No, you're thinking of the IPv4 stack. I didn't use netfilter as an
example, because that opens me to "well, FIX NETFILTER then!". If it
were the only case, it's probably arguable.
The problems with netfilter modules are exactly why I started looking
at module locking over two years ago.
> I just booted my gateway machine to a kernel using my
> aforemetioned patch and various netfilter modules. I've surfed the
> web, FTP'ed file and run irc through it. It seems to be okay.
Sure! That's because the netfilter modules use a horrific hack, by
keeping their own "usage" counts and then spinning (potentially
forever) on unload until it hits zero.
Logically the skb->nfct would have an owner field in it.
Now, performance. You want a brlock, at least: the performance of
either the security infrastructure or netfilter modules is going to
suck horribly with anything else. And the bogolock used in module.c
is even lighter weight than a brlock, with its associated atomic ops.
Hope that clarifies...
Rusty.
-- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/