Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Limit maximum length of kernelopts property

Browse Source 
Theoretically libvirt/libxl should reject too long values anyway, but
lets provide early feedback and reject value that would cause VM start
fail later.

Reported by @DemiMarie
This commit is contained in:
Marek Marczykowski-Górecki 2021-03-02 02:25:20 +01:00
parent d95b42df16
commit a0f82a2a93
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qubes/tests/vm/qubesvm.py
View File

@ -540,10 +540,8 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
del vm.kernelopts del vm.kernelopts
self.assertPropertyDefaultValue(vm, 'kernelopts', self.assertPropertyDefaultValue(vm, 'kernelopts',
qubes.config.defaults['kernelopts']) qubes.config.defaults['kernelopts'])
self.assertPropertyValue(vm, 'kernelopts', '', self.assertPropertyValue(vm, 'kernelopts', '', '', '')
'', '') self.assertPropertyInvalidValue(vm, 'kernelopts', 'A' * 1024),
# TODO?
# self.assertPropertyInvalidValue(vm, 'kernelopts', None),
@unittest.skip('test not implemented') @unittest.skip('test not implemented')
def test_261_kernelopts_pcidevs(self): def test_261_kernelopts_pcidevs(self):

17
qubes/vm/qubesvm.py
View File

@ -71,6 +71,22 @@ def _setter_kernel(self, prop, value):
return value return value
def _setter_kernelopts(self, prop, value):
"""Helper for setting the domain kernelopts and running sanity checks on it.
"""
if not value:
return ''
value = str(value)
# At least some parts of the Xen boot ABI limits the cmdline to 1024 chars.
# Limit it here to 512 chars, to leave some space for kernelopts_common
# and still be safe also against off-by-one errors.
if len(value) > 512:
raise qubes.exc.QubesPropertyValueError(
self, prop, value,
'Kernelopts value too long (512 chars max)')
return value
def _setter_positive_int(self, prop, value): def _setter_positive_int(self, prop, value):
""" Helper for setting a positive int. Checks that the int is > 0 """ """ Helper for setting a positive int. Checks that the int is > 0 """
# pylint: disable=unused-argument # pylint: disable=unused-argument
@ -635,6 +651,7 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
kernelopts = qubes.property( kernelopts = qubes.property(
'kernelopts', type=str, load_stage=4, 'kernelopts', type=str, load_stage=4,
default=_default_kernelopts, default=_default_kernelopts,
setter=_setter_kernelopts,
doc='Kernel command line passed to domain. TemplateBasedVMs use its ' doc='Kernel command line passed to domain. TemplateBasedVMs use its '
'template\'s value by default.') 'template\'s value by default.')