Skip to content

Commit

Permalink
netfilter: nf_flow_table: fix netdev refcnt leak
Browse files Browse the repository at this point in the history 
flow_offload_alloc() calls nf_route() to get a dst_entry. Internally,
nf_route() calls ip_route_output_key() that allocates a dst_entry and
holds it. So, a dst_entry should be released by dst_release() if
nf_route() is successful.

Otherwise, netns exit routine cannot be finished and the following
message is printed:

[  257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1

Fixes: ac2a666 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Taehee Yoo authored and Pablo Neira Ayuso committed Apr 30, 2019
1 parent 270a8a2 commit 26a302a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/netfilter/nft_flow_offload.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
if (ret < 0)
goto err_flow_add;

dst_release(route.tuple[!dir].dst);
return;

err_flow_add:
Expand Down

0 comments on commit 26a302a

Please sign in to comment.