From: Stefan Berger <stefanb@us.ibm.com>
Date: Fri, 27 May 2011 20:50:40 +0000 (-0400)
Subject: nwfilter: reorder locks
X-Git-Tag: CVE-2011-2178~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cc166e76e5de8d0e768b72570a1d31377308427;p=thirdparty%2Flibvirt.git

nwfilter: reorder locks

This patch reorders the locks for the nwfilter updates and the access
the nwfilter objects. In the case that the IP address learning thread
was instantiating filters while an update happened, the previous order
lead to a deadlock.
---

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 3f69c1d9a7..40516c7619 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2394,15 +2394,13 @@ virNWFilterTestUnassignDef(virConnectPtr conn,
 {
     int rc = 0;
 
-    virNWFilterLockFilterUpdates();
-
     nwfilter->wantRemoved = 1;
     /* trigger the update on VMs referencing the filter */
     if (virNWFilterTriggerVMFilterRebuild(conn))
         rc = 1;
 
     nwfilter->wantRemoved = 0;
-    virNWFilterUnlockFilterUpdates();
+
     return rc;
 }
 
@@ -2434,8 +2432,9 @@ virNWFilterObjAssignDef(virConnectPtr conn,
         return NULL;
     }
 
+    virNWFilterLockFilterUpdates();
+
     if ((nwfilter = virNWFilterObjFindByName(nwfilters, def->name))) {
-        virNWFilterLockFilterUpdates();
         nwfilter->newDef = def;
         /* trigger the update on VMs referencing the filter */
         if (virNWFilterTriggerVMFilterRebuild(conn)) {
@@ -2452,6 +2451,8 @@ virNWFilterObjAssignDef(virConnectPtr conn,
         return nwfilter;
     }
 
+    virNWFilterUnlockFilterUpdates();
+
     if (VIR_ALLOC(nwfilter) < 0) {
         virReportOOMError();
         return NULL;
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index d9ac17e86d..44327ae1a2 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -372,6 +372,8 @@ nwfilterUndefine(virNWFilterPtr obj) {
     nwfilterDriverLock(driver);
     virNWFilterCallbackDriversLock();
 
+    virNWFilterLockFilterUpdates();
+
     nwfilter = virNWFilterObjFindByUUID(&driver->nwfilters, obj->uuid);
     if (!nwfilter) {
         virNWFilterReportError(VIR_ERR_NO_NWFILTER,
@@ -399,6 +401,8 @@ cleanup:
     if (nwfilter)
         virNWFilterObjUnlock(nwfilter);
 
+    virNWFilterUnlockFilterUpdates();
+
     virNWFilterCallbackDriversUnlock();
     nwfilterDriverUnlock(driver);
     return ret;