On 02.07.25 6:27 PM, Fiona Ebner wrote:
> @@ -733,7 +829,25 @@ sub qemu_blockdev_options {
> die "cannot use volume of type '$vtype' as a QEMU blockdevice\n"
> if $vtype ne 'images' && $vtype ne 'iso' && $vtype ne 'import';
>
> - return $plugin->qemu_blockdev_options($scfg, $storeid, $volname,
> $machine_version, $options);
> + my $blockdev =
> + $plugin->qemu_blockdev_options($scfg, $storeid, $volname,
> $machine_version, $options);
> +
> + if (my $driver = $blockdev->{driver}) {
> + my $allowed_opts = $allowed_qemu_blockdev_options->{$driver};
My subconscious just told me that I forgot to add a "die" here if the
driver itself is not allowed. Like this, all options will get dropped,
so it can't be abused, i.e. kinda works by accident, but should be fixed
of course.
> + for my $opt (keys $blockdev->%*) {
> + next if $opt eq 'driver';
> + if (!$allowed_opts->{$opt}) {
> + delete($blockdev->{$opt});
> + log_warn(
> + "volume '$volid' - dropping block device option '$opt'
> set by storage plugin"
> + . " - not currently part of allowed schema");
> + }
> + }
> + } else {
> + die "storage plugin for '$storeid' did not return a blockdev
> driver\n";
> + }
> +
> + return $blockdev;
> }
>
> # used as last resort to adapt volnames when migrating
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
