From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH storage v5 14/51] qemu blockdev options: restrict allowed drivers and options
Date: Wed, 2 Jul 2025 20:15:03 +0200 [thread overview]
Message-ID: <93a47d7d-a5b8-4623-b3fe-11811b2f1918@proxmox.com> (raw)
In-Reply-To: <20250702162838.393696-15-f.ebner@proxmox.com>
On 02.07.25 6:27 PM, Fiona Ebner wrote:
> @@ -733,7 +829,25 @@ sub qemu_blockdev_options {
> die "cannot use volume of type '$vtype' as a QEMU blockdevice\n"
> if $vtype ne 'images' && $vtype ne 'iso' && $vtype ne 'import';
>
> - return $plugin->qemu_blockdev_options($scfg, $storeid, $volname, $machine_version, $options);
> + my $blockdev =
> + $plugin->qemu_blockdev_options($scfg, $storeid, $volname, $machine_version, $options);
> +
> + if (my $driver = $blockdev->{driver}) {
> + my $allowed_opts = $allowed_qemu_blockdev_options->{$driver};
My subconscious just told me that I forgot to add a "die" here if the
driver itself is not allowed. Like this, all options will get dropped,
so it can't be abused, i.e. kinda works by accident, but should be fixed
of course.
> + for my $opt (keys $blockdev->%*) {
> + next if $opt eq 'driver';
> + if (!$allowed_opts->{$opt}) {
> + delete($blockdev->{$opt});
> + log_warn(
> + "volume '$volid' - dropping block device option '$opt' set by storage plugin"
> + . " - not currently part of allowed schema");
> + }
> + }
> + } else {
> + die "storage plugin for '$storeid' did not return a blockdev driver\n";
> + }
> +
> + return $blockdev;
> }
>
> # used as last resort to adapt volnames when migrating
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-07-02 18:14 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-02 16:27 [pve-devel] [PATCH qemu/storage/qemu-server v3 00/51] let's switch to blockdev, blockdev, blockdev, part four (final) Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 01/51] PVE backup: prepare for the switch to using blockdev rather than drive Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 02/51] block/zeroinit: support using as blockdev driver Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 03/51] block/alloc-track: " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 04/51] block/qapi: include child references in block device info Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 05/51] plugin: add method to get qemu blockdevice options for volume Fiona Ebner
2025-07-03 9:33 ` Fabian Grünbichler
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 06/51] iscsi direct plugin: implement method to get qemu blockdevice options Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 07/51] zfs iscsi plugin: implement new " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 08/51] zfs pool plugin: implement " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 09/51] ceph/rbd: set 'keyring' in ceph configuration for externally managed RBD storages Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 10/51] rbd plugin: implement new method to get qemu blockdevice options Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 11/51] plugin: qemu block device: add hints option and EFI disk hint Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 12/51] plugin: qemu block device: add support for snapshot option Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 13/51] plugin: add machine version to qemu_blockdev_options() interface Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 14/51] qemu blockdev options: restrict allowed drivers and options Fiona Ebner
2025-07-02 18:15 ` Fiona Ebner [this message]
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 15/51] plugin: qemu blockdev options: parse protocol paths in default implementation Fiona Ebner
2025-07-03 9:38 ` Fabian Grünbichler
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 16/51] plugin api: bump api version and age Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 17/51] mirror: code style: avoid masking earlier declaration of $op Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 18/51] test: collect mocked functions for QemuServer module Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 19/51] drive: add helper to parse drive interface Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 20/51] drive: drop invalid export of get_scsi_devicetype Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 21/51] blockdev: add and use throttle_group_id() helper Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 22/51] blockdev: introduce top_node_name() and parse_top_node_name() helpers Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 23/51] blockdev: add helpers for attaching and detaching block devices Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 24/51] blockdev: add missing include for JSON module Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 25/51] backup: use blockdev for fleecing images Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 26/51] backup: use blockdev for TPM state file Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 27/51] blockdev: introduce qdev_id_to_drive_id() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 28/51] blockdev: introduce and use get_block_info() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 29/51] blockdev: move helper for resize into module Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 30/51] blockdev: add helper to get node below throttle node Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 31/51] blockdev: resize: query and use node name for resize operation Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 32/51] blockdev: support using zeroinit filter Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 33/51] blockdev: make some functions private Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 34/51] blockdev: add 'no-throttle' option to skip generationg throttle top node Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 35/51] block job: allow specifying a block node that should be detached upon completion Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 36/51] block job: add blockdev mirror Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 37/51] blockdev: add change_medium() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 38/51] blockdev: add blockdev_change_medium() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 39/51] blockdev: move helper for configuring throttle limits to module Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 40/51] clone disk: skip check for aio=default (io_uring) compatibility starting with machine version 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 41/51] print drive device: don't reference any drive for 'none' " Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 42/51] blockdev: add support for NBD paths Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 43/51] blockdev: add helper to generate PBS block device for live restore Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 44/51] blockdev: support alloc-track driver for live-{import, restore} Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 45/51] live import: also record volid information Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 46/51] live import/restore: query which node to use for operation Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 47/51] live import/restore: use Blockdev::detach helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 48/51] command line: switch to blockdev starting with machine version 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 49/51] test: migration: update running machine to 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 50/51] partially fix #3227: ensure that target image for mirror has the same size for EFI disks Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 51/51] blockdev: pass along machine version to storage layer Fiona Ebner
2025-07-03 7:17 ` [pve-devel] [PATCH qemu/storage/qemu-server v3 00/51] let's switch to blockdev, blockdev, blockdev, part four (final) DERUMIER, Alexandre via pve-devel
2025-07-03 7:35 ` Fabian Grünbichler
2025-07-03 8:03 ` DERUMIER, Alexandre via pve-devel
2025-07-03 13:01 ` [pve-devel] applied-series: " Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93a47d7d-a5b8-4623-b3fe-11811b2f1918@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox