[libvirt] [PATCH] Firewall : let libvirtd proceed after verifying locking args

Prerna Saxena prerna at linux.vnet.ibm.com
Fri Dec 26 10:24:12 UTC 2014 

I recently encountered a situation where an unclean ebtables shutdown
caused /var/lib/ebtables/lock to be left behind. When libvirtd was
started on such a system, it caused libvirtd to "hang". Reason:
While probing to check if locking was supported, libvirt runs this
command synchronously :
  #  /usr/sbin/ebtables --concurrent -L
And this seemed to go on with msgs like :
 Trying to obtain lock /var/lib/ebtables/lock
 Trying to obtain lock /var/lib/ebtables/lock
 Trying to obtain lock /var/lib/ebtables/lock

Result:
Libvirtd never recovered from this scenario, and the system was
essentially unable to start any VMs.

The following patch fixes this scenario:
-----------------------------------------------------------
>From ec245eccc03e8a69dc2c2e6edbf30a7b34eb74d0 Mon Sep 17 00:00:00 2001
From: Prerna Saxena <prerna at linux.vnet.ibm.com>
Date: Fri, 26 Dec 2014 15:24:45 -0500
Subject: [PATCH] Firewall : let libvirtd proceed after verifying valid locking
 args.

Commit dc33e6e4a5a5d42 introduces locking args to be run with [eb/ip]tables to
determine whether locking is supported. However, this command needs to be
run asynchronously ( as against its present synchronous run), and needs to be
gracefully terminated once the job is done. Else it can potentially stall libvirtd
with messages like :
 "Trying to acquire lock ..."

Signed-off-by: Prerna Saxena <prerna at linux.vnet.ibm.com>
---
 src/util/virfirewall.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index b536912..c120717 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -121,12 +121,16 @@ virFirewallCheckUpdateLock(bool *lockflag,
 {
     int status; /* Ignore failed commands without logging them */
     virCommandPtr cmd = virCommandNewArgs(args);
-    if (virCommandRun(cmd, &status) < 0 || status) {
+    status = virCommandRunAsync(cmd, NULL);
+    if (status < 0) {
         VIR_INFO("locking not supported by %s", args[0]);
+        goto cleanup;
     } else {
         VIR_INFO("using locking for %s", args[0]);
         *lockflag = true;
     }
+cleanup:
+    virCommandAbort(cmd);
     virCommandFree(cmd);
 }
 
-- 
1.8.4.2

Regards,
----------
Prerna Saxena,
IBM Systems & technology Labs,
Bangalore

More information about the libvir-list mailing list