Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Apr 2021 13:12:54 GMT
From:      Tai-hwa Liang <avatar@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 50f1778f6e61 - stable/12 - net: fixing a memory leak in if_deregister_com_alloc()
Message-ID:  <202104101312.13ADCsP1087316@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by avatar:

URL: https://cgit.FreeBSD.org/src/commit/?id=50f1778f6e61dd5855f684bdc43c8f1977e11ff0

commit 50f1778f6e61dd5855f684bdc43c8f1977e11ff0
Author:     Tai-hwa Liang <avatar@FreeBSD.org>
AuthorDate: 2021-03-06 14:36:35 +0000
Commit:     Tai-hwa Liang <avatar@FreeBSD.org>
CommitDate: 2021-04-10 13:11:01 +0000

    net: fixing a memory leak in if_deregister_com_alloc()
    
    Drain the callbacks upon if_deregister_com_alloc() such that the
    if_com_free[type] won't be nullified before if_destroy().
    
    Taking fwip(4) as an example, before this fix, kldunload if_fwip will
    go through the following:
    
      1. fwip_detach()
      2. if_free() -> schedule if_destroy() through NET_EPOCH_CALL
      3. fwip_detach() returns
      4. firewire_modevent(MOD_UNLOAD) -> if_deregister_com_alloc()
      5. kernel complains about:
            Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked).
      6. EPOCH runs if_destroy() -> if_free_internal()
    
    By this time, if_com_free[if_alloctype] is NULL since it's already
    nullified by if_deregister_com_alloc(); hence, firewire_free() won't
    have a chance to release the allocated fw_com.
    
    Reviewed by:    hselasky, glebius
    MFC after:      2 weeks
    
    (cherry picked from commit 092f3f081265c68cd8de0234ba8e46560ccc061e)
---
 sys/net/if.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index 2ae8121043b0..f2ef88d3f28e 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -4172,6 +4172,14 @@ if_deregister_com_alloc(u_char type)
 	    ("if_deregister_com_alloc: %d not registered", type));
 	KASSERT(if_com_free[type] != NULL,
 	    ("if_deregister_com_alloc: %d free not registered", type));
+
+	/*
+	 * Ensure all pending EPOCH(9) callbacks have been executed. This
+	 * fixes issues about late invocation of if_destroy(), which leads
+	 * to memory leak from if_com_alloc[type] allocated if_l2com.
+	 */
+	epoch_drain_callbacks(net_epoch_preempt);
+
 	if_com_alloc[type] = NULL;
 	if_com_free[type] = NULL;
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104101312.13ADCsP1087316>