From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails
Date: Sat, 9 Jul 2022 16:20:45 +0200 [thread overview]
Message-ID: <YsmOvf3cQYme89zy@salvia> (raw)
In-Reply-To: <YsmN+h5c6OazXBgn@salvia>
On Sat, Jul 09, 2022 at 04:17:30PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jul 08, 2022 at 12:06:32PM +0200, Pablo Neira Ayuso wrote:
> > Call nft_data_release() to release the element keys otherwise this
> > might leak chain reference counter.
> >
> > Fixes: 7b225d0b5c6d ("netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute")
> > Fixes: ba0e4d9917b4 ("netfilter: nf_tables: get set elements via netlink")
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > ---
> > v2: coalesce two similar patches:
> > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708084453.11066-1-pablo@netfilter.org/
> > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708085805.12310-1-pablo@netfilter.org/
>
> Scratch this. nft_data_release() is noop for NFT_DATA_VERDICT case.
s/NFT_DATA_VERDICT/NFT_DATA_VALUE
> Calling this is good for consistency, but let's schedule this patch
> for nf-next instead.
next prev parent reply other threads:[~2022-07-09 14:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-08 10:06 [PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails Pablo Neira Ayuso
2022-07-08 10:06 ` [PATCH nf,v2 2/2] netfilter: nf_tables: replace BUG_ON by element length check Pablo Neira Ayuso
2022-07-09 14:17 ` [PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails Pablo Neira Ayuso
2022-07-09 14:20 ` Pablo Neira Ayuso [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-07-10 0:52 [PATCH nf, v2 " kernel test robot
2022-07-12 12:44 ` Dan Carpenter
2022-07-12 12:44 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YsmOvf3cQYme89zy@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.