Date: Wed, 6 Jun 2001 13:06:14 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: freebsd-net@FreeBSD.ORG Subject: Re: leaking route structures, please review Message-ID: <20010606130614.F37378@sunbay.com> In-Reply-To: <200106052018.QAA90495@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Tue, Jun 05, 2001 at 04:18:24PM -0400 References: <20010605145104.A68594@skriver.dk> <200106051513.LAA87829@khavrinen.lcs.mit.edu> <20010605204121.A49067@sunbay.com> <200106052018.QAA90495@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 05, 2001 at 04:18:24PM -0400, Garrett Wollman wrote:
> <<On Tue, 5 Jun 2001 20:41:21 +0300, Ruslan Ermilov <ru@FreeBSD.ORG> said:
>
> > Hmm, and what happens if the PCB is the only holder of this route?
> > The refcnt will be 1 in this case, and the code drops the reference
> > by setting inp->inp_route.ro_rt = 0. How this route can be reused
> > (and deleted) later?
>
> That would be a bug. rtfree() must always be called before forgetting
> a reference.
>
OTOH, here is the relevant CSRG record:
D 7.22 92/07/22 17:08:47 sklower 83 82 00003/00002/00450
MRs:
COMMENTS:
if in_losing notices an RTF_DYNAMIC route, it got freed twice
# sccs sccsdiff -up -r7.21 -r7.22 in_pcb.c
SCCS/s.in_pcb.c: 7.21 vs. 7.22
--- /tmp/get.1058.7.21 Wed Jun 6 12:50:34 2001
+++ /tmp/get.1058.7.22 Wed Jun 6 12:50:34 2001
@@ -370,6 +370,7 @@ in_losing(inp)
struct rt_addrinfo info;
if ((rt = inp->inp_route.ro_rt)) {
+ inp->inp_route.ro_rt = 0;
bzero((caddr_t)&info, sizeof(info));
info.rti_info[RTAX_DST] =
(struct sockaddr *)&inp->inp_route.ro_dst;
@@ -380,12 +381,12 @@ in_losing(inp)
(void) rtrequest(RTM_DELETE, rt_key(rt),
rt->rt_gateway, rt_mask(rt), rt->rt_flags,
(struct rtentry **)0);
- inp->inp_route.ro_rt = 0;
- rtfree(rt);
+ else
/*
* A new route can be allocated
* the next time output is attempted.
*/
+ rtfree(rt);
}
}
I personally don't see how RTF_DYNAMIC route could affect whether to
call rtfree() or not in this case.
Cheers,
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010606130614.F37378>