From mboxrd@z Thu Jan 1 00:00:00 1970 From: "H. Peter Anvin" Subject: Re: BUG in tty_open when using containers and ptrace Date: Wed, 22 Jul 2009 18:48:55 -0700 Message-ID: <4A67C187.5000201@zytor.com> References: <20090713202610.GA6447@us.ibm.com> <20090713223444.GM18617@megiteam.pl> <20090714064905.GA25278@us.ibm.com> <20090714103129.GB12958@megiteam.pl> <20090715044744.GA25745@us.ibm.com> <20090715131923.GB21417@megiteam.pl> <20090718205244.GA23625@us.ibm.com> <20090719071531.GA20818@megiteam.pl> <20090722064120.GA24373@us.ibm.com> <20090722222550.GA633@megiteam.pl> <20090723012733.GB27764@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20090723012733.GB27764-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Sukadev Bhattiprolu Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org, Alan Cox , lxc-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: containers.vger.kernel.org On 07/22/2009 06:27 PM, Sukadev Bhattiprolu wrote: > | > | Immediate crash. I tried 2.6.18-something (Debian etch kernel) that I > | had lying around on the VM. The result: > > Interesting. > > Attaching test program and Ccing Peter Anvin for any insights. > > | idr_remove called for id=0 which is not allocated. > | [] idr_remove+0xd4/0x137 > | [] release_mem+0x1d5/0x1e1 > | [] release_dev+0x5d6/0x5ee > | [] __wake_up+0x2a/0x3d > | [] tty_ldisc_enable+0x1f/0x21 > | [] init_dev+0x378/0x49f > | [] tty_open+0x2a9/0x2e8 > | [] chrdev_open+0x126/0x141 > | [] chrdev_open+0x0/0x141 > | [] __dentry_open+0xc8/0x1ac > | [] nameidata_to_filp+0x19/0x28 > | [] do_filp_open+0x2b/0x31 > | [] do_nanosleep+0x43/0x6a > | [] do_sigaction+0x99/0x156 > | [] do_sys_open+0x3e/0xb3 > | [] sys_open+0x16/0x18 > | [] syscall_call+0x7/0xb > | > | (on the bright side, the machine is still usable afterwards). > | > | However, 2.6.26 (both mine and Debian) survives the test so it may indeed > | be a recent regression (was it broken again after fixing sometime > | between .18 and .26?) > | > | Bisecting... Interesting... I have to say I'm more than a bit surprised that you can mount a filesystem on top of a character device node at all, but there isn't really a fundamental reason why you couldn't do it, so... I am assuming that what causes the problem is that you have found a way (vfsmount) to hold the pts device node busy which doesn't involve the tty subsystem. This isn't inherently a problem, but it does have implications for freeing: in particular, the pts node cannot be removed until the vfsmount is gone, *and* the device number cannot be reclaimed. It sounds like it's the latter piece which causes problems. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf.