Remove use of virConnectPtr from all remaining nwfilter code

The virConnectPtr is passed around loads of nwfilter code in
order to provide it as a parameter to the callback registered
by the virt drivers. None of the virt drivers use this param
though, so it serves no purpose.

Avoiding the need to pass a virConnectPtr means that the
nwfilterStateReload method no longer needs to open a bogus
QEMU driver connection. This addresses a race condition that
can lead to a crash on startup.

The nwfilter driver starts before the QEMU driver and registers
some callbacks with DBus to detect firewalld reload. If the
firewalld reload happens while the QEMU driver is still starting
up though, the nwfilterStateReload method will open a connection
to the partially initialized QEMU driver and cause a crash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 999d72fbd5)

Conflicts:
  src/nwfilter/nwfilter_driver.c
    - *EnsureACL*() was added after this branch was created, and
       caused two small conflicts in the context around a hunk.
This commit is contained in:
Daniel P. Berrange 2013-10-03 12:51:48 +01:00 committed by Laine Stump
parent c6de9fb4be
commit 1a6789a8ea
6 changed files with 44 additions and 72 deletions

View File

@ -2754,8 +2754,7 @@ cleanup:
static int
_virNWFilterDefLoopDetect(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def,
const char *filtername)
{
@ -2779,7 +2778,7 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
obj = virNWFilterObjFindByName(nwfilters,
entry->include->filterref);
if (obj) {
rc = _virNWFilterDefLoopDetect(conn, nwfilters,
rc = _virNWFilterDefLoopDetect(nwfilters,
obj->def, filtername);
virNWFilterObjUnlock(obj);
@ -2795,7 +2794,6 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
/*
* virNWFilterDefLoopDetect:
* @conn: pointer to virConnect object
* @nwfilters : the nwfilters to search
* @def : the filter definition that may add a loop and is to be tested
*
@ -2805,11 +2803,10 @@ _virNWFilterDefLoopDetect(virConnectPtr conn,
* Returns 0 in case no loop was detected, -1 otherwise.
*/
static int
virNWFilterDefLoopDetect(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
return _virNWFilterDefLoopDetect(conn, nwfilters, def, def->name);
return _virNWFilterDefLoopDetect(nwfilters, def, def->name);
}
int nCallbackDriver;
@ -2868,7 +2865,7 @@ static void *virNWFilterDomainFWUpdateOpaque;
* error. This should be called upon reloading of the driver.
*/
int
virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
virNWFilterInstFiltersOnAllVMs(void)
{
int i;
struct domUpdateCBStruct cb = {
@ -2878,15 +2875,14 @@ virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
};
for (i = 0; i < nCallbackDriver; i++)
callbackDrvArray[i]->vmFilterRebuild(conn,
virNWFilterDomainFWUpdateCB,
callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
&cb);
return 0;
}
static int
virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
virNWFilterTriggerVMFilterRebuild(void)
{
int i;
int ret = 0;
@ -2900,8 +2896,7 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
return -1;
for (i = 0; i < nCallbackDriver; i++) {
if (callbackDrvArray[i]->vmFilterRebuild(conn,
virNWFilterDomainFWUpdateCB,
if (callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
&cb) < 0)
ret = -1;
}
@ -2910,15 +2905,13 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
cb.step = STEP_TEAR_NEW; /* rollback */
for (i = 0; i < nCallbackDriver; i++)
callbackDrvArray[i]->vmFilterRebuild(conn,
virNWFilterDomainFWUpdateCB,
callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
&cb);
} else {
cb.step = STEP_TEAR_OLD; /* switch over */
for (i = 0; i < nCallbackDriver; i++)
callbackDrvArray[i]->vmFilterRebuild(conn,
virNWFilterDomainFWUpdateCB,
callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB,
&cb);
}
@ -2929,14 +2922,13 @@ virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)
int
virNWFilterTestUnassignDef(virConnectPtr conn,
virNWFilterObjPtr nwfilter)
virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter)
{
int rc = 0;
nwfilter->wantRemoved = 1;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild(conn))
if (virNWFilterTriggerVMFilterRebuild())
rc = -1;
nwfilter->wantRemoved = 0;
@ -2975,8 +2967,7 @@ cleanup:
}
virNWFilterObjPtr
virNWFilterObjAssignDef(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
virNWFilterObjPtr nwfilter;
@ -2995,7 +2986,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
virNWFilterObjUnlock(nwfilter);
}
if (virNWFilterDefLoopDetect(conn, nwfilters, def) < 0) {
if (virNWFilterDefLoopDetect(nwfilters, def) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED,
"%s", _("filter would introduce a loop"));
return NULL;
@ -3014,7 +3005,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
nwfilter->newDef = def;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild(conn)) {
if (virNWFilterTriggerVMFilterRebuild()) {
nwfilter->newDef = NULL;
virNWFilterUnlockFilterUpdates();
virNWFilterObjUnlock(nwfilter);
@ -3059,8 +3050,7 @@ virNWFilterObjAssignDef(virConnectPtr conn,
static virNWFilterObjPtr
virNWFilterObjLoad(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
virNWFilterObjLoad(virNWFilterObjListPtr nwfilters,
const char *file,
const char *path)
{
@ -3079,7 +3069,7 @@ virNWFilterObjLoad(virConnectPtr conn,
return NULL;
}
if (!(nwfilter = virNWFilterObjAssignDef(conn, nwfilters, def))) {
if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def))) {
virNWFilterDefFree(def);
return NULL;
}
@ -3095,8 +3085,7 @@ virNWFilterObjLoad(virConnectPtr conn,
int
virNWFilterLoadAllConfigs(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir)
{
DIR *dir;
@ -3124,7 +3113,7 @@ virNWFilterLoadAllConfigs(virConnectPtr conn,
if (!(path = virFileBuildPath(configDir, entry->d_name, NULL)))
continue;
nwfilter = virNWFilterObjLoad(conn, nwfilters, entry->d_name, path);
nwfilter = virNWFilterObjLoad(nwfilters, entry->d_name, path);
if (nwfilter)
virNWFilterObjUnlock(nwfilter);

