On Wed, Dec 18, 2019 at 10:59:13PM +0800, wenxu@xxxxxxxxx wrote:
> From: wenxu <wenxu@xxxxxxxxx>
>
> In the create rule path nf_tables_bind_set the set->use will inc, and
> with the activate operatoion also inc it. In the delete rule patch
> deactivate will dec it. So the destroy opertion should also deactivate
> it.
[...]
Is this a theoretical issue? Thanks.
[...]
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index 174b362..d71793e 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -4147,8 +4147,10 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
>
> void nf_tables_destroy_set(const struct nft_ctx *ctx, struct nft_set *set)
> {
> - if (list_empty(&set->bindings) && nft_set_is_anonymous(set))
> + if (list_empty(&set->bindings) && nft_set_is_anonymous(set)) {
> + set->use--;
> nft_set_destroy(set);
> + }
> }
> EXPORT_SYMBOL_GPL(nf_tables_destroy_set);
>
> --
> 1.8.3.1
>
