[libvirt] [PATCH] qemu: checkpoint: Do ACL check prior to snapshot interlocking

Peter Krempa posted 1 patch 4 years, 6 months ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/ba21de830b73f13c6cb3956789878134b655afe0.1569572727.git.pkrempa@redhat.com
src/qemu/qemu_driver.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
[libvirt] [PATCH] qemu: checkpoint: Do ACL check prior to snapshot interlocking
Posted by Peter Krempa 4 years, 6 months ago
The interlocking with snapshots is executed prior to the ACL check so if
a VM has snapshots invoking the checkpoint API may leak it's existance.

Introduced with the qemuDomainCheckpointCreateXML API implementation in
commit 5f4e0796503.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---

Split out from the checkpoint refactor series as I didn't notice this
one originally.

 src/qemu/qemu_driver.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d5f5fd6990..3b2eb30606 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -17283,18 +17283,18 @@ qemuDomainCheckpointCreateXML(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;

-    if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) {
-        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-                       _("cannot create checkpoint while snapshot exists"));
-        goto cleanup;
-    }
-
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);

     if (virDomainCheckpointCreateXMLEnsureACL(domain->conn, vm->def, flags) < 0)
         goto cleanup;

+    if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("cannot create checkpoint while snapshot exists"));
+        goto cleanup;
+    }
+
     if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BITMAP_MERGE)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("qemu binary lacks persistent bitmaps support"));
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: checkpoint: Do ACL check prior to snapshot interlocking
Posted by Pavel Hrdina 4 years, 5 months ago
On Fri, Sep 27, 2019 at 10:26:13AM +0200, Peter Krempa wrote:
> The interlocking with snapshots is executed prior to the ACL check so if
> a VM has snapshots invoking the checkpoint API may leak it's existance.
> 
> Introduced with the qemuDomainCheckpointCreateXML API implementation in
> commit 5f4e0796503.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
> 
> Split out from the checkpoint refactor series as I didn't notice this
> one originally.
> 
>  src/qemu/qemu_driver.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list