Phil Sutter <phil@xxxxxx> wrote: > > nf_tables_flowtable_destroy() is called after the hook has been > > unregisted (detached from nf_hook list) and rcu grace period elapsed. > > Yes, I didn't find a caller which didn't synchronize_rcu() before > calling it. Same applies to chain hooks, right? Sigh, there is nft_flowtable_find_dev() which iterates the nft_hook list from packet path. So the syncrhonize_rcu is irrelevant as long as the entry is linked up and this patch is correct as-is. list_del_rcu(&hook->list); kfree(hook); is illegal, and I think this should add a helper that unlinks and then frees the entry via kfree_rcu and converts all instances of this pattern.
