svn commit: r239334 - head/sys/netinet
John Baldwin
jhb at freebsd.org
Thu Aug 16 19:34:59 UTC 2012
On Thursday, August 16, 2012 1:55:17 pm Randall Stewart wrote:
> Author: rrs
> Date: Thu Aug 16 17:55:16 2012
> New Revision: 239334
> URL: http://svn.freebsd.org/changeset/base/239334
>
> Log:
> Its never a good idea to double free the same
> address.
>
> MFC after: 1 week (after the other commits ahead of this gets MFC'd)
>
> Modified:
> head/sys/netinet/in.c
>
> Modified: head/sys/netinet/in.c
>
==============================================================================
> --- head/sys/netinet/in.c Thu Aug 16 17:27:11 2012 (r239333)
> +++ head/sys/netinet/in.c Thu Aug 16 17:55:16 2012 (r239334)
> @@ -573,7 +573,7 @@ in_control(struct socket *so, u_long cmd
> }
> TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link);
> IF_ADDR_WUNLOCK(ifp);
> - ifa_free(&ia->ia_ifa); /* if_addrhead */
> +/* ifa_free(&ia->ia_ifa); - Double free?? */ /* if_addrhead */
This isn't a double free. This is dropping a reference count. In this case
as the comment suggests, it is removing the reference held by the per-
interface if_addrhead list that it was just removed from two lines above.
Later in the function when ifa_free() is invoked:
LIST_REMOVE(ia, ia_hash);
IN_IFADDR_WUNLOCK();
...
ifa_free(&ia->ia_ifa); /* in_ifaddrhead */
It is dropping the reference held by the in_ifaddrhead list which the ifa
was removed from by the above LIST_REMOVE(). Are you seeing a panic or
refcount underflow or some such?
--
John Baldwin
More information about the svn-src-head
mailing list