[pve-devel] [PATCH container v2] fix: cloning a locked container creates an empty config

[pve-devel] [PATCH container v2] fix: cloning a locked container creates an empty config

[Daniel Tschlatscher]

When an attempt was made to clone a locked container the API would
correctly present the error 'CT is locked (disk)' but create the
config files for the new container anyway.

There was also a potential problem when the config of the new ct would
already be present and the creation of the container failed. In this
case the config of the new CT would be incorrectly removed.
The config locks for the new and the old configs should now be
correctly released depending on from which call a problem originates.

Futhermore, I moved some related function calls into the eval block to
avoid similar problems with leftover config files in the future.

Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
---
Changes from v1
Some problems which I was made aware of by Fabian (G) through a quick
chat off-list (thanks btw!):

* Added a dedicated check to conditionally remove the locks for the
  new and old config files depending on where a potential error
  originates.
* Moved some potentially failing function calls into the eval block

 src/PVE/API2/LXC.pm | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 64724cb..06f759e 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -1461,9 +1461,6 @@ __PACKAGE__->register_method({
 	my $vollist = [];
 	my $running;
 
-	PVE::LXC::Config->create_and_lock_config($newid, 0);
-	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
-
 	my $lock_and_reload = sub {
 	    my ($vmid, $code) = @_;
 	    return PVE::LXC::Config->lock_config($vmid, sub {
@@ -1477,14 +1474,26 @@ __PACKAGE__->register_method({
 
 	my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk');
 
-	$running = PVE::LXC::check_running($vmid) || 0;
+	eval {
+	    PVE::LXC::Config->create_and_lock_config($newid, 0);
+	};
+	if (my $err = $@) {
+	    eval { PVE::LXC::Config->remove_lock($vmid, 'disk') };
+	    warn "Failed to remove source CT config lock - $@\n" if $@;
 
-	my $full = extract_param($param, 'full');
-	if (!defined($full)) {
-	    $full = !PVE::LXC::Config->is_template($src_conf);
+	    die $err;
 	}
 
 	eval {
+	    $running = PVE::LXC::check_running($vmid) || 0;
+
+	    my $full = extract_param($param, 'full');
+	    if (!defined($full)) {
+		$full = !PVE::LXC::Config->is_template($src_conf);
+	    }
+
+	    PVE::Firewall::clone_vmfw_conf($vmid, $newid);
+
 	    die "parameter 'storage' not allowed for linked clones\n"
 		if defined($storage) && !$full;
 
-- 
2.30.2

[pve-devel] applied: [PATCH container v2] fix: cloning a locked container creates an empty config

[Wolfgang Bumiller]

applied,


*sigh*
We should probably think about getting rid functions that set a lock and
return, requiring the caller to call a cleanup, *in general* in all of
our perl code.
Scope guards or functions taking closures would be somewhat safer.
However, since this is perl, a `die` can get thrown in at *any* line (eg
from a timer signal handler), and fixing that is a different beast...

On Fri, Jun 17, 2022 at 12:40:01PM +0200, Daniel Tschlatscher wrote:
> When an attempt was made to clone a locked container the API would
> correctly present the error 'CT is locked (disk)' but create the
> config files for the new container anyway.
> 
> There was also a potential problem when the config of the new ct would
> already be present and the creation of the container failed. In this
> case the config of the new CT would be incorrectly removed.
> The config locks for the new and the old configs should now be
> correctly released depending on from which call a problem originates.
> 
> Futhermore, I moved some related function calls into the eval block to
> avoid similar problems with leftover config files in the future.
> 
> Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
> ---
> Changes from v1
> Some problems which I was made aware of by Fabian (G) through a quick
> chat off-list (thanks btw!):
> 
> * Added a dedicated check to conditionally remove the locks for the
>   new and old config files depending on where a potential error
>   originates.
> * Moved some potentially failing function calls into the eval block
> 
>  src/PVE/API2/LXC.pm | 23 ++++++++++++++++-------
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 64724cb..06f759e 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -1461,9 +1461,6 @@ __PACKAGE__->register_method({
>  	my $vollist = [];
>  	my $running;
>  
> -	PVE::LXC::Config->create_and_lock_config($newid, 0);
> -	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
> -
>  	my $lock_and_reload = sub {
>  	    my ($vmid, $code) = @_;
>  	    return PVE::LXC::Config->lock_config($vmid, sub {
> @@ -1477,14 +1474,26 @@ __PACKAGE__->register_method({
>  
>  	my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk');
>  
> -	$running = PVE::LXC::check_running($vmid) || 0;
> +	eval {
> +	    PVE::LXC::Config->create_and_lock_config($newid, 0);
> +	};
> +	if (my $err = $@) {
> +	    eval { PVE::LXC::Config->remove_lock($vmid, 'disk') };
> +	    warn "Failed to remove source CT config lock - $@\n" if $@;
>  
> -	my $full = extract_param($param, 'full');
> -	if (!defined($full)) {
> -	    $full = !PVE::LXC::Config->is_template($src_conf);
> +	    die $err;
>  	}
>  
>  	eval {
> +	    $running = PVE::LXC::check_running($vmid) || 0;
> +
> +	    my $full = extract_param($param, 'full');
> +	    if (!defined($full)) {
> +		$full = !PVE::LXC::Config->is_template($src_conf);
> +	    }
> +
> +	    PVE::Firewall::clone_vmfw_conf($vmid, $newid);
> +
>  	    die "parameter 'storage' not allowed for linked clones\n"
>  		if defined($storage) && !$full;
>  
> -- 
> 2.30.2