From 4044c2da8be2100f2d81bfa3de869735ada20994 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 17 Jul 2011 13:56:09 +0200 Subject: [PATCH 01/11] dom0: qvm-run: Disable verbose mode when using --pass_io We should really fix all the qvm-rools to use stderr for diagnastic output instead... --- dom0/qvm-tools/qvm-run | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index 936006b6..b0198064 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -172,6 +172,9 @@ def main(): (options, args) = parser.parse_args () + if options.passio: + options.verbose = False + if (options.shutdown or options.pause or options.unpause): takes_cmd_argument = False else: From 2c2b7111eba2c3dcaff58a74b064aadd783e7f77 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 17 Jul 2011 14:15:14 +0200 Subject: [PATCH 02/11] sony-vaio-fixes v1.6.1 * display quirks no longer needed for 2.6.38 kernel * i8042.nopnp no longer needed for 2.6.38 kernel --- dom0/vaio_fixes/01sony-vaio-display | 19 ------------------- rpm_spec/core-dom0-vaio-fixes.spec | 14 -------------- version_vaio_fixes | 2 +- 3 files changed, 1 insertion(+), 34 deletions(-) delete mode 100755 dom0/vaio_fixes/01sony-vaio-display diff --git a/dom0/vaio_fixes/01sony-vaio-display b/dom0/vaio_fixes/01sony-vaio-display deleted file mode 100755 index 6c29cbd8..00000000 --- a/dom0/vaio_fixes/01sony-vaio-display +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# light up laptop screen for vaio VPCZ12 - -. "${PM_FUNCTIONS}" - -resume_lapscreen() -{ - if [ x$DISPLAY = x ]; then - export DISPLAY=:0 - export XAUTHORITY=`ls /var/run/kdm/.Xauth*` - fi - /usr/bin/xrandr --output DP3 --off - /usr/bin/xrandr --output DP3 --auto -} - -case "$1" in - thaw|resume) resume_lapscreen ;; - *) exit 0 ;; -esac diff --git a/rpm_spec/core-dom0-vaio-fixes.spec b/rpm_spec/core-dom0-vaio-fixes.spec index 640e8584..4c167fd2 100644 --- a/rpm_spec/core-dom0-vaio-fixes.spec +++ b/rpm_spec/core-dom0-vaio-fixes.spec @@ -23,24 +23,10 @@ suspend/resume. mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d cp vaio_fixes/00sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ cp vaio_fixes/99sony-vaio-audio $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ -cp vaio_fixes/01sony-vaio-display $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/ mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d/ cp vaio_fixes/snd-hda-intel-sony-vaio.conf $RPM_BUILD_ROOT/etc/modprobe.d/ -%post -grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --args="i8042.nopnp=1" - -%triggerin -- kernel -grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --args="i8042.nopnp=1" - -%postun -if [ "$1" = 0 ] ; then - # no more packages left - grubby --update-kernel=/boot/vmlinuz-2.6.34.1-14.xenlinux.qubes.x86_64 --remove-args="i8042.nopnp=1" -fi - %files /usr/lib64/pm-utils/sleep.d/00sony-vaio-audio /usr/lib64/pm-utils/sleep.d/99sony-vaio-audio -/usr/lib64/pm-utils/sleep.d/01sony-vaio-display /etc/modprobe.d/snd-hda-intel-sony-vaio.conf diff --git a/version_vaio_fixes b/version_vaio_fixes index 32461d59..9c6d6293 100644 --- a/version_vaio_fixes +++ b/version_vaio_fixes @@ -1 +1 @@ -1.5.25 +1.6.1 From 6715759e32b8ef638c12ac53a601b0348276a972 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 17 Jul 2011 14:15:33 +0200 Subject: [PATCH 03/11] version 1.6.10-dom0 --- version_dom0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_dom0 b/version_dom0 index 15d45d4b..1df3b822 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.6.9 +1.6.10 From 2fc5d190fdab8ee9b76b7f6f453f24e4b9f01f63 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 22 Jul 2011 11:33:11 +0200 Subject: [PATCH 04/11] qmemman: calculate dom0 maxmem properly In fact, set to ALL_PHYS_MEM (and the same for other domains that do not have static-max key, although there should not be any). Previous method of using maxmem_kb was broken, as qmemman sets maxmem_kb to the memory target (which I do not like btw). --- dom0/qmemman/qmemman.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/dom0/qmemman/qmemman.py b/dom0/qmemman/qmemman.py index 2c30ebb7..41685978 100755 --- a/dom0/qmemman/qmemman.py +++ b/dom0/qmemman/qmemman.py @@ -22,6 +22,7 @@ class SystemState: self.BALOON_DELAY = 0.1 self.XEN_FREE_MEM_LEFT = 50*1024*1024 self.XEN_FREE_MEM_MIN = 25*1024*1024 + self.ALL_PHYS_MEM = self.xc.physinfo()['total_memory']*1024 def add_domain(self, id): self.domdict[id] = DomainState(id) @@ -46,7 +47,13 @@ class SystemState: self.domdict[id].memory_actual = domain['mem_kb']*1024 self.domdict[id].memory_maximum = self.xs.read('', '/local/domain/%s/memory/static-max' % str(id)) if not self.domdict[id].memory_maximum: - self.domdict[id].memory_maximum = domain['maxmem_kb']*1024 + self.domdict[id].memory_maximum = self.ALL_PHYS_MEM +# the previous line used to be +# self.domdict[id].memory_maximum = domain['maxmem_kb']*1024 +# but domain['maxmem_kb'] changes in self.mem_set as well, and this results in +# the memory never increasing +# in fact, the only possible case of nonexisting memory/static-max is dom0 +# see #307 #the below works (and is fast), but then 'xm list' shows unchanged memory value def mem_set(self, id, val): From 9192a42b919e7d1a7ef3b8aa50c5934ce08cee37 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 22 Jul 2011 13:40:21 +0200 Subject: [PATCH 05/11] qmemman: when balooning, make sure that past mem-set will not steal memory --- dom0/qmemman/qmemman.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dom0/qmemman/qmemman.py b/dom0/qmemman/qmemman.py index 41685978..66a33207 100755 --- a/dom0/qmemman/qmemman.py +++ b/dom0/qmemman/qmemman.py @@ -81,6 +81,15 @@ class SystemState: except XenAPI.Failure: pass +# this is called at the end of ballooning, when we have Xen free mem already +# make sure that past mem_set will not decrease Xen free mem + def inhibit_balloon_up(self): + for i in self.domdict.keys(): + dom = self.domdict[i] + if dom.memory_actual is not None and dom.memory_actual + 200*1024 < dom.last_target: + print "Preventing balloon up to", dom.last_target + self.mem_set(i, dom.memory_actual) + #perform memory ballooning, across all domains, to add "memsize" to Xen free memory def do_balloon(self, memsize): MAX_TRIES = 20 @@ -88,12 +97,14 @@ class SystemState: prev_memory_actual = None for i in self.domdict.keys(): self.domdict[i].no_progress = False + print "do_balloon start" while True: + self.refresh_memactual() xenfree = self.get_free_xen_memory() print 'got xenfree=', xenfree if xenfree >= memsize + self.XEN_FREE_MEM_MIN: + self.inhibit_balloon_up() return True - self.refresh_memactual() if prev_memory_actual is not None: for i in prev_memory_actual.keys(): if prev_memory_actual[i] == self.domdict[i].memory_actual: From acbb77762613737ffdc6d819f363a456efe6a94f Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 22 Jul 2011 13:47:34 +0200 Subject: [PATCH 06/11] qrexec: impose startup time limit for qrexec_daemon --- qrexec/qrexec_daemon.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c index d2a777b4..c0733cc6 100644 --- a/qrexec/qrexec_daemon.c +++ b/qrexec/qrexec_daemon.c @@ -82,12 +82,14 @@ int create_qrexec_socket(int domid, char *domname) return get_server_socket(socket_address); } +#define MAX_STARTUP_TIME 120 /* do the preparatory tasks, needed before entering the main event loop */ void init(int xid) { char qrexec_error_log_name[256]; int logfd; + int i; if (xid <= 0) { fprintf(stderr, "domain id=0?\n"); @@ -102,11 +104,12 @@ void init(int xid) break; default: fprintf(stderr, "Waiting for VM's qrexec agent."); - for (;;) { + for (i=0;i Date: Fri, 22 Jul 2011 15:07:04 +0200 Subject: [PATCH 07/11] qubes.py: postpone qmmeman.close() There are indications that when parent "xl" process exits, the domain is not booted completely; and xl actions may interfere with qmemman memory balancing. Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon connects successfully. --- dom0/qvm-core/qubes.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 2180407e..ab4c594e 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -943,8 +943,6 @@ class QubesVm(object): subprocess.check_call(xl_cmdline) except: raise QubesException("Failed to load VM config") - finally: - qmemman_client.close() # let qmemman_daemon resume balancing xid = self.get_xid() self.xid = xid @@ -976,6 +974,13 @@ class QubesVm(object): self.force_shutdown() raise OSError ("ERROR: Cannot execute qrexec_daemon!") +# close() is not really needed, because the descriptor is close-on-exec +# anyway, the reason to postpone close() is that possibly xl is not done +# constructing the domain after its main process exits +# so we close() when we know the domain is up +# the successful qrexec connect is a good indicator of it + qmemman_client.close() + if preparing_dvm: if verbose: print "--> Preparing config template for DispVM" From c23cc480b8cbc6877fdc0973d3213e464d6b4ac4 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 22 Jul 2011 16:07:06 +0200 Subject: [PATCH 08/11] qrexec: use $anyvm and $dispvm symbols --- appvm/qubes.Filecopy.policy | 2 +- appvm/qubes.OpenInVM.policy | 4 ++-- appvm/qvm-open-in-dvm2 | 2 +- dom0/aux-tools/qubes.ReceiveUpdates.policy | 2 +- dom0/qubes.SyncAppMenus.policy | 2 +- qrexec/qrexec_daemon.c | 2 +- qrexec/qrexec_policy | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy index 39296a11..6ecc534d 100644 --- a/appvm/qubes.Filecopy.policy +++ b/appvm/qubes.Filecopy.policy @@ -1 +1 @@ -anyvm anyvm ask,user=root +$anyvm $anyvm ask,user=root diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy index e103d394..7c9ccb41 100644 --- a/appvm/qubes.OpenInVM.policy +++ b/appvm/qubes.OpenInVM.policy @@ -1,2 +1,2 @@ -anyvm dispvm allow -anyvm anyvm ask +$anyvm $dispvm allow +$anyvm $anyvm ask diff --git a/appvm/qvm-open-in-dvm2 b/appvm/qvm-open-in-dvm2 index dcc7195e..25e8904c 100755 --- a/appvm/qvm-open-in-dvm2 +++ b/appvm/qvm-open-in-dvm2 @@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then exit 1 fi -exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1" +exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1" diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy index 74f80450..611f006d 100644 --- a/dom0/aux-tools/qubes.ReceiveUpdates.policy +++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy @@ -1 +1 @@ -anyvm dom0 allow +$anyvm dom0 allow diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy index 74f80450..611f006d 100644 --- a/dom0/qubes.SyncAppMenus.policy +++ b/dom0/qubes.SyncAppMenus.policy @@ -1 +1 @@ -anyvm dom0 allow +$anyvm dom0 allow diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c index c0733cc6..b4a3b53a 100644 --- a/qrexec/qrexec_daemon.c +++ b/qrexec/qrexec_daemon.c @@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed) continue; if (*untrusted_s >= '0' && *untrusted_s <= '9') continue; - if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ') + if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ') continue; *untrusted_s = '_'; } diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy index 8d66630d..c44ca258 100755 --- a/qrexec/qrexec_policy +++ b/qrexec/qrexec_policy @@ -40,7 +40,7 @@ def read_policy_file(exec_index): return policy_list def is_match(item, config_term): - return (item is not "dom0" and config_term == "anyvm") or item == config_term + return (item is not "dom0" and config_term == "$anyvm") or item == config_term def get_default_policy(): dict={} @@ -76,7 +76,7 @@ def spawn_target_if_necessary(target): def