Do not abort suspend hooks if any qubes.Suspend* service fails to run

First of all, do not try to call those services in VMs not having qrexec installed - for example Windows VMs without qubes tools. Then, even if service call fails for any other reason, only log it but do not prevent other services from being called. A single uncooperative VM should generally be able only to hurt itself, not break other VMs during suspend. Fixes QubesOS/qubes-issues#3489
2019-02-24 16:08:49 +01:00 · 2019-02-24 16:08:49 +01:00 · 9257a6d14f
commit 9257a6d14f
parent eeec2e0ddd
2 changed files with 20 additions and 6 deletions
--- a/qubes/api/internal.py
+++ b/qubes/api/internal.py
@ -95,13 +95,19 @@ class QubesInternalAPI(qubes.api.AbstractQubesAPI):
        for vm in self.app.domains:
            if isinstance(vm, qubes.vm.adminvm.AdminVM):
                continue
-            if vm.is_running():
+            if not vm.is_running():
+                continue
+            if not vm.features.check_with_template('qrexec', False):
+                continue
+            try:
                proc = yield from vm.run_service(
                    'qubes.SuspendPreAll', user='root',
                    stdin=subprocess.DEVNULL,
                    stdout=subprocess.DEVNULL,
                    stderr=subprocess.DEVNULL)
                processes.append(proc)
+            except qubes.exc.QubesException as e:
+                vm.log.warning('Failed to run qubes.SuspendPreAll: %s', str(e))

        # FIXME: some timeout?
        if processes:
@ -141,13 +147,19 @@ class QubesInternalAPI(qubes.api.AbstractQubesAPI):
        for vm in self.app.domains:
            if isinstance(vm, qubes.vm.adminvm.AdminVM):
                continue
-            if vm.is_running():
+            if not vm.is_running():
+                continue
+            if not vm.features.check_with_template('qrexec', False):
+                continue
+            try:
                proc = yield from vm.run_service(
                    'qubes.SuspendPostAll', user='root',
                    stdin=subprocess.DEVNULL,
                    stdout=subprocess.DEVNULL,
                    stderr=subprocess.DEVNULL)
                processes.append(proc)
+            except qubes.exc.QubesException as e:
+                vm.log.warning('Failed to run qubes.SuspendPostAll: %s', str(e))

        # FIXME: some timeout?
        if processes:
--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@ -1213,6 +1213,7 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
            raise qubes.exc.QubesVMNotRunningError(self)

        if list(self.devices['pci'].attached()):
+            if self.features.check_with_template('qrexec', False):
                yield from self.run_service_for_stdio('qubes.SuspendPre',
                    user='root')
            self.libvirt_domain.pMSuspendForDuration(
@ -1244,6 +1245,7 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
        # pylint: disable=not-an-iterable
        if self.get_power_state() == "Suspended":
            self.libvirt_domain.pMWakeup()
+            if self.features.check_with_template('qrexec', False):
                yield from self.run_service_for_stdio('qubes.SuspendPost',
                    user='root')
        else: