[CRIU] [PATCH] kdat: if iptables-restore has xtable lock support do wait on lock

Sat Sep 30 03:24:07 MSK 2017

Applied, thanks!

On Thu, Sep 28, 2017 at 11:24:47AM +0300, Pavel Tikhomirov wrote:
> On VZ7 we have a problem in random tests on iptables restore when
> running tests in parallel(one iptables-restore instance tries to lock
> xtables lock and fails while other instance(some iptables* command) is
> already holding the lock):
> 
> ================== Run zdtm/static/socket_udp_shutdown in ns ===================
> Start test
> ./socket_udp_shutdown --pidfile=socket_udp_shutdown.pid --outfile=socket_udp_shutdown.out
> Run criu dump
> Run criu restore
> =[log]=> dump/zdtm/static/socket_udp_shutdown/77/1/restore.log
> ------------------------ grep Error ------------------------
> (00.158864)      1: 	Running ip rule delete table local
> (00.167319)      1: 	Running ip rule restore
> (00.175647)      1: 	Running iptables-restore for iptables-restore
> Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
> (00.185245)      1: Error (criu/util.c:719): exited, status=4
> (00.185289)      1: Error (criu/net.c:1739): iptables-restore failed
> (00.185301)      1: Error (criu/net.c:2382): Can't create net_ns
> (00.185370)      1: Error (criu/util.c:1412): Can't wait or bad status: errno=0, status=65280(00.187281) Error (criu/mount.c:2944): mnt: Can't remove the directory /tmp/.criu.mntns.Ai5EG9: No such file or directory
> (00.187298) uns: calling exit_usernsd (-1, 1)
> (00.187344) uns: daemon calls 0x466a40 (93, -1, 1)
> (00.187361) uns: `- daemon exits w/ 0
> (00.188375) uns: daemon stopped
> (00.188390) Error (criu/cr-restore.c:2450): Restoring FAILED.
> ------------------------ ERROR OVER ------------------------
> Test zdtm/static/socket_udp_shutdown FAIL at CRIU restore
> 
> https://ci.openvz.org/job/CRIU/job/CRIU-virtuozzo/job/criu-dev/2873
> 
> It happens now in every test-suit run on VZ7 host as we had updated to
> 1.4.21-18 iptables package, which has patches for xlocks support in
> iptables-restore ported:
> 
> * Mon Apr 24 2017 Thomas Woerner <twoerner at redhat.com> 1.4.21-18 - Add
> support for --wait options to restore commands (RHBZ#1438597)
> 
> Whether these patches are ported to other distribution packages we'll
> have these problem in other distributions.
> 
> Just add -w to wait lock on iptables-restore as older versions does not
> error on invalid option, just warning is printed.
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
>  criu/net.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..1e7c74e1e 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1973,7 +1973,7 @@ static inline int restore_iptables(int pid)
>  
>  	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
>  	if (img) {
> -		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
> +		ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
>  		close_image(img);
>  	}
>  	if (ret)
> @@ -1985,7 +1985,7 @@ static inline int restore_iptables(int pid)
>  	if (empty_image(img))
>  		goto out;
>  
> -	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> +	ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img), -1);
>  out:
>  	close_image(img);
>  
> @@ -2457,8 +2457,8 @@ int netns_keep_nsfd(void)
>  static int iptables_restore(bool ipv6, char *buf, int size)
>  {
>  	int pfd[2], ret = -1;
> -	char *cmd4[] = {"iptables-restore",  "--noflush", NULL};
> -	char *cmd6[] = {"ip6tables-restore", "--noflush", NULL};
> +	char *cmd4[] = {"iptables-restore", "-w", "--noflush", NULL};
> +	char *cmd6[] = {"ip6tables-restore", "-w", "--noflush", NULL};
>  	char **cmd = ipv6 ? cmd6 : cmd4;;
>  
>  	if (pipe(pfd) < 0) {
> -- 
> 2.13.5
> 