From 092f3f081265c68cd8de0234ba8e46560ccc061e Mon Sep 17 00:00:00 2001 From: Tai-hwa Liang Date: Sat, 6 Mar 2021 14:36:35 +0000 Subject: [PATCH] net: fixing a memory leak in if_deregister_com_alloc() Drain the callbacks upon if_deregister_com_alloc() such that the if_com_free[type] won't be nullified before if_destroy(). Taking fwip(4) as an example, before this fix, kldunload if_fwip will go through the following: 1. fwip_detach() 2. if_free() -> schedule if_destroy() through NET_EPOCH_CALL 3. fwip_detach() returns 4. firewire_modevent(MOD_UNLOAD) -> if_deregister_com_alloc() 5. kernel complains about: Warning: memory type fw_com leaked memory on destroy (1 allocations, 64 bytes leaked). 6. EPOCH runs if_destroy() -> if_free_internal()i By this time, if_com_free[if_alloctype] is NULL since it's already nullified by if_deregister_com_alloc(); hence, firewire_free() won't have a chance to release the allocated fw_com. Reviewed by: hselasky, glebius MFC after: 2 weeks --- sys/net/if.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/net/if.c b/sys/net/if.c index 9d5e9e26b4bb..86c60cfcfa7f 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -4055,6 +4055,14 @@ if_deregister_com_alloc(u_char type) ("if_deregister_com_alloc: %d not registered", type)); KASSERT(if_com_free[type] != NULL, ("if_deregister_com_alloc: %d free not registered", type)); + + /* + * Ensure all pending EPOCH(9) callbacks have been executed. This + * fixes issues about late invocation of if_destroy(), which leads + * to memory leak from if_com_alloc[type] allocated if_l2com. + */ + epoch_drain_callbacks(net_epoch_preempt); + if_com_alloc[type] = NULL; if_com_free[type] = NULL; }