cnclose() doesn't actually call TTY's close routines

From: Ed Schouten <ed_at_fxq.nl>
Date: Mon, 21 Jan 2008 12:52:27 +0100
Hello everyone,

This morning I discovered a very strange bug this morning on my FreeBSD
box and I think even RELENG_6 has this issue.

Here's what you do:

- Make sure you've got a kernel with all the debugging options enabled,
  so free() writes all 0xdeadc0de's in memory.
- Boot your box and make sure it has been running for a couple of
  minutes (fsck is already finished, etc).
- Now run `pstat -t'.

If you look at consolectl's entry (the boot console device of syscons),
you'll (hopefully) see that its session ID is -559038242, which is
0xdeadc0de.

I already tried to track it down and I think I understand where things
go wrong. In /sys/kern/tty_cons.c there are wrappers around individual
cdevsw's to multiplex console output to multiple terminal devices. In
the cnclose() routines, it calls vn_close() on all the terminal devices
in the list, which makes sense. But for some reason, vn_close()
eventually doesn't call scclose().

It isn't a real problem, because nobody runs TIOCSCTTY on /dev/console
and pstat(8) only displays some info in that structure, but it should be
fixed I guess. I'll take a look at this one of these days, but it will
probably be quite hard for me, because I'm not really familiar with the
VFS's design.

-- 
 Ed Schouten <ed_at_fxq.nl>
 WWW: http://g-rave.nl/

Received on Mon Jan 21 2008 - 10:52:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:26 UTC