On Mon, Jun 11, 2018 at 01:20:36PM +0200, Florian Westphal wrote: > If net namespace is exiting while nf_tables module is being removed > we can oops: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000040 > IP: nf_tables_flowtable_event+0x43/0xf0 [nf_tables] > PGD 0 P4D 0 > Oops: 0000 [#1] SMP PTI > Modules linked in: nf_tables(-) nfnetlink [..] > unregister_netdevice_notifier+0xdd/0x130 > nf_tables_module_exit+0x24/0x3a [nf_tables] > SyS_delete_module+0x1c5/0x240 > do_syscall_64+0x74/0x190 > > Avoid this by attempting to take reference on the net namespace from > the notifiers. If it fails the namespace is exiting already, and nft > core is taking care of cleanup work. > > We also need to make sure the netdev hook type gets removed > before netns ops removal, else notifier might be invoked with device > event for a netns where net->nft was never initialised (because > pernet ops was removed beforehand). Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
