From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 81DBF1FF1DB for ; Wed, 06 May 2026 18:57:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2F2391E6E; Wed, 6 May 2026 18:57:50 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v2 09/10] api: config: unlocked s3 bucket access check for datastore creation Date: Wed, 6 May 2026 18:56:50 +0200 Message-ID: <20260506165651.1322947-10-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260506165651.1322947-1-c.ebner@proxmox.com> References: <20260506165651.1322947-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778086520375 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.070 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: PROBTEV4NLIWQXKHDSICY7EAEAZOEYC5 X-Message-ID-Hash: PROBTEV4NLIWQXKHDSICY7EAEAZOEYC5 X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The bucket access check performed when creating a new datastore with s3 backend can theoretically block up to the set s3 client request timeout of 30 min. It is not acceptable to hold the config lock for this long, effectively blocking configuration access for unrelated datastores. Move the check to the start so it is performed before even locking the config. Signed-off-by: Christian Ebner --- src/api2/config/datastore.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs index fe8e641a3..3061219ae 100644 --- a/src/api2/config/datastore.rs +++ b/src/api2/config/datastore.rs @@ -169,6 +169,13 @@ pub fn create_datastore( overwrite_in_use: bool, rpcenv: &mut dyn RpcEnvironment, ) -> Result { + let (backend, s3_client) = DataStore::s3_client_and_backend_from_datastore_config(&config)?; + if let Some(s3_client) = s3_client { + proxmox_async::runtime::block_on(s3_client.head_bucket()) + .context("failed to access bucket") + .map_err(|err| format_err!("{err:#}"))?; + } + let lock = pbs_config::datastore::lock_config()?; let (section_config, _digest) = pbs_config::datastore::config()?; @@ -233,13 +240,6 @@ pub fn create_datastore( let store_name = config.name.to_string(); - let (backend, s3_client) = DataStore::s3_client_and_backend_from_datastore_config(&config)?; - if let Some(s3_client) = s3_client { - proxmox_async::runtime::block_on(s3_client.head_bucket()) - .context("failed to access bucket") - .map_err(|err| format_err!("{err:#}"))?; - } - WorkerTask::new_thread( "create-datastore", Some(store_name.clone()), -- 2.47.3