netfilter: nf_tables: skip bound chain in netns release path

fw-strlen · fw-strlen · commit 8ca0cc600ee0 · 2023-12-05T11:03:22.000+01:00
JIRA: https://issues.redhat.com/browse/RHEL-1720 JIRA: https://issues.redhat.com/browse/RHEL-1721 Upstream Status: commit 751d460 commit 751d460 Author: Pablo Neira Ayuso <pablo@netfilter.org> Date: Wed Jul 19 20:19:43 2023 +0200 netfilter: nf_tables: skip bound chain in netns release path Skip bound chain from netns release path, the rule that owns this chain releases these objects. Fixes: d0e2c7d ("netfilter: nf_tables: add NFT_CHAIN_BINDING") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Florian Westphal <fwestpha@redhat.com>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
@@ -10441,6 +10441,9 @@ static void __nft_release_table(struct net *net, struct nft_table *table)
 	ctx.family = table->family;
 	ctx.table = table;
 	list_for_each_entry(chain, &table->chains, list) {
+		if (nft_chain_is_bound(chain))
+			continue;
+
 		ctx.chain = chain;
 		list_for_each_entry_safe(rule, nr, &chain->rules, list) {
 			list_del(&rule->list);
