[pve-devel] [PATCH container] Fix invalid device passthrough being added to config

[pve-devel] [PATCH container] Fix invalid device passthrough being added to config

[Filip Schauer]

Fix a bug that allows a device passthrough entry to be added to the
config despite the device path not pointing to a device. Previously,
adding an invalid device passthrough entry would throw an error, but the
entry would still be added to the config. This is fixed by moving the
respective checks from update_lxc_config to update_pct_config, which is
run before the entry is written to the config file.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 src/PVE/LXC.pm        |  8 --------
 src/PVE/LXC/Config.pm | 19 ++++++++++++++++++-
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 7883cfb..f0c000b 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -643,20 +643,12 @@ sub update_lxc_config {
     PVE::LXC::Config->foreach_passthrough_device($conf, sub {
 	my ($key, $device) = @_;
 
-	die "Path is not defined for passthrough device $key"
-	    unless (defined($device->{path}));
-
 	my $absolute_path = $device->{path};
 	my ($mode, $rdev) = (stat($absolute_path))[2, 6];
 
-	die "Device $absolute_path does not exist\n" if $! == ENOENT;
-
 	die "Error accessing device $absolute_path\n"
 	    if (!defined($mode) || !defined($rdev));
 
-	die "$absolute_path is not a device\n"
-	    if (!S_ISBLK($mode) && !S_ISCHR($mode));
-
 	my $major = PVE::Tools::dev_t_major($rdev);
 	my $minor = PVE::Tools::dev_t_minor($rdev);
 	my $device_type_char = S_ISBLK($mode) ? 'b' : 'c';
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 5ac1446..4ea103e 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -3,7 +3,8 @@ package PVE::LXC::Config;
 use strict;
 use warnings;
 
-use Fcntl qw(O_RDONLY);
+use Errno qw(ENOENT);
+use Fcntl qw(O_RDONLY :mode);
 
 use PVE::AbstractConfig;
 use PVE::Cluster qw(cfs_register_file);
@@ -1193,6 +1194,22 @@ sub update_pct_config {
 		die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
 		    if ($mtu > $bridge_mtu);
 	    }
+	} elsif ($opt =~ m/^dev(\d+)$/) {
+	    my $device = $class->parse_device($value);
+
+	    die "Path is not defined for passthrough device $opt"
+		unless (defined($device->{path}));
+
+	    my $absolute_path = $device->{path};
+	    my ($mode, $rdev) = (stat($absolute_path))[2, 6];
+
+	    die "Device $absolute_path does not exist\n" if $! == ENOENT;
+
+	    die "Error accessing device $absolute_path\n"
+		if (!defined($mode) || !defined($rdev));
+
+	    die "$absolute_path is not a device\n"
+		if (!S_ISBLK($mode) && !S_ISCHR($mode));
 	}
 	$conf->{pending}->{$opt} = $value;
 	$class->remove_from_pending_delete($conf, $opt);
-- 
2.39.2

Re: [pve-devel] [PATCH container] Fix invalid device passthrough being added to config

[Fiona Ebner]

Am 29.01.24 um 15:29 schrieb Filip Schauer:
> Fix a bug that allows a device passthrough entry to be added to the
> config despite the device path not pointing to a device. Previously,
> adding an invalid device passthrough entry would throw an error, but the
> entry would still be added to the config. This is fixed by moving the
> respective checks from update_lxc_config to update_pct_config, which is
> run before the entry is written to the config file.
> 
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>  src/PVE/LXC.pm        |  8 --------
>  src/PVE/LXC/Config.pm | 19 ++++++++++++++++++-
>  2 files changed, 18 insertions(+), 9 deletions(-)
> 
> diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
> index 7883cfb..f0c000b 100644
> --- a/src/PVE/LXC.pm
> +++ b/src/PVE/LXC.pm
> @@ -643,20 +643,12 @@ sub update_lxc_config {
>      PVE::LXC::Config->foreach_passthrough_device($conf, sub {
>  	my ($key, $device) = @_;
>  
> -	die "Path is not defined for passthrough device $key"
> -	    unless (defined($device->{path}));

Pre-existing style nit that "unless" should not be used according to our
style guide:
https://pve.proxmox.com/wiki/Perl_Style_Guide#Perl_syntax_choices

> -
>  	my $absolute_path = $device->{path};
>  	my ($mode, $rdev) = (stat($absolute_path))[2, 6];
>  
> -	die "Device $absolute_path does not exist\n" if $! == ENOENT;
> -
>  	die "Error accessing device $absolute_path\n"
>  	    if (!defined($mode) || !defined($rdev));
>  
> -	die "$absolute_path is not a device\n"
> -	    if (!S_ISBLK($mode) && !S_ISCHR($mode));
> -

Is there any downside to keeping these checks here as well? What a path
points to might change in between being set in the config and some later
time when the container is started, so these checks still make sense
here IMHO. Could then become a helper function since it's used in two
places, which would also reduce the amount of lines in the
update_{pct,lxc}_config functions.

>  	my $major = PVE::Tools::dev_t_major($rdev);
>  	my $minor = PVE::Tools::dev_t_minor($rdev);
>  	my $device_type_char = S_ISBLK($mode) ? 'b' : 'c';

Re: [pve-devel] [PATCH container] Fix invalid device passthrough being added to config

[Filip Schauer]

On 11/04/2024 14:18, Fiona Ebner wrote:
>> -
>>   	my $absolute_path = $device->{path};
>>   	my ($mode, $rdev) = (stat($absolute_path))[2, 6];
>>   
>> -	die "Device $absolute_path does not exist\n" if $! == ENOENT;
>> -
>>   	die "Error accessing device $absolute_path\n"
>>   	    if (!defined($mode) || !defined($rdev));
>>   
>> -	die "$absolute_path is not a device\n"
>> -	    if (!S_ISBLK($mode) && !S_ISCHR($mode));
>> -
> Is there any downside to keeping these checks here as well? What a path
> points to might change in between being set in the config and some later
> time when the container is started, so these checks still make sense
> here IMHO. Could then become a helper function since it's used in two
> places, which would also reduce the amount of lines in the
> update_{pct,lxc}_config functions.

Good point, I sent a patch v2:
https://lists.proxmox.com/pipermail/pve-devel/2024-April/062973.html