From owner-svn-src-all@FreeBSD.ORG Thu Aug 16 19:34:59 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7E8B3106566B; Thu, 16 Aug 2012 19:34:59 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 4FE218FC08; Thu, 16 Aug 2012 19:34:59 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 949F2B91A; Thu, 16 Aug 2012 15:34:58 -0400 (EDT) From: John Baldwin To: Randall Stewart Date: Thu, 16 Aug 2012 15:34:41 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p17; KDE/4.5.5; amd64; ; ) References: <201208161755.q7GHtHHZ048693@svn.freebsd.org> In-Reply-To: <201208161755.q7GHtHHZ048693@svn.freebsd.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201208161534.42012.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Thu, 16 Aug 2012 15:34:58 -0400 (EDT) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r239334 - head/sys/netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2012 19:34:59 -0000 On Thursday, August 16, 2012 1:55:17 pm Randall Stewart wrote: > Author: rrs > Date: Thu Aug 16 17:55:16 2012 > New Revision: 239334 > URL: http://svn.freebsd.org/changeset/base/239334 > > Log: > Its never a good idea to double free the same > address. > > MFC after: 1 week (after the other commits ahead of this gets MFC'd) > > Modified: > head/sys/netinet/in.c > > Modified: head/sys/netinet/in.c > ============================================================================== > --- head/sys/netinet/in.c Thu Aug 16 17:27:11 2012 (r239333) > +++ head/sys/netinet/in.c Thu Aug 16 17:55:16 2012 (r239334) > @@ -573,7 +573,7 @@ in_control(struct socket *so, u_long cmd > } > TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); > IF_ADDR_WUNLOCK(ifp); > - ifa_free(&ia->ia_ifa); /* if_addrhead */ > +/* ifa_free(&ia->ia_ifa); - Double free?? */ /* if_addrhead */ This isn't a double free. This is dropping a reference count. In this case as the comment suggests, it is removing the reference held by the per- interface if_addrhead list that it was just removed from two lines above. Later in the function when ifa_free() is invoked: LIST_REMOVE(ia, ia_hash); IN_IFADDR_WUNLOCK(); ... ifa_free(&ia->ia_ifa); /* in_ifaddrhead */ It is dropping the reference held by the in_ifaddrhead list which the ifa was removed from by the above LIST_REMOVE(). Are you seeing a panic or refcount underflow or some such? -- John Baldwin