diff --git a/Makefile b/Makefile index 4717ce05..0ae46dd1 100644 --- a/Makefile +++ b/Makefile @@ -12,15 +12,20 @@ help: @echo "make update-repo-installer -- copy dom0 rpms to installer repo" @echo "make clean -- cleanup" -rpms: +rpms: rpms-vm rpms-dom0 + +rpms-vm: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-kernel-placeholder.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ - $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm +rpms-dom0: + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec + rpm --addsign \ + $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm + rpms-vaio-fixes: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*.rpm diff --git a/build-deps.list b/build-deps.list new file mode 100644 index 00000000..55e78363 --- /dev/null +++ b/build-deps.list @@ -0,0 +1 @@ +xen-devel-*DIST* diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 695c806d..82d6fbf7 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -75,7 +75,7 @@ default_kernels_subdir = "kernels" default_firewall_conf_file = "firewall.xml" default_memory = 400 default_kernelopts = "" -default_kernelopts_pcidevs = "iommu=soft swiotlb=2048" +default_kernelopts_pcidevs = "iommu=soft swiotlb=4096" default_hvm_disk_size = 20*1024*1024*1024 default_hvm_private_img_size = 2*1024*1024*1024 diff --git a/dom0/qvm-tools/qvm-usb b/dom0/qvm-tools/qvm-usb index 7b062a67..14a1cf24 100755 --- a/dom0/qvm-tools/qvm-usb +++ b/dom0/qvm-tools/qvm-usb @@ -26,6 +26,8 @@ from optparse import OptionParser import sys import os +pvusb_enable_flagfile = '/var/lib/qubes/pvusb-enable.flag' + def main(): usage = "usage: %prog -l [options]\n"\ "usage: %prog -a [options] :\n"\ @@ -46,6 +48,23 @@ def main(): (options, args) = parser.parse_args () + if not os.path.exists(pvusb_enable_flagfile): + print >> sys.stderr, "" + print >> sys.stderr, "******* WARNING *** WARNING *** WARNING *** WARNING *******" + print >> sys.stderr, "*** ***" + print >> sys.stderr, "*** PVUSB passthrough kernel support is still unstable. ***" + print >> sys.stderr, "*** It can CRASH your VMs ***" + print >> sys.stderr, "*** ***" + print >> sys.stderr, "***********************************************************" + print >> sys.stderr, "" + print >> sys.stderr, "If you still want to use it, type capital YES" + print >> sys.stderr, "" + prompt = raw_input ("Do you want enable PV USB support? ") + if prompt == "YES": + open(pvusb_enable_flagfile, "w").close() + else: + exit(1) + if os.geteuid() == 0: if not options.force_root: print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems." diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 7465e944..6845cf31 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -56,9 +56,10 @@ python -O -m compileall qvm-core qmemman make -C restore make -C qubes_rpc make -C ../qubes_rpc -make -C ../vchan -f Makefile.linux make -C ../u2mfn +make -C ../vchan -f Makefile.linux make -C ../qrexec +make -C ../misc %install diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 763e6b19..64884eac 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -212,7 +212,7 @@ remove_ShowIn () { for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F - echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop + echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop fi done @@ -220,7 +220,7 @@ done for F in gcm-apply ; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F - echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop + echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop fi done diff --git a/u2mfn/u2mfnlib.c b/u2mfn/u2mfnlib.c index 998f47e9..dff06e43 100644 --- a/u2mfn/u2mfnlib.c +++ b/u2mfn/u2mfnlib.c @@ -31,11 +31,24 @@ static int u2mfn_fd = -1; static int get_fd() { - if (u2mfn_fd == -1) { - u2mfn_fd = open("/proc/u2mfn", O_RDWR); - if (u2mfn_fd < 0) - return -1; - } + if (u2mfn_fd == -1) + u2mfn_fd = u2mfn_get_fd(); + if (u2mfn_fd < 0) + return -1; + return 0; +} + +int u2mfn_get_fd() +{ + return open("/proc/u2mfn", O_RDWR); +} + +int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn) +{ + *mfn = ioctl(fd, U2MFN_GET_MFN_FOR_PAGE, va); + if (*mfn == -1) + return -1; + return 0; } @@ -43,7 +56,12 @@ int u2mfn_get_mfn_for_page(long va, int *mfn) { if (get_fd()) return -1; - *mfn = ioctl(u2mfn_fd, U2MFN_GET_MFN_FOR_PAGE, va); + return u2mfn_get_mfn_for_page_with_fd(u2mfn_fd, va, mfn); +} + +int u2mfn_get_last_mfn_with_fd(int fd, int *mfn) +{ + *mfn = ioctl(fd, U2MFN_GET_LAST_MFN, 0); if (*mfn == -1) return -1; @@ -54,22 +72,20 @@ int u2mfn_get_last_mfn(int *mfn) { if (get_fd()) return -1; - - *mfn = ioctl(u2mfn_fd, U2MFN_GET_LAST_MFN, 0); - if (*mfn == -1) - return -1; - - return 0; + return u2mfn_get_last_mfn_with_fd(u2mfn_fd, mfn); } - +char *u2mfn_alloc_kpage_with_fd(int fd) +{ + char *ret; + ret = + mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + return ret; +} char *u2mfn_alloc_kpage() { - char *ret; if (get_fd()) return MAP_FAILED; - ret = - mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, u2mfn_fd, 0); - return ret; + return u2mfn_alloc_kpage_with_fd(u2mfn_fd); } diff --git a/u2mfn/u2mfnlib.h b/u2mfn/u2mfnlib.h index e64431af..a7c20972 100644 --- a/u2mfn/u2mfnlib.h +++ b/u2mfn/u2mfnlib.h @@ -19,6 +19,10 @@ * */ +int u2mfn_get_fd(); int u2mfn_get_mfn_for_page(long va, int *mfn) ; +int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn) ; int u2mfn_get_last_mfn(int *mfn) ; -char *u2mfn_alloc_kpage(void) ; +int u2mfn_get_last_mfn_with_fd(int fd, int *mfn) ; +char *u2mfn_alloc_kpage(void); +char *u2mfn_alloc_kpage_with_fd(int fd); diff --git a/vchan/init.c b/vchan/init.c index 09e05ff9..1bba4e68 100644 --- a/vchan/init.c +++ b/vchan/init.c @@ -92,6 +92,7 @@ static int ring_init(struct libvchan *ctrl) static int ring_init(struct libvchan *ctrl) { int mfn; + int u2mfn_fd; struct vchan_interface *ring; #ifdef CONFIG_STUBDOM ring = (struct vchan_interface *) memalign(XC_PAGE_SIZE, sizeof(*ring)); @@ -102,12 +103,15 @@ static int ring_init(struct libvchan *ctrl) mfn = virtual_to_mfn(ring); #else - ring = (struct vchan_interface *) u2mfn_alloc_kpage (); + u2mfn_fd = u2mfn_get_fd(); + if (u2mfn_fd < 0) + return -1; + ring = (struct vchan_interface *) u2mfn_alloc_kpage_with_fd (u2mfn_fd); if (ring == MAP_FAILED) return -1; - if (u2mfn_get_last_mfn (&mfn) < 0) + if (u2mfn_get_last_mfn_with_fd (u2mfn_fd, &mfn) < 0) return -1; #endif diff --git a/vchan/io.c b/vchan/io.c index 5d32b4e9..d6b7ac92 100644 --- a/vchan/io.c +++ b/vchan/io.c @@ -129,7 +129,7 @@ int libvchan_wait(struct libvchan *ctrl) may write less data than requested; returns the amount of data processed, -1 on error or peer close */ -int libvchan_write(struct libvchan *ctrl, char *data, int size) +int libvchan_write(struct libvchan *ctrl, const char *data, int size) { int avail, avail_contig; int real_idx; diff --git a/vchan/libvchan.h b/vchan/libvchan.h index 6b19b2fa..4307346d 100644 --- a/vchan/libvchan.h +++ b/vchan/libvchan.h @@ -78,7 +78,7 @@ struct libvchan *libvchan_server_init(int devno); struct libvchan *libvchan_client_init(int domain, int devno); int libvchan_server_handle_connected(struct libvchan *ctrl); -int libvchan_write(struct libvchan *ctrl, char *data, int size); +int libvchan_write(struct libvchan *ctrl, const char *data, int size); int libvchan_read(struct libvchan *ctrl, char *data, int size); int libvchan_wait(struct libvchan *ctrl); int libvchan_close(struct libvchan *ctrl); diff --git a/version_dom0 b/version_dom0 index 1bb41e63..3e3c2f1e 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -2.0.36 +2.1.1 diff --git a/version_vm b/version_vm index c8a481c8..3e3c2f1e 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.7.46 +2.1.1 diff --git a/vm-init.d/qubes_core b/vm-init.d/qubes_core index c5fe5d2a..4830587b 100755 --- a/vm-init.d/qubes_core +++ b/vm-init.d/qubes_core @@ -17,6 +17,8 @@ start() # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read chmod 666 /proc/xen/xenbus + # Set permissions to files needed to listen at vchan + chmod 666 /proc/u2mfn /dev/xen/evtchn mkdir -p /var/run/xen-hotplug diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index b0544071..f0b098a7 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -25,6 +25,8 @@ mkdir -p /var/run/xen-hotplug # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read chmod 666 /proc/xen/xenbus +# Set permissions to files needed to listen at vchan +chmod 666 /proc/u2mfn /dev/xen/evtchn # Set default services depending on VM type TYPE=`$XS_READ qubes_vm_type 2> /dev/null`