Date: Thu, 16 Aug 2012 15:34:41 -0400 From: John Baldwin <jhb@freebsd.org> To: Randall Stewart <rrs@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r239334 - head/sys/netinet Message-ID: <201208161534.42012.jhb@freebsd.org> In-Reply-To: <201208161755.q7GHtHHZ048693@svn.freebsd.org> References: <201208161755.q7GHtHHZ048693@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, August 16, 2012 1:55:17 pm Randall Stewart wrote: > Author: rrs > Date: Thu Aug 16 17:55:16 2012 > New Revision: 239334 > URL: http://svn.freebsd.org/changeset/base/239334 > > Log: > Its never a good idea to double free the same > address. > > MFC after: 1 week (after the other commits ahead of this gets MFC'd) > > Modified: > head/sys/netinet/in.c > > Modified: head/sys/netinet/in.c > ============================================================================== > --- head/sys/netinet/in.c Thu Aug 16 17:27:11 2012 (r239333) > +++ head/sys/netinet/in.c Thu Aug 16 17:55:16 2012 (r239334) > @@ -573,7 +573,7 @@ in_control(struct socket *so, u_long cmd > } > TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); > IF_ADDR_WUNLOCK(ifp); > - ifa_free(&ia->ia_ifa); /* if_addrhead */ > +/* ifa_free(&ia->ia_ifa); - Double free?? */ /* if_addrhead */ This isn't a double free. This is dropping a reference count. In this case as the comment suggests, it is removing the reference held by the per- interface if_addrhead list that it was just removed from two lines above. Later in the function when ifa_free() is invoked: LIST_REMOVE(ia, ia_hash); IN_IFADDR_WUNLOCK(); ... ifa_free(&ia->ia_ifa); /* in_ifaddrhead */ It is dropping the reference held by the in_ifaddrhead list which the ifa was removed from by the above LIST_REMOVE(). Are you seeing a panic or refcount underflow or some such? -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208161534.42012.jhb>