netfilter: nftables: fix possible double hook unregistration with table owner

Skip hook unregistration of owner tables from the netns exit path,
nft_rcv_nl_event() unregisters the table hooks before tearing down
the table content.

Fixes: 6001a930ce03 ("netfilter: nftables: introduce table ownership")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b07703e191080eccf10d0756d9cd0e30b06db223..796ce86ef7eb580587daa4948e70c2a7c4dfcffc 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9028,8 +9028,12 @@ static void __nft_release_hooks(struct net *net)
 {
        struct nft_table *table;
 
-       list_for_each_entry(table, &net->nft.tables, list)
+       list_for_each_entry(table, &net->nft.tables, list) {
+               if (nft_table_has_owner(table))
+                       continue;
+
                __nft_release_hook(net, table);
+       }
 }
 
 static void __nft_release_table(struct net *net, struct nft_table *table)