From nobody Sun Sep 17 14:42:20 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RpVy46hvnz4sx8w; Sun, 17 Sep 2023 14:42:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RpVy46GPwz3f5Z; Sun, 17 Sep 2023 14:42:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694961740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aPlKYxq0ESWd9p+D9q3yJy+FG7hCFml7pkxZNwHQFOY=; b=t+VmDjn+9OhPpgxAZmNHmQneSYOH3sjwShAXE4zvJ27J7r7EDmDQG9v3M38Yl3/1pd+PJ6 a7AOk6Jfku3fnfTS83HMVj4FXXUPyxaL9UlYn2G9UFF/p0mBXda75P0DZJNoe36fEt4kr5 9ohWM+Svv1xLSDNb58qD0ZyFfLbJLUtKFk7jIpEwcudUqwV1kU1NKeW+6fwWM9qHNW7Jhb 5fi603ukLdObSX5nHkXizoLN1h+QWrRAW5ig1lzUxmwGXHvnK3hxKLXyvwZgqbp7GJHH69 0rvf30Y8MKiW9TrgH9ky03WqVe9Uv4KOnIlBwyDlHZjXD1J2ungIT1g+g6hh5g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694961740; a=rsa-sha256; cv=none; b=uwhHwdKa+AmpA+AEi82xbzhzTwKdSqLxKfHu+l6opV1n7MlR+yC3Ec3YfY3gXSgoBhYRPj OXeTt/0qFNmsQl91ze0Yjex7NuOIJ95/0J5N1ifA4kocf0iN7Q4Ll7YZ67FSfWuxDKS8y4 C07bfDo2eJRKJjCyffVueIlwc1iATQ3IkaFA2jc6rUj+STokRGbT6Cd4StAjXL48WzJWLn 0kesDZT2Uq4aUMcxXWI5CvK8g8AkbLhdV7iL7+8UdKMlxLi52cIJzg1MGGpk3RJMzWnUcT 0RcxjIeYR4aQewLxCLUm+B5Fa6p9cJQOrMdNogm0fcK3ugEFxi0llg1AId0tdw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694961740; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aPlKYxq0ESWd9p+D9q3yJy+FG7hCFml7pkxZNwHQFOY=; b=kJXDLP/IIRrW/pcwJ/XBWkv7WaryiWAxSBYA/6tcTR9VrWXxg9ULCWoxoCRmFAWKaTiCHw 2Dz0YnGTYRl2g47QWOvZO4IpSUKN0E4OBjygZ7x22SafYUbQXQRxyqc1sX2DabtjMogXO9 Pti1U1+iA/dW09EyvtvxXl2cGNlGLFtaNqgnmZYwl7Ger7cn8Aiwt1/PfFYDXAXV4ZWfoc YDUFe2W3z5DuW/iZtJLJW+guMD3PMtE4h1JafwAc77rCk3jsw5OQxpslfFH0sJNNuhbQVe T7g8X38EQhPFGl1PK5tXrozU2fgM00YcXeLwNYoWB2Czzrg06XMQM+MRqyzHwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RpVy45M4jzrrq; Sun, 17 Sep 2023 14:42:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38HEgKEP036333; Sun, 17 Sep 2023 14:42:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38HEgKFt036330; Sun, 17 Sep 2023 14:42:20 GMT (envelope-from git) Date: Sun, 17 Sep 2023 14:42:20 GMT Message-Id: <202309171442.38HEgKFt036330@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Warner Losh Subject: git: 8c496b26641e - stable/14 - timerfd: fix up a memory leak and missing locking List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8c496b26641e3d86b0c9db0ed2b4598093df6d5a Auto-Submitted: auto-generated The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=8c496b26641e3d86b0c9db0ed2b4598093df6d5a commit 8c496b26641e3d86b0c9db0ed2b4598093df6d5a Author: Mateusz Guzik AuthorDate: 2023-08-25 14:21:39 +0000 Commit: Warner Losh CommitDate: 2023-09-17 14:34:40 +0000 timerfd: fix up a memory leak and missing locking timerfd01 from ltp passes (and some other don't), but none of the tests crash the kernel. This is a bare minimum patch to fix up the immediate regression. Reported by: yasu (cherry picked from commit 02f534b57f84d6f4f97c337b05b383c8b3aaf18c) Approved by: re (cperciva@) --- sys/kern/sys_timerfd.