[pve-devel] [PATCH container] create_vm: fix order of config creation/reading/locking

Fabian Ebner f.ebner at proxmox.com
Wed Apr 29 11:58:38 CEST 2020 

The update_pct_config call leads to a write_config call and so the
configuration file was created before it was intended to be created.

When the CFS is updated in between the write_config call and the
PVE::Cluster::check_vmid_unused call in create_and_lock_config,
the container file would already exist and so creation would
fail after writing out a basically empty config.
(Meaning this is necessary for the proposed "update CFS after
obtaining a configuration file lock" changes)

Even worse, a race was possible for two containers created with the
same ID at the same time:
Assuming the initial PVE::Cluster::check_vmid_unused check in the
parameter verification passes for both create_vm calls, the later one
would potentially overwrite the earlier configuration file with its
update_pct_config call.

Additionally, the file read for $old_config was always the one written
by update_pct_config. Meaning that for a create_vm call with force=1,
already existing old volumes were not removed.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---

Note that this should be applied before [0] to avoid temporary
(further ;)) breakage of container creation.

[0]: https://pve.proxmox.com/pipermail/pve-devel/2020-April/043155.html

 src/PVE/API2/LXC.pm | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 148ba6a..46d2fd7 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -334,10 +334,6 @@ __PACKAGE__->register_method({
 	# check/activate default storage
 	&$check_and_activate_storage($storage) if !defined($mp_param->{rootfs});
 
-	PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
-
-	$conf->{unprivileged} = 1 if $unprivileged;
-
 	my $emsg = $restore ? "unable to restore CT $vmid -" : "unable to create CT $vmid -";
 
 	eval { PVE::LXC::Config->create_and_lock_config($vmid, $force) };
@@ -346,8 +342,11 @@ __PACKAGE__->register_method({
 	my $code = sub {
 	    my $old_conf = PVE::LXC::Config->load_config($vmid);
 	    my $was_template;
-
 	    my $vollist = [];
+
+	    PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
+	    $conf->{unprivileged} = 1 if $unprivileged;
+
 	    eval {
 		my $orig_mp_param; # only used if $restore
 		if ($restore) {
-- 
2.20.1

More information about the pve-devel mailing list