Date: Sat, 10 Apr 2021 13:12:54 GMT From: Tai-hwa Liang <avatar@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 50f1778f6e61 - stable/12 - net: fixing a memory leak in if_deregister_com_alloc() Message-ID: <202104101312.13ADCsP1087316@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by avatar: URL: https://cgit.FreeBSD.org/src/commit/?id=50f1778f6e61dd5855f684bdc43c8f1977e11ff0 commit 50f1778f6e61dd5855f684bdc43c8f1977e11ff0 Author: Tai-hwa Liang <avatar@FreeBSD.org> AuthorDate: 2021-03-06 14:36:35 +0000 Commit: Tai-hwa Liang <avatar@FreeBSD.org> CommitDate: 2021-04-10 13:11:01 +0000 net: fixing a memory leak in if_deregister_com_alloc() Drain the callbacks upon if_deregister_com_alloc() such that the if_com_free[type] won't be nullified before if_destroy(). Taking fwip(4) as an example, before this fix, kldunload if_fwip will go through the following: 1. fwip_detach() 2. if_free() -> schedule if_destroy() through NET_EPOCH_CALL 3. fwip_detach() returns 4. firewire_modevent(MOD_UNLOAD) -> if_deregister_com_alloc() 5. kernel complains about: Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked). 6. EPOCH runs if_destroy() -> if_free_internal() By this time, if_com_free[if_alloctype] is NULL since it's already nullified by if_deregister_com_alloc(); hence, firewire_free() won't have a chance to release the allocated fw_com. Reviewed by: hselasky, glebius MFC after: 2 weeks (cherry picked from commit 092f3f081265c68cd8de0234ba8e46560ccc061e) --- sys/net/if.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/net/if.c b/sys/net/if.c index 2ae8121043b0..f2ef88d3f28e 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -4172,6 +4172,14 @@ if_deregister_com_alloc(u_char type) ("if_deregister_com_alloc: %d not registered", type)); KASSERT(if_com_free[type] != NULL, ("if_deregister_com_alloc: %d free not registered", type)); + + /* + * Ensure all pending EPOCH(9) callbacks have been executed. This + * fixes issues about late invocation of if_destroy(), which leads + * to memory leak from if_com_alloc[type] allocated if_l2com. + */ + epoch_drain_callbacks(net_epoch_preempt); + if_com_alloc[type] = NULL; if_com_free[type] = NULL; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104101312.13ADCsP1087316>