Sophie: libvirt-0.8.2-29.el5 src

libvirt-0.8.2-29.el5.src.rpm

From 479762cb0b36b2efa6ec952d989c729d6faf8eb8 Mon Sep 17 00:00:00 2001
Message-Id: <479762cb0b36b2efa6ec952d989c729d6faf8eb8.1283957680.git.jdenemar@redhat.com>
From: Stefan Berger <stefanb@us.ibm.com>
Date: Fri, 13 Aug 2010 15:47:10 -0400
Subject: [PATCH] nwfilter: serialize execution of scripts with ebtables cmds

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=630574

While testing the SIGHUP handling and reloading of the nwfilter driver,
I found that when the filters are rebuilt and mutlipe threads handled
the individual interfaces, concurrently running multiple external bash
scripts causes strange failures even though the executed ebtables
commands are working on different tables for different interfaces. I
cannot say for sure where the concurrency problems are caused, but
introducing this lock definitely helps.
(cherry picked from commit bed3a217f6faf1e668760feb82d83b05faa311ca)
---
 src/nwfilter/nwfilter_ebiptables_driver.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index fcd6c8c..885f12e 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -104,6 +104,7 @@ static int ebiptablesDriverInit(void);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
 
+static virMutex execCLIMutex;
 
 struct ushort_map {
     unsigned short attr;
@@ -2309,8 +2310,13 @@ ebiptablesExecCLI(virBufferPtr buf,
         return 1;
 
     argv[0] = filename;
+
+    virMutexLock(&execCLIMutex);
+
     rc = virRun(argv, status);
 
+    virMutexUnlock(&execCLIMutex);
+
     *status >>= 8;
 
     VIR_DEBUG("rc = %d, status = %d",rc, *status);
@@ -3163,8 +3169,9 @@ tear_down_tmpebchains:
     ebiptablesExecCLI(&buf, &cli_status);
 
     virNWFilterReportError(VIR_ERR_BUILD_FIREWALL,
-                           "%s",
-                           _("Some rules could not be created."));
+                           _("Some rules could not be created for "
+                             "interface %s."),
+                           ifname);
 
     return 1;
 }
@@ -3364,6 +3371,9 @@ ebiptablesDriverInit(void)
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     int cli_status;
 
+    if (virMutexInit(&execCLIMutex))
+        return EINVAL;
+
     bash_cmd_path = virFindFileInPath("bash");
     gawk_cmd_path = virFindFileInPath("gawk");
     grep_cmd_path = virFindFileInPath("grep");
-- 
1.7.2.2