From: Neil Horman <nhorman@redhat.com> Date: Thu, 12 Jun 2008 10:46:54 -0400 Subject: [net] ipv6: fix unbalanced ref count in ndisc_recv_ns Message-id: 20080612144654.GC12941@hmsendeavour.rdu.redhat.com O-Subject: [RHEL5.2 PATCH] Fix unbalanced reference count in ndisc_recv_ns (bz 450855) Bugzilla: 450855 RH-Acked-by: Thomas Graf <tgraf@redhat.com> RH-Acked-by: David S. Miller <davem@redhat.com> RH-Acked-by: Herbert Xu <herbert.xu@redhat.com> Hey all- Currently, if we receive a neighbor solicitation on a target address for which we have a matching ifaddr that is in the tentative or optimistic state we fail our duplicate address detection process. Calling addrconf_dad_failure, drops the reference count of the associated address. However, the structure of ndisc_recv_ns causes a second refcount release at the end of the function, which is unbalanced and leads to failed assertions when the interface does actually get deleted while other contexts still hold references to it. This patch is a backport of upstream commit 9e3be4b34364a670bd6e57d2e8c3caabdd8d89f8 and solves the problem as documented in bz 450855. Neil diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index f63001f..850b890 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -834,7 +834,7 @@ static void ndisc_recv_ns(struct sk_buff *skb) * so fail our DAD process */ addrconf_dad_failure(ifp); - goto out; + return; } else { /* * This is not a dad solicitation.