Commit 2888b080 authored Mar 03, 2021 by Pablo Neira Ayuso

netfilter: nftables: fix possible double hook unregistration with table owner



Skip hook unregistration of owner tables from the netns exit path,
nft_rcv_nl_event() unregisters the table hooks before tearing down
the table content.

Fixes: 6001a930 ("netfilter: nftables: introduce table ownership")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 9cc0001a

net/netfilter/nf_tables_api.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -9028,9 +9028,13 @@ static void __nft_release_hooks(struct net *net)
		{
		struct nft_table *table;

		list_for_each_entry(table, &net->nft.tables, list)
		list_for_each_entry(table, &net->nft.tables, list) {
		if (nft_table_has_owner(table))
		continue;

		__nft_release_hook(net, table);
		}
		}

		static void __nft_release_table(struct net net, struct nft_table table)
		{