netfilter: nft_set_pipapo: release elements in clone only from destroy path

Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). Fixes: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-03-10 10:02:41 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-03-21 00:21:54 +0100
commit: b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (patch)
tree: 5f72b4aa9048eb367d9d61f58c5b3018330b6d82 /net
parent: 9c6a59543a3965071d65b0f9ea43aa396ce2ed14 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index c0ceea068936..df8de5090246 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,
 	if (m) {
 		rcu_barrier();
 
-		nft_set_pipapo_match_destroy(ctx, set, m);
-
 		for_each_possible_cpu(cpu)
 			pipapo_free_scratch(m, cpu);
 		free_percpu(m->scratch);
@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,
 	if (priv->clone) {
 		m = priv->clone;
 
-		if (priv->dirty)
-			nft_set_pipapo_match_destroy(ctx, set, m);
+		nft_set_pipapo_match_destroy(ctx, set, m);
 
 		for_each_possible_cpu(cpu)
 			pipapo_free_scratch(priv->clone, cpu);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-03-10 10:02:41 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-03-21 00:21:54 +0100
commit	b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (patch)
tree	5f72b4aa9048eb367d9d61f58c5b3018330b6d82 /net
parent	9c6a59543a3965071d65b0f9ea43aa396ce2ed14 (diff)