On Wed, 9 Jan 2019 at 07:32, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Tue, Jan 08, 2019 at 11:28:35PM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Jan 04, 2019 at 05:56:16PM +0900, Taehee Yoo wrote:
> > > There is no code that decreases the reference count of stateful objects
> > > in error path of the nft_add_set_elem(). this causes a leak of reference
> > > count of stateful objects.
> > >
> > > Test commands:
> > > $nft add table ip filter
> > > $nft add counter ip filter c1
> > > $nft add map ip filter m1 { type ipv4_addr : counter \;}
> > > $nft add element ip filter m1 { 1 : c1 }
> > > $nft add element ip filter m1 { 1 : c1 }
> > > $nft delete element ip filter m1 { 1 }
> > > $nft delete counter ip filter c1
> > >
> > > Result:
> > > Error: Could not process rule: Device or resource busy
> > > delete counter ip filter c1
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > > At the second 'nft add element ip filter m1 { 1 : c1 }', the reference
> > > count of the 'c1' is increased then it tries to insert into the 'm1'. but
> > > the 'm1' already has same element so it returns -EEXIST.
> > > But it doesn't decrease the reference count of the 'c1' in the error path.
> > > Due to a leak of the reference count of the 'c1', the 'c1' can't be
> > > removed by 'nft delete counter ip filter c1'.
> >
> > Applied, thanks.
> >
> > Will place this script in the test infrastructure.
>
> Florian already made it, great :)
Thank you for letting me know!
