Taehee Yoo fixed a bug in error path handling for object refcounts.
Quoting patch description:
| $nft add table ip filter
| $nft add counter ip filter c1
| $nft add map ip filter m1 { type ipv4_addr : counter \;}
| $nft add element ip filter m1 { 1 : c1 }
| $nft add element ip filter m1 { 1 : c1 }
| $nft delete element ip filter m1 { 1 }
| $nft delete counter ip filter c1
|Result:
| Error: Could not process rule: Device or resource busy
| delete counter ip filter c1
|
|At the second 'nft add element ip filter m1 { 1 : c1 }', the reference
|count of the 'c1' is increased then it tries to insert into the 'm1'. but
|the 'm1' already has same element so it returns -EEXIST.
|But it doesn't decrease the reference count of the 'c1' in the error path.
|Due to a leak of the reference count of the 'c1', the 'c1' can't be
|removed by 'nft delete counter ip filter c1'.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
.../testcases/transactions/0042_stateful_expr_0 | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0042_stateful_expr_0
diff --git a/tests/shell/testcases/transactions/0042_stateful_expr_0 b/tests/shell/testcases/transactions/0042_stateful_expr_0
new file mode 100755
index 000000000000..918e7219d7aa
--- /dev/null
+++ b/tests/shell/testcases/transactions/0042_stateful_expr_0
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+RULESET="
+add table ip filter
+add counter ip filter c1
+add map ip filter m1 { type ipv4_addr : counter ;}
+add element ip filter m1 { 1 : c1 }
+add element ip filter m1 { 1 : c1 }
+delete element ip filter m1 { 1 }
+delete counter ip filter c1"
+
+$NFT -f - <<< "$RULESET"
--
2.19.2
