On Wed, Apr 07, 2010 at 11:52:56PM +0200, Aurelien Jarno wrote: > On Wed, Apr 07, 2010 at 11:05:28PM +0200, Petr Salinger wrote: > >>> What have to be logged ? > >> Please look at ddb command "show files", implemented in > >> kern/kern_descrip.c, > >> lines 3284-3305 on HEAD. Instead of doing full dump, you can manually > >> inspect the output. Or, you can write some code that would search the > >> suspicious vnodes among the vnodes referenced from the processes > >> opened files. Vnode is probably leaked if use count is > 0 but no > >> process has vnode referenced by struct file. > > > > See attached file. > > > >>>> I think there should be something else going on. > > > > Bellow is leaking recipe tested under GNU/kFreeBSD. > > I would expect it leaks vnodes also under plain FreeBSD. > > > > I confirm it is reproducible on plain FreeBSD. Looks like a security > issue, as a normal user can create a local DoS in a few dozen of > seconds.
I already posted the following patch in private.
diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c
index 5cfbc71..e9dac77 100644
--- a/sys/kern/tty_pts.c
+++ b/sys/kern/tty_pts.c
@@ -575,6 +575,9 @@ ptsdev_close(struct file *fp, struct thread *td)
tty_lock(tp);
tty_rel_gone(tp);
+ if (fp->f_vnode != NULL)
+ return (vnops.fo_close(fp, td));
+
return (0);
}
pgpwuKJCw0j83.pgp
Description: PGP signature
