On 12/20/2019 7:56 AM, Pablo Neira Ayuso wrote:
> On Wed, Dec 18, 2019 at 10:59:13PM +0800, wenxu@xxxxxxxxx wrote:
>> From: wenxu <wenxu@xxxxxxxxx>
>>
>> In the create rule path nf_tables_bind_set the set->use will inc, and
>> with the activate operatoion also inc it. In the delete rule patch
>> deactivate will dec it. So the destroy opertion should also deactivate
>> it.
> [...]
>
> Is this a theoretical issue? Thanks.
As we talked in patch2. Destroy the rule don't need dec the use counter. So just drop this series. Thx!
> [...]
>> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
>> index 174b362..d71793e 100644
>> --- a/net/netfilter/nf_tables_api.c
>> +++ b/net/netfilter/nf_tables_api.c
>> @@ -4147,8 +4147,10 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
>>
>> void nf_tables_destroy_set(const struct nft_ctx *ctx, struct nft_set *set)
>> {
>> - if (list_empty(&set->bindings) && nft_set_is_anonymous(set))
>> + if (list_empty(&set->bindings) && nft_set_is_anonymous(set)) {
>> + set->use--;
>> nft_set_destroy(set);
>> + }
>> }
>> EXPORT_SYMBOL_GPL(nf_tables_destroy_set);
>>
>> --
>> 1.8.3.1
>>
