Hello Rusty,
Isn't there a module race possible with the netfilter function nf_sockopt
(net/core/netfilter.c)? This function calls the sockopt function of a
registered netfilter module, like iptables. F.e. the function do_ipt_set_ctl
in ip_tables.c could be called.
What if the iptables module is being unloaded on one cpu, while another cpu
just called do_ipt_set_ctl?
I think there needs to be a try_module_get and module_put in the nf_sockopt
function to handle this. What do you think?
--
cheers,
Bart