On Tue, Dec 31, 2019 at 08:45:27AM +0800, wenxu wrote:
>
> 在 2019/12/31 4:02, Pablo Neira Ayuso 写道:
> > On Mon, Dec 30, 2019 at 09:25:36PM +0800, wenxu wrote:
> > > Hi pablo,
> > >
> > > How about this patch?
> > This test still fails after a second run with this patch:
> >
> > ./run-tests.sh testcases/flowtable/0009deleteafterflush_0
> > I: using nft binary ./../../src/nft
> >
> > W: [FAILED] testcases/flowtable/0009deleteafterflush_0: got 1
> > Error: Could not process rule: Device or resource busy
> > delete flowtable x f
>
> Hi pablo,
>
> I did the same test for testcase 0009deleteafterflush_0, It is okay even
> there is no this patch in my tree.
Thanks, I'm going to apply the patch that I'm attaching to this email.
>From 7c79a32304ccd7ee33f672a3b543ef62a664ce5d Mon Sep 17 00:00:00 2001
From: wenxu <wenxu@xxxxxxxxx>
Date: Fri, 20 Dec 2019 17:08:46 +0800
Subject: [PATCH] netfilter: nft_flow_offload: fix underflow in flowtable
reference counter
The .deactivate and .activate interfaces already deal with the reference
counter. Otherwise, this results in spurious "Device is busy" errors.
Fixes: a3c90f7a2323 ("netfilter: nf_tables: flow offload expression")
Signed-off-by: wenxu <wenxu@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nft_flow_offload.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index dd82ff2ee19f..b70b48996801 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -200,9 +200,6 @@ static void nft_flow_offload_activate(const struct nft_ctx *ctx,
static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
const struct nft_expr *expr)
{
- struct nft_flow_offload *priv = nft_expr_priv(expr);
-
- priv->flowtable->use--;
nf_ct_netns_put(ctx->net, ctx->family);
}
--
2.11.0
