Skip to content

Commit a87adb5

Browse files
thomassathomassa
committed
CP-14790: Restrict copy/clone of Windows-update VMs
Do the Windows-update-feature licence check in Xapi_vm_clone.clone before cloning/copying the discs, rather than in copy_vm_record which is called afterwards. This is safe because copy_vm_record is not called from anywhere else and is not exposed in the .mli file, and Xapi_vm_clone.clone is common code called by VM clone, copy, snapshot and checkpoint. We allow creation of snapshots and checkpoints without checking the licence. Signed-off-by: Thomas Sanders <[email protected]>
1 parent 0ffe6f1 commit a87adb5

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

ocaml/xapi/xapi_vm_clone.ml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -183,13 +183,16 @@ let snapshot_metadata ~__context ~vm ~is_a_snapshot =
183183
""
184184

185185
(* return a new VM record, in appropriate power state and having the good metrics. *)
186+
(* N.B. always check VM.auto_update_drivers and Features.PCI_device_for_auto_update before calling this,
187+
* as is done before the single existing call to this function.
188+
* If ever we need to expose this function in the .mli file then we should do the check in the function. *)
186189
let copy_vm_record ?(snapshot_info_record) ~__context ~vm ~disk_op ~new_name ~new_power_state =
190+
let all = Db.VM.get_record_internal ~__context ~self:vm in
191+
let is_a_snapshot = disk_op = Disk_op_snapshot || disk_op = Disk_op_checkpoint in
187192
let task_id = Ref.string_of (Context.get_task_id __context) in
188193
let uuid = Uuid.make_uuid () in
189194
let ref = Ref.make () in
190-
let all = Db.VM.get_record_internal ~__context ~self:vm in
191195
let power_state = Db.VM.get_power_state ~__context ~self:vm in
192-
let is_a_snapshot = disk_op = Disk_op_snapshot || disk_op = Disk_op_checkpoint in
193196
let current_op =
194197
match disk_op with
195198
| Disk_op_clone -> `clone
@@ -373,6 +376,11 @@ let clone ?(snapshot_info_record) disk_op ~__context ~vm ~new_name =
373376

374377
let is_a_snapshot = disk_op = Disk_op_snapshot || disk_op = Disk_op_checkpoint in
375378

379+
(* Check licence permission before copying disks, since the copy can take a long time.
380+
* We always allow snapshotting a VM, but check before clone/copy of an existing snapshot or template. *)
381+
if (Db.VM.get_auto_update_drivers ~__context ~self:vm && not is_a_snapshot) then
382+
Pool_features.assert_enabled ~__context ~f:Features.PCI_device_for_auto_update;
383+
376384
(* driver params to be passed to storage backend clone operations. *)
377385
let driver_params = make_driver_params () in
378386

0 commit comments

Comments
 (0)