From 4bec5ec0429cc712b26d41af5d99b3cf5e82b452 Mon Sep 17 00:00:00 2001
From: Ali Mirjamali <ali@mirjamali.com>
Date: Fri, 16 Aug 2024 23:53:00 +0330
Subject: [PATCH] Validate default_kernel global property on set

fixes: https://github.com/QubesOS/qubes-issues/issues/8992
---
 qubes/app.py | 29 ++++++++++++++++++++++++++++-
 run-tests    | 20 ++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/qubes/app.py b/qubes/app.py
index 2a00355b7..8fdfbbceb 100644
--- a/qubes/app.py
+++ b/qubes/app.py
@@ -642,7 +642,6 @@ def _default_pool(app):
             return pool
     raise AttributeError('Cannot determine default storage pool')
 
-
 def _setter_pool(app, prop, value):
     if isinstance(value, qubes.storage.Pool):
         return value
@@ -674,6 +673,27 @@ def _setter_default_netvm(app, prop, value):
     return value
 
 
+def _validate_kernel(obj, name, kernel):
+    if not kernel:
+        return
+    dirname = os.path.join(
+        qubes.config.qubes_base_dir,
+        qubes.config.system_path['qubes_kernels_base_dir'],
+        kernel)
+    if not os.path.exists(dirname):
+        raise qubes.exc.QubesPropertyValueError(
+            obj, name, kernel,
+            'Kernel {!r} not installed'.format(
+                kernel))
+    for filename in ('vmlinuz',):
+        if not os.path.exists(os.path.join(dirname, filename)):
+            raise qubes.exc.QubesPropertyValueError(
+                obj, name, kernel,
+                'Kernel {!r} not properly installed: '
+                'missing {!r} file'.format(
+                    kernel, filename))
+
+
 class Qubes(qubes.PropertyHolder):
     """Main Qubes application
 
@@ -1593,3 +1613,10 @@ def on_property_set_default_dispvm(self, event, name, newvalue,
                 # resetting dispvm to its default value
                 vm.fire_event('property-reset:default_dispvm',
                               name='default_dispvm', oldvalue=oldvalue)
+
+    @qubes.events.handler('property-pre-set:default_kernel')
+    # pylint: disable-next=invalid-name
+    def on_property_pre_set_default_kernel(self, event, name, newvalue,
+                                           oldvalue=None):
+        # pylint: disable=unused-argument
+        _validate_kernel(self, 'default_kernel', newvalue)
diff --git a/run-tests b/run-tests
index b0928686b..f0f9a1eaa 100755
--- a/run-tests
+++ b/run-tests
@@ -19,6 +19,17 @@ if sudo --non-interactive "$name/ci/lvm-manage" setup-lvm vg$$/pool; then
     CLEANUP_LVM=yes
 fi
 
+CLEANUP_KERNEL_POOL=
+if [ ! -d "/var/lib/qubes/vm-kernels" ]; then
+    sudo mkdir --parents /var/lib/qubes/vm-kernels/dummy
+    sudo touch /var/lib/qubes/vm-kernels/dummy/vmlinuz
+    sudo mkdir --parents /var/lib/qubes/vm-kernels/1.0
+    sudo touch /var/lib/qubes/vm-kernels/1.0/vmlinuz
+    mkdir --parents /tmp/qubes-test-dir/vm-kernels/1.0
+    touch /tmp/qubes-test-dir/vm-kernels/1.0/vmlinuz
+    CLEANUP_KERNEL_POOL=yes
+fi
+
 : "${PYTHON:=python3}"
 : "${TESTPYTHONPATH:=test-packages}"
 
@@ -32,6 +43,15 @@ export PYTHONPATH
 "${PYTHON}" setup.py egg_info --egg-base "${TESTPYTHONPATH}"
 "${PYTHON}" -m coverage run --rcfile=ci/coveragerc -m qubes.tests.run "$@"
 retcode=$?
+if [ -n "$CLEANUP_KERNEL_POOL" ]; then
+    sudo rm /var/lib/qubes/vm-kernels/dummy/vmlinuz
+    sudo rmdir /var/lib/qubes/vm-kernels/dummy
+    sudo rm /var/lib/qubes/vm-kernels/1.0/vmlinuz
+    sudo rmdir /var/lib/qubes/vm-kernels/1.0
+    sudo rmdir /var/lib/qubes/vm-kernels
+    rm /tmp/qubes-test-dir/vm-kernels/1.0/vmlinuz
+    rmdir /tmp/qubes-test-dir/vm-kernels/1.0
+fi
 if [ -n "$CLEANUP_LVM" ]; then
     sudo --non-interactive $(dirname "$0")/ci/lvm-manage cleanup-lvm "$DEFAULT_LVM_POOL"
 fi