This series fixes a memory (refcount) leak in the ctnetlink dump code. In some cases is possible that the entry being held in cb->args[] (with refcount raised) fails to be delivered. If this happens, the reference count is erronously incremented a second time. This results in a memory leak and non-recoverable hang in the netns cleanup worker. The second patch fixes a similar pattern in the expectation dump code. In both cases the fix is to not use reference counting at all, the restart hint is replaced by a cookie value, this has the same guarantees as the existing code without need for keeping objects alive across partial dumps. Note that the same pattern is used for dying lists, but as far as I can see this problem can't happen there. I will submit a patch for nf-next that also uses refcount-less cookie values in the dying list dumper. Florian Westphal (2): netfilter: ctnetlink: fix refcount leak on table dump netfilter: ctnetlink: remove refcounting in expectation dumpers net/netfilter/nf_conntrack_netlink.c | 65 +++++++++++++--------------- 1 file changed, 30 insertions(+), 35 deletions(-) -- 2.49.1
