> Date: Sat, 19 Mar 2016 14:15:47 +0100
> From: Stefan Sperling
>
> A sparc64 machine of mine crashes every few weeks because the kernel
> runs out of memory.
>
> The crash usually happens in a malloc call in the vnet(4) ioctl code path.
> I have a cronjob which downs/up vnet interfaces in case they get stuck in
> OACTIVE (another bug which, AFAIK, is not solved yet). So this machine runs
> vnet's ioctl code path every now and then.
>
> Yesterday it crashed again. The machine was still running a snap from Feb 2.
> kettenis@ has fixed one memory leak in vnet since. I believe I may have
> found another leak, which is addresssed by the diff below.
>
> Is this diff correct? My machine is now running with it.
ok kettenis@
> Index: vnet.c
> ===
> RCS file: /cvs/src/sys/arch/sparc64/dev/vnet.c,v
> retrieving revision 1.54
> diff -u -p -r1.54 vnet.c
> --- vnet.c26 Feb 2016 13:41:51 - 1.54
> +++ vnet.c19 Mar 2016 10:42:06 -
> @@ -169,6 +169,7 @@ struct vnet_softc {
> struct ldc_map *sc_lm;
> struct vnet_dring *sc_vd;
> struct vnet_soft_desc *sc_vsd;
> +#define VNET_NUM_SOFT_DESC 128
>
> size_t sc_peer_desc_size;
> struct ldc_cookie sc_peer_dring_cookie;
> @@ -1399,10 +1400,10 @@ vnet_init(struct ifnet *ifp)
> return;
> }
>
> - sc->sc_vd = vnet_dring_alloc(sc->sc_dmatag, 128);
> + sc->sc_vd = vnet_dring_alloc(sc->sc_dmatag, VNET_NUM_SOFT_DESC);
> if (sc->sc_vd == NULL)
> return;
> - sc->sc_vsd = malloc(128 * sizeof(*sc->sc_vsd), M_DEVBUF,
> + sc->sc_vsd = malloc(VNET_NUM_SOFT_DESC * sizeof(*sc->sc_vsd), M_DEVBUF,
> M_NOWAIT|M_ZERO);
> if (sc->sc_vsd == NULL)
> return;
> @@ -1453,6 +1454,8 @@ vnet_stop(struct ifnet *ifp)
> lc->lc_state = 0;
> lc->lc_tx_state = lc->lc_rx_state = LDC_CHANNEL_DOWN;
> vnet_ldc_reset(lc);
> +
> + free(sc->sc_vsd, M_DEVBUF, VNET_NUM_SOFT_DESC * sizeof(*sc->sc_vsd));
>
> vnet_dring_free(sc->sc_dmatag, sc->sc_vd);
>
>
>