From: Florian Westphal <fw@strlen.de>
To: Marko Jevtic <marko.jevtic@codereflect.io>
Cc: pablo@netfilter.org, netfilter-devel@vger.kernel.org,
phil@nwl.cc, coreteam@netfilter.org, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
horms@kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net v3] netfilter: nft_set_rbtree: fix use count leak on transaction abort
Date: Mon, 13 Apr 2026 00:31:51 +0200 [thread overview]
Message-ID: <adwdV0qGeRhSNLuz@strlen.de> (raw)
In-Reply-To: <20260412222801.34965-1-marko.jevtic@codereflect.io>
Marko Jevtic <marko.jevtic@codereflect.io> wrote:
> nft_rbtree_abort() does not handle elements moved to the expired list
> by inline GC during __nft_rbtree_insert(). When inline GC encounters
> expired elements during overlap detection, it calls
> nft_rbtree_gc_elem_move() which deactivates element data (decrementing
> chain/object use counts), removes the element from the rbtree, and
> queues it for deferred freeing. On commit, these elements are freed
> via nft_rbtree_gc_queue(). On abort, however, the expired list is
> ignored entirely.
>
> This leaves use counts permanently decremented after abort.
I have not seen a reason/answer why this needs to be rolled back.
GC is an implementation detail, its not part of the transaction.
It could also be done from work queue, for example, not just from insert
or commit.
I see no reason to change the existing approach.
next prev parent reply other threads:[~2026-04-12 22:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-12 22:28 [PATCH net v3] netfilter: nft_set_rbtree: fix use count leak on transaction abort Marko Jevtic
2026-04-12 22:31 ` Florian Westphal [this message]
2026-04-14 0:11 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adwdV0qGeRhSNLuz@strlen.de \
--to=fw@strlen.de \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marko.jevtic@codereflect.io \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox