From owner-cvs-src-old@FreeBSD.ORG Wed Apr 21 19:51:44 2010 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 459DD106566B for ; Wed, 21 Apr 2010 19:51:44 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 32BE88FC15 for ; Wed, 21 Apr 2010 19:51:44 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o3LJpiKQ065358 for ; Wed, 21 Apr 2010 19:51:44 GMT (envelope-from bz@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o3LJpiQP065357 for cvs-src-old@freebsd.org; Wed, 21 Apr 2010 19:51:44 GMT (envelope-from bz@repoman.freebsd.org) Message-Id: <201004211951.o3LJpiQP065357@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to bz@repoman.freebsd.org using -f From: "Bjoern A. Zeeb" Date: Wed, 21 Apr 2010 19:51:22 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_8 Subject: cvs commit: src/sys/net if_llatbl.c src/sys/netinet if_ether.c in.c src/sys/netinet6 in6.c nd6.c X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2010 19:51:44 -0000 bz 2010-04-21 19:51:22 UTC FreeBSD src repository Modified files: (Branch: RELENG_8) sys/net if_llatbl.c sys/netinet if_ether.c in.c sys/netinet6 in6.c nd6.c Log: SVN rev 207013 on 2010-04-21 19:51:22Z by bz MFC r206481: Plug reference leaks in the link-layer code ("new-arp") that previously prevented the link-layer entry from being freed. In both in.c and in6.c (though that code path seems to be basically dead) plug a reference leak in case of a pending callout being drained. In if_ether.c consistently add a reference before resetting the callout and in case we canceled a pending one remove the reference for that. In the final case in arptimer, before freeing the expired entry, remove the reference again and explicitly call callout_stop() to clear the active flag. In nd6.c:nd6_free() we are only ever called from the callout function and thus need to remove the reference there as well before calling into llentry_free(). In if_llatbl.c when freeing the entire tables make sure that in case we cancel a pending callout to remove the reference as well. Reviewed by: qingli (earlier version) MFC after: 10 days Problem observed, patch tested by: simon on ipv6gw.f.o, Christian Kratzer (ck cksoft.de), Evgenii Davidov (dado korolev-net.ru) PR: kern/144564 Configurations still affected: with options FLOWTABLE Revision Changes Path 1.8.2.10 +4 -1 src/sys/net/if_llatbl.c 1.208.2.10 +15 -3 src/sys/netinet/if_ether.c 1.143.2.15 +5 -1 src/sys/netinet/in.c 1.121.2.10 +5 -1 src/sys/netinet6/in6.c 1.123.2.9 +1 -0 src/sys/netinet6/nd6.c