Re: [PATCH net v3] netfilter: nft_set_rbtree: fix use count leak on transaction abort

Next message: Alexei Starovoitov: "Re: [PATCH bpf] selftests/bpf: Run test_perf_branches more than 1 time"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net-next v2 1/2] pppox: remove sk_pppox() helper"
In reply to: Marko Jevtic: "[PATCH net v3] netfilter: nft_set_rbtree: fix use count leak on transaction abort"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH net v3] netfilter: nft_set_rbtree: fix use count leak on transaction abort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Sun Apr 12 2026 - 18:32:09 EST

Marko Jevtic <marko.jevtic@xxxxxxxxxxxxxx> wrote:
> nft_rbtree_abort() does not handle elements moved to the expired list
> by inline GC during __nft_rbtree_insert(). When inline GC encounters
> expired elements during overlap detection, it calls
> nft_rbtree_gc_elem_move() which deactivates element data (decrementing
> chain/object use counts), removes the element from the rbtree, and
> queues it for deferred freeing. On commit, these elements are freed
> via nft_rbtree_gc_queue(). On abort, however, the expired list is
> ignored entirely.
>
> This leaves use counts permanently decremented after abort.

I have not seen a reason/answer why this needs to be rolled back.
GC is an implementation detail, its not part of the transaction.

It could also be done from work queue, for example, not just from insert
or commit.

I see no reason to change the existing approach.