Subject: kern/3000: union fs memory leak etc.
To: None <gnats-bugs@gnats.netbsd.org>
From: =?ISO-2022-JP?B?Ik1JTk9VUkEgTWFrb3RvIC8gGyRCTCcxOhsoQiAbJEI/PxsoQiI=?= <minoura@kw.netlaputa.or.jp>
List: netbsd-bugs
Date: 12/05/1996 22:44:05
>Number: 3000
>Category: kern
>Synopsis: union fs malloc bug etc.
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Dec 6 08:20:00 1996
>Last-Modified:
>Originator: NetBSD/pc98 Core Team / MINOURA Makoto
>Organization:
MINOURA, Makoto <minoura@kw.netlaputa.or.jp>
Nakahara-ku Kawasaki-Shi, JAPAN
>Release: Nov. 30, '96
>Environment:
System: NetBSD daisy 1.2B NetBSD 1.2B (DAISY) #1: Sun Dec 1 00:32:28 JST 1996 root@daisy:/usr/src/sys/arch/i386/compile/DAISY i386
>Description:
The following patch fixes some bugs around unionfs memory
management. The malloc argument bug may cause weird panic...
Originally written by Naofumi HONDA, NetBSD/pc98 Core Team.
>How-To-Repeat:
>Fix:
*** /sys/miscfs/union/union_subr.c.ORIG Sat Oct 26 20:21:00 1996
--- /sys/miscfs/union/union_subr.c Sat Nov 30 19:31:25 1996
***************
*** 741,746 ****
--- 741,750 ----
error = relookup(dvp, vpp, cn);
if (!error)
vrele(dvp);
+ else {
+ free(cn->cn_pnbuf, M_NAMEI);
+ cn->cn_pnbuf = 0;
+ }
return (error);
}
***************
*** 883,889 ****
* copied in the first place).
*/
cn.cn_namelen = strlen(un->un_path);
! cn.cn_pnbuf = (caddr_t) malloc(cn.cn_namelen, M_NAMEI, M_WAITOK);
bcopy(un->un_path, cn.cn_pnbuf, cn.cn_namelen+1);
cn.cn_nameiop = CREATE;
cn.cn_flags = (LOCKPARENT|HASBUF|SAVENAME|SAVESTART|ISLASTCN);
--- 887,893 ----
* copied in the first place).
*/
cn.cn_namelen = strlen(un->un_path);
! cn.cn_pnbuf = (caddr_t) malloc(cn.cn_namelen+1, M_NAMEI, M_WAITOK);
bcopy(un->un_path, cn.cn_pnbuf, cn.cn_namelen+1);
cn.cn_nameiop = CREATE;
cn.cn_flags = (LOCKPARENT|HASBUF|SAVENAME|SAVESTART|ISLASTCN);
>Audit-Trail:
>Unformatted: