/proc/sys/kernel/pty/nr broken, possibly since 2.6.28

From: H. Peter Anvin
Date: Thu Nov 05 2009 - 18:51:32 EST

I just noticed that /proc/sys/kernel/pty/nr is broken, and the most
likely culprit seems to be the series of checkins that include 8b0a88d5
and bf970ee4, during the 2.6.28 merge window. This is thus a
regression. I haven't verified that the bug really goes that far back
-- I should do a bisection -- but it is at least present in and

The symptom is that /proc/sys/kernel/pty/nr is properly increased, but
never decreased when a pty gets dropped. It is in fact rather trivial
to escalate /proc/sys/kernel/pty/nr far above /proc/sys/kernel/pty/max.

As far as I read this series, the indent was to have this accounting
handled in pty_unix98_remove(), however, it would appear that that
function never gets called. I'm wondering if this may be a symptom of a
bigger problem as well.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/