Commit 26a302af authored by Taehee Yoo's avatar Taehee Yoo Committed by Pablo Neira Ayuso

netfilter: nf_flow_table: fix netdev refcnt leak

flow_offload_alloc() calls nf_route() to get a dst_entry. Internally,
nf_route() calls ip_route_output_key() that allocates a dst_entry and
holds it. So, a dst_entry should be released by dst_release() if
nf_route() is successful.

Otherwise, netns exit routine cannot be finished and the following
message is printed:

[  257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1

Fixes: ac2a6666 ("netfilter: add generic flow table infrastructure")
Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 270a8a29
...@@ -112,6 +112,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, ...@@ -112,6 +112,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
if (ret < 0) if (ret < 0)
goto err_flow_add; goto err_flow_add;
dst_release(route.tuple[!dir].dst);
return; return;
err_flow_add: err_flow_add:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment