On Thu, May 13, 2021 at 02:40:31PM +0000, Visa Hankala wrote:
> It looks that re_rxeof() might leak mbufs in two cases. The first case
> happens if the controller returns an incomplete frame when frames are
> expected to be non-fragmented. Note that in this instance the fragment
> list sc->rl_head should be empty and does not need clearing.
>
> The second leak happens if a frame has a reception error. The code has
> cleared any preceding fragments but leaks the list's final mbuf.
>
> Index: dev/ic/re.c
> ===================================================================
> RCS file: src/sys/dev/ic/re.c,v
> retrieving revision 1.210
> diff -u -p -r1.210 re.c
> --- dev/ic/re.c 7 May 2021 09:13:19 -0000 1.210
> +++ dev/ic/re.c 13 May 2021 14:33:20 -0000
> @@ -1280,6 +1280,8 @@ re_rxeof(struct rl_softc *sc)
> if ((sc->rl_flags & RL_FLAG_JUMBOV2) != 0 &&
> (rxstat & (RL_RDESC_STAT_SOF | RL_RDESC_STAT_EOF)) !=
> (RL_RDESC_STAT_SOF | RL_RDESC_STAT_EOF)) {
> + ifp->if_ierrors++;
> + m_freem(m);
> continue;
> } else if (!(rxstat & RL_RDESC_STAT_EOF)) {
> m->m_len = RL_FRAMELEN(sc->rl_max_mtu);
> @@ -1328,6 +1330,7 @@ re_rxeof(struct rl_softc *sc)
> m_freem(sc->rl_head);
> sc->rl_head = sc->rl_tail = NULL;
> }
> + m_freem(m);
> continue;
> }
>
>
Looks correct to me. OK claudio@
--
:wq Claudio
