[libvirt] [PATCH 7/7] security: fix deadlock with prefork
Eric Blake
eblake at redhat.com
Tue Jul 23 15:04:00 UTC 2013
https://bugzilla.redhat.com/show_bug.cgi?id=964358
Attempts to start a domain with both SELinux and DAC security
modules loaded will deadlock; latent problem introduced in commit
fdb3bde and exposed in commit 29fe5d7. Basically, when recursing
into the security manager for other driver's prefork, we have to
undo the asymmetric lock taken at the manager level.
Reported by Jiri Denemark, with diagnosis help from Dan Berrange.
* src/security/security_stack.c (virSecurityStackPreFork): Undo
extra lock grabbed during recursion.
Signed-off-by: Eric Blake <eblake at redhat.com>
(cherry picked from commit bfc183c1e377b24cebf5cede4c00f3dc0d1b3486)
---
src/security/security_stack.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index e8133c4..38fe8b5 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -129,6 +129,11 @@ virSecurityStackPreFork(virSecurityManagerPtr mgr)
rc = -1;
break;
}
+ /* Undo the unbalanced locking left behind after recursion; if
+ * PostFork ever delegates to driver callbacks, we'd instead
+ * need to recurse to an internal method that does not regrab
+ * a lock. */
+ virSecurityManagerPostFork(item->securityManager);
}
return rc;
--
1.8.3.1
More information about the libvir-list
mailing list