[libvirt] [PATCH] nwfilter: re-order lock grabbed by IP addr. learn thread

The IP address learning thread was causing a deadlock when it instantiated a filter while a filter update/change was ongoing. The reason for this was the ordering of locks due to the following calls virNWFilterUnlockFilterUpdates() virNWFilterPoolObjFindByName() The below patch now puts the order of the locks in the above shown order when instantiating the filter from the IP address learning thread. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- src/nwfilter/nwfilter_gentech_driver.c | 45 ++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 17 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -552,6 +552,8 @@ virNWFilterRuleInstancesToArray(int nEnt * all its subfilters in a depth-first traversal of the tree of referenced * filters. The name of the interface to which the rules belong must be * provided. Apply the values of variables as needed. + * + * Call this function while holding the NWFilter filter update lock */ static int virNWFilterInstantiate(virConnectPtr conn, @@ -575,8 +577,6 @@ virNWFilterInstantiate(virConnectPtr con void **ptrs = NULL; int instantiate = 1; - virNWFilterLockFilterUpdates(); - virNWFilterHashTablePtr missing_vars = virNWFilterHashTableCreate(0); if (!missing_vars) { virReportOOMError(); @@ -668,8 +668,6 @@ virNWFilterInstantiate(virConnectPtr con err_exit: - virNWFilterUnlockFilterUpdates(); - for (j = 0; j < nEntries; j++) virNWFilterRuleInstFree(insts[j]); @@ -681,6 +679,7 @@ err_exit: } + * Call this function while holding the NWFilter filter update lock static int __virNWFilterInstantiateFilter(virConnectPtr conn, bool teardownOld, @@ -823,23 +822,30 @@ _virNWFilterInstantiateFilter(virConnect ? net->data.direct.linkdev : NULL; int ifindex; + int rc; if (ifaceGetIndex(true, net->ifname, &ifindex)) return 1; - return __virNWFilterInstantiateFilter(conn, - teardownOld, - net->ifname, - ifindex, - linkdev, - net->type, - net->mac, - net->filter, - net->filterparams, - useNewFilter, - conn->nwfilterPrivateData, - false, - foundNewFilter); + virNWFilterLockFilterUpdates(); + + rc = __virNWFilterInstantiateFilter(conn, + teardownOld, + net->ifname, + ifindex, + linkdev, + net->type, + net->mac, + net->filter, + net->filterparams, + useNewFilter, + conn->nwfilterPrivateData, + false, + foundNewFilter); + + virNWFilterUnlockFilterUpdates(); + + return rc; } @@ -857,6 +863,8 @@ virNWFilterInstantiateFilterLate(virConn int rc; bool foundNewFilter = false; + virNWFilterLockFilterUpdates(); + rc = __virNWFilterInstantiateFilter(conn, 1, ifname, @@ -878,6 +886,9 @@ virNWFilterInstantiateFilterLate(virConn _virNWFilterTeardownFilter(ifname); } } + + virNWFilterUnlockFilterUpdates(); + return rc; }