This is a note to let you know that I've just added the patch titled
netfilter: nf_tables: skip bound chain in netns release path
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nf_tables-skip-bound-chain-in-netns-releas.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 87d298c12c1adcafaf724fd215f7c32d83d761ac
Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Wed Jul 19 20:19:43 2023 +0200
netfilter: nf_tables: skip bound chain in netns release path
[ Upstream commit 751d460ccff3137212f47d876221534bf0490996 ]
Skip bound chain from netns release path, the rule that owns this chain
releases these objects.
Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a8d316a58e44c..40ed4dd530c5a 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9185,6 +9185,9 @@ static void __nft_release_table(struct net *net, struct nft_table *table)
ctx.family = table->family;
ctx.table = table;
list_for_each_entry(chain, &table->chains, list) {
+ if (nft_chain_is_bound(chain))
+ continue;
+
ctx.chain = chain;
list_for_each_entry_safe(rule, nr, &chain->rules, list) {
list_del(&rule->list);
