kern/89528: [jail] impossible to kill a jail
Ed Schouten
ed at fxq.nl
Thu Jan 4 20:32:04 UTC 2007
Hello everyone,
I decided to investigate this bug because I think the bug is quite
irritating. After adding some ddb show commands to the source and
reading a lot of code, I think I understand the problem:
The tty code doesn't leak any ucreds, it's the devfs code that
crhold()'s an ucred structure. When a new pty is needed, the tty_pty
code allocates a new pty. It also runs make_dev_cred(), to which it
passes the thread's ucred. This function calls make_dev_credv(), which
finally runs crhold().
As long as pty's have been allocated that have been created by threads
in a jail, the prison structure has more references, causing the zombie
jails to exist.
Yours,
--
Ed Schouten <ed at fxq.nl>
WWW: http://g-rave.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20070104/c1fb3e6f/attachment.pgp
More information about the freebsd-hackers
mailing list