On Thu, Aug 02, 2018 at 09:44:39PM +0200, Florian Westphal wrote: > There is an hard-to-trigger race condition when nf_tables module > is repeatedly removed while concurrent processes create net namespaces > that use nf_tables (and then exit immediately). > > I made a prevous attempt to fix this, but its incorrect. > So first patch fixes actual problem: the nfnetlink interface > can be exposed before all net->nft state is initialized, which > did cause notifier to trip over uninited net->nft on net namespace > exit. > > Second patch reverts part of a previous/incorrect attempt to fix this. Series applied, thanks Florian.
