Taehee Yoo <ap420073@xxxxxxxxx> wrote: > The nft_expr_ops might be freed in the nf_tables_expr_destroy but > after this, a member of nft_expr_ops is used. > > Steps to reproduce: > $iptables-compat -I OUTPUT -m cpu --cpu 0 > $iptables-compat -F Oh, same reproducer as 2nd patch? I NORMAL case (non-compat) ->ops is 'static const', so no free occurs. So I thjink it might be better to fix nft_compat to not release the ops structure, but keep it around until rmmod nft_compat. AFAICS we can achive this by using a refcount of two instead of one, and retain the list until rmmod. What do you think? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
