ipv6: fix a refcnt leak with peer addr There is no reason to take a refcnt before deleting the peer address route. It's done some lines below for the local prefix route because inet6_ifa_finish_destroy() will release it at the end. For the peer address route, we want to free it right now. This bug has been introduced by commit caeaba79009c ("ipv6: add support of peer address"). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: f24062b07dda89b0e24fa48e7bc3865a725f5ee6 [log] [tgz]
author: Nicolas Dichtel <nicolas.dichtel@6wind.com> Wed Sep 03 23:59:21 2014 +0200
committer: David S. Miller <davem@davemloft.net> Fri Sep 05 17:13:24 2014 -0700
tree: 99d8da425d3074968570d56cd4931910df876f21
parent: c199105d154e029cd8c94cccd35bd073e64acc45 [diff]
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index aa0e135..ce761c7 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c

@@ -4772,11 +4772,8 @@
 
 			rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
 					dev->ifindex, 1);
-			if (rt) {
-				dst_hold(&rt->dst);
-				if (ip6_del_rt(rt))
-					dst_free(&rt->dst);
-			}
+			if (rt && ip6_del_rt(rt))
+				dst_free(&rt->dst);
 		}
 		dst_hold(&ifp->rt->dst);
commit	f24062b07dda89b0e24fa48e7bc3865a725f5ee6	[log] [tgz]
author	Nicolas Dichtel <nicolas.dichtel@6wind.com>	Wed Sep 03 23:59:21 2014 +0200
committer	David S. Miller <davem@davemloft.net>	Fri Sep 05 17:13:24 2014 -0700
tree	99d8da425d3074968570d56cd4931910df876f21
parent	c199105d154e029cd8c94cccd35bd073e64acc45 [diff]