From 595696b6f656aa30dacb2dedc6686d78575b7f05 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Fri, 2 Nov 2012 14:27:01 +0100 Subject: [PATCH 01/13] version 2.1.1 --- version_dom0 | 2 +- version_vm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version_dom0 b/version_dom0 index 1bb41e63..3e3c2f1e 100644 --- a/version_dom0 +++ b/version_dom0 @@ -1 +1 @@ -2.0.36 +2.1.1 diff --git a/version_vm b/version_vm index c8a481c8..3e3c2f1e 100644 --- a/version_vm +++ b/version_vm @@ -1 +1 @@ -1.7.46 +2.1.1 From 6b23655fb7b48510b1aca24b09c8abbfec83beec Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 3 Nov 2012 01:41:59 +0100 Subject: [PATCH 02/13] vchan: specify data param of libvchan_write as const It isn't (and shouldn't) modified by the function so mark it in declaration. This will also help catching some errors. --- vchan/io.c | 2 +- vchan/libvchan.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vchan/io.c b/vchan/io.c index 5d32b4e9..d6b7ac92 100644 --- a/vchan/io.c +++ b/vchan/io.c @@ -129,7 +129,7 @@ int libvchan_wait(struct libvchan *ctrl) may write less data than requested; returns the amount of data processed, -1 on error or peer close */ -int libvchan_write(struct libvchan *ctrl, char *data, int size) +int libvchan_write(struct libvchan *ctrl, const char *data, int size) { int avail, avail_contig; int real_idx; diff --git a/vchan/libvchan.h b/vchan/libvchan.h index 6b19b2fa..4307346d 100644 --- a/vchan/libvchan.h +++ b/vchan/libvchan.h @@ -78,7 +78,7 @@ struct libvchan *libvchan_server_init(int devno); struct libvchan *libvchan_client_init(int domain, int devno); int libvchan_server_handle_connected(struct libvchan *ctrl); -int libvchan_write(struct libvchan *ctrl, char *data, int size); +int libvchan_write(struct libvchan *ctrl, const char *data, int size); int libvchan_read(struct libvchan *ctrl, char *data, int size); int libvchan_wait(struct libvchan *ctrl); int libvchan_close(struct libvchan *ctrl); From debcf6d24a604207b9c09e4713d7ef805bc94089 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 3 Nov 2012 01:46:02 +0100 Subject: [PATCH 03/13] u2mfn: add API to use specific u2mfn FD This enable to get multiple pages (via u2mfn_alloc_kpage) - kernel module holds pointer to it in per-FD struct, so the same FD can't be reused for the next request. More elegant solution should involve kernel module modification (stored page list or sth), but it is planed to replace this part of code with libxenvchan (or even more generic version), so this temporary solution should be enough. --- u2mfn/u2mfnlib.c | 50 ++++++++++++++++++++++++++++++++---------------- u2mfn/u2mfnlib.h | 6 +++++- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/u2mfn/u2mfnlib.c b/u2mfn/u2mfnlib.c index 998f47e9..dff06e43 100644 --- a/u2mfn/u2mfnlib.c +++ b/u2mfn/u2mfnlib.c @@ -31,11 +31,24 @@ static int u2mfn_fd = -1; static int get_fd() { - if (u2mfn_fd == -1) { - u2mfn_fd = open("/proc/u2mfn", O_RDWR); - if (u2mfn_fd < 0) - return -1; - } + if (u2mfn_fd == -1) + u2mfn_fd = u2mfn_get_fd(); + if (u2mfn_fd < 0) + return -1; + return 0; +} + +int u2mfn_get_fd() +{ + return open("/proc/u2mfn", O_RDWR); +} + +int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn) +{ + *mfn = ioctl(fd, U2MFN_GET_MFN_FOR_PAGE, va); + if (*mfn == -1) + return -1; + return 0; } @@ -43,7 +56,12 @@ int u2mfn_get_mfn_for_page(long va, int *mfn) { if (get_fd()) return -1; - *mfn = ioctl(u2mfn_fd, U2MFN_GET_MFN_FOR_PAGE, va); + return u2mfn_get_mfn_for_page_with_fd(u2mfn_fd, va, mfn); +} + +int u2mfn_get_last_mfn_with_fd(int fd, int *mfn) +{ + *mfn = ioctl(fd, U2MFN_GET_LAST_MFN, 0); if (*mfn == -1) return -1; @@ -54,22 +72,20 @@ int u2mfn_get_last_mfn(int *mfn) { if (get_fd()) return -1; - - *mfn = ioctl(u2mfn_fd, U2MFN_GET_LAST_MFN, 0); - if (*mfn == -1) - return -1; - - return 0; + return u2mfn_get_last_mfn_with_fd(u2mfn_fd, mfn); } - +char *u2mfn_alloc_kpage_with_fd(int fd) +{ + char *ret; + ret = + mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + return ret; +} char *u2mfn_alloc_kpage() { - char *ret; if (get_fd()) return MAP_FAILED; - ret = - mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, u2mfn_fd, 0); - return ret; + return u2mfn_alloc_kpage_with_fd(u2mfn_fd); } diff --git a/u2mfn/u2mfnlib.h b/u2mfn/u2mfnlib.h index e64431af..a7c20972 100644 --- a/u2mfn/u2mfnlib.h +++ b/u2mfn/u2mfnlib.h @@ -19,6 +19,10 @@ * */ +int u2mfn_get_fd(); int u2mfn_get_mfn_for_page(long va, int *mfn) ; +int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn) ; int u2mfn_get_last_mfn(int *mfn) ; -char *u2mfn_alloc_kpage(void) ; +int u2mfn_get_last_mfn_with_fd(int fd, int *mfn) ; +char *u2mfn_alloc_kpage(void); +char *u2mfn_alloc_kpage_with_fd(int fd); From eea3aa3b72acf4c2f46be49ad0b07c6419fa79b5 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 3 Nov 2012 01:49:50 +0100 Subject: [PATCH 04/13] vchan: fix multiple server instances from single process Use new u2mfn_fd for each ring_init call - each open fd to u2mfn is capable to do only one u2mfn_alloc_kpage, so it can't be reused at the next ring_init. --- vchan/init.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/vchan/init.c b/vchan/init.c index 09e05ff9..1bba4e68 100644 --- a/vchan/init.c +++ b/vchan/init.c @@ -92,6 +92,7 @@ static int ring_init(struct libvchan *ctrl) static int ring_init(struct libvchan *ctrl) { int mfn; + int u2mfn_fd; struct vchan_interface *ring; #ifdef CONFIG_STUBDOM ring = (struct vchan_interface *) memalign(XC_PAGE_SIZE, sizeof(*ring)); @@ -102,12 +103,15 @@ static int ring_init(struct libvchan *ctrl) mfn = virtual_to_mfn(ring); #else - ring = (struct vchan_interface *) u2mfn_alloc_kpage (); + u2mfn_fd = u2mfn_get_fd(); + if (u2mfn_fd < 0) + return -1; + ring = (struct vchan_interface *) u2mfn_alloc_kpage_with_fd (u2mfn_fd); if (ring == MAP_FAILED) return -1; - if (u2mfn_get_last_mfn (&mfn) < 0) + if (u2mfn_get_last_mfn_with_fd (u2mfn_fd, &mfn) < 0) return -1; #endif From 33cec0defa80b993c3b9a9a624ed634ee587e321 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 3 Nov 2012 01:57:36 +0100 Subject: [PATCH 05/13] vm: setup device permission to allow non-root vchan servers This will allow to start pulseaudio as normal user and get rid of preloaded library. --- vm-init.d/qubes_core | 2 ++ vm-systemd/qubes-sysinit.sh | 2 ++ 2 files changed, 4 insertions(+) diff --git a/vm-init.d/qubes_core b/vm-init.d/qubes_core index c5fe5d2a..4830587b 100755 --- a/vm-init.d/qubes_core +++ b/vm-init.d/qubes_core @@ -17,6 +17,8 @@ start() # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read chmod 666 /proc/xen/xenbus + # Set permissions to files needed to listen at vchan + chmod 666 /proc/u2mfn /dev/xen/evtchn mkdir -p /var/run/xen-hotplug diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index b0544071..f0b098a7 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -25,6 +25,8 @@ mkdir -p /var/run/xen-hotplug # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read chmod 666 /proc/xen/xenbus +# Set permissions to files needed to listen at vchan +chmod 666 /proc/u2mfn /dev/xen/evtchn # Set default services depending on VM type TYPE=`$XS_READ qubes_vm_type 2> /dev/null` From cb31b333ae24500bc2f0ef210e46f6035a812ead Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 3 Nov 2012 02:07:34 +0100 Subject: [PATCH 06/13] vm/spec: fix NotShowIn entries in autostart desktop files --- rpm_spec/core-vm.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 763e6b19..64884eac 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -212,7 +212,7 @@ remove_ShowIn () { for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F - echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop + echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop fi done @@ -220,7 +220,7 @@ done for F in gcm-apply ; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F - echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop + echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop fi done From c777f3d30d7a77a4dd3ecccf9e97aa0f31a8478f Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 17:58:08 +0100 Subject: [PATCH 07/13] makefile: split rpms into rpms-vm and rpms-dom0 (#665) --- Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 4717ce05..0ae46dd1 100644 --- a/Makefile +++ b/Makefile @@ -12,15 +12,20 @@ help: @echo "make update-repo-installer -- copy dom0 rpms to installer repo" @echo "make clean -- cleanup" -rpms: +rpms: rpms-vm rpms-dom0 + +rpms-vm: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-kernel-placeholder.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ - $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \ $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm +rpms-dom0: + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec + rpm --addsign \ + $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm + rpms-vaio-fixes: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*.rpm From f45e6c92c53bb2f76a5a46ed358159b8d76b4eb6 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 18:01:22 +0100 Subject: [PATCH 08/13] spec: add missing 'make' call --- rpm_spec/core-dom0.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 7465e944..27bee47b 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -59,6 +59,7 @@ make -C ../qubes_rpc make -C ../vchan -f Makefile.linux make -C ../u2mfn make -C ../qrexec +make -C ../misc %install From 5f4a1edca4cd1b93d7899c860819ee1bc5101199 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 18:14:26 +0100 Subject: [PATCH 09/13] Add build-deps file (#666) --- build-deps-core.list | 1 + 1 file changed, 1 insertion(+) create mode 100644 build-deps-core.list diff --git a/build-deps-core.list b/build-deps-core.list new file mode 100644 index 00000000..55e78363 --- /dev/null +++ b/build-deps-core.list @@ -0,0 +1 @@ +xen-devel-*DIST* From 6bbd935df1b36f251774cdd2d142fdd78bc5e39c Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 18:19:07 +0100 Subject: [PATCH 10/13] Rename build-deps file (#666) --- build-deps-core.list => build-deps.list | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename build-deps-core.list => build-deps.list (100%) diff --git a/build-deps-core.list b/build-deps.list similarity index 100% rename from build-deps-core.list rename to build-deps.list From 62732d78b278a76a23b0e1e5e0ac4b6117fd1ddd Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 22:02:28 +0100 Subject: [PATCH 11/13] dom0/usb: added Big Fat Warning to qvm-usb tool (#664) --- dom0/qvm-tools/qvm-usb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/dom0/qvm-tools/qvm-usb b/dom0/qvm-tools/qvm-usb index 8b041b19..4649e275 100755 --- a/dom0/qvm-tools/qvm-usb +++ b/dom0/qvm-tools/qvm-usb @@ -26,6 +26,8 @@ from optparse import OptionParser import sys import os +pvusb_enable_flagfile = '/var/lib/qubes/pvusb-enable.flag' + def main(): usage = "usage: %prog -l [options]\n"\ "usage: %prog -a [options] :\n"\ @@ -46,6 +48,23 @@ def main(): (options, args) = parser.parse_args () + if not os.path.exists(pvusb_enable_flagfile): + print >> sys.stderr, "" + print >> sys.stderr, "******* WARNING *** WARNING *** WARNING *** WARNING *******" + print >> sys.stderr, "*** ***" + print >> sys.stderr, "*** PVUSB passthrough kernel support is still unstable. ***" + print >> sys.stderr, "*** It can CRASH your VMs ***" + print >> sys.stderr, "*** ***" + print >> sys.stderr, "***********************************************************" + print >> sys.stderr, "" + print >> sys.stderr, "If you still want to use it, type capital YES" + print >> sys.stderr, "" + prompt = raw_input ("Do you want enable PV USB support? ") + if prompt == "YES": + open(pvusb_enable_flagfile, "w").close() + else: + exit(1) + if os.geteuid() == 0: if not options.force_root: print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems." From 6219ecd01c42f119adcb71015e2081a97e68b39e Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 7 Nov 2012 23:57:05 +0100 Subject: [PATCH 12/13] dom0/core: increase default SWIOTLB size Needed by some network devices like Realtek RTL8111DL. --- dom0/qvm-core/qubes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 695c806d..82d6fbf7 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -75,7 +75,7 @@ default_kernels_subdir = "kernels" default_firewall_conf_file = "firewall.xml" default_memory = 400 default_kernelopts = "" -default_