From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <d.tschlatscher@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 45C09708FD
 for <pve-devel@lists.proxmox.com>; Tue, 14 Jun 2022 15:43:24 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 379F41FD52
 for <pve-devel@lists.proxmox.com>; Tue, 14 Jun 2022 15:43:24 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 3F7F41FD49
 for <pve-devel@lists.proxmox.com>; Tue, 14 Jun 2022 15:43:23 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 854E243B1C
 for <pve-devel@lists.proxmox.com>; Tue, 14 Jun 2022 15:43:22 +0200 (CEST)
Message-ID: <e888c58f-415f-9a7c-2150-df54d0e98768@proxmox.com>
Date: Tue, 14 Jun 2022 15:43:21 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.10.0
Content-Language: en-US
To: pve-devel@lists.proxmox.com
References: <20220614122242.320670-1-d.tschlatscher@proxmox.com>
 <1655211024.erde2ks6ir.astroid@nora.none>
From: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
In-Reply-To: <1655211024.erde2ks6ir.astroid@nora.none>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.357 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_ASCII_DIVIDERS        0.8 Spam that uses ascii formatting tricks
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -1.732 Looks like a legit reply (A)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [lxc.pm, proxmox.com]
Subject: Re: [pve-devel] [PATCH container] fix: cloning a locked container
 creates an empty config
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 13:43:24 -0000



On 6/14/22 14:51, Fabian Grünbichler wrote:
> On June 14, 2022 2:22 pm, Daniel Tschlatscher wrote:
>> When an attempt was made to clone a locked container the API would
>> correctly present the error 'CT is locked (disk)' but create the
>> config files for the new container anyway and then abort.
>>
>> The fix is to simply check whether the CT config is locked before
>> creating the configs for the new container.
> 
> is there a reason for not just moving it to the start of the eval block 
> to avoid the same problem being re-introduced in the future? any error 
> occuring inside the eval block will then trigger a cleanup..
> 

When an error occurs and the cleanup is triggered, the cleanup tries to
release the lock again.

Moving the set_lock function into the eval block would create a problem
here:
If the lock was created by another process (and if it is a 'disk' lock)
set_lock would emit an error and the lock would be incorrectly released
by this process, which did not originally acquire it.

>>
>> Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
>> ---
>>  src/PVE/API2/LXC.pm | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
>> index 64724cb..e1b4cd3 100644
>> --- a/src/PVE/API2/LXC.pm
>> +++ b/src/PVE/API2/LXC.pm
>> @@ -1461,9 +1461,6 @@ __PACKAGE__->register_method({
>>  	my $vollist = [];
>>  	my $running;
>>  
>> -	PVE::LXC::Config->create_and_lock_config($newid, 0);
>> -	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
>> -
>>  	my $lock_and_reload = sub {
>>  	    my ($vmid, $code) = @_;
>>  	    return PVE::LXC::Config->lock_config($vmid, sub {
>> @@ -1477,6 +1474,9 @@ __PACKAGE__->register_method({
>>  
>>  	my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk');
>>  
>> +	PVE::LXC::Config->create_and_lock_config($newid, 0);
>> +	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
>> +
>>  	$running = PVE::LXC::check_running($vmid) || 0;
>>  
>>  	my $full = extract_param($param, 'full');
>> -- 
>> 2.30.2
>>
>>
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>>
>>
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>