From nobody Mon May 13 21:34:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1648805349; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ARMXXvVw9xMAjOfEYm8RwDB0EphQKJmvoEB8pzkVqwkNb06QveH0VLl1dYB1bi6VrQpXDcN6X3ahI2QFzpiEi3t5CJrtm4CNUwMEW4RuaWueQGUfCxAsTkFKgj5OajQysp3tDlzKNmXb0ixB2EYzq044zl1wvthp8UvKJ72+XK0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1648805349;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=nu0bkY0V2P+JBzOVPuzkGUpzOQtf2wCf6ircf7VWac4=;
	b=gWgnZGZTfyCW/NGKEdInjFQdcXAcFjxbm2NMtbTPngUS147knzraHmhF3c3VWBnLMBqBKsu2IWd+akySb+GIZabU2Q6sEJTmOyFbgOKtjwI57XhGgQiNAIz2DFjTwOfeD9b5Ton1uBiYFa/eJFaEYlfkQkF2YXAzhkxZc4pKBfc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 16488053494521001.9913771815599;
 Fri, 1 Apr 2022 02:29:09 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-570-jQmsD-nSPeqkw0N1XLN2vw-1; Fri, 01 Apr 2022 05:29:01 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 80E5A80029D;
	Fri,  1 Apr 2022 09:28:59 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 7599040CF8F4;
	Fri,  1 Apr 2022 09:28:58 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 3E6A61947BBF;
	Fri,  1 Apr 2022 09:28:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id A55691947BBE for <libvir-list@listman.corp.redhat.com>;
 Fri,  1 Apr 2022 09:28:56 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 8FFAC5E1A5A; Fri,  1 Apr 2022 09:28:56 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.33.36.117])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 162035E1969;
 Fri,  1 Apr 2022 09:28:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1648805348;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=nu0bkY0V2P+JBzOVPuzkGUpzOQtf2wCf6ircf7VWac4=;
	b=YdmHt8eRPD0zO601jjG3voxTxRjSbz9VF4nXl52xQAZ9ERWcbySweWC4SYWtt1E6RIR9cH
	zK/iBd2SJtehXD5tsJQmBNmaAr8mXc3G2gtu5bIbHtuDo/SJoL5d2eUMiaQf/Bgg265Apz
	/a+btPQXBpVieO/4IB2Zf3GZKPPPhIk=
X-MC-Unique: jQmsD-nSPeqkw0N1XLN2vw-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH] nwfilter: spawn thread for reloading on firewalld
 trigger
Date: Fri,  1 Apr 2022 10:28:54 +0100
Message-Id: <20220401092854.212856-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1648805350144100001

When firewalld is restarted or has its rules reloaded, we trigger a
reload of the nwfilter driver. This is done directly in the main
event loop thread which is a bad idea.

In a previous commit we fixed a actual deadlock problem with the
virStateReload API, when triggered from SIGHUP:

commit 33c6eb9689eb51dfe31dd05b24b3b6b1c948c267
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Thu Mar 8 15:04:48 2018 -0700

    libvirtd: fix potential deadlock when reloading

The same deadlock problem previously existed with the firewalld reload
trigger, however, today it is not quite so series. The QEMU driver uses
a private event thread for each VM, so the particular deadlock would
not occur. None the less during the time the filters are reloading all
use of the event loop is blocked, which prevents APIs being serviced.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/nwfilter/nwfilter_driver.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 1f7d40e1b0..f620461f6a 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -59,6 +59,13 @@ static virMutex driverMutex =3D VIR_MUTEX_INITIALIZER;
=20
 #ifdef WITH_FIREWALLD
=20
+static void nwfilterStateReloadThread(void *opaque G_GNUC_UNUSED)
+{
+    VIR_INFO("Reloading configuration on firewalld reload/restart");
+
+    nwfilterStateReload();
+}
+
 static void
 nwfilterFirewalldDBusSignalCallback(GDBusConnection *connection G_GNUC_UNU=
SED,
                                     const char *senderName G_GNUC_UNUSED,
@@ -68,7 +75,15 @@ nwfilterFirewalldDBusSignalCallback(GDBusConnection *con=
nection G_GNUC_UNUSED,
                                     GVariant *parameters G_GNUC_UNUSED,
                                     gpointer user_data G_GNUC_UNUSED)
 {
-    nwfilterStateReload();
+    virThread thr;
+
+    if (virThreadCreateFull(&thr, false, nwfilterStateReloadThread,
+                            "firewall-reload", false, NULL) < 0) {
+        /*
+         * Not much we can do on error here except log it.
+         */
+        VIR_ERROR(_("Failed to create thread to handle firewall reload/res=
tart"));
+    }
 }
=20
 static unsigned int restartID;
--=20
2.34.1