From: Neil Horman <nhorman@redhat.com>
Date: Thu, 12 Jun 2008 10:46:54 -0400
Subject: [net] ipv6: fix unbalanced ref count in ndisc_recv_ns
Message-id: 20080612144654.GC12941@hmsendeavour.rdu.redhat.com
O-Subject: [RHEL5.2 PATCH] Fix unbalanced reference count in ndisc_recv_ns (bz 450855)
Bugzilla: 450855
RH-Acked-by: Thomas Graf <tgraf@redhat.com>
RH-Acked-by: David S. Miller <davem@redhat.com>
RH-Acked-by: Herbert Xu <herbert.xu@redhat.com>

Hey all-
	Currently, if we receive a neighbor solicitation on a target address for
which we have a matching ifaddr that is in the tentative or optimistic state we
fail our duplicate address detection process.  Calling addrconf_dad_failure,
drops the reference count of the associated address.  However, the structure of
ndisc_recv_ns causes a second refcount release at the end of the function, which
is unbalanced and leads to failed assertions when the interface does actually
get deleted while other contexts still hold references to it. This patch is a
backport of upstream commit 9e3be4b34364a670bd6e57d2e8c3caabdd8d89f8 and solves
the problem as documented in bz 450855.

Neil

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index f63001f..850b890 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -834,7 +834,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
 				 * so fail our DAD process
 				 */
 				addrconf_dad_failure(ifp);
-                                goto out;
+				return;
 			} else {
 				/*
 				 * This is not a dad solicitation.