* [pve-devel] [PATCH v3 container] fix invalid device passthrough being added to config
@ 2024-04-16 9:27 Filip Schauer
2024-04-16 10:47 ` [pve-devel] applied: " Fiona Ebner
0 siblings, 1 reply; 3+ messages in thread
From: Filip Schauer @ 2024-04-16 9:27 UTC (permalink / raw)
To: pve-devel
Fix a bug that allows a device passthrough entry to be added to the
config despite the device path not pointing to a device. Previously,
adding an invalid device passthrough entry would throw an error, but the
entry would still be added to the config. This is fixed by moving the
respective checks from update_lxc_config to update_pct_config, which is
run before the entry is written to the config file.
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
Changes since v2:
* Rename get_device_stat to get_device_mode_and_rdev and move it from
PVE::Tools to PVE::LXC::Tools.
* Cleanup formatting of post-ifs in get_device_mode_and_rdev
Changes since v1:
* Use "if" instead of "unless"
* Move device path validation and stat to seperate helper function
src/PVE/LXC.pm | 18 ++++--------------
src/PVE/LXC/Config.pm | 11 ++++++++++-
src/PVE/LXC/Tools.pm | 15 +++++++++++++++
3 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 9681d74..e688ea6 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -4,7 +4,7 @@ use strict;
use warnings;
use Cwd qw();
-use Errno qw(ELOOP ENOENT ENOTDIR EROFS ECONNREFUSED EEXIST);
+use Errno qw(ELOOP ENOTDIR EROFS ECONNREFUSED EEXIST);
use Fcntl qw(O_RDONLY O_WRONLY O_NOFOLLOW O_DIRECTORY :mode);
use File::Path;
use File::Spec;
@@ -643,20 +643,10 @@ sub update_lxc_config {
PVE::LXC::Config->foreach_passthrough_device($conf, sub {
my ($key, $device) = @_;
- die "Path is not defined for passthrough device $key"
- unless (defined($device->{path}));
-
- my $absolute_path = $device->{path};
- my ($mode, $rdev) = (stat($absolute_path))[2, 6];
-
- die "Device $absolute_path does not exist\n" if $! == ENOENT;
-
- die "Error accessing device $absolute_path\n"
- if (!defined($mode) || !defined($rdev));
-
- die "$absolute_path is not a device\n"
- if (!S_ISBLK($mode) && !S_ISCHR($mode));
+ die "Path is not defined for passthrough device $key\n"
+ if !defined($device->{path});
+ my ($mode, $rdev) = PVE::LXC::Tools::get_device_mode_and_rdev($device->{path});
my $major = PVE::Tools::dev_t_major($rdev);
my $minor = PVE::Tools::dev_t_minor($rdev);
my $device_type_char = S_ISBLK($mode) ? 'b' : 'c';
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 5ac1446..408140f 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -3,7 +3,8 @@ package PVE::LXC::Config;
use strict;
use warnings;
-use Fcntl qw(O_RDONLY);
+use Errno qw(ENOENT);
+use Fcntl qw(O_RDONLY :mode);
use PVE::AbstractConfig;
use PVE::Cluster qw(cfs_register_file);
@@ -1193,6 +1194,14 @@ sub update_pct_config {
die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
if ($mtu > $bridge_mtu);
}
+ } elsif ($opt =~ m/^dev(\d+)$/) {
+ my $device = $class->parse_device($value);
+
+ die "Path is not defined for passthrough device $opt"
+ if !defined($device->{path});
+
+ # Validate device
+ PVE::LXC::Tools::get_device_mode_and_rdev($device->{path});
}
$conf->{pending}->{$opt} = $value;
$class->remove_from_pending_delete($conf, $opt);
diff --git a/src/PVE/LXC/Tools.pm b/src/PVE/LXC/Tools.pm
index f96756d..7e3e530 100644
--- a/src/PVE/LXC/Tools.pm
+++ b/src/PVE/LXC/Tools.pm
@@ -4,6 +4,8 @@ package PVE::LXC::Tools;
use strict;
use warnings;
+use POSIX qw(ENOENT S_ISBLK S_ISCHR);
+
use PVE::SafeSyslog;
# LXC introduced an `lxc.hook.version` property which allows hooks to be executed in different
@@ -152,6 +154,19 @@ sub cgroup_do_write($$) {
return 1;
}
+sub get_device_mode_and_rdev($) {
+ my ($path) = @_;
+
+ die "Path is not defined\n" if !defined($path);
+
+ my ($mode, $rdev) = (stat($path))[2, 6];
+ die "Device $path does not exist\n" if $! == ENOENT;
+ die "Error accessing device $path\n" if !defined($mode) || !defined($rdev);
+ die "$path is not a device\n" if !S_ISBLK($mode) && !S_ISCHR($mode);
+
+ return ($mode, $rdev);
