[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] race in vif-common.sh



On 07/03/2017 02:07 PM, Wei Liu wrote:
> CC George (author of recent change) and Ian
> 
> On Mon, Jul 03, 2017 at 01:30:09PM +0200, Andreas Kinzler wrote:
>> Hello
>>
>> in /etc/xen/scripts/vif-common.sh there is a function handle_iptable.
>> At its start there is a check for a working iptables implementation.
>> This check is outside the iptables lock section (claim_lock
>> "iptables") and even if it is only a read-only operation the
>> underlying iptables operation still accesses the xtables lock. I
>> debugged a malfunction (=race) with multiple vif-interfaces down to
>> the following iptables error message in the check section above:
>>
>> iptables -L -n Another app is currently holding the xtables lock.
>> Perhaps you want to use the -w option?
>>
>> So this check needs to be inside the lock or removed at all (iptables
>> should be working).

Andreas,

What version of the script are you looking at?

For 4.9 we checked in a fix to this problem that would specifically
attempt to use the -w option if it was available; see c/s 3d2010f9ff.

From your description it sounds like you are using an older version, is
that correct?  Can you try cherry-picking that changeset?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.