From 63ab5b8906f6913a14d38ec231f21daa760339a9 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 19 Dec 2023 00:56:07 +0100 Subject: iptables-legacy: Fix for mandatory lock waiting Parameter 'wait' passed to xtables_lock() signals three modes of operation, depending on its value: 0: --wait not specified, do not wait if lock is busy -1: --wait specified without value, wait indefinitely until lock becomes free >0: Wait for 'wait' seconds for lock to become free, abort otherwise Since fixed commit, the first two cases were treated the same apart from calling alarm(0), but that is a nop if no alarm is pending. Fix the code by requesting a non-blocking flock() in the second case. While at it, restrict the alarm setup to the third case only. Cc: Jethro Beekman Cc: howardjohn@google.com Cc: Antonio Ojea Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1728 Fixes: 07e2107ef0cbc ("xshared: Implement xtables lock timeout using signals") Signed-off-by: Phil Sutter --- iptables/xshared.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'iptables/xshared.c') diff --git a/iptables/xshared.c b/iptables/xshared.c index 5cae62b4..43fa929d 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -270,7 +270,7 @@ static int xtables_lock(int wait) return XT_LOCK_FAILED; } - if (wait != -1) { + if (wait > 0) { sigact_alarm.sa_handler = alarm_ignore; sigact_alarm.sa_flags = SA_RESETHAND; sigemptyset(&sigact_alarm.sa_mask); @@ -278,7 +278,7 @@ static int xtables_lock(int wait) alarm(wait); } - if (flock(fd, LOCK_EX) == 0) + if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0) return fd; if (errno == EINTR) { -- cgit v1.2.3