git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 4 Jan 2019 11:30:47 +0000 (12:30 +0100)
committer	Florian Westphal <fw@strlen.de>
	Fri, 4 Jan 2019 11:38:45 +0000 (12:38 +0100)
commit	eb49882deb3e9ec5eccd6e6106b454e3a6394408
tree	b8c1507d95b976b9e533392a71a23460659dbeec	tree \| snapshot
parent	dafac7d528de0890b82f943fc818ccb7a82fca7d	commit \| diff

tests: shell: add test case for leaking of stateful object refcount

Taehee Yoo fixed a bug in error path handling for object refcounts.
Quoting patch description:
  |   $nft add table ip filter
  |   $nft add counter ip filter c1
  |   $nft add map ip filter m1 { type ipv4_addr : counter \;}
  |   $nft add element ip filter m1 { 1 : c1 }
  |   $nft add element ip filter m1 { 1 : c1 }
  |   $nft delete element ip filter m1 { 1 }
  |   $nft delete counter ip filter c1
  |Result:
  |   Error: Could not process rule: Device or resource busy
  |   delete counter ip filter c1
  |
  |At the second 'nft add element ip filter m1 { 1 : c1 }', the reference
  |count of the 'c1' is increased then it tries to insert into the 'm1'. but
  |the 'm1' already has same element so it returns -EEXIST.
  |But it doesn't decrease the reference count of the 'c1' in the error path.
  |Due to a leak of the reference count of the 'c1', the 'c1' can't be
  |removed by 'nft delete counter ip filter c1'.

Signed-off-by: Florian Westphal <fw@strlen.de>