vm: refuse to start a VM not present in a collection

Check early (but after grabbing a startup_lock) if VM isn't just removed. This could happen if someone grabs its reference from other places (netvm of something else?) or just before removing it. This commit makes the simple removal from the collection (done as the first step in admin.vm.Remove implementation) efficient way to block further VM startups, without introducing extra properties. For this to be effective, removing from the collection, needs to happen with the startup_lock held. Modify admin.vm.Remove accordingly.
2019-09-29 06:06:25 +02:00 · 2019-09-29 06:06:25 +02:00 · 732231efb0
Commit 732231efb0
--- a/qubes/api/admin.py
+++ b/qubes/api/admin.py
@ -1130,19 +1130,20 @@ class QubesAdminAPI(qubes.api.AbstractQubesAPI):

        self.fire_event_for_permission()

-        if not self.dest.is_halted():
-            raise qubes.exc.QubesVMNotHaltedError(self.dest)
+        with (yield from self.dest.startup_lock):
+            if not self.dest.is_halted():
+                raise qubes.exc.QubesVMNotHaltedError(self.dest)

-        if self.dest.installed_by_rpm:
-            raise qubes.exc.QubesVMInUseError(self.dest, \
-                "VM installed by package manager: " + self.dest.name)
+            if self.dest.installed_by_rpm:
+                raise qubes.exc.QubesVMInUseError(self.dest,
+                    "VM installed by package manager: " + self.dest.name)

-        del self.app.domains[self.dest]
-        try:
-            yield from self.dest.remove_from_disk()
-        except:  # pylint: disable=bare-except
-            self.app.log.exception('Error while removing VM \'%s\' files',
-                self.dest.name)
+            del self.app.domains[self.dest]
+            try:
+                yield from self.dest.remove_from_disk()
+            except:  # pylint: disable=bare-except
+                self.app.log.exception('Error while removing VM \'%s\' files',
+                    self.dest.name)

        self.app.save()

--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@ -1008,6 +1008,9 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
        '''

        with (yield from self.startup_lock):
+            # check if domain wasn't removed in the meantime
+            if self not in self.app.domains:
+                raise qubes.exc.QubesVMNotFoundError(self.name)
            # Intentionally not used is_running(): eliminate also "Paused",
            # "Crashed", "Halting"
            if self.get_power_state() != 'Halted':