From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 98FB1906C4 for ; Fri, 24 Mar 2023 10:43:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AFAE49451 for ; Fri, 24 Mar 2023 10:43:12 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 24 Mar 2023 10:43:10 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id BFFC1466B7 for ; Fri, 24 Mar 2023 10:43:08 +0100 (CET) Message-ID: <7584dc51-7ce8-3b4c-d5a5-149cc8c521c4@proxmox.com> Date: Fri, 24 Mar 2023 10:43:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 To: Wolfgang Bumiller Cc: pve-devel@lists.proxmox.com References: <20230301091229.53505-1-l.nunner@proxmox.com> <20230301091229.53505-2-l.nunner@proxmox.com> <20230315140553.iqyxwjhqsv2vo4b2@casey.proxmox.com> Content-Language: en-US From: Leo Nunner In-Reply-To: <20230315140553.iqyxwjhqsv2vo4b2@casey.proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -1.102 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH qemu-server 1/2] fix #4068: implement support for fw_cfg X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2023 09:43:43 -0000 Thanks for the review! On 2023-03-15 15:05, Wolfgang Bumiller wrote: > On Wed, Mar 01, 2023 at 10:12:26AM +0100, Leo Nunner wrote: >> Implements support for passing values to the fw_cfg argument for QEMU. >> If the value looks like a file, the backend checks for the correct >> permissions/path and if everything is right, includes it as a file >> instead of as a string. >> >> Setting the argument requires the VM.Config.Options permission on the >> guest. Including files requires Datastore.Audit and Datastore.Allocate >> on the specific storage. >> >> Signed-off-by: Leo Nunner >> --- >> RFC: I feel like a more implicit option for passing files would be >> nicer, but I can't really think of a nice way… >> >> PVE/API2/Qemu.pm | 14 ++++++++++++++ >> PVE/QemuServer.pm | 35 +++++++++++++++++++++++++++++++++++ >> 2 files changed, 49 insertions(+) >> >> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm >> index 587bb22..c03394f 100644 >> --- a/PVE/API2/Qemu.pm >> +++ b/PVE/API2/Qemu.pm >> @@ -639,6 +639,8 @@ my $check_vm_modify_config_perm = sub { >> # the user needs Disk and PowerMgmt privileges to change the vmstate >> # also needs privileges on the storage, that will be checked later >> $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]); >> + } elsif ($opt eq 'fw_cfg') { >> + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']); >> } else { >> # catches hostpci\d+, args, lock, etc. >> # new options will be checked here >> @@ -1770,6 +1772,18 @@ my $update_vm_api = sub { >> } elsif ($opt eq 'tags') { >> assert_tag_permissions($vmid, $conf->{$opt}, $param->{$opt}, $rpcenv, $authuser); >> $conf->{pending}->{$opt} = PVE::GuestHelpers::get_unique_tags($param->{$opt}); >> + } elsif ($opt eq 'fw_cfg') { >> + foreach my $fw_cfg (PVE::Tools::split_list($param->{$opt})) { >> + my ($opt, $val) = split("=", $fw_cfg); >> + >> + if (my $storage = PVE::Storage::parse_volume_id($val, 1)) { >> + $rpcenv->check($authuser, "/storage/$storage", ['Datastore.Audit', 'Datastore.Allocate']); >> + >> + my ($path, undef, $type) = PVE::Storage::path($storecfg, $val); >> + die "File $val is not in snippets directory\n" if $type ne "snippets"; >> + } >> + } >> + $conf->{pending}->{$opt} = $param->{$opt}; >> } else { >> $conf->{pending}->{$opt} = $param->{$opt}; >> >> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm >> index 40be44d..c5dea1f 100644 >> --- a/PVE/QemuServer.pm >> +++ b/PVE/QemuServer.pm >> @@ -723,6 +723,12 @@ EODESCR >> description => "List of host cores used to execute guest processes, for example: 0,5,8-11", >> optional => 1, >> }, >> + fw_cfg => { >> + type => 'string', >> + optional => 1, >> + description => 'Pass values to the guest via the fw_cfg parameter.', >> + format => 'pve-fw-cfg-list', >> + }, >> }; >> >> my $cicustom_fmt = { >> @@ -1076,6 +1082,21 @@ sub verify_volume_id_or_absolute_path { >> return $volid; >> } >> >> +PVE::JSONSchema::register_format('pve-fw-cfg', \&verify_fw_cfg); >> +sub verify_fw_cfg { >> + my ($value, $noerr) = @_; >> + >> + my $FW_CFG_REGEX = qr/[a-z0-9\.\/:\-]+/; > IMO this is way too restrictive. If we pass the `name=` prefix in the > `-fw_cfg` parameter we can even allow `=`. In fact, AFAICT only `,` is > problematic and would need to be doubled. Also if we really just have a > single option with a list... both `,` and `;` will be problematic on our > end, so it's fine to exclude those 2 for now. (Until we add quoting > support to split_list ;-) ) > > That said, for the use cases I have in mind for us, the current code > would be sufficient, but at least uppercase letters, underscores and > spaces would be nice... We could also just switch to something like `[^,;]+`, or would that be too extreme? >> + >> + if ($value =~ m/^(opt\/$FW_CFG_REGEX)=($FW_CFG_REGEX)$/) { >> + return $value; >> + } >> + >> + return if $noerr; >> + >> + die "unable to parse fw_cfg option\n"; >> +} >> + >> my $usb_fmt = { >> host => { >> default_key => 1, >> @@ -4181,6 +4202,20 @@ sub config_to_command { >> push @$cmd, '-snapshot'; >> } >> >> + if ($conf->{fw_cfg}) { >> + foreach my $conf (PVE::Tools::split_list($conf->{fw_cfg})) { >> + my ($opt, $val) = split("=", $conf); >> + >> + push @$cmd, "-fw_cfg"; >> + if (PVE::Storage::parse_volume_id($val, 1)) { >> + my $path = PVE::Storage::path($storecfg, $val); >> + push @$cmd, "$opt,file=$path"; >> + } else { >> + push @$cmd, "$opt,string=$val"; > ^ This would definitely be safer with the `name=` portion included. Agreed, I'll change it accordingly.