From 3b320878acf9163e62d09a035e6f4895fffe4445 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sun, 26 Aug 2012 14:41:35 +0200
Subject: [PATCH 1/3] dom0/qvm-block: rework device name parsing to better
 support c0p1 name style

---
 dom0/qvm-core/qubesutils.py | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/dom0/qvm-core/qubesutils.py b/dom0/qvm-core/qubesutils.py
index c054f182..6a3a0313 100644
--- a/dom0/qvm-core/qubesutils.py
+++ b/dom0/qvm-core/qubesutils.py
@@ -122,21 +122,14 @@ def block_name_to_majorminor(name):
     major = 0
     minor = 0
     dXpY_style = False
-
-    name_match = re.match(r"([a-z]+)([a-z])([0-9]*)", name)
-    if not name_match:
-        name_match = re.match(r"([a-z]+)([0-9]*)(?:p([0-9]+)?", name)
-        if not name_match:
-            raise QubesException("Invalid device name: %s" % name)
-        else:
-            dXpY_style = True
-
     disk = True
-    if name_match.group(1) == "xvd":
+
+    if name.startswith("xvd"):
         major = 202
-    elif name_match.group(1) == "sd":
+    elif name.startswith("sd"):
         major = 8
-    elif name_match.group(1) == "mmcblk":
+    elif name.startswith("mmcblk"):
+        dXpY_style = True
         major = 179
     elif name.startswith("scd"):
         disk = False
@@ -154,6 +147,13 @@ def block_name_to_majorminor(name):
         # Unknown device
         return (0, 0)
 
+    if not dXpY_style:
+        name_match = re.match(r"^([a-z]+)([a-z])([0-9]*)$", name)
+    else:
+        name_match = re.match(r"^([a-z]+)([0-9]*)(?:p([0-9]+))?$", name)
+    if not name_match:
+        raise QubesException("Invalid device name: %s" % name)
+
     if disk:
         if dXpY_style:
             minor = int(name_match.group(2))*8
@@ -191,7 +191,7 @@ def block_find_unused_frontend(vm = None):
     return None
 
 def block_list(vm = None, system_disks = False):
-    device_re = re.compile(r"^[a-z0-9]{1,8}$")
+    device_re = re.compile(r"^[a-z0-9]{1,12}$")
     # FIXME: any better idea of desc_re?
     desc_re = re.compile(r"^.{1,255}$")
     mode_re = re.compile(r"^[rw]$")

From e80ff6bdeb3bba71bc27ffbf551a540a46cd5fe9 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 27 Aug 2012 00:53:58 +0200
Subject: [PATCH 2/3] dom0/spec: mark qrexec policy as config files

Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
---
 rpm_spec/core-dom0.spec | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec
index 26c0c0d1..842779f7 100644
--- a/rpm_spec/core-dom0.spec
+++ b/rpm_spec/core-dom0.spec
@@ -400,12 +400,12 @@ fi
 /usr/lib/qubes/qubes_rpc_multiplexer
 /usr/lib/qubes/qrexec_policy
 %dir /etc/qubes_rpc/policy
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.Filecopy
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.OpenInVM
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.SyncAppMenus
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.NotifyUpdates
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.ReceiveUpdates
-%attr(0664,root,qubes) /etc/qubes_rpc/policy/qubes.VMShell
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.Filecopy
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.OpenInVM
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.SyncAppMenus
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.NotifyUpdates
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.ReceiveUpdates
+%attr(0664,root,qubes) %config(noreplace) /etc/qubes_rpc/policy/qubes.VMShell
 /etc/qubes_rpc/qubes.SyncAppMenus
 /etc/qubes_rpc/qubes.NotifyUpdates
 /etc/qubes_rpc/qubes.ReceiveUpdates

From 629ae5317c77af9bcb08e257a175a8b65cc30768 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 27 Aug 2012 00:20:25 +0200
Subject: [PATCH 3/3] vm/qrexec: fix race between child cleanup and select call

reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
---
 qrexec/qrexec_agent.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/qrexec/qrexec_agent.c b/qrexec/qrexec_agent.c
index f8d7e20e..aa81cb78 100644
--- a/qrexec/qrexec_agent.c
+++ b/qrexec/qrexec_agent.c
@@ -554,14 +554,14 @@ int main()
 
 
 	for (;;) {
+		sigprocmask(SIG_BLOCK, &chld_set, NULL);
+		if (child_exited)
+			reap_children();
 		max = fill_fds_for_select(&rdset, &wrset);
 		if (buffer_space_vchan_ext() <=
 		    sizeof(struct server_header))
 			FD_ZERO(&rdset);
 
-		sigprocmask(SIG_BLOCK, &chld_set, NULL);
-		if (child_exited)
-			reap_children();
 		wait_for_vchan_or_argfd(max, &rdset, &wrset);
 		sigprocmask(SIG_UNBLOCK, &chld_set, NULL);