netns: add and use net_ns_barrier

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c3bd9b086dcc9d60e62e232c078bd915b133bb8c..9979f46c81dce32bc2288cfd4561c571f5bea4c5 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1720,6 +1720,8 @@ EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup_net);
  * Like nf_ct_iterate_cleanup, but first marks conntracks on the
  * unconfirmed list as dying (so they will not be inserted into
  * main table).
+ *
+ * Can only be called in module exit path.
  */
 void
 nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), void *data)
@@ -1734,6 +1736,13 @@ nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), void *data)
        }
        rtnl_unlock();
 
+       /* Need to wait for netns cleanup worker to finish, if its
+        * running -- it might have deleted a net namespace from
+        * the global list, so our __nf_ct_unconfirmed_destroy() might
+        * not have affected all namespaces.
+        */
+       net_ns_barrier();
+
        /* a conntrack could have been unlinked from unconfirmed list
         * before we grabbed pcpu lock in __nf_ct_unconfirmed_destroy().
         * This makes sure its inserted into conntrack table.