From 21cff68a8a451a676ef70d63d384a0086acb4992 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 10 Feb 2025 15:27:43 +0100
Subject: [PATCH] core: prevent the activation of unavailable devices

When autoconnecting ports of a controller, we look for all candidate
(device,connection) tuples through the following call trace:

 -> autoconnect_ports()
   -> find_ports()
     -> nm_manager_get_best_device_for_connection()
       -> nm_device_check_connection_available()
         -> _nm_device_check_connection_available()

The last function checks that a specific device is available to be
activated with the given connection. For virtual devices, it only
checks that the device is compatible with the connection based on the
device type and characteristics, without considering any live network
information.

For OVS interfaces, this doesn't work as expected. During startup, NM
performs a cleanup of the ovsdb to remove entries that were previously
added by NM. When the cleanup is terminated, NMOvsdb sets the "ready"
flag and is ready to start the activation of new OVS interfaces. With
the current mechanism, it is possible that a OVS-interface connection
gets activated via the autoconnect-ports mechanism without checking
the "ready" flag.

Fix that by also checking that the device is available for activation.

(cherry picked from commit 774badb1519a76fb3b7c0f60cf46ee5ea25bce69)
(cherry picked from commit f459c7fecce8445515d052b5b48f10d808e97fff)
(cherry picked from commit b495d6bd55f4068596d380ce81614eb3d86943a3)
---
 src/core/nm-manager.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
index a8dd5558e5..87aaa641d6 100644
--- a/src/core/nm-manager.c
+++ b/src/core/nm-manager.c
@@ -4699,6 +4699,12 @@ found_better:
         if (nm_g_hash_table_contains(exclude_devices, device))
             continue;
 
+        if (!nm_device_is_available(device,
+                                    for_user_request
+                                        ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
+                                        : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
+            continue;
+
         /* determine the priority of this device. Currently, this priority is independent
          * of the profile (connection) and the device's details (aside the state).
          *