[pve-devel] [PATCH container] create_vm: fix order of config creation/reading/locking
Fabian Ebner
f.ebner at proxmox.com
Thu Apr 30 09:52:09 CEST 2020
On 30.04.20 08:59, Fabian Grünbichler wrote:
> On April 29, 2020 11:58 am, Fabian Ebner wrote:
>> The update_pct_config call leads to a write_config call and so the
>> configuration file was created before it was intended to be created.
>>
>> When the CFS is updated in between the write_config call and the
>> PVE::Cluster::check_vmid_unused call in create_and_lock_config,
>> the container file would already exist and so creation would
>> fail after writing out a basically empty config.
>> (Meaning this is necessary for the proposed "update CFS after
>> obtaining a configuration file lock" changes)
>>
>> Even worse, a race was possible for two containers created with the
>> same ID at the same time:
>> Assuming the initial PVE::Cluster::check_vmid_unused check in the
>> parameter verification passes for both create_vm calls, the later one
>> would potentially overwrite the earlier configuration file with its
>> update_pct_config call.
>>
>> Additionally, the file read for $old_config was always the one written
>> by update_pct_config. Meaning that for a create_vm call with force=1,
>> already existing old volumes were not removed.
>>
>> Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
>
> hmm, update_pct_config there was not intended to write out the config,
> but just to fill the $conf hash.
>
> three alternative approaches that would return to the original semantics:
> 1 skip hotplug/apply pending if pending section is empty (should always
> be the case in this code path)
> 2 add explicit parameter to skip
> 3 drop the hotplug/apply pending calls in update_pct_config, add them to
> the update_vm API endpoint instead.
>
> I'd prefer 3 - 1 - 2 in that order ;)
>
> 3 would be called with the same semantics in both call sites (create_vm
> and update_vm): here are add/delete/revert parameters, here's a conf
> hash; merge those operating solely on the conf hash.
>
Ok. I'll send a v2 with approach number 3.
>> ---
>>
>> Note that this should be applied before [0] to avoid temporary
>> (further ;)) breakage of container creation.
>>
>> [0]: https://pve.proxmox.com/pipermail/pve-devel/2020-April/043155.html
>>
>> src/PVE/API2/LXC.pm | 9 ++++-----
>> 1 file changed, 4 insertions(+), 5 deletions(-)
>>
>> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
>> index 148ba6a..46d2fd7 100644
>> --- a/src/PVE/API2/LXC.pm
>> +++ b/src/PVE/API2/LXC.pm
>> @@ -334,10 +334,6 @@ __PACKAGE__->register_method({
>> # check/activate default storage
>> &$check_and_activate_storage($storage) if !defined($mp_param->{rootfs});
>>
>> - PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
>> -
>> - $conf->{unprivileged} = 1 if $unprivileged;
>> -
>> my $emsg = $restore ? "unable to restore CT $vmid -" : "unable to create CT $vmid -";
>>
>> eval { PVE::LXC::Config->create_and_lock_config($vmid, $force) };
>> @@ -346,8 +342,11 @@ __PACKAGE__->register_method({
>> my $code = sub {
>> my $old_conf = PVE::LXC::Config->load_config($vmid);
>> my $was_template;
>> -
>> my $vollist = [];
>> +
>> + PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
>> + $conf->{unprivileged} = 1 if $unprivileged;
>> +
>> eval {
>> my $orig_mp_param; # only used if $restore
>> if ($restore) {
>> --
>> 2.20.1
>>
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list