[PATCH 0/1] nwfilter: Fix deadlock between nwfilter-list and VM startup/migration
A deadlock occurs when `nwfilterBindingCreateXML` and `nwfilterConnectListAllNWFilters` acquire locks in an inconsistent order. This affects both incoming migrations and VM startups (`virsh start`), where `nwfilterBindingCreateXML` needs `updateLock`, while `nwfilter-list` first acquires `driverMutex` and then locks individual filters. This patch resolves the deadlock by ensuring `nwfilterBindingCreateXML` acquires `driverMutex` before `updateLock`, following the locking pattern used by other functions like `undefine` `nwfilterStateReload`. Added the use of `driverMutex` in `nwfilterBindingDelete` to maintain consistent locking order, as suggested. Fixes: https://gitlab.com/libvirt/libvirt/-/issues/680 Dion Bosschieter (1): nwfilter: Fix deadlock between nwfilter-list and VM startup/migration src/nwfilter/nwfilter_driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) -- 2.39.3 (Apple Git-146)
A deadlock occurs when `nwfilterBindingCreateXML` and `nwfilterConnectListAllNWFilters` acquire locks in an inconsistent order. This patch ensures `nwfilterBindingCreateXML` acquires `driverMutex` before `updateLock`, resolving the issue. Additionally, added `driverMutex` to `nwfilterBindingDelete` to maintain consistent locking order. Signed-off-by: Dion Bosschieter <dionbosschieter@gmail.com> --- src/nwfilter/nwfilter_driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 8ece91bf7c..58e9fcfd51 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -754,11 +754,13 @@ nwfilterBindingCreateXML(virConnectPtr conn, if (!(ret = virGetNWFilterBinding(conn, def->portdevname, def->filter))) goto cleanup; - VIR_WITH_MUTEX_LOCK_GUARD(&driver->updateLock) { - if (virNWFilterInstantiateFilter(driver, def) < 0) { - virNWFilterBindingObjListRemove(driver->bindings, obj); - g_clear_pointer(&ret, virObjectUnref); - goto cleanup; + VIR_WITH_MUTEX_LOCK_GUARD(&driverMutex) { + VIR_WITH_MUTEX_LOCK_GUARD(&driver->updateLock) { + if (virNWFilterInstantiateFilter(driver, def) < 0) { + virNWFilterBindingObjListRemove(driver->bindings, obj); + g_clear_pointer(&ret, virObjectUnref); + goto cleanup; + } } } @@ -783,6 +785,7 @@ nwfilterBindingCreateXML(virConnectPtr conn, static int nwfilterBindingDelete(virNWFilterBindingPtr binding) { + VIR_LOCK_GUARD lock = virLockGuardLock(&driverMutex); virNWFilterBindingObj *obj; virNWFilterBindingDef *def; int ret = -1; -- 2.39.3 (Apple Git-146)
On Tue, Feb 18, 2025 at 03:56:32PM +0100, Dion Bosschieter wrote:
A deadlock occurs when `nwfilterBindingCreateXML` and `nwfilterConnectListAllNWFilters` acquire locks in an inconsistent order. This patch ensures `nwfilterBindingCreateXML` acquires `driverMutex` before `updateLock`, resolving the issue.
Additionally, added `driverMutex` to `nwfilterBindingDelete` to maintain consistent locking order.
Signed-off-by: Dion Bosschieter <dionbosschieter@gmail.com> --- src/nwfilter/nwfilter_driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> I've pushed this (92de6563c637dec8abac7ce4794e69fd5896f825) with a massively expanded commit message explaining how we got into this mess, and an inline comment reminding us to try to fix it. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Hi, Just a gentle ping on this patch. Any feedback would be appreciated. Thanks! Dion
participants (3)
-
Daniel P. Berrangé -
Dion Bosschieter -
dionbosschieter@gmail.com