From cb4def997ccc2621b8cf531115390049cd87286f Mon Sep 17 00:00:00 2001
From: Ali Mirjamali <ali@mirjamali.com>
Date: Fri, 16 Aug 2024 23:53:00 +0330
Subject: [PATCH] Validate default_kernel global property on set

fixes: https://github.com/QubesOS/qubes-issues/issues/8992
---
 qubes/app.py       | 10 ++++++++++
 qubes/tests/app.py |  9 ++++++++-
 run-tests          | 12 ++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/qubes/app.py b/qubes/app.py
index 2a00355b7..2bf939dab 100644
--- a/qubes/app.py
+++ b/qubes/app.py
@@ -1593,3 +1593,13 @@ def on_property_set_default_dispvm(self, event, name, newvalue,
                 # resetting dispvm to its default value
                 vm.fire_event('property-reset:default_dispvm',
                               name='default_dispvm', oldvalue=oldvalue)
+
+    @qubes.events.handler('property-pre-set:default_kernel')
+    # pylint: disable-next=invalid-name
+    def on_property_pre_set_default_kernel(self, event, name, newvalue,
+                                           oldvalue=None):
+        # pylint: disable=unused-argument
+        kernels = [kernel.vid for kernel in self.pools['linux-kernel'].volumes]
+        if not newvalue in kernels:
+            raise qubes.exc.QubesException(
+                    'Invalid kernel: {} !'.format(newvalue))
diff --git a/qubes/tests/app.py b/qubes/tests/app.py
index d9779e541..0691c171b 100644
--- a/qubes/tests/app.py
+++ b/qubes/tests/app.py
@@ -582,9 +582,16 @@ def setUp(self):
         super(TC_90_Qubes, self).setUp()
         self.app = qubes.Qubes('/tmp/qubestest.xml', load=False,
                                offline_mode=True)
+        self.app.load_initial_values()
+        self.pools['linux-kernel'].dir_path = '/tmp/qubes-test-kernel'
+        dummy_kernel = os.path.join(self.pools['linux-kernel'].dir_path,
+                                    'dummy')
+        os.makedirs(dummy_kernel)
+        open(os.path.join(dummy_kernel, 'vmlinuz'), 'w').close()
+        open(os.path.join(dummy_kernel, 'modules.img'), 'w').close()
+        open(os.path.join(dummy_kernel, 'initramfs'), 'w').close()
         self.app.default_kernel = 'dummy'
         self.addCleanup(self.cleanup_qubes)
-        self.app.load_initial_values()
         self.template = self.app.add_new_vm('TemplateVM', name='test-template',
                                             label='green')
 
diff --git a/run-tests b/run-tests
index b0928686b..408cf5945 100755
--- a/run-tests
+++ b/run-tests
@@ -19,6 +19,13 @@ if sudo --non-interactive "$name/ci/lvm-manage" setup-lvm vg$$/pool; then
     CLEANUP_LVM=yes
 fi
 
+CLEANUP_KERNEL_POOL=
+if [ ! -d "/var/lib/qubes/vm-kernels" ]; then
+    sudo mkdir --parents /var/lib/qubes/vm-kernels/dummy
+    sudo mkdir --parents /var/lib/qubes/vm-kernels/1.0
+    CLEANUP_KERNEL_POOL=yes
+fi
+
 : "${PYTHON:=python3}"
 : "${TESTPYTHONPATH:=test-packages}"
 
@@ -32,6 +39,11 @@ export PYTHONPATH
 "${PYTHON}" setup.py egg_info --egg-base "${TESTPYTHONPATH}"
 "${PYTHON}" -m coverage run --rcfile=ci/coveragerc -m qubes.tests.run "$@"
 retcode=$?
+if [ -n "$CLEANUP_KERNEL_POOL" ]; then
+    sudo rmdir /var/lib/qubes/vm-kernels/dummy
+    sudo rmdir /var/lib/qubes/vm-kernels/1.0
+    sudo rmdir /var/lib/qubes/vm-kernels
+fi
 if [ -n "$CLEANUP_LVM" ]; then
     sudo --non-interactive $(dirname "$0")/ci/lvm-manage cleanup-lvm "$DEFAULT_LVM_POOL"
 fi