External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-21 20:15:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: hold filter update lock when creating/deleting bindings

Browse Source 
The nwfilter update lock is historically acquired by the virt
drivers in order to achieve serialization between nwfilter
define/undefine, and instantiation/teardown of filters.

When running in the modular daemons, however, the mutex that
the virt drivers are locking is in a completely different
process from the mutex that the nwfilter driver is locking.

Serialization is lost and thus call from the virt driver to
virNWFilterBindingCreateXML can deadlock with a concurrent
call to the virNWFilterDefineXML method.

The solution is surprisingly easy, the update lock simply
needs acquiring in the virNWFilterBindingCreateXML method
and virNWFilterBindingUndefine method instead of in the
virt drivers.

The only semantic difference here is that when a virtual
machine has multiple NICs, the instantiation and teardown
of filters is no longer serialized for the whole VM, but
rather for each NIC. This should not be a problem since
the virt drivers already need to cope with tearing down
a partially created VM where only some of the NICs are
setup.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2022-02-24 18:41:29 +00:00
parent 34238d7408
commit 65dc79f50b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/nwfilter/nwfilter_driver.c
View File

@ -760,11 +760,14 @@ nwfilterBindingCreateXML(virConnectPtr conn,
if (!(ret = virGetNWFilterBinding(conn, def->portdevname, def->filter)))
goto cleanup;
virNWFilterReadLockFilterUpdates();
if (virNWFilterInstantiateFilter(driver, def) < 0) {
virNWFilterUnlockFilterUpdates();
virNWFilterBindingObjListRemove(driver->bindings, obj);
g_clear_pointer(&ret, virObjectUnref);
goto cleanup;
}
virNWFilterUnlockFilterUpdates();
virNWFilterBindingObjSave(obj, driver->bindingDir);
cleanup:
@ -801,7 +804,9 @@ nwfilterBindingDelete(virNWFilterBindingPtr binding)
if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0)
goto cleanup;
virNWFilterReadLockFilterUpdates();
virNWFilterTeardownFilter(def);
virNWFilterUnlockFilterUpdates();
virNWFilterBindingObjDelete(obj, driver->bindingDir);
virNWFilterBindingObjListRemove(driver->bindings, obj);