@@ -5276,6 +5276,9 @@ static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)
for (i = 0; i < set->num_exprs; i++)
nft_expr_destroy(ctx, set->exprs[i]);
+ if (WARN_ON_ONCE(!set->dead))
+ set->dead = 1;
+
set->ops->destroy(ctx, set);
nft_set_catchall_destroy(ctx, set);
nft_set_put(set);
@@ -451,6 +451,8 @@ static void nft_rhash_destroy(const struct nft_ctx *ctx,
.set = set,
};
+ WARN_ON_ONCE(!set->dead);
+
cancel_delayed_work_sync(&priv->gc_work);
rhashtable_free_and_destroy(&priv->ht, nft_rhash_elem_destroy,
(void *)&rhash_ctx);
Control plane should mark a to-be-destroyed set as dead before the ->destroy function gets called. This needs to be done while control plane still holds the transaction mutex. Signed-off-by: Florian Westphal <fw@strlen.de> --- net/netfilter/nf_tables_api.c | 3 +++ net/netfilter/nft_set_hash.c | 2 ++ 2 files changed, 5 insertions(+)