From b4d6202b3652f5dbce358b99dee7d7c80b567529 Mon Sep 17 00:00:00 2001 From: Michal Miroslaw Date: Sun, 4 Mar 2007 16:00:04 -0800 Subject: [PATCH] [NETFILTER]: nfnetlink_log: fix reference counting Fix reference counting (memory leak) problem in __nfulnl_send() and callers related to packet queueing. Signed-off-by: Michal Miroslaw Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nfnetlink_log.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index d0af8bc3eee1..91a0972ec117 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -218,6 +218,9 @@ _instance_destroy2(struct nfulnl_instance *inst, int lock) spin_lock_bh(&inst->lock); if (inst->skb) { + /* timer "holds" one reference (we have one more) */ + if (del_timer(&inst->timer)) + instance_put(inst); if (inst->qlen) __nfulnl_send(inst); if (inst->skb) { @@ -362,9 +365,6 @@ __nfulnl_send(struct nfulnl_instance *inst) { int status; - if (timer_pending(&inst->timer)) - del_timer(&inst->timer); - if (!inst->skb) return 0; @@ -689,6 +689,9 @@ nfulnl_log_packet(unsigned int pf, * enough room in the skb left. flush to userspace. */ UDEBUG("flushing old skb\n"); + /* timer "holds" one reference (we have another one) */ + if (del_timer(&inst->timer)) + instance_put(inst); __nfulnl_send(inst); if (!(inst->skb = nfulnl_alloc_skb(nlbufsiz, size))) { -- 2.20.1