View File

@ -687,12 +687,10 @@ int virNWFilterObjSaveDef(virNWFilterDriverStatePtr driver,
int virNWFilterObjDeleteDef(virNWFilterObjPtr nwfilter);
virNWFilterObjPtr virNWFilterObjAssignDef(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def);
int virNWFilterTestUnassignDef(virConnectPtr conn,
virNWFilterObjPtr nwfilter);
int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter);
virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml,
xmlNodePtr root);
@ -706,8 +704,7 @@ int virNWFilterSaveXML(const char *configDir,
int virNWFilterSaveConfig(const char *configDir,
virNWFilterDefPtr def);
int virNWFilterLoadAllConfigs(virConnectPtr conn,
virNWFilterObjListPtr nwfilters,
int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir);
char *virNWFilterConfigFile(const char *dir,
@ -725,11 +722,10 @@ void virNWFilterUnlockFilterUpdates(void);
int virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, void *opaque);
void virNWFilterConfLayerShutdown(void);
int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn);
int virNWFilterInstFiltersOnAllVMs(void);
typedef int (*virNWFilterRebuild)(virConnectPtr conn,
virDomainObjListIterator domUpdateCB,
typedef int (*virNWFilterRebuild)(virDomainObjListIterator domUpdateCB,
void *data);
typedef void (*virNWFilterVoidCall)(void);

View File

@ -82,8 +82,7 @@ virLXCDriverPtr lxc_driver = NULL;
/* callbacks for nwfilter */
static int
lxcVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainObjListIterator iter, void *data)
lxcVMFilterRebuild(virDomainObjListIterator iter, void *data)
{
return virDomainObjListForEach(lxc_driver->domains, iter, data);
}

View File

@ -2,7 +2,7 @@
* nwfilter_driver.c: core driver for network filter APIs
* (based on storage_driver.c)
*
* Copyright (C) 2006-2011 Red Hat, Inc.
* Copyright (C) 2006-2011, 2014 Red Hat, Inc.
* Copyright (C) 2006-2008 Daniel P. Berrange
* Copyright (C) 2010 IBM Corporation
* Copyright (C) 2010 Stefan Berger
@ -231,8 +231,7 @@ nwfilterStateInitialize(bool privileged,
VIR_FREE(base);
if (virNWFilterLoadAllConfigs(NULL,
&driverState->nwfilters,
if (virNWFilterLoadAllConfigs(&driverState->nwfilters,
driverState->configDir) < 0)
goto error;
@ -271,19 +270,14 @@ err_free_driverstate:
* files and update its state
*/
static int
nwfilterStateReload(void) {
virConnectPtr conn;
if (!driverState) {
nwfilterStateReload(void)
{
if (!driverState)
return -1;
}
if (!driverState->privileged)
return 0;
conn = virConnectOpen("qemu:///system");
if (conn) {
virNWFilterDHCPSnoopEnd(NULL);
/* shut down all threads -- they will be restarted if necessary */
virNWFilterLearnThreadsTerminate(true);
@ -291,17 +285,13 @@ nwfilterStateReload(void) {
nwfilterDriverLock(driverState);
virNWFilterCallbackDriversLock();
virNWFilterLoadAllConfigs(conn,
&driverState->nwfilters,
virNWFilterLoadAllConfigs(&driverState->nwfilters,
driverState->configDir);
virNWFilterCallbackDriversUnlock();
nwfilterDriverUnlock(driverState);
virNWFilterInstFiltersOnAllVMs(conn);
virConnectClose(conn);
}
virNWFilterInstFiltersOnAllVMs();
return 0;
}
@ -544,7 +534,7 @@ nwfilterDefineXML(virConnectPtr conn,
if (!(def = virNWFilterDefParseString(xml)))
goto cleanup;
if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
if (!(nwfilter = virNWFilterObjAssignDef(&driver->nwfilters, def)))
goto cleanup;
if (virNWFilterObjSaveDef(driver, nwfilter, def) < 0) {
@ -585,7 +575,7 @@ nwfilterUndefine(virNWFilterPtr obj) {
goto cleanup;
}
if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
if (virNWFilterTestUnassignDef(nwfilter) < 0) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s",
_("nwfilter is in use"));

View File

@ -157,8 +157,7 @@ static void
qemuVMDriverUnlock(void) {}
static int
qemuVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainObjListIterator iter, void *data)
qemuVMFilterRebuild(virDomainObjListIterator iter, void *data)
{
return virDomainObjListForEach(qemu_driver->domains, iter, data);
}

View File

@ -147,8 +147,7 @@ static int umlMonitorCommand(const struct uml_driver *driver,
static struct uml_driver *uml_driver = NULL;
static int
umlVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainObjListIterator iter, void *data)
umlVMFilterRebuild(virDomainObjListIterator iter, void *data)
{
return virDomainObjListForEach(uml_driver->domains, iter, data);
}