Plug an ifaddr leak when changing a route's src
ClosedPublic

Authored by rstone on Dec 7 2017, 9:50 PM.

Details

Summary

If a route is modified in a way that changes the route's source
address (i.e. the address used to access the gateway), then a
reference on the ifaddr representing the old source address will
be leaked if the address type does not have an ifa_rtrequest
method defined. Plug the leak by releasing the reference in
all cases.

Test Plan

I wrote this script to demonstrate the bug:

https://people.freebsd.org/~rstone/route-change-leak

On a stock -head system, I see the number of allocated entries in the ifaddr malloc type go up 100 every time I execute the script. With the fix, the number of allocated entries remains stable as expected.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
rstone created this revision.Dec 7 2017, 9:50 PM
rstone edited the test plan for this revision. (Show Details)Dec 7 2017, 9:54 PM
ae added a comment.Dec 13 2017, 9:13 AM

It would be nice if you describe why this leak happens, i.e. where leaked reference was acquired.

In D13417#281628, @ae wrote:

It would be nice if you describe why this leak happens, i.e. where leaked reference was acquired.

The reference is acquired at line 1800 in this file.

ae accepted this revision.Dec 14 2017, 12:05 PM

From quick look, it seems ifa_rtrequest does not release this reference and the change is correct.

This revision is now accepted and ready to land.Dec 14 2017, 12:05 PM
This revision was automatically updated to reflect the committed changes.