On Tue, 9 May 2000, Alexander Viro wrote:
> On Tue, 9 May 2000, Tigran Aivazian wrote:
> > Just try runnning fuser (on any filesystem) and watch the mnt->mnt_count
> > of /proc (of the real entry, not the kern_mounted one) grow steadily by
> > one each time.
>
> How quaint... chdir("/proc/self/fd"); gets the process into the state
> where it will correctly deal with further chdir() calls, but fail to
> release fs_struct (contents?) upon the exit. It looks like a change of
> some state: been there once and that's it - you are doomed. WTF???
> More coffee needed - it's getting seriously weird...
indeed, the reason it is so is because once we chdir("/proc/self/fs") (or
any directory name containing that e.g. "/proc/self/fd/../..") our
fs->count gets incremented one extra time so not only we leak /proc's
mnt_count but also root's, i.e. the whole chunk of code in
__put_fs_struct() is never executed.
So, the question is - why/where do we increment fs->count the extra time?
Regards,
Tigran
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:14 EST