[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] race in vif-common.sh

> On Jul 27, 2017, at 5:12 PM, Andreas Kinzler <ml-ak@xxxxxxxxx> wrote:
> On Thu, 27 Jul 2017 12:55:14 +0200, George Dunlap <george.dunlap@xxxxxxxxxx> 
> wrote:
>> For 4.9 we checked in a fix to this problem that would specifically
>> attempt to use the -w option if it was available; see c/s 3d2010f9ff.
> Sorry, I think that this patch is just far to complicated. If you really want 
> to keep the "iptables is working check" (lines 1-7 of function 
> handle_iptable) then you should just move it inside the claim_lock "iptables" 
> section and you won't need any -w option and no iptables_w() check.

That assumes that vif-common.sh is the only thing on the system that ever calls 
iptables (since even simply querying the tables wants to grab the lock).  I’m 
afraid that’s not a very good assumption to make.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.