Re: [Xen-devel] race in vif-common.sh

[George Dunlap <George.Dunlap@xxxxxxxxxx>]

> On Jul 27, 2017, at 6:11 PM, Andreas Kinzler <ml-ak@xxxxxxxxx> wrote:
> 
> On Thu, 27 Jul 2017 18:49:47 +0200, George Dunlap <George.Dunlap@xxxxxxxxxx> 
> wrote:
>>> Sorry, I think that this patch is just far to complicated. If you really 
>>> want to keep the "iptables is working check" (lines 1-7 of function 
>>> handle_iptable) then you should just move it inside the claim_lock 
>>> "iptables" section and you won't need any -w option and no iptables_w() 
>>> check.
>> That assumes that vif-common.sh is the only thing on the system that ever 
>> calls iptables (since even simply querying the tables wants to grab the 
>> lock).  I’m afraid that’s not a very good assumption to make.
> 
> Hmm, I see your point but that boils down to a total different question that 
> has nothing to do with Xen: should iptables have "-w" as a default? Somehow 
> the current state (-w is not a default) seems to work for most people/cases.

Well it works for most people / cases entirely by accident.  Search for your 
error message and you’ll find hundreds of people have problems because -w is 
not the default.

If you want to submit a patch to iptables to make ‘-w’ the default, that would 
be great.  But our script will have to deal with the current behavior until we 
can be sure that none of our users are using the old version of iptables.

 -George
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel