libnftables: move init-once guard inside xt_init()

A library should not restrict being used by multiple threads or make assumptions about how it's being used. Hence a "init_once" pattern without no locking is racy, a code smell and should be avoided. Note that libxtables is full of global variables and when linking against it, libnftables cannot be used from multiple threads either. That is not easy to fix. Move the ugliness of "init_once" away from nft_ctx_new(), so that the problem is concentrated closer to libxtables. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Thomas Haller <thaller@redhat.com> 2023-09-19 14:36:17 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-09-19 17:26:27 +0200
commit: dac1fbe3d35bf5e78320c4402718628866ed9d0a (patch)
tree: 96bf2bfe7f5b7fbd011518147b68e0633a898204 /src/libnftables.c
parent: 96ee78ec4a0707114d2f8ef7590d08cfd25080ea (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/src/libnftables.c b/src/libnftables.c
index cedd710b..1ca5a6f4 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -191,15 +191,11 @@ void nft_ctx_clear_include_paths(struct nft_ctx *ctx)
 EXPORT_SYMBOL(nft_ctx_new);
 struct nft_ctx *nft_ctx_new(uint32_t flags)
 {
-	static bool init_once;
 	struct nft_ctx *ctx;
 
-	if (!init_once) {
-		init_once = true;
 #ifdef HAVE_LIBXTABLES
-		xt_init();
+	xt_init();
 #endif
-	}
 
 	ctx = xzalloc(sizeof(struct nft_ctx));
 	nft_init(ctx);
author	Thomas Haller <thaller@redhat.com>	2023-09-19 14:36:17 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-09-19 17:26:27 +0200
commit	dac1fbe3d35bf5e78320c4402718628866ed9d0a (patch)
tree	96bf2bfe7f5b7fbd011518147b68e0633a898204 /src/libnftables.c
parent	96ee78ec4a0707114d2f8ef7590d08cfd25080ea (diff)