diff mbox series

[nf,v2,1/3] netfilter: nf_flow_table: fix netdev refcnt leak

Message ID 20190429165529.1325-1-ap420073@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show
Series netfilter: nf_flow_table: fix several flowtable bugs | expand

Commit Message

Taehee Yoo April 29, 2019, 4:55 p.m. UTC 
flow_offload_alloc() calls nf_route() to get a dst_entry.
Internally, nf_route() calls ip_route_output_key() that allocates
a dst_entry and holds it.
So, a dst_entry should be released by dst_release() if nf_route() is
successful.

Because of that problem, netns exit routine can not be finished and
below message will be printed.
[  257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
 net/netfilter/nft_flow_offload.c | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 6e6b9adf7d38..ff50bc1b144f 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -113,6 +113,7 @@  static void nft_flow_offload_eval(const struct nft_expr *expr,
 	if (ret < 0)
 		goto err_flow_add;
 
+	dst_release(route.tuple[!dir].dst);
 	return;
 
 err_flow_add: