From 18cf0d0784b4a634472ed24d0d7ca1c721d93e90 Mon Sep 17 00:00:00 2001 From: Romain KUNTZ Date: Mon, 18 Feb 2013 02:36:24 +0000 Subject: [PATCH] xfrm: release neighbor upon dst destruction Neighbor is cloned in xfrm6_fill_dst but seems to never be released. Neighbor entry should be released when XFRM6 dst entry is destroyed in xfrm6_dst_destroy, otherwise references may be kept forever on the device pointed by the neighbor entry. I may not have understood all the subtleties of XFRM & dst so I would be happy to receive comments on this patch. Signed-off-by: Romain Kuntz Signed-off-by: David S. Miller --- net/ipv6/xfrm6_policy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index c9844135c9ca..8f32718677bd 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -236,6 +236,8 @@ static void xfrm6_dst_destroy(struct dst_entry *dst) { struct xfrm_dst *xdst = (struct xfrm_dst *)dst; + if (likely(xdst->u.rt6.n)) + neigh_release(xdst->u.rt6.n); if (likely(xdst->u.rt6.rt6i_idev)) in6_dev_put(xdst->u.rt6.rt6i_idev); dst_destroy_metrics_generic(dst); -- GitLab