From owner-freebsd-net@FreeBSD.ORG  Tue Jan 31 13:28:46 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 662FB16A420
	for <freebsd-net@freebsd.org>; Tue, 31 Jan 2006 13:28:46 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 77AFD43D48
	for <freebsd-net@freebsd.org>; Tue, 31 Jan 2006 13:28:45 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 66959 invoked from network); 31 Jan 2006 13:27:46 -0000
Received: from c00l3r.networx.ch (HELO freebsd.org) ([62.48.2.2])
	(envelope-sender <andre@freebsd.org>)
	by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
	for <JINMEI@freebsd.org>; 31 Jan 2006 13:27:46 -0000
Message-ID: <43DF661E.8A08C7EF@freebsd.org>
Date: Tue, 31 Jan 2006 14:29:02 +0100
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: JINMEI@freebsd.org
References: <y7vlkwweek0.wl%jinmei@isl.rdc.toshiba.co.jp>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: m_tag leak?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2006 13:28:46 -0000

JINMEI Tatuya / 神明達哉 wrote:
> 
> While tracking a different issue, I felt I just got confused.  From a
> very quick look at m_freem() and m_free(), it looks there is a leakage
> of m_tag.  This is the definition of m_freem() in rev. 1.160 of
> uipc_mbuf.c:
> 
> void
> m_freem(struct mbuf *mb)
> {
> 
>         while (mb != NULL)
>                 mb = m_free(mb);
> }
> 
> And the following is the definition of m_free() (defined in
> sys/mbuf.h, rev 1.187)
> 
> static __inline
> struct mbuf *
> m_free(struct mbuf *m)
> {
>         struct mbuf *n = m->m_next;
> 
>         if (m->m_flags & M_EXT)
>                 mb_free_ext(m);
>         else
>                 uma_zfree(zone_mbuf, m);
>         return n;
> }
> 
> Doesn't this mean an m_tag attached to the mbuf to be freed, if any,
> will remain without any reference?  Perhaps I'm missing something very
> trivial.  It would be appreciated if someone could clarify that.

This is indeed non-obvious and scattered around but happens correctly.
Have a look at kern/kern_mbuf.c:mb_dtor_mbuf().

-- 
Andre