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/sys/kern/sys_timerfd.c b/sys/kern/sys_timerfd.c index 6948fa059b8c..2bf2a05c443c 100644 --- a/sys/kern/sys_timerfd.c +++ b/sys/kern/sys_timerfd.c @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include @@ -59,7 +60,11 @@ #endif static MALLOC_DEFINE(M_TIMERFD, "timerfd", "timerfd structures"); -static LIST_HEAD(, timerfd) timerfd_head; + +static struct sx timerfd_list_lock; +static LIST_HEAD(, timerfd) timerfd_list; +SX_SYSINIT(timerfd, &timerfd_list_lock, "timerfd_list_lock"); + static struct unrhdr64 tfdino_unr; #define TFD_NOJUMP 0 /* Realtime clock has not jumped. */ @@ -125,7 +130,8 @@ timerfd_jumped(void) struct timespec boottime, diff; timerfd_getboottime(&boottime); - LIST_FOREACH(tfd, &timerfd_head, entry) { + sx_xlock(&timerfd_list_lock); + LIST_FOREACH(tfd, &timerfd_list, entry) { mtx_lock(&tfd->tfd_lock); if (tfd->tfd_clockid != CLOCK_REALTIME || (tfd->tfd_timflags & TFD_TIMER_ABSTIME) == 0 || @@ -160,6 +166,7 @@ timerfd_jumped(void) tfd->tfd_boottim = boottime; mtx_unlock(&tfd->tfd_lock); } + sx_xunlock(&timerfd_list_lock); } static int @@ -314,11 +321,14 @@ timerfd_close(struct file *fp, struct thread *td) { struct timerfd *tfd = fp->f_data; + sx_xlock(&timerfd_list_lock); + LIST_REMOVE(tfd, entry); + sx_xunlock(&timerfd_list_lock); + callout_drain(&tfd->tfd_callout); seldrain(&tfd->tfd_sel); knlist_destroy(&tfd->tfd_sel.si_note); mtx_destroy(&tfd->tfd_lock); - LIST_REMOVE(tfd, entry); free(tfd, M_TIMERFD); fp->f_ops = &badfileops; @@ -420,9 +430,11 @@ kern_timerfd_create(struct thread *td, int clockid, int flags) if ((flags & TFD_CLOEXEC) != 0) fflags |= O_CLOEXEC; + error = falloc(td, &fp, &fd, fflags); + if (error != 0) + return (error); + tfd = malloc(sizeof(*tfd), M_TIMERFD, M_WAITOK | M_ZERO); - if (tfd == NULL) - return (ENOMEM); tfd->tfd_clockid = (clockid_t)clockid; tfd->tfd_flags = flags; tfd->tfd_ino = alloc_unr64(&tfdino_unr); @@ -431,16 +443,15 @@ kern_timerfd_create(struct thread *td, int clockid, int flags) knlist_init_mtx(&tfd->tfd_sel.si_note, &tfd->tfd_lock); timerfd_getboottime(&tfd->tfd_boottim); getnanotime(&tfd->tfd_birthtim); - LIST_INSERT_HEAD(&timerfd_head, tfd, entry); + sx_xlock(&timerfd_list_lock); + LIST_INSERT_HEAD(&timerfd_list, tfd, entry); + sx_xunlock(&timerfd_list_lock); - error = falloc(td, &fp, &fd, fflags); - if (error != 0) - return (error); fflags = FREAD; if ((flags & TFD_NONBLOCK) != 0) fflags |= FNONBLOCK; - finit(fp, fflags, DTYPE_TIMERFD, tfd, &timerfdops); + fdrop(fp, td); td->td_retval[0] = fd;