From owner-freebsd-net@FreeBSD.ORG Mon Jun 23 08:52:36 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4D9883FC; Mon, 23 Jun 2014 08:52:36 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CB20E2EC6; Mon, 23 Jun 2014 08:52:35 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.8/8.14.8) with ESMTP id s5N8qTlP038411 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 23 Jun 2014 12:52:29 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.8/8.14.8/Submit) id s5N8qTD3038410; Mon, 23 Jun 2014 12:52:29 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 23 Jun 2014 12:52:29 +0400 From: Gleb Smirnoff To: Navdeep Parhar Subject: Re: ifaddr refcount problem Message-ID: <20140623085229.GQ28199@FreeBSD.org> References: <53A48849.8080504@chelsio.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53A48849.8080504@chelsio.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: "freebsd-net@freebsd.org" , asomers@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 08:52:36 -0000 Navdeep, On Fri, Jun 20, 2014 at 12:15:21PM -0700, Navdeep Parhar wrote: N> Revision 264905 and 266860 that followed it seem to leak ifaddr N> references. ifa_ifwithdstaddr and ifa_ifwithnet both install a N> reference on the ifaddr returned to the caller but ip_output does not N> release it, eventually leading to a panic when the refcount wraps over N> to 0 and the ifaddr is freed while it is still on various lists. N> N> I'm using this patch for now. Thoughts? N> N> Regards, N> Navdeep N> N> N> diff -r 6dfcecd314af sys/netinet/ip_output.c N> --- a/sys/netinet/ip_output.c Fri Jun 20 10:33:22 2014 -0700 N> +++ b/sys/netinet/ip_output.c Fri Jun 20 12:07:12 2014 -0700 N> @@ -243,6 +243,7 @@ again: N> ifp = ia->ia_ifp; N> ip->ip_ttl = 1; N> isbroadcast = 1; N> + ifa_free((void *)ia); N> } else if (flags & IP_ROUTETOIF) { N> if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL && N> (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) { N> @@ -253,6 +254,7 @@ again: N> ifp = ia->ia_ifp; N> ip->ip_ttl = 1; N> isbroadcast = in_broadcast(dst->sin_addr, ifp); N> + ifa_free((void *)ia); N> } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && N> imo != NULL && imo->imo_multicast_ifp != NULL) { N> /* The patch shouldn't use void * casts, but instead specify explicit member: ifa_free(&ia->ia_ifa); Apart from that it, the patch looks entirely correct and plugging a leak. Thanks! -- Totus tuus, Glebius.