Merge "UPSTREAM: iptables: insist that the lock is held."
am: c9c53dbd72
Change-Id: I490a69bfad64a45bdc8736cacd4ced83da8c07f9
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 7d40590..0db8d84 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -296,12 +296,7 @@
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
/* Acquire a lock before we create a new table handle */
- lock = xtables_lock(wait, &wait_interval);
- if (lock == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. "
- "Perhaps you want to use the -w option?\n");
- exit(RESOURCE_PROBLEM);
- }
+ lock = xtables_lock_or_exit(wait, &wait_interval);
/* New table */
char *table;
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 579d347..49bd006 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1779,15 +1779,8 @@
generic_opt_check(command, cs.options);
/* Attempt to acquire the xtables lock */
- if (!restore && xtables_lock(wait, &wait_interval) == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. ");
- if (wait == 0)
- fprintf(stderr, "Perhaps you want to use the -w option?\n");
- else
- fprintf(stderr, "Stopped waiting after %ds.\n", wait);
- xtables_free_opts(1);
- exit(RESOURCE_PROBLEM);
- }
+ if (!restore)
+ xtables_lock_or_exit(wait, &wait_interval);
/* only allocate handle if we weren't called with a handle */
if (!*handle)
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 113045d..078d1d4 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -295,12 +295,7 @@
in_table = 0;
} else if ((buffer[0] == '*') && (!in_table)) {
/* Acquire a lock before we create a new table handle */
- lock = xtables_lock(wait, &wait_interval);
- if (lock == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. "
- "Perhaps you want to use the -w option?\n");
- exit(RESOURCE_PROBLEM);
- }
+ lock = xtables_lock_or_exit(wait, &wait_interval);
/* New table */
char *table;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 62731c5..d61d5b9 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -1766,15 +1766,8 @@
generic_opt_check(command, cs.options);
/* Attempt to acquire the xtables lock */
- if (!restore && xtables_lock(wait, &wait_interval) == XT_LOCK_BUSY) {
- fprintf(stderr, "Another app is currently holding the xtables lock. ");
- if (wait == 0)
- fprintf(stderr, "Perhaps you want to use the -w option?\n");
- else
- fprintf(stderr, "Stopped waiting after %ds.\n", wait);
- xtables_free_opts(1);
- exit(RESOURCE_PROBLEM);
- }
+ if (!restore)
+ xtables_lock_or_exit(wait, &wait_interval);
/* only allocate handle if we weren't called with a handle */
if (!*handle)
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 3fbe3b1..825479c 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -246,7 +246,7 @@
match->init(match->m);
}
-int xtables_lock(int wait, struct timeval *wait_interval)
+static int xtables_lock(int wait, struct timeval *wait_interval)
{
struct timeval time_left, wait_time;
int fd, i = 0;
@@ -255,8 +255,11 @@
time_left.tv_usec = 0;
fd = open(XT_LOCK_NAME, O_CREAT, 0600);
- if (fd < 0)
- return XT_LOCK_UNSUPPORTED;
+ if (fd < 0) {
+ fprintf(stderr, "Fatal: can't open lock file %s: %s\n",
+ XT_LOCK_NAME, strerror(errno));
+ return XT_LOCK_FAILED;
+ }
if (wait == -1) {
if (flock(fd, LOCK_EX) == 0)
@@ -291,6 +294,28 @@
close(lock);
}
+int xtables_lock_or_exit(int wait, struct timeval *wait_interval)
+{
+ int lock = xtables_lock(wait, wait_interval);
+
+ if (lock == XT_LOCK_FAILED) {
+ xtables_free_opts(1);
+ exit(RESOURCE_PROBLEM);
+ }
+
+ if (lock == XT_LOCK_BUSY) {
+ fprintf(stderr, "Another app is currently holding the xtables lock. ");
+ if (wait == 0)
+ fprintf(stderr, "Perhaps you want to use the -w option?\n");
+ else
+ fprintf(stderr, "Stopped waiting after %ds.\n", wait);
+ xtables_free_opts(1);
+ exit(RESOURCE_PROBLEM);
+ }
+
+ return lock;
+}
+
int parse_wait_time(int argc, char *argv[])
{
int wait = -1;
diff --git a/iptables/xshared.h b/iptables/xshared.h
index f8dc527..e390f64 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -93,8 +93,7 @@
*
* A value >= 0 indicates the lock filedescriptor. Other values are:
*
- * XT_LOCK_UNSUPPORTED : The system does not support locking, execution will
- * proceed lockless.
+ * XT_LOCK_FAILED : The lock could not be acquired.
*
* XT_LOCK_BUSY : The lock was held by another process. xtables_lock only
* returns this value when |wait| == false. If |wait| == true, xtables_lock
@@ -104,11 +103,11 @@
*/
enum {
XT_LOCK_BUSY = -1,
- XT_LOCK_UNSUPPORTED = -2,
+ XT_LOCK_FAILED = -2,
XT_LOCK_NOT_ACQUIRED = -3,
};
-extern int xtables_lock(int wait, struct timeval *tv);
extern void xtables_unlock(int lock);
+extern int xtables_lock_or_exit(int wait, struct timeval *tv);
int parse_wait_time(int argc, char *argv[]);
void parse_wait_interval(int argc, char *argv[], struct timeval *wait_interval);
