: chown/chmod pty slave side in kernel
Date: Thu, 13 Jul 2006 18:15:02 +0900

 I wrote:
 >  I got stress2.tgz and done `./run.sh pty.cfg' and got the message like
 > 
 > 	Memory modified after free ...
 > 	Most recently used by DEVFS1
 > 
 >  The reason for this panic is devfs_close() in fs/devfs/devfs_vnops.c.
 >  As you see, devfs_close() eventually calls ptcclose()/ptsclose()
 >  which calls pty_maybecleanup() destroying devs for ptc&pts, but
 >  devfs_close() then calls dev_relthread() which may access just freeed dev.
 > 
 >  I'm afraid that devfs is not designed to handle destroing dev during
 >  close operation.
 > 
 >  I'm working on this problem with the idea:
 >   i) destory_dev() should not free dev, but just mark inactive.
 >   ii) devfs_populate() should actually free an inactive dev.
 >   iii) modify devfs_find() and other routines to take care of an inactive dev
 > .
 >  But no success yet ;-<
 
  I achieved a little success.
  Now (really now!),  pty test of stress2 is running.
 
  I modified as follow:
  
  i) destroy_dev() in cdevs' close routine is not appropriate.
     I introduced hide_dev() (in kern/kern_conf.c) and
     devfs_hide() (in fs/devfs/devfs_devs.c) to make dev invisible 
     from userland. (via devfs_find(), devfs_readdir() and so on.)
 
  ii) pty_maybecleanup() no longer calls destroy_dev(), but
      calls hide_dev() to make pts/ptc invisible.
      when both of pts/ptc are closed, link them to pt_free_list
      as usual (structure dev for ptc/pts are not destroyied!).
 
      pty_new() now takes care of destorying dev for ptc/pts.
      when a new ptc/pts is requested, search pt_free_list to
      find a devs' which are free!(i.e. si_usecount == 0).
      if found, destroy existing devs.
      if not found, things goes by as before.
 
      I use the name ptsXX, ptcXX instead of pts/XX, ptc/XX.
      (original naming causes system hungup related to vnode operation.
       I must solve this problem.)