do_execute(domain, target, user, exec_index, process_ident): if target == "dom0": cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain - elif target == "dispvm": + elif target == "$dispvm": cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user else: # see the previous commit why "qvm-run -a" is broken and dangerous From dc4d9b32f199f12c763c5c790090f6b396869884 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 22 Jul 2011 16:11:03 +0200 Subject: [PATCH 09/11] Add comments to policy files. --- appvm/qubes.Filecopy.policy | 5 +++++ appvm/qubes.OpenInVM.policy | 5 +++++ dom0/aux-tools/qubes.ReceiveUpdates.policy | 5 +++++ dom0/qubes.SyncAppMenus.policy | 5 +++++ qrexec/qrexec_policy | 4 ++++ 5 files changed, 24 insertions(+) diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy index 6ecc534d..0a0d7352 100644 --- a/appvm/qubes.Filecopy.policy +++ b/appvm/qubes.Filecopy.policy @@ -1 +1,6 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + $anyvm $anyvm ask,user=root diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy index 7c9ccb41..41217337 100644 --- a/appvm/qubes.OpenInVM.policy +++ b/appvm/qubes.OpenInVM.policy @@ -1,2 +1,7 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + $anyvm $dispvm allow $anyvm $anyvm ask diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy index 611f006d..0f00b0b6 100644 --- a/dom0/aux-tools/qubes.ReceiveUpdates.policy +++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy @@ -1 +1,6 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + $anyvm dom0 allow diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy index 611f006d..0f00b0b6 100644 --- a/dom0/qubes.SyncAppMenus.policy +++ b/dom0/qubes.SyncAppMenus.policy @@ -1 +1,6 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + $anyvm dom0 allow diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy index c44ca258..52632abf 100755 --- a/qrexec/qrexec_policy +++ b/qrexec/qrexec_policy @@ -12,6 +12,10 @@ def line_to_dict(line): tokens=line.split() if len(tokens) < 3: return None + + if tokens[0][0] == '#': + return None + dict={} dict['source']=tokens[0] dict['dest']=tokens[1] From b81ed5c4b2027ed73bb255d76c953b36bdfc5ac5 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 24 Jul 2011 17:23:01 +0200 Subject: [PATCH 10/11] version 1.6.11 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 1df3b822..99c026bd 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -1.6.10 +1.6.11 diff --git a/version_vm b/version_vm index 15d45d4b..99c026bd 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.6.9 +1.6.11 From 5e95380db95fe72eeb0deaf8b72a089648a61cf3 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Sun, 24 Jul 2011 23:24:45 +0200 Subject: [PATCH 11/11] dom0: qvm-prefs: allow to change template for a VM --- dom0/qvm-tools/qvm-prefs | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/dom0/qvm-tools/qvm-prefs b/dom0/qvm-tools/qvm-prefs index 51ebe251..67874cc6 100755 --- a/dom0/qvm-tools/qvm-prefs +++ b/dom0/qvm-tools/qvm-prefs @@ -204,6 +204,24 @@ def set_kernel(vms, vm, args): vm.kernel = kernel +def set_template(vms, vm, args): + if len (args) != 1: + print "Missing template name argument!" + return False + + template_name = args[0]; + template_vm = vms.get_vm_by_name(template_name) + if template_vm is None or template_vm.qid not in vms: + print "A VM with the name '{0}' does not exist in the system.".format(template_name) + return False + + if not template_vm.is_template(): + print "VM '{0}' is not a TemplateVM".format(template_name) + return False + + print "Setting template for VM '{0}' to '{1}'...".format (vm.name, template_name) + vm.template_vm = template_vm + return True properties = { "updateable": set_updateable, @@ -214,6 +232,7 @@ properties = { "maxmem" : set_maxmem, "memory" : set_memory, "kernel" : set_kernel, + "template" : set_template, }