Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Apr 2021 16:22:29 GMT
From:      Tai-hwa Liang <avatar@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f87d56d4bf5c - stable/13 - net: fixing a memory leak in if_deregister_com_alloc()
Message-ID:  <202104081622.138GMTOx003663@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by avatar:

URL: https://cgit.FreeBSD.org/src/commit/?id=f87d56d4bf5cb4dfdbcdd04ad386a41556fc170b

commit f87d56d4bf5cb4dfdbcdd04ad386a41556fc170b
Author:     Tai-hwa Liang <avatar@FreeBSD.org>
AuthorDate: 2021-03-06 14:36:35 +0000
Commit:     Tai-hwa Liang <avatar@FreeBSD.org>
CommitDate: 2021-04-08 16:21:33 +0000

    net: fixing a memory leak in if_deregister_com_alloc()
    
    Drain the callbacks upon if_deregister_com_alloc() such that the
    if_com_free[type] won't be nullified before if_destroy().
    
    Taking fwip(4) as an example, before this fix, kldunload if_fwip will
    go through the following:
    
      1. fwip_detach()
      2. if_free() -> schedule if_destroy() through NET_EPOCH_CALL
      3. fwip_detach() returns
      4. firewire_modevent(MOD_UNLOAD) -> if_deregister_com_alloc()
      5. kernel complains about:
            Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked).
      6. EPOCH runs if_destroy() -> if_free_internal()i
    
    By this time, if_com_free[if_alloctype] is NULL since it's already
    nullified by if_deregister_com_alloc(); hence, firewire_free() won't
    have a chance to release the allocated fw_com.
    
    Reviewed by:    hselasky, glebius
    MFC after:      2 weeks
    
    (cherry picked from commit 092f3f081265c68cd8de0234ba8e46560ccc061e)
---
 sys/net/if.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index 948be6876b65..776fcf2fc78d 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -4045,6 +4045,14 @@ if_deregister_com_alloc(u_char type)
 	    ("if_deregister_com_alloc: %d not registered", type));
 	KASSERT(if_com_free[type] != NULL,
 	    ("if_deregister_com_alloc: %d free not registered", type));
+
+	/*
+	 * Ensure all pending EPOCH(9) callbacks have been executed. This
+	 * fixes issues about late invocation of if_destroy(), which leads
+	 * to memory leak from if_com_alloc[type] allocated if_l2com.
+	 */
+	epoch_drain_callbacks(net_epoch_preempt);
+
 	if_com_alloc[type] = NULL;
 	if_com_free[type] = NULL;
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104081622.138GMTOx003663>