git: 092f3f081265 - main - net: fixing a memory leak in if_deregister_com_alloc()

Tai-hwa Liang avatar at FreeBSD.org
Sat Mar 6 14:44:57 UTC 2021 

The branch main has been updated by avatar:

URL: https://cgit.FreeBSD.org/src/commit/?id=092f3f081265c68cd8de0234ba8e46560ccc061e

commit 092f3f081265c68cd8de0234ba8e46560ccc061e
Author:     Tai-hwa Liang <avatar at FreeBSD.org>
AuthorDate: 2021-03-06 14:36:35 +0000
Commit:     Tai-hwa Liang <avatar at FreeBSD.org>
CommitDate: 2021-03-06 14:43:16 +0000

    net: fixing a memory leak in if_deregister_com_alloc()
    
    Drain the callbacks upon if_deregister_com_alloc() such that the
    if_com_free[type] won't be nullified before if_destroy().
    
    Taking fwip(4) as an example, before this fix, kldunload if_fwip will
    go through the following:
    
      1. fwip_detach()
      2. if_free() -> schedule if_destroy() through NET_EPOCH_CALL
      3. fwip_detach() returns
      4. firewire_modevent(MOD_UNLOAD) -> if_deregister_com_alloc()
      5. kernel complains about:
            Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked).
      6. EPOCH runs if_destroy() -> if_free_internal()i
    
    By this time, if_com_free[if_alloctype] is NULL since it's already
    nullified by if_deregister_com_alloc(); hence, firewire_free() won't
    have a chance to release the allocated fw_com.
    
    Reviewed by:    hselasky, glebius
    MFC after:      2 weeks
---
 sys/net/if.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index 9d5e9e26b4bb..86c60cfcfa7f 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -4055,6 +4055,14 @@ if_deregister_com_alloc(u_char type)
 	    ("if_deregister_com_alloc: %d not registered", type));
 	KASSERT(if_com_free[type] != NULL,
 	    ("if_deregister_com_alloc: %d free not registered", type));
+
+	/*
+	 * Ensure all pending EPOCH(9) callbacks have been executed. This
+	 * fixes issues about late invocation of if_destroy(), which leads
+	 * to memory leak from if_com_alloc[type] allocated if_l2com.
+	 */
+	epoch_drain_callbacks(net_epoch_preempt);
+
 	if_com_alloc[type] = NULL;
 	if_com_free[type] = NULL;
 }

More information about the dev-commits-src-all mailing list