>Number:         32251
>Category:       kern
>Synopsis:       Possible memory leak in uvm_io?
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 05 15:35:00 +0000 2005
>Originator:     Mindaugas
>Release:        NetBSD 3.0_RC5
>Organization:
>Environment:
>Description:
sys/uvm/uvm_io.c: uvm_io function extracts mappings (step 2), moves a chunk of data (step 3), then checks for the error and breaks without unmaping the area of kernel memory (step 4). There can be a memory leak.

See patch from OpenBSD in below. It's for -current.
>How-To-Repeat:

>Fix:
--- uvm_io.c.orig	2005-12-05 16:04:58.000000000 +0200
+++ uvm_io.c	2005-12-05 15:57:51.000000000 +0200
@@ -129,8 +129,6 @@
 		if (sz > togo)
 			sz = togo;
 		error = uiomove((caddr_t) (kva + pageoffset), sz, uio);
-		if (error)
-			break;
 		togo -= sz;
 		baseva += chunksz;
 
@@ -145,6 +143,13 @@
 		vm_map_unlock(kernel_map);
 		if (dead_entries != NULL)
 			uvm_unmap_detach(dead_entries, AMAP_REFALL);
+
+		/*
+		 * We defer checking the error return from uiomove until
+		 * here so that we won't leak memory.
+		 */
+		if (error)
+			break;
 	}
 	return (error);
 }