netfilter: nf_tables: add missing ->release_ops() in error path of newrule() - linux-dev - Linux kernel development work

diff options

author	Taehee Yoo <ap420073@gmail.com>	2019-03-19 13:22:41 +0900
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-03-20 08:32:58 +0100
commit	b25a31bf0ca091aa8bdb9ab329b0226257568bbe (patch)
tree	7d4239b5e49c3c2686256226d33bdfdfdd75ef10 /virt
parent	netfilter: nf_flowtable: remove duplicated transition in diagram (diff)
download	linux-dev-b25a31bf0ca091aa8bdb9ab329b0226257568bbe.tar.xz linux-dev-b25a31bf0ca091aa8bdb9ab329b0226257568bbe.zip

netfilter: nf_tables: add missing ->release_ops() in error path of newrule()

->release_ops() callback releases resources and this is used in error path. If nf_tables_newrule() fails after ->select_ops(), it should release resources. but it can not call ->destroy() because that should be called after ->init(). At this point, ->release_ops() should be used for releasing resources. Test commands: modprobe -rv xt_tcpudp iptables-nft -I INPUT -m tcp <-- error command lsmod Result: Module Size Used by xt_tcpudp 20480 2 <-- it should be 0 Fixes: b8e204006340 ("netfilter: nft_compat: use .release_ops and remove list of extension") Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'virt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: