Skip to content

<fix>[sharedblock]: convert memory snapshot install path from absolute path to protocol path #2889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zstack-robot-1 wants to merge 84 commits into
base: 5.4.2
Choose a base branch
from
Open

<fix>[sharedblock]: convert memory snapshot install path from absolute path to protocol path #2889

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
84 commits
Select commit Hold shift + click to select a range
bc338a4
<fix>[compute]: fix enum value of error
ruansteve Nov 6, 2025
b0f8057
<chore>[sdk]: Update sdk
AlanJager Nov 12, 2025
b0795d2
Merge branch 'fix-sdk' into '5.4.6'
AlanJager Nov 12, 2025
8e68faf
Merge branch 'shixin-ZSTAC-72279' into '5.4.6'
Nov 14, 2025
cbf8971
<feature>[conf]: recover UsedIpVO
ruansteve Nov 18, 2025
d65ecbd
Merge branch 'shixin-ZSTAC-77608' into '5.4.6'
Nov 19, 2025
f6a093c
<fix>[applianceVm]: refactor applianVm cascade
ruansteve Nov 19, 2025
92abd58
Merge branch 'shixin-ZSTAC-79667@@2' into '5.4.6'
Nov 20, 2025
b2f4bff
<fix>[conf]: bump version to 5.4.6
liang-hanyu Nov 20, 2025
a9d5e4f
Merge branch 'bump-version-5.4.6' into '5.4.6'
Nov 20, 2025
7f38521
<chore>[sdk]: Update sdk
AlanJager Nov 21, 2025
fb51207
Merge branch 'ZSTAC-74156@@2' into '5.4.6'
AlanJager Nov 24, 2025
ed4dca5
<fix>[conf]: update model service's framework in sql schema
Nov 21, 2025
a36167c
Merge branch 'fix_ZSTAC-79819@@2' into '5.4.6'
Nov 24, 2025
e8785c0
<fix>[conf]: Upgrade xtts and sdxl-turbo's architecture type
AlanJager Nov 25, 2025
c2be944
Merge branch 'ZSTAC-79822@@2' into '5.4.6'
Nov 25, 2025
c682625
<fix>[sdk]: Update sdk
AlanJager Nov 25, 2025
a9e47e9
<fix>[conf]: Fix update schema
AlanJager Nov 25, 2025
f3cf729
<fix>[zbs]: reload if addon info null
PandaWuu Nov 25, 2025
8199952
Merge branch '5.4.6' into '5.4.6'
Nov 25, 2025
0fd7092
Merge branch 'ZSTAC-78793@@2' into '5.4.6'
Nov 26, 2025
48ecbf2
<fix>[testlib]: update libcbd on deploying client
PandaWuu Nov 25, 2025
48ec0ec
<fix>[sdk]: Update sdk
AlanJager Nov 25, 2025
6627fc1
Merge branch '5.4.6' into '5.4.6'
Nov 26, 2025
fbd14ba
Merge branch 'ZSTAC-80119@@2' into '5.4.6'
Nov 27, 2025
ae91aba
<fix>[sdk]: Update sdk
AlanJager Nov 29, 2025
5d16c0c
Merge branch 'ZSTAC-80119-p2@@2' into '5.4.6'
Dec 1, 2025
c25cfa1
<fix>[ceph]: change default password
Ezreal-07 Dec 1, 2025
cce827d
<fix>[conf]: Add isolated field to gpu and gpu spec
AlanJager Dec 2, 2025
7f5c5cf
<fix>[sdk]: Update sdk
AlanJager Dec 2, 2025
d6f928c
Merge branch 'ZSTAC-79981@@2' into '5.4.6'
Dec 3, 2025
fa23178
<fix>[sdk]: Fix sdk and upgrade gpuVendor field
AlanJager Dec 3, 2025
18692ef
<fix>[conf]: Fix model services whose cpu arch missed in db
AlanJager Dec 3, 2025
73bccac
Merge branch 'ZSTAC-80203-p2@@2' into '5.4.6'
Dec 3, 2025
e4cd827
Merge branch 'ZSTAC-80334@@2' into '5.4.6'
Dec 4, 2025
1372396
<fix>[sdk]: Update sdk and add new fields
AlanJager Dec 4, 2025
9741abc
<fix>[compute]: Export public method for static ip case
AlanJager Dec 4, 2025
8e2f5a1
Merge branch 'ZSTAC-78057@@2' into '5.4.6'
Dec 4, 2025
2048e5b
<fix>[conf]: Fix missing records in ModelServiceGpuVendorVO
AlanJager Dec 4, 2025
7b64894
Merge branch 'ZSTAC-80203' into '5.4.6'
AlanJager Dec 4, 2025
1d32a1e
<feature>[storage]: use specify msg get volume path
MaJin1996 Nov 3, 2025
21cea27
Merge branch 'fix-path-get@@2' into '5.4.6'
MaJin1996 Dec 4, 2025
c816315
Merge branch 'ZSTAC-80381@@2' into '5.4.6'
AlanJager Dec 5, 2025
e0cb873
<feature>[conf]: Upgrade GpuDeviceVO add gpuStatus
AlanJager Dec 5, 2025
2de68d8
Merge branch 'ZSTAC-79761@@2' into '5.4.6'
Dec 5, 2025
1d5b821
<fix>[conf]: update ModelServiceInstanceGroupVO schema
Dec 5, 2025
2658553
Merge branch 'ZSTAC-80375@@2' into '5.4.6'
AlanJager Dec 5, 2025
55a16d3
<fix>[conf]: Fix gpu work status upgrade sql
AlanJager Dec 8, 2025
7ad8dac
<fix>[sdk]: Update sdk
AlanJager Dec 8, 2025
0e89e5a
Merge branch 'ZSTAC-80451' into '5.4.6'
Dec 8, 2025
1722dc7
Merge branch 'ZSTAC-80172-p2@@2' into '5.4.6'
Dec 8, 2025
4a2c551
Merge branch 'cp-80332@@2' into '5.4.6'
Dec 8, 2025
6c8be0f
<fix>[iam2-ldap]: support two-factor authentication for AD/LDAP accounts
liang-hanyu Nov 20, 2025
845671d
<feature>[applianceVm]: support sriov bond
bustezero Nov 5, 2025
50df70c
<feature>[vm]: Modifying the vnc password does not require a restart
Ezreal-07 Dec 15, 2025
6b6c758
<feature>[storage-migration]: storage migration supports specifying v…
Oct 13, 2025
8de02f3
Merge branch 'feature-5.5.0-bond-sriov-final@@2' into '5.5.0'
Dec 16, 2025
4baa981
<fix>[conf]: add dependent devices support for PCI device group
Dec 16, 2025
e4da6d5
<fix>[sdk]: support kunlunxin GPU
Nov 30, 2025
c56778a
Merge branch 'feature-79110@@3' into '5.5.0'
Dec 17, 2025
1afe6f2
<fix>[sdk]: support designating ps for slb instance
PandaWuu Nov 18, 2025
988e33e
Merge branch 'fv-vnc@@3' into '5.5.0'
Dec 17, 2025
cb9e3f3
Merge branch '5.5.0@@2' into '5.5.0'
Dec 17, 2025
05817d1
<fix>[vhost]:fix start vm failed
Dec 16, 2025
cf723d4
Merge branch 'fix-73108@@2' into '5.5.0'
Dec 18, 2025
6124ca4
Merge branch 'fix-ZSTAC-80546@@3' into '5.5.0'
Dec 18, 2025
938e84b
Merge branch 'fix-ZSTAC-79647@@2' into '5.5.0'
Dec 18, 2025
9445647
<fix>[sdk]: support designating ps for slb instance
PandaWuu Nov 18, 2025
a56d7a6
<fix>[storage]: external storage support multi pools
MaJin1996 Nov 14, 2025
8f59d57
<fix>[conf]: modify addon info to TEXT
MaJin1996 Dec 15, 2025
4a61ea1
<fix>[zbs]: support zbs storage discover
MaJin1996 Dec 16, 2025
a543629
<fix>[storage]: support multi pool heartbeat volume
MaJin1996 Dec 16, 2025
cfb74be
<fix>[zbs]: support copy volume to another pool
MaJin1996 Dec 18, 2025
5be68d9
Merge branch 'feature-5.5.0-zbs@@3' into '5.5.0'
MaJin1996 Dec 19, 2025
4f7be58
<fix>[mevoco]: correct ARM and VMware add-ons not consuming main lice…
liang-hanyu Nov 18, 2025
efb1d9a
<fix>[conf]: support comparing remote and local quota info in Registe…
liang-hanyu Dec 1, 2025
1ae8682
<fix>[mevoco]: correct capacity check under addon overuse
liang-hanyu Nov 26, 2025
9314491
<fix>[mevoco]: support retrieving self-usage information in getLicens…
liang-hanyu Dec 9, 2025
e00716d
Merge branch 'fix-79953@@2' into '5.5.0'
Dec 19, 2025
30f8a35
<feature>[hygon]: Hygon CCP Device Passthrough
Dec 1, 2025
440f0fb
Merge branch 'feature-5.5.0-hygon-cpu-se@@3' into '5.5.0'
Dec 20, 2025
d30cc1c
<feature>[sdnHa]: add ha for sdn controller
Nov 17, 2025
2241420
Merge branch 'merge-feature-ovnha-ZSTAC-79204@@4' into '5.5.0'
Dec 20, 2025
0c852e2
<fix>[sharedblock]: convert memory snapshot install path from absolut…
Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
MAJOR=5
MINOR=4
UPDATE=2
UPDATE=6
26 changes: 16 additions & 10 deletions build/deploydb.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ else
loginCmd="--user=$user --password=$password --host=$host --port=$port"
fi

if command -v greatdb &> /dev/null; then
# Detect MySQL version
# Extract major version number from various MySQL/MariaDB/GreatDB output formats
db_version=$(${MYSQL} --version 2>/dev/null | grep -oP '\d+\.\d+\.\d+' | head -1 | cut -d'.' -f1 || echo "5")

# GreatDB and MySQL 8.0+ require CREATE USER before GRANT
if command -v greatdb &> /dev/null || [ "$db_version" -ge 8 ] 2>/dev/null; then
Copy link

@coderabbitai coderabbitai bot Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

条件判断中的错误抑制可能掩盖问题

在第 35 行,数值比较 [ "$db_version" -ge 8 ] 2>/dev/null 使用了错误重定向。虽然之前有回退机制,但如果 db_version 变量包含非数字值,这个条件会静默失败并跳过该分支。

建议在条件判断前显式验证 db_version 是否为有效数字,使脚本行为更可预测。

🔎 建议的改进方案 
+# Validate db_version is numeric
+if ! [[ "$db_version" =~ ^[0-9]+$ ]]; then
+    echo "Error: Invalid database version detected: $db_version" >&2
+    exit 1
+fi
+
 # GreatDB and MySQL 8.0+ require CREATE USER before GRANT
-if command -v greatdb &> /dev/null || [ "$db_version" -ge 8 ] 2>/dev/null; then
+if command -v greatdb &> /dev/null || [ "$db_version" -ge 8 ]; then
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if command -v greatdb &> /dev/null || [ "$db_version" -ge 8 ] 2>/dev/null; then
# Validate db_version is numeric
if ! [[ "$db_version" =~ ^[0-9]+$ ]]; then
echo "Error: Invalid database version detected: $db_version" >&2
exit 1
fi
# GreatDB and MySQL 8.0+ require CREATE USER before GRANT
if command -v greatdb &> /dev/null || [ "$db_version" -ge 8 ]; then

${MYSQL} ${loginCmd} << EOF
set global log_bin_trust_function_creators=1;
DROP DATABASE IF EXISTS zstack;
Expand All @@ -42,16 +47,17 @@ if command -v greatdb &> /dev/null; then
grant all privileges on zstack_rest.* to root@'127.0.0.1';
EOF
else
# MySQL 5.x: GRANT with IDENTIFIED BY auto-creates users
${MYSQL} ${loginCmd} << EOF
set global log_bin_trust_function_creators=1;
DROP DATABASE IF EXISTS zstack;
CREATE DATABASE zstack;
DROP DATABASE IF EXISTS zstack_rest;
CREATE DATABASE zstack_rest;
grant all privileges on zstack.* to root@'%' identified by "${password}";
grant all privileges on zstack_rest.* to root@'%' identified by "${password}";
grant all privileges on zstack.* to root@'127.0.0.1' identified by "${password}";
grant all privileges on zstack_rest.* to root@'127.0.0.1' identified by "${password}";
set global log_bin_trust_function_creators=1;
DROP DATABASE IF EXISTS zstack;
CREATE DATABASE zstack;
DROP DATABASE IF EXISTS zstack_rest;
CREATE DATABASE zstack_rest;
grant all privileges on zstack.* to root@'%' identified by "${password}";
grant all privileges on zstack_rest.* to root@'%' identified by "${password}";
grant all privileges on zstack.* to root@'127.0.0.1' identified by "${password}";
grant all privileges on zstack_rest.* to root@'127.0.0.1' identified by "${password}";
EOF
fi

Expand Down
10 changes: 10 additions & 0 deletions build/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,6 +495,16 @@
<artifactId>vpc</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.zstack</groupId>
<artifactId>nfvInstGroup</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.zstack</groupId>
<artifactId>nfvInst</artifactId>
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.zstack</groupId>
Expand Down
14 changes: 8 additions & 6 deletions compute/src/main/java/org/zstack/compute/allocator/HostAllocatorManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -530,12 +530,14 @@ public void fail(ErrorCode errorCode) {

@Override
public void rollback(FlowRollback trigger, Map data) {
ReturnHostCapacityMsg rmsg = new ReturnHostCapacityMsg();
rmsg.setHostUuid(reply.getHost().getUuid());
rmsg.setMemoryCapacity(spec.getMemoryCapacity());
rmsg.setCpuCapacity(spec.getCpuCapacity());
bus.makeTargetServiceIdByResourceUuid(rmsg, HostAllocatorConstant.SERVICE_ID, rmsg.getHostUuid());
bus.send(rmsg);
if (reply.getHost() != null) {
ReturnHostCapacityMsg rmsg = new ReturnHostCapacityMsg();
rmsg.setHostUuid(reply.getHost().getUuid());
rmsg.setMemoryCapacity(spec.getMemoryCapacity());
rmsg.setCpuCapacity(spec.getCpuCapacity());
bus.makeTargetServiceIdByResourceUuid(rmsg, HostAllocatorConstant.SERVICE_ID, rmsg.getHostUuid());
bus.send(rmsg);
}
trigger.rollback();
}
}).then(new NoRollbackFlow() {
Expand Down
6 changes: 5 additions & 1 deletion compute/src/main/java/org/zstack/compute/allocator/HostSortorChain.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,11 @@ public void fail(ErrorCode errorCode) {
@Override
public void done(ErrorCodeList errorCodeList) {
if (selectedHost.get() == null) {
completion.fail(errorCodeList);
if (!errorCodeList.getCauses().isEmpty()) {
completion.fail(errorCodeList.getCauses().get(0));
} else {
completion.fail(operr("failed to reserve host capacity for all candidate hosts"));
}
return;
}
completion.success(selectedHost.get());
Expand Down
17 changes: 17 additions & 0 deletions compute/src/main/java/org/zstack/compute/allocator/SysComponentMemUsageExtensionPoint.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package org.zstack.compute.allocator;

public interface SysComponentMemUsageExtensionPoint {
/**
* Retrieves the amount of huge page memory used by the system component (in byte).
*
* @return the number of byte of huge page memory in use
*/
long getHugePageMemoryUsage(String hostUuid);
Comment on lines +4 to +9
Copy link

@coderabbitai coderabbitai bot Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

完善 Javadoc 文档并修正语法错误。

该方法的 Javadoc 存在以下问题:

  1. 缺少参数说明:hostUuid 参数没有使用 @param 标签进行说明。
  2. 语法错误:Line 5 和 Line 7 中的 "byte" 应为复数形式 "bytes"。

根据编码规范,接口方法必须配有完整有效的 Javadoc 注释,包括所有参数的说明。

🔎 建议的修复 
     /**
-     * Retrieves the amount of huge page memory used by the system component (in byte).
+     * Retrieves the amount of huge page memory used by the system component (in bytes).
      *
-     * @return the number of byte of huge page memory in use
+     * @param hostUuid the UUID of the host
+     * @return the number of bytes of huge page memory in use
      */
     long getHugePageMemoryUsage(String hostUuid);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/**
* Retrieves the amount of huge page memory used by the system component (in byte).
*
* @return the number of byte of huge page memory in use
*/
long getHugePageMemoryUsage(String hostUuid);
/**
* Retrieves the amount of huge page memory used by the system component (in bytes).
*
* @param hostUuid the UUID of the host
* @return the number of bytes of huge page memory in use
*/
long getHugePageMemoryUsage(String hostUuid);
🤖 Prompt for AI Agents 
In
compute/src/main/java/org/zstack/compute/allocator/SysComponentMemUsageExtensionPoint.java
around lines 4 to 9, the Javadoc for getHugePageMemoryUsage is missing a @param
for hostUuid and uses singular "byte" incorrectly; update the Javadoc to include
an @param hostUuid description (e.g., "the UUID of the host to query") and
change "byte" to "bytes" in both the short description and the @return line so
the comment reads "Retrieves the amount of huge page memory used by the system
component (in bytes)." and "@return the number of bytes of huge page memory in
use".


/**
* Retrieves the amount of normal memory used by the system component (in byte).
*
* @return the number of byte of normal memory in use
*/
long getNormalMemoryUsage(String hostUuid);
Comment on lines +11 to +16
Copy link

@coderabbitai coderabbitai bot Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

完善 Javadoc 文档并修正语法错误。

该方法的 Javadoc 存在与 getHugePageMemoryUsage 相同的问题:

  1. 缺少参数说明:hostUuid 参数没有使用 @param 标签进行说明。
  2. 语法错误:Line 12 和 Line 14 中的 "byte" 应为复数形式 "bytes"。
🔎 建议的修复 
     /**
-     * Retrieves the amount of normal memory used by the system component (in byte).
+     * Retrieves the amount of normal memory used by the system component (in bytes).
      *
-     * @return the number of byte of normal memory in use
+     * @param hostUuid the UUID of the host
+     * @return the number of bytes of normal memory in use
      */
     long getNormalMemoryUsage(String hostUuid);
🤖 Prompt for AI Agents 
In
compute/src/main/java/org/zstack/compute/allocator/SysComponentMemUsageExtensionPoint.java
around lines 11 to 16, the Javadoc for getNormalMemoryUsage is missing a @param
for hostUuid and incorrectly uses the singular "byte" twice; update the Javadoc
to add a @param hostUuid describing the host UUID parameter and change both
occurrences of "byte" to the plural "bytes" so the description reads "in bytes"
and "@return the number of bytes of normal memory in use".

}
3 changes: 3 additions & 0 deletions compute/src/main/java/org/zstack/compute/host/HostSystemTags.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,7 @@ public class HostSystemTags {

public static String DEPLOY_MODE_TOKEN = "deployMode";
public static PatternedSystemTag DEPLOY_MODE = new PatternedSystemTag(String.format("deployMode::{%s}", DEPLOY_MODE_TOKEN), HostVO.class);

public static String HYGON_MDEV_MAX_QEMU_NUM_TOKEN = "hygonMdevMaxQemuNum";
public static PatternedSystemTag HYGON_MDEV_MAX_QEMU_NUM = new PatternedSystemTag(String.format("hygonMdevMaxQemuNum::{%s}", HYGON_MDEV_MAX_QEMU_NUM_TOKEN), HostVO.class);
}
1 change: 1 addition & 0 deletions compute/src/main/java/org/zstack/compute/vm/AbstractVmInstance.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ public abstract class AbstractVmInstance implements VmInstance {
AttachIsoToVmInstanceMsg.class.getName(),
APIDetachIsoFromVmInstanceMsg.class.getName(),
APIGetVmConsoleAddressMsg.class.getName(),
APIUpdateConsolePasswordMsg.class.getName(),
APIDeleteVmStaticIpMsg.class.getName(),
APIPauseVmInstanceMsg.class.getName(),
CreateTemplateFromRootVolumeSnapShotVmMsg.class.getName(),
Expand Down
8 changes: 4 additions & 4 deletions compute/src/main/java/org/zstack/compute/vm/MacOperator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ public boolean checkDuplicateMac(String hypervisorType, String l3Uuid, String ma
public static String generateMacWithDeviceId(short deviceId) {
VmMacAddressSchemaType type;
try {
type = VmMacAddressSchemaType.valueOf(VmGlobalProperty.vmMacAddressSchema.toLowerCase());
type = VmMacAddressSchemaType.valueOf(VmGlobalProperty.vmMacAddressSchema);
} catch (Exception e) {
type = VmMacAddressSchemaType.Random;
}
Expand All @@ -148,8 +148,8 @@ public static String generateMacWithDeviceIdIp(short deviceId) {
}

/* encode mgt ip address into mac address: for example,
* mgt ip is: 172.24.0.81, its hex string: AC 18 0 51,
* so mac address will look like: 18:00:51:xx:xx:yy
* mgt ip is: 172.24.0.81, its hex string: AC 18 00 51,
* so mac address will look like: fa:00:51:xx:xx:yy
* xx:xx are random. yy is device ID */
int mgtIpL = (int)NetworkUtils.ipv4StringToLong(mgtIp);
String mgtIpStr = Integer.toHexString(mgtIpL);
Expand All @@ -158,7 +158,7 @@ public static String generateMacWithDeviceIdIp(short deviceId) {
mgtIpStr = compensate + mgtIpStr;
}

StringBuilder sb = new StringBuilder(mgtIpStr.substring(2, 4)).append(":");
StringBuilder sb = new StringBuilder("fa").append(":");
sb.append(mgtIpStr, 4, 6).append(":");
sb.append(mgtIpStr, 6, 8).append(":");

Expand Down
17 changes: 11 additions & 6 deletions compute/src/main/java/org/zstack/compute/vm/StaticIpOperator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,8 +318,7 @@ public void validateSystemTagInCreateMessage(APICreateMessage msg) {
validateSystemTagInApiMessage(msg);
}

public void validateSystemTagInApiMessage(APIMessage msg) {
Map<String, NicIpAddressInfo> staticIps = getNicNetworkInfoBySystemTag(msg.getSystemTags());
public List<String> fillUpStaticIpInfoToVmNics(Map<String, NicIpAddressInfo> staticIps) {
List<String> newSystags = new ArrayList<>();
for (Map.Entry<String, NicIpAddressInfo> e : staticIps.entrySet()) {
String l3Uuid = e.getKey();
Expand Down Expand Up @@ -350,7 +349,7 @@ public void validateSystemTagInApiMessage(APIMessage msg) {
));
} else if (!nicIp.ipv4Netmask.equals(ipRangeVO.getNetmask())) {
throw new ApiMessageInterceptionException(operr("netmask error, expect: %s, got: %s",
ipRangeVO.getNetmask(), nicIp.ipv4Netmask));
ipRangeVO.getNetmask(), nicIp.ipv4Netmask));
}

if (StringUtils.isEmpty(nicIp.ipv4Gateway)) {
Expand Down Expand Up @@ -397,10 +396,16 @@ public void validateSystemTagInApiMessage(APIMessage msg) {
}
}
}
}

if (!newSystags.isEmpty()) {
msg.getSystemTags().addAll(newSystags);
}
return newSystags;
}

public void validateSystemTagInApiMessage(APIMessage msg) {
Map<String, NicIpAddressInfo> staticIps = getNicNetworkInfoBySystemTag(msg.getSystemTags());
List<String> newSystags = fillUpStaticIpInfoToVmNics(staticIps);
if (!newSystags.isEmpty()) {
msg.getSystemTags().addAll(newSystags);
}
}

Expand Down
4 changes: 4 additions & 0 deletions compute/src/main/java/org/zstack/compute/vm/VmGlobalConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,4 +133,8 @@ public class VmGlobalConfig {
@GlobalConfigValidation(validValues = {"None", "AuthenticAMD"})
@BindResourceConfig(value = {VmInstanceVO.class})
public static GlobalConfig VM_CPUID_VENDOR = new GlobalConfig(CATEGORY, "vm.cpuid.vendor");

@GlobalConfigValidation(validValues = {"true", "false", "auto"})
@GlobalConfigDef(defaultValue = "false", type = String.class, description = "generate config required for vhost primary storage")
public static GlobalConfig GENERATE_CONFIG_VHOST_REQUIRED = new GlobalConfig(CATEGORY, "generate.config.vhost.required");
}
21 changes: 21 additions & 0 deletions compute/src/main/java/org/zstack/compute/vm/VmInstanceApiInterceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
import org.zstack.compute.VmNicUtils;
import org.zstack.core.cloudbus.CloudBus;
import org.zstack.core.componentloader.PluginRegistry;
import org.zstack.core.config.GlobalConfigVO;
import org.zstack.core.config.GlobalConfigVO_;
import org.zstack.core.db.*;
import org.zstack.core.db.SimpleQuery.Op;
import org.zstack.header.apimediator.ApiMessageInterceptionException;
Expand Down Expand Up @@ -137,6 +139,8 @@ else if (msg instanceof APIAttachVmNicToVmMsg) {
validate((APIUpdateVmInstanceMsg) msg);
} else if (msg instanceof APISetVmConsolePasswordMsg) {
validate((APISetVmConsolePasswordMsg) msg);
} else if (msg instanceof APIUpdateConsolePasswordMsg) {
validate((APIUpdateConsolePasswordMsg) msg);
} else if (msg instanceof APIChangeInstanceOfferingMsg) {
validate((APIChangeInstanceOfferingMsg) msg);
} else if (msg instanceof APIMigrateVmMsg) {
Expand Down Expand Up @@ -1533,6 +1537,23 @@ private void validate(APISetVmConsolePasswordMsg msg) {
}
}

private void validate(APIUpdateConsolePasswordMsg msg) {
VmInstanceVO vm = dbf.findByUuid(msg.getUuid(), VmInstanceVO.class);
if (vm.getState() != VmInstanceState.Running) {
throw new ApiMessageInterceptionException(operr(
"Cannot update console password for VM[uuid:%s] because it is not in 'Running' state. Current state is '%s'.",
vm.getUuid(), vm.getState()
));
}
boolean hasPassword = VmSystemTags.CONSOLE_PASSWORD.hasTag(vm.getUuid());
if (!hasPassword) {
throw new ApiMessageInterceptionException(operr(
"Cannot update the console password for VM[uuid:%s] because no console password is currently set. ",
vm.getUuid()
));
}
}
Comment on lines +1540 to +1555
Copy link

@coderabbitai coderabbitai bot Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

缺少密码格式验证。

当前验证方法检查了虚拟机状态和控制台密码是否存在,但缺少对新密码内容的格式验证

参考同文件中 validate(APISetVmConsolePasswordMsg) 的实现(第 1533-1538 行),该方法包含了重要的安全检查:

if (pwd.startsWith("password")){
    throw new ApiMessageInterceptionException(argerr("The console password cannot start with 'password' which may trigger a VNC security issue"));
}

建议在 validate(APIUpdateConsolePasswordMsg) 方法中添加相同的密码格式验证,以确保安全性一致。

🔎 建议的修复 
 private void validate(APIUpdateConsolePasswordMsg msg) {
     VmInstanceVO vm = dbf.findByUuid(msg.getUuid(), VmInstanceVO.class);
     if (vm.getState() != VmInstanceState.Running) {
         throw new ApiMessageInterceptionException(operr(
                 "Cannot update console password for VM[uuid:%s] because it is not in 'Running' state. Current state is '%s'.",
                 vm.getUuid(), vm.getState()
         ));
     }
     boolean hasPassword = VmSystemTags.CONSOLE_PASSWORD.hasTag(vm.getUuid());
     if (!hasPassword) {
         throw new ApiMessageInterceptionException(operr(
                 "Cannot update the console password for VM[uuid:%s] because no console password is currently set. ",
                 vm.getUuid()
         ));
     }
+    String pwd = msg.getPassword();
+    if (pwd.startsWith("password")){
+        throw new ApiMessageInterceptionException(argerr("The console password cannot start with 'password' which may trigger a VNC security issue"));
+    }
 }
🤖 Prompt for AI Agents 
In compute/src/main/java/org/zstack/compute/vm/VmInstanceApiInterceptor.java
around lines 1540 to 1555, add the same password format validation used in
validate(APISetVmConsolePasswordMsg): retrieve the new password from msg (e.g.
msg.getPassword()), check if it starts with "password" and if so throw an
ApiMessageInterceptionException using argerr with the same message ("The console
password cannot start with 'password' which may trigger a VNC security issue");
keep this check after confirming the VM is running and a console password
exists.


private void validate(APIAttachL3NetworkToVmNicMsg msg) {
throw new ApiMessageInterceptionException(argerr("can not call this api because it's Deprecated"));
}
Expand Down
Loading