The branch main has been updated by vmaffione:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0ab5902e8ad93d0a9341dcce386b6c571ee02173
commit 0ab5902e8ad93d0a9341dcce386b6c571ee02173
Author: Vincenzo Maffione <vmaffi...@freebsd.org>
AuthorDate: 2021-03-15 17:39:18 +0000
Commit: Vincenzo Maffione <vmaffi...@freebsd.org>
CommitDate: 2021-03-15 17:39:18 +0000
netmap: fix memory leak in NETMAP_REQ_PORT_INFO_GET
The netmap_ioctl() function has a reference counting bug in case of
NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`,
the function does not decrease the refcount of "nmd", which is
increased by netmap_mem_find(), causing a refcount leak.
Reported by: Xiyu Yang <sherllyyan...@gmail.com>
Submitted by: Carl Smith <carl.sm...@alliedtelesis.co.nz>
MFC after: 3 days
PR: 254311
---
sys/dev/netmap/netmap.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/dev/netmap/netmap.c b/sys/dev/netmap/netmap.c
index f37900712046..f9698096b47a 100644
--- a/sys/dev/netmap/netmap.c
+++ b/sys/dev/netmap/netmap.c
@@ -2646,6 +2646,7 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd,
caddr_t data,
case NETMAP_REQ_PORT_INFO_GET: {
struct nmreq_port_info_get *req =
(struct nmreq_port_info_get
*)(uintptr_t)hdr->nr_body;
+ int nmd_ref = 0;
NMG_LOCK();
do {
@@ -2687,6 +2688,7 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd,
caddr_t data,
error = EINVAL;
break;
}
+ nmd_ref = 1;
}
error = netmap_mem_get_info(nmd,
&req->nr_memsize, &memflags,
@@ -2704,6 +2706,8 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd,
caddr_t data,
req->nr_host_rx_rings = na->num_host_rx_rings;
} while (0);
netmap_unget_na(na, ifp);
+ if (nmd_ref)
+ netmap_mem_put(nmd);
NMG_UNLOCK();
break;
}
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
