https://bugzilla.redhat.com/show_bug.cgi?id=1608275
Instantiation of an nwfilter binding is only allowed when
the net->filter is defined for the network; however, the
teardown of the binding does not make this check. This
leaves open the possibility that the teardown could be
called during guest shutdown/teardown in session mode
resulting in the following error being logged:
error : nwfilterConnectOpen:383 : internal error: unexpected
nwfilter URI path '/session', try nwfilter:///system
So before going through the teardown processing, let's
be sure the network had a filter and then attempt to
get a connection. For session mode it's not even possible
create an nwfilter binding.
Signed-off-by: John Ferlan <jferlan@redhat.com>
---
src/conf/domain_nwfilter.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
index f39c8a1f9b..e75fb598e8 100644
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -149,9 +149,12 @@ virDomainConfNWFilterTeardownImpl(virConnectPtr conn,
void
virDomainConfNWFilterTeardown(virDomainNetDefPtr net)
{
- virConnectPtr conn = virGetConnectNWFilter();
+ virConnectPtr conn;
- if (!conn)
+ if (!net->filter)
+ return;
+
+ if (!(conn = virGetConnectNWFilter()))
return;
virDomainConfNWFilterTeardownImpl(conn, net);
@@ -163,14 +166,19 @@ void
virDomainConfVMNWFilterTeardown(virDomainObjPtr vm)
{
size_t i;
- virConnectPtr conn = virGetConnectNWFilter();
+ virConnectPtr conn = NULL;
- if (!conn)
- return;
+ for (i = 0; i < vm->def->nnets; i++) {
+ virDomainNetDefPtr net = vm->def->nets[i];
+ if (!net->filter)
+ continue;
- for (i = 0; i < vm->def->nnets; i++)
- virDomainConfNWFilterTeardownImpl(conn, vm->def->nets[i]);
+ if (!conn && !(conn = virGetConnectNWFilter()))
+ return;
+
+ virDomainConfNWFilterTeardownImpl(conn, net);
+ }
virObjectUnref(conn);
}
--
2.17.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Aug 30, 2018 at 11:06:08AM -0400, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1608275 > > Instantiation of an nwfilter binding is only allowed when > the net->filter is defined for the network; however, the > teardown of the binding does not make this check. This > leaves open the possibility that the teardown could be > called during guest shutdown/teardown in session mode > resulting in the following error being logged: > > error : nwfilterConnectOpen:383 : internal error: unexpected > nwfilter URI path '/session', try nwfilter:///system > > So before going through the teardown processing, let's > be sure the network had a filter and then attempt to > get a connection. For session mode it's not even possible > create an nwfilter binding. > > Signed-off-by: John Ferlan <jferlan@redhat.com> > --- > src/conf/domain_nwfilter.c | 22 +++++++++++++++------- > 1 file changed, 15 insertions(+), 7 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.