svn commit: r368460 - head/sys/kern
Kyle Evans
kevans at FreeBSD.org
Tue Dec 8 18:44:07 UTC 2020
Author: kevans
Date: Tue Dec 8 18:44:06 2020
New Revision: 368460
URL: https://svnweb.freebsd.org/changeset/base/368460
Log:
kern: cpuset: plug a unr leak
cpuset_rel_defer() is supposed to be functionally equivalent to
cpuset_rel() but with anything that might sleep deferred until
cpuset_rel_complete -- this setup is used specifically for cpuset_setproc.
Add in the missing unr free to match cpuset_rel. This fixes a leak that
was observed when I wrote a small userland application to try and debug
another issue, which effectively did:
cpuset(&newid);
cpuset(&scratch);
newid gets leaked when scratch is created; it's off the list, so there's
no mechanism for anything else to relinquish it. A more realistic reproducer
would likely be a process that inherits some cpuset that it's the only ref
for, but it creates a new one to modify. Alternatively, administratively
reassigning a process' cpuset that it's the last ref for will have the same
effect.
Discovered through D27498.
MFC after: 1 week
Modified:
head/sys/kern/kern_cpuset.c
Modified: head/sys/kern/kern_cpuset.c
==============================================================================
--- head/sys/kern/kern_cpuset.c Tue Dec 8 18:28:49 2020 (r368459)
+++ head/sys/kern/kern_cpuset.c Tue Dec 8 18:44:06 2020 (r368460)
@@ -246,9 +246,14 @@ cpuset_rel_defer(struct setlist *head, struct cpuset *
static void
cpuset_rel_complete(struct cpuset *set)
{
+ cpusetid_t id;
+
+ id = set->cs_id;
LIST_REMOVE(set, cs_link);
cpuset_rel(set->cs_parent);
uma_zfree(cpuset_zone, set);
+ if (id != CPUSET_INVALID)
+ free_unr(cpuset_unr, id);
}
/*
More information about the svn-src-head
mailing list