On Mon, 17 Dec 2018 at 07:20, David Miller <da...@davemloft.net> wrote: > > From: Taehee Yoo <ap420...@gmail.com> > Date: Sat, 15 Dec 2018 13:22:39 +0900 > > > If bpfilter_umh process is killed, shutdown_umh() is executed via > > __stop_umh(). > > because, __kernel_write() or kernel_read() will be failed in > > __bpfilter_process_sockopt() if bpfilter_umh process had killed > > or crashed. then, __bpfilter_process_sockopt() makes error message and > > calls __stop_umh(). > > Now I understand, thank you. > > This is what happens in the second command of your example: > > > > $ iptables -vnL > > > $ kill -9 <pid of bpfilter_umh> > > > $ iptables -vnL > > > [ 480.045136] bpfilter: write fail -32 > > This second iptables command, which fails, triggers the cleanup. > > This second iptables command, however, should not fail either. > > What should happen is that when bpfilter_umh is killed, the cleanup is > synchronous, and the next iptables command will cleanly restart > bpftiler_umh and the command will succeeed. > > Perhaps what should happen is that fork_usermode_blob() somehow > registers a mechanism by which if the the process forked dies > or exits for some reason, an installed callback is invoked to > perform cleanups. > > That would solve all of these problems, and all three iptables > commands in your example would succeed. > > What do you think? >
I agree with second iptables should not fail. I think calling cleanup callback in usermodehelper will be userful for other modules which uses fork_usermodehelper_blob(). So the usermodehelper should support to invoke cleanup callback when error or crash occurred. But I don't know how cleanup callback is invoked when bpfilter_umh process is killed. Could you let me know if it's possible? If it is not possible, In order to avoid failure all iptables command, I think below steps are needed. 1. check process status 2. if process was dead or crashed, cleanup and restart bpfilter_umh 3. perform normal routine
