Merged upstream as
commit 65dc79f50b96b34b2253601b8972d5ca90658f33
Author: Daniel P. Berrangé <berrange>
Date: Thu Feb 24 18:41:29 2022 +0000
nwfilter: hold filter update lock when creating/deleting bindings
The nwfilter update lock is historically acquired by the virt
drivers in order to achieve serialization between nwfilter
define/undefine, and instantiation/teardown of filters.
When running in the modular daemons, however, the mutex that
the virt drivers are locking is in a completely different
process from the mutex that the nwfilter driver is locking.
Serialization is lost and thus call from the virt driver to
virNWFilterBindingCreateXML can deadlock with a concurrent
call to the virNWFilterDefineXML method.
The solution is surprisingly easy, the update lock simply
needs acquiring in the virNWFilterBindingCreateXML method
and virNWFilterBindingUndefine method instead of in the
virt drivers.
The only semantic difference here is that when a virtual
machine has multiple NICs, the instantiation and teardown
of filters is no longer serialized for the whole VM, but
rather for each NIC. This should not be a problem since
the virt drivers already need to cope with tearing down
a partially created VM where only some of the NICs are
setup.
Reviewed-by: Laine Stump <laine>
Signed-off-by: Daniel P. Berrangé <berrange>
commit 5f8b090f421cd6a6c46f44905431491e2d3cf8f5
Author: Daniel P. Berrangé <berrange>
Date: Thu Feb 24 19:02:32 2022 +0000
qemu,lxc: remove use to nwfilter update lock
Now that the virNWFilterBinding APIs are using the nwfilter
update lock directly, there is no need for the virt drivers
to do it themselves.
Reviewed-by: Laine Stump <laine>
Signed-off-by: Daniel P. Berrangé <berrange>
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Low: libvirt security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2022:8003
Merged upstream as commit 65dc79f50b96b34b2253601b8972d5ca90658f33 Author: Daniel P. Berrangé <berrange> Date: Thu Feb 24 18:41:29 2022 +0000 nwfilter: hold filter update lock when creating/deleting bindings The nwfilter update lock is historically acquired by the virt drivers in order to achieve serialization between nwfilter define/undefine, and instantiation/teardown of filters. When running in the modular daemons, however, the mutex that the virt drivers are locking is in a completely different process from the mutex that the nwfilter driver is locking. Serialization is lost and thus call from the virt driver to virNWFilterBindingCreateXML can deadlock with a concurrent call to the virNWFilterDefineXML method. The solution is surprisingly easy, the update lock simply needs acquiring in the virNWFilterBindingCreateXML method and virNWFilterBindingUndefine method instead of in the virt drivers. The only semantic difference here is that when a virtual machine has multiple NICs, the instantiation and teardown of filters is no longer serialized for the whole VM, but rather for each NIC. This should not be a problem since the virt drivers already need to cope with tearing down a partially created VM where only some of the NICs are setup. Reviewed-by: Laine Stump <laine> Signed-off-by: Daniel P. Berrangé <berrange> commit 5f8b090f421cd6a6c46f44905431491e2d3cf8f5 Author: Daniel P. Berrangé <berrange> Date: Thu Feb 24 19:02:32 2022 +0000 qemu,lxc: remove use to nwfilter update lock Now that the virNWFilterBinding APIs are using the nwfilter update lock directly, there is no need for the virt drivers to do it themselves. Reviewed-by: Laine Stump <laine> Signed-off-by: Daniel P. Berrangé <berrange>