+}
+
# Tries to the architecture of an executable file based on its ELF header.
sub detect_elf_architecture {
my ($elf_fn) = @_;
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] applied: [PATCH v3 container] fix invalid device passthrough being added to config
2024-04-16 9:27 [pve-devel] [PATCH v3 container] fix invalid device passthrough being added to config Filip Schauer
@ 2024-04-16 10:47 ` Fiona Ebner
2024-04-16 10:56 ` Fiona Ebner
0 siblings, 1 reply; 3+ messages in thread
From: Fiona Ebner @ 2024-04-16 10:47 UTC (permalink / raw)
To: Proxmox VE development discussion, Filip Schauer
Am 16.04.24 um 11:27 schrieb Filip Schauer:
> Fix a bug that allows a device passthrough entry to be added to the
> config despite the device path not pointing to a device. Previously,
> adding an invalid device passthrough entry would throw an error, but the
> entry would still be added to the config. This is fixed by moving the
> respective checks from update_lxc_config to update_pct_config, which is
> run before the entry is written to the config file.
>
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
(...)
> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> index 5ac1446..408140f 100644
> --- a/src/PVE/LXC/Config.pm
> +++ b/src/PVE/LXC/Config.pm
> @@ -3,7 +3,8 @@ package PVE::LXC::Config;
> use strict;
> use warnings;
>
> -use Fcntl qw(O_RDONLY);
> +use Errno qw(ENOENT);
> +use Fcntl qw(O_RDONLY :mode);
>
> use PVE::AbstractConfig;
> use PVE::Cluster qw(cfs_register_file);
I dropped the above hunk, because it's a left-over from a previous
version AFAICT.
> @@ -1193,6 +1194,14 @@ sub update_pct_config {
> die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
> if ($mtu > $bridge_mtu);
> }
> + } elsif ($opt =~ m/^dev(\d+)$/) {
> + my $device = $class->parse_device($value);
> +
> + die "Path is not defined for passthrough device $opt"
> + if !defined($device->{path});
> +
> + # Validate device
> + PVE::LXC::Tools::get_device_mode_and_rdev($device->{path});
> }
> $conf->{pending}->{$opt} = $value;
> $class->remove_from_pending_delete($conf, $opt);
With that, applied, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] applied: [PATCH v3 container] fix invalid device passthrough being added to config
2024-04-16 10:47 ` [pve-devel] applied: " Fiona Ebner
@ 2024-04-16 10:56 ` Fiona Ebner
0 siblings, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2024-04-16 10:56 UTC (permalink / raw)
To: Proxmox VE development discussion, Filip Schauer
Am 16.04.24 um 12:47 schrieb Fiona Ebner:
> Am 16.04.24 um 11:27 schrieb Filip Schauer:
>> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
>> index 5ac1446..408140f 100644
>> --- a/src/PVE/LXC/Config.pm
>> +++ b/src/PVE/LXC/Config.pm
>> @@ -3,7 +3,8 @@ package PVE::LXC::Config;
>> use strict;
>> use warnings;
>>
>> -use Fcntl qw(O_RDONLY);
>> +use Errno qw(ENOENT);
>> +use Fcntl qw(O_RDONLY :mode);
>>
>> use PVE::AbstractConfig;
>> use PVE::Cluster qw(cfs_register_file);
>
> I dropped the above hunk, because it's a left-over from a previous
> version AFAICT.
>
And the LXC::Config module did not yet include LXC::Tools, added that
with a follow-up patch.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-16 10:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-16 9:27 [pve-devel] [PATCH v3 container] fix invalid device passthrough being added to config Filip Schauer
2024-04-16 10:47 ` [pve-devel] applied: " Fiona Ebner
2024-04-16 10:56 ` Fiona Ebner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.