[libvirt] [PATCH v2 2/2] nwfilter: Check for filter presence before open connect during teardown
https://bugzilla.redhat.com/show_bug.cgi?id=1608275
Instantiation of an nwfilter binding is only allowed when
the net->filter is defined for the network; however, the
teardown of the binding does not make this check. This
leaves open the possibility that the teardown could be
called during guest shutdown/teardown in session mode
resulting in the following error being logged:
error : nwfilterConnectOpen:383 : internal error: unexpected
nwfilter URI path '/session', try nwfilter:///system
So before going through the teardown processing, let's
be sure the network had a filter and then attempt to
get a connection. For session mode it's not even possible
create an nwfilter binding.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/domain_nwfilter.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
index f39c8a1f9b..e75fb598e8 100644
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -149,9 +149,12 @@ virDomainConfNWFilterTeardownImpl(virConnectPtr conn,
void
virDomainConfNWFilterTeardown(virDomainNetDefPtr net)
{
- virConnectPtr conn = virGetConnectNWFilter();
+ virConnectPtr conn;
- if (!conn)
+ if (!net->filter)
+ return;
+
+ if (!(conn = virGetConnectNWFilter()))
return;
virDomainConfNWFilterTeardownImpl(conn, net);
@@ -163,14 +166,19 @@ void
virDomainConfVMNWFilterTeardown(virDomainObjPtr vm)
{
size_t i;
- virConnectPtr conn = virGetConnectNWFilter();
+ virConnectPtr conn = NULL;
- if (!conn)
- return;
+ for (i = 0; i < vm->def->nnets; i++) {
+ virDomainNetDefPtr net = vm->def->nets[i];
+ if (!net->filter)
+ continue;
- for (i = 0; i < vm->def->nnets; i++)
- virDomainConfNWFilterTeardownImpl(conn, vm->def->nets[i]);
+ if (!conn && !(conn = virGetConnectNWFilter()))
+ return;
+
+ virDomainConfNWFilterTeardownImpl(conn, net);
+ }
virObjectUnref(conn);
}
--
2.17.1