--- /dev/null
+From: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Subject: netfilter: NF_QUEUE vs emergency skbs
+Patch-mainline: No
+References: FATE#303834
+
+Avoid memory getting stuck waiting for userspace, drop all emergency packets.
+This of course requires the regular storage route to not include an NF_QUEUE
+target ;-)
+
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Acked-by: Neil Brown <neilb@suse.de>
+Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
+
+---
+ net/netfilter/core.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: linux-2.6.26/net/netfilter/core.c
+===================================================================
+--- linux-2.6.26.orig/net/netfilter/core.c
++++ linux-2.6.26/net/netfilter/core.c
+@@ -184,9 +184,12 @@ next_hook:
+ ret = 1;
+ goto unlock;
+ } else if (verdict == NF_DROP) {
++drop:
+ kfree_skb(skb);
+ ret = -EPERM;
+ } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
++ if (skb_emergency(skb))
++ goto drop;
+ if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
+ verdict >> NF_VERDICT_BITS))
+ goto next_hook;