Date: Tue, 8 Dec 2020 18:44:07 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368460 - head/sys/kern Message-ID: <202012081844.0B8Ii7W3014624@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Tue Dec 8 18:44:06 2020 New Revision: 368460 URL: https://svnweb.freebsd.org/changeset/base/368460 Log: kern: cpuset: plug a unr leak cpuset_rel_defer() is supposed to be functionally equivalent to cpuset_rel() but with anything that might sleep deferred until cpuset_rel_complete -- this setup is used specifically for cpuset_setproc. Add in the missing unr free to match cpuset_rel. This fixes a leak that was observed when I wrote a small userland application to try and debug another issue, which effectively did: cpuset(&newid); cpuset(&scratch); newid gets leaked when scratch is created; it's off the list, so there's no mechanism for anything else to relinquish it. A more realistic reproducer would likely be a process that inherits some cpuset that it's the only ref for, but it creates a new one to modify. Alternatively, administratively reassigning a process' cpuset that it's the last ref for will have the same effect. Discovered through D27498. MFC after: 1 week Modified: head/sys/kern/kern_cpuset.c Modified: head/sys/kern/kern_cpuset.c ============================================================================== --- head/sys/kern/kern_cpuset.c Tue Dec 8 18:28:49 2020 (r368459) +++ head/sys/kern/kern_cpuset.c Tue Dec 8 18:44:06 2020 (r368460) @@ -246,9 +246,14 @@ cpuset_rel_defer(struct setlist *head, struct cpuset * static void cpuset_rel_complete(struct cpuset *set) { + cpusetid_t id; + + id = set->cs_id; LIST_REMOVE(set, cs_link); cpuset_rel(set->cs_parent); uma_zfree(cpuset_zone, set); + if (id != CPUSET_INVALID) + free_unr(cpuset_unr, id); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012081844.0B8Ii7W3014624>