Vasily Averin <vvs@xxxxxxxxxxxxx> wrote: > nf_ct_gre_keymap_flush() is useless. > It is called from nf_conntrack_cleanup_net_list() only and tries to remove > nf_ct_gre_keymap entries from pernet gre keymap list. Though: > a) at this point the list should already be empty, all its entries were > deleted during the conntracks cleanup, because > nf_conntrack_cleanup_net_list() executes nf_ct_iterate_cleanup(kill_all) > before nf_conntrack_proto_pernet_fini(): > nf_conntrack_cleanup_net_list > +- nf_ct_iterate_cleanup > | nf_ct_put > | nf_conntrack_put > | nf_conntrack_destroy > | destroy_conntrack > | destroy_gre_conntrack > | nf_ct_gre_keymap_destroy > `- nf_conntrack_proto_pernet_fini > nf_ct_gre_keymap_flush > > b) Let's say we find that the keymap list is not empty. This means netns > still has a conntrack associated with gre, in which case we should not free > its memory, because this will lead to a double free and related crashes. > However I doubt it could have gone unnoticed for years, obviously > this does not happen in real life. So I think we can remove > both nf_ct_gre_keymap_flush() and nf_conntrack_proto_pernet_fini(). Acked-by: Florian Westphal <fw@xxxxxxxxx>
