From owner-dev-commits-src-branches@freebsd.org Thu Mar 18 16:57:16 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3450557D008; Thu, 18 Mar 2021 16:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1Y9811Drz4Rjj; Thu, 18 Mar 2021 16:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 10D862550E; Thu, 18 Mar 2021 16:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12IGvFPL012039; Thu, 18 Mar 2021 16:57:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12IGvFYV012038; Thu, 18 Mar 2021 16:57:15 GMT (envelope-from git) Date: Thu, 18 Mar 2021 16:57:15 GMT Message-Id: <202103181657.12IGvFYV012038@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Vincenzo Maffione Subject: git: 09b2bde74654 - stable/12 - netmap: fix memory leak in NETMAP_REQ_PORT_INFO_GET MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: vmaffione X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 09b2bde74654a16c56ade52411c464ef79de8cd4 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2021 16:57:16 -0000 The branch stable/12 has been updated by vmaffione: URL: https://cgit.FreeBSD.org/src/commit/?id=09b2bde74654a16c56ade52411c464ef79de8cd4 commit 09b2bde74654a16c56ade52411c464ef79de8cd4 Author: Vincenzo Maffione AuthorDate: 2021-03-15 17:39:18 +0000 Commit: Vincenzo Maffione CommitDate: 2021-03-18 16:41:17 +0000 netmap: fix memory leak in NETMAP_REQ_PORT_INFO_GET The netmap_ioctl() function has a reference counting bug in case of NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`, the function does not decrease the refcount of "nmd", which is increased by netmap_mem_find(), causing a refcount leak. Reported by: Xiyu Yang Submitted by: Carl Smith MFC after: 3 days PR: 254311 (cherry picked from commit 0ab5902e8ad93d0a9341dcce386b6c571ee02173) --- sys/dev/netmap/netmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/dev/netmap/netmap.c b/sys/dev/netmap/netmap.c index ca5af6ab5217..6532856b21a1 100644 --- a/sys/dev/netmap/netmap.c +++ b/sys/dev/netmap/netmap.c @@ -2636,6 +2636,7 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd, caddr_t data, case NETMAP_REQ_PORT_INFO_GET: { struct nmreq_port_info_get *req = (struct nmreq_port_info_get *)(uintptr_t)hdr->nr_body; + int nmd_ref = 0; NMG_LOCK(); do { @@ -2677,6 +2678,7 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd, caddr_t data, error = EINVAL; break; } + nmd_ref = 1; } error = netmap_mem_get_info(nmd, &req->nr_memsize, &memflags, @@ -2694,6 +2696,8 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd, caddr_t data, req->nr_host_rx_rings = na->num_host_rx_rings; } while (0); netmap_unget_na(na, ifp); + if (nmd_ref) + netmap_mem_put(nmd); NMG_UNLOCK(); break; }