Hi,
while preparing further patches, I came across an issue whereby a pernet
subsys loads another module with a pernet subsys registration. In call
stack:
ip6table_filter loading -> register_pernet_subsys ->
ip6table_filter_net_init -> try_then_request_module("xt_quota") ->
xt_quota loading -> register_pernet_subsys -> deadlock on "net_mutex".
(I have a patch that makes xt_quota per-netns.)
xt_quota is loaded to serve as the per-rule byte/packet counter. Since
an empty table practically always starts with a tail rule (-> default
policy), it happens to get loaded on table load already rather than
later at `ip6tables -A` time.
The question is, what is the preferred solution to this problem? The
straightforward solution would be to add a symbol dependency (similar to
"need_conntrack") so that xt_quota is explicitly loaded before
ip6table_filter. Other ideas?
thanks,
Jan
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
