Hi Serhey, On Wed, Mar 07, 2018 at 11:10:40AM +0200, Serhey Popovych wrote: > If kernel tells revision isn't found/supported at the moment we should > keep entity in pending list, not register or bail to do so later. This causes a problem in particular with conntrack match (but others may be affected as well): If the kernel doesn't support an older revision of the match, it stays in pending list and is retried for each new rule using the match. > Kernel might still load module for entity we asking it for and this > could be slow on some embedded devices. Is this a speculative problem or did you see it in reality? I'm wondering because kernel uses try_then_request_module() to load the missing extension which calls __request_module() with 'wait' parameter set to true. So unless the called usermode helper is behaving unexpected (e.g. fork and load in background), the call to compatible_match_revision() should block until the module has been loaded, no? > Catch double registration attempts by checking me->next being non-NULL > in xtables_register_match() and xtables_register_target(). Is this a side-effect of the above or an independent fix? Cheers, Phil
