hello,
The following patch passes the correct size to free(9) for a filedesc's
klist.
Index: kern_descrip.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.125
diff -u -p -r1.125 kern_descrip.c
--- kern_descrip.c 5 Dec 2015 10:11:53 -0000 1.125
+++ kern_descrip.c 17 Dec 2015 15:16:00 -0000
@@ -1093,7 +1093,7 @@ fdfree(struct proc *p)
if (fdp->fd_rdir)
vrele(fdp->fd_rdir);
if (fdp->fd_knlist)
- free(fdp->fd_knlist, M_TEMP, 0);
+ free(fdp->fd_knlist, M_TEMP, fdp->fd_knlistsize * sizeof(struct
klist));
if (fdp->fd_knhash)
free(fdp->fd_knhash, M_TEMP, 0);
pool_put(&fdesc_pool, fdp);
Index: kern_event.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_event.c,v
retrieving revision 1.67
diff -u -p -r1.67 kern_event.c
--- kern_event.c 5 Dec 2015 10:11:53 -0000 1.67
+++ kern_event.c 17 Dec 2015 15:16:02 -0000
@@ -1021,7 +1021,8 @@ knote_attach(struct knote *kn, struct fi
memset(&list[fdp->fd_knlistsize], 0,
(size - fdp->fd_knlistsize) * sizeof(struct klist));
if (fdp->fd_knlist != NULL)
- free(fdp->fd_knlist, M_TEMP, 0);
+ free(fdp->fd_knlist, M_TEMP,
+ fdp->fd_knlistsize * sizeof(struct
klist));
fdp->fd_knlistsize = size;
fdp->fd_knlist = list;
}