Bug 1720650 - testsuite should also use xtables-multi locking
Summary: testsuite should also use xtables-multi locking
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld
Version: 7.7
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Eric Garver
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Depends On:
Blocks: 1723958
TreeView+ depends on / blocked
 
Reported: 2019-06-14 12:57 UTC by Tomas Dolezal
Modified: 2020-03-31 20:01 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-31 20:00:54 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1109 None None None 2020-03-31 20:01:39 UTC

Description Tomas Dolezal 2019-06-14 12:57:56 UTC
Description of problem:
Occasionally, there is a race when executing testsuite in parallel '-j4' causing tests failure.

Version-Release number of selected component (if applicable):
firewalld-0.6.3-2.el7.noarch

How reproducible:
race condition, s390x, but also any other

Steps to Reproduce:
TESTSUITEFLAGS='-j4 62' make installcheck

Actual results:
62. icmp_block_in_forward_chain.at:1: testing ICMP block present FORWARD chain ...
./icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
./icmp_block_in_forward_chain.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf
./icmp_block_in_forward_chain.at:1: ip netns add fwd-test-993
not running
2019-06-14 02:56:29 ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2019-06-14 02:56:29 ICMP type 'failed-policy' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2019-06-14 02:56:29 ICMP type 'reject-route' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
running
./icmp_block_in_forward_chain.at:3:     env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-15613" ip netns exec fwd-test-993 firewall-cmd -q --zone=public --add-icmp-block=host-prohibited 
./icmp_block_in_forward_chain.at:4:     env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-15613" ip netns exec fwd-test-993 iptables -L IN_public_deny | grep "host-prohibited" 
--- /dev/null	2019-06-14 02:32:15.571227632 -0400
+++ /tmp/tmp.wNg2ZPBFMa/rpmbuild/BUILD/firewalld-0.6.3/src/tests/testsuite.dir/at-groups/62/stderr	2019-06-14 02:56:32.205214286 -0400
@@ -0,0 +1 @@
+Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
stdout:
./icmp_block_in_forward_chain.at:4: exit code was 1, expected 0
62. icmp_block_in_forward_chain.at:1: 62. ICMP block present FORWARD chain (icmp_block_in_forward_chain.at:1): FAILED (icmp_block_in_forward_chain.at:4)

Expected results:
all calls to xtables-multi (iptables-restore, etc..) should use locking feature. Firewalld does that, the testsuite does not in this and possibly other cases.

Additional info:
testscript regression/icmp_block_in_forward_chain.at:
      4 m4_if(iptables, FIREWALL_BACKEND, [
      5     NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore)
      6     NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore)

Comment 2 Eric Garver 2019-06-14 15:57:23 UTC
Fixed upstream:

  e527818500be ("fix: tests: always list rules using macros")

Comment 9 errata-xmlrpc 2020-03-31 20:00:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1109


Note You need to log in before you can comment on or make changes to this bug.