Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > I'd say its semantically the same thing, we alter state. > > > > We even emit audit records to tell userspace that there is state > > change. > > This is a netlink event, how does the mutex help in that regard? It will prevent two concurrent 'reset dumps' from messing up internal state of counters, quota, etc. > > Also, are you sure spinlock is appropriate here? > > > > For full-ruleset resets we might be doing quite some > > traverals. > > I said several times, we grab and release this for each > netlink_recvmsg(), commit_mutex helps us in no way to fix the "two > concurrent dump-and-reset problem". It does, any lock prevents the 'concurrent reset problem'.
