Page MenuHomeFreeBSD

Fix ifa refcount leak in ifa_ifwithnet()
AcceptedPublic

Authored by rstone on Feb 16 2021, 4:19 PM.

Details

Reviewers
melifaro
Group Reviewers
network
Summary

In 4f6c66cc9c75c8, ifa_ifwithnet() was changed to no longer
ifa_ref() the returned ifaddr, and instead the caller was required
to stay in the net_epoch for as long as they wanted the ifaddr
to remain valid. However, this missed the case where an AF_LINK
lookup would call ifaddr_byindex(), which still does ifa_ref()
the ifaddr. This would cause a refcount leak.

Fix this by inlining the relevant parts of ifaddr_byindex() here,
with the ifa_ref() call removed. This also avoids an unnecessary
entry and exit from the net_epoch for this case.

I've audited all in-tree consumers of ifa_ifwithnet() that could
possibly perform an AF_LINK lookup and confirmed that none of them
will expect the ifaddr to have a reference that they need to
release.

MFC after: 2 months
Sponsored by: Dell Inc

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 37055
Build 33944: arc lint + arc unit

Event Timeline

I haven't been able to find a repro scenario for the leak outside of $WORK's repo, but by inspection this fix is obviously correct so I'm reopening this.

melifaro added inline comments.
sys/net/if.c
2023

Q: why moving sdl declaration outside of the block it's used?

2025

This eliminates the last caller of the ifaddr_byindex(). Do we want to retire the function as well?
If not, maybe it's worth changing the function semantic to not reference the returned ifp, to match ifnet_byindex().

This revision is now accepted and ready to land.Tue, Apr 27, 8:31 PM