Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Dec 2020 21:51:45 +0000 (UTC)
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r368679 - stable/12/sys/kern
Message-ID:  <202012152151.0BFLpjp0048906@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kevans
Date: Tue Dec 15 21:51:45 2020
New Revision: 368679
URL: https://svnweb.freebsd.org/changeset/base/368679

Log:
  MFC r368460: kern: cpuset: plug a unr leak
  
  cpuset_rel_defer() is supposed to be functionally equivalent to
  cpuset_rel() but with anything that might sleep deferred until
  cpuset_rel_complete -- this setup is used specifically for cpuset_setproc.
  
  Add in the missing unr free to match cpuset_rel. This fixes a leak that
  was observed when I wrote a small userland application to try and debug
  another issue, which effectively did:
  
  cpuset(&newid);
  cpuset(&scratch);
  
  newid gets leaked when scratch is created; it's off the list, so there's
  no mechanism for anything else to relinquish it. A more realistic reproducer
  would likely be a process that inherits some cpuset that it's the only ref
  for, but it creates a new one to modify. Alternatively, administratively
  reassigning a process' cpuset that it's the last ref for will have the same
  effect.

Modified:
  stable/12/sys/kern/kern_cpuset.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/kern/kern_cpuset.c
==============================================================================
--- stable/12/sys/kern/kern_cpuset.c	Tue Dec 15 21:50:05 2020	(r368678)
+++ stable/12/sys/kern/kern_cpuset.c	Tue Dec 15 21:51:45 2020	(r368679)
@@ -246,9 +246,14 @@ cpuset_rel_defer(struct setlist *head, struct cpuset *
 static void
 cpuset_rel_complete(struct cpuset *set)
 {
+	cpusetid_t id;
+
+	id = set->cs_id;
 	LIST_REMOVE(set, cs_link);
 	cpuset_rel(set->cs_parent);
 	uma_zfree(cpuset_zone, set);
+	if (id != CPUSET_INVALID)
+		free_unr(cpuset_unr, id);
 }
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012152151.0BFLpjp0048906>