releases/4.19.51/netfilter-nf_flow_table-fix-netdev-refcnt-leak.patch

   1 From df161e3286162b58d33a3614bc2a17f2165c62e2 Mon Sep 17 00:00:00 2001
   2 From: Taehee Yoo <ap420073@gmail.com>
   3 Date: Tue, 30 Apr 2019 01:55:29 +0900
   4 Subject: netfilter: nf_flow_table: fix netdev refcnt leak
   5
   6 [ Upstream commit 26a302afbe328ecb7507cae2035d938e6635131b ]
   7
   8 flow_offload_alloc() calls nf_route() to get a dst_entry. Internally,
   9 nf_route() calls ip_route_output_key() that allocates a dst_entry and
  10 holds it. So, a dst_entry should be released by dst_release() if
  11 nf_route() is successful.
  12
  13 Otherwise, netns exit routine cannot be finished and the following
  14 message is printed:
  15
  16 [  257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1
  17
  18 Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
  19 Signed-off-by: Taehee Yoo <ap420073@gmail.com>
  20 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  21 Signed-off-by: Sasha Levin <sashal@kernel.org>
  22 ---
  23  net/netfilter/nft_flow_offload.c | 1 +
  24  1 file changed, 1 insertion(+)
  25
  26 diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
  27 index 436cc14cfc59..7f85af4c40ff 100644
  28 --- a/net/netfilter/nft_flow_offload.c
  29 +++ b/net/netfilter/nft_flow_offload.c
  30 @@ -113,6 +113,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
  31         if (ret < 0)
  32                 goto err_flow_add;
  33
  34 +       dst_release(route.tuple[!dir].dst);
  35         return;
  36
  37  err_flow_add:
  38 --
  39 2.20.1
  40