This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=1651813. I didn't include this link into the commit message because I don't know if it is appropiate. Thanks! :-) On 8/31/19 12:14 PM, Fernando Fernandez Mancera wrote: > This socket assignment was unnecessary and also added a missing sock_gen_put(). > > Fixes: 554ced0a6e29 ("netfilter: nf_tables: add support for native socket matching") > Signed-off-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> > --- > net/netfilter/nft_socket.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c > index d7f3776dfd71..637ce3e8c575 100644 > --- a/net/netfilter/nft_socket.c > +++ b/net/netfilter/nft_socket.c > @@ -47,9 +47,6 @@ static void nft_socket_eval(const struct nft_expr *expr, > return; > } > > - /* So that subsequent socket matching not to require other lookups. */ > - skb->sk = sk; > - > switch(priv->key) { > case NFT_SOCKET_TRANSPARENT: > nft_reg_store8(dest, inet_sk_transparent(sk)); > @@ -66,6 +63,9 @@ static void nft_socket_eval(const struct nft_expr *expr, > WARN_ON(1); > regs->verdict.code = NFT_BREAK; > } > + > + if (sk != skb->sk) > + sock_gen_put(sk); > } > > static const struct nla_policy nft_socket_policy[NFTA_SOCKET_MAX + 1] = { >
