> From: Dexuan Cui
> Sent: Wednesday, May 12, 2021 9:19 PM
> ...
> I think the latest mainline kernel should also have the same race.
> It looks like this by-design race exists since day one?
I indeed reproduced the issue with the latest stable tree (v5.12.3) as well.
> > BTW, iptables does have a retry mechanism for getsockopt():
> > 2f93205b375e ("Retry ruleset dump when kernel returns EAGAIN.")
> >
> (https://git.netfilter.org/iptables/commit/libiptc?id=2f93205b375e&context=10
> > &ignorews=0&dt=0)
> >
> > But it looks like this is enough?
I missed a "not". IMO 2f93205b375e is not enough.
Thanks,
-- Dexuan
