On Fri, Nov 15, 2019 at 12:25:01PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Nov 15, 2019 at 07:21:26PM +0800, wenxu@xxxxxxxxx wrote:
> > From: wenxu <wenxu@xxxxxxxxx>
> >
> > Undo the callback binding before unregistering the existing hooks. It also
> > should check err of the bind setup call
> >
> > Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
> > Signed-off-by: wenxu <wenxu@xxxxxxxxx>
> > ---
> > This patch is based on:
> > http://patchwork.ozlabs.org/patch/1195539/
>
> This is actually like this one:
>
> https://patchwork.ozlabs.org/patch/1194046/
>
> right?
I'm attaching the one I made based on yours that I posted yesterday.
>From f070db9a7fb9ecb6d2fdbd4702eb5e29b2bd5f64 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Fri, 15 Nov 2019 00:22:55 +0100
Subject: [PATCH] netfilter: nf_tables: unbind callbacks if flowtable hook
registration fails
Undo the callback binding before unregistering the existing hooks.
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Reported-by: wenxu <wenxu@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 4f0d880a8496..bd453c28a5d1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6009,8 +6009,12 @@ static int nft_register_flowtable_net_hooks(struct net *net,
flowtable->data.type->setup(&flowtable->data, hook->ops.dev,
FLOW_BLOCK_BIND);
err = nf_register_net_hook(net, &hook->ops);
- if (err < 0)
+ if (err < 0) {
+ flowtable->data.type->setup(&flowtable->data,
+ hook->ops.dev,
+ FLOW_BLOCK_UNBIND);
goto err_unregister_net_hooks;
+ }
i++;
}
--
2.11.0
