[3.10.y-3.15.y][stable request] netfilter: nf_nat: fix oops on netns removal

[3.10.y-3.15.y][stable request] netfilter: nf_nat: fix oops on netns removal

[Chris J Arges]

Hi,

Please include commit 945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f in the
netdev stable queue and any other appropriate stable trees. This fixes a
race condition that can be triggered when cleaning up LXC containers
that use NAT/netns. The patch has already received positive testing when
backported to 3.13.y.

The patch cleanly cherry-picks from 3.10.y to 3.15.y.

Upstream bug:
https://bugzilla.kernel.org/show_bug.cgi?id=65191
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1314274

Fixes: c2d421e1718 ('netfilter: nf_nat: fix race when unloading protocol
modules')

This also potentially affects v3.9.y and other stable trees such as
v3.8.y that have backported the above patch; however it is not a clean
cherry-pick for those versions. I'll work on a patch in this case and
send a separate email.

--chris j arges

Re: [3.10.y-3.15.y][stable request] netfilter: nf_nat: fix oops on netns removal

[Pablo Neira Ayuso]

On Thu, Jun 26, 2014 at 03:38:09PM -0500, Chris J Arges wrote:
> Hi,
> 
> Please include commit 945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f in the
> netdev stable queue and any other appropriate stable trees. This fixes a
> race condition that can be triggered when cleaning up LXC containers
> that use NAT/netns. The patch has already received positive testing when
> backported to 3.13.y.

Please wait, this is in my queue:

0006-netfilter-nf_nat-fix-oops-on-netns-removal.patch

I'll send it asap.