[pve-devel] [PATCH storage 2/2] fix #1452: also log stderr of remote command with insecure storage migration

Fabian Ebner f.ebner at proxmox.com
Thu Oct 1 10:11:36 CEST 2020


Commit 8fe00d99449b7c80e81ab3c9826625a4fcd89aa4 already
introduced the necessary logging for the secure code path,
so presumably the bug was already fixed for most people.

Delay the potential die for the send command to be able to log
the ouput+error from the receive command. Like this we also see e.g.
'volume ... already exists' instead of just 'broken pipe'.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---
 PVE/Storage.pm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index 4a60615..cd7b5ff 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -8,6 +8,7 @@ use POSIX;
 use IO::Select;
 use IO::File;
 use IO::Socket::IP;
+use IPC::Open3;
 use File::Basename;
 use File::Path;
 use Cwd 'abs_path';
@@ -698,15 +699,22 @@ sub storage_migrate {
     volume_snapshot($cfg, $volid, $snapshot) if $migration_snapshot;
     eval {
 	if ($insecure) {
-	    open(my $info, '-|', @$recv)
+	    my $input = IO::File->new();
+	    my $info = IO::File->new();
+	    open3($input, $info, $info, @{$recv})
 		or die "receive command failed: $!\n";
+	    close($input);
+
 	    my ($ip) = <$info> =~ /^($PVE::Tools::IPRE)$/ or die "no tunnel IP received\n";
 	    my ($port) = <$info> =~ /^(\d+)$/ or die "no tunnel port received\n";
 	    my $socket = IO::Socket::IP->new(PeerHost => $ip, PeerPort => $port, Type => SOCK_STREAM)
 		or die "failed to connect to tunnel at $ip:$port\n";
 	    # we won't be reading from the socket
 	    shutdown($socket, 0);
-	    run_command([$send, @cstream], output => '>&'.fileno($socket), errfunc => $logfunc);
+
+	    eval { run_command([$send, @cstream], output => '>&'.fileno($socket), errfunc => $logfunc); };
+	    my $send_error = $@;
+
 	    # don't close the connection entirely otherwise the receiving end
 	    # might not get all buffered data (and fails with 'connection reset by peer')
 	    shutdown($socket, 1);
@@ -722,6 +730,8 @@ sub storage_migrate {
 		die "import failed: $!\n" if $!;
 		die "import failed: exit code ".($?>>8)."\n";
 	    }
+
+	    die $send_error if $send_error;
 	} else {
 	    run_command([$send, @cstream, $recv], logfunc => $match_volid_and_log);
 	}
-- 
2.20.1






More information about the pve-devel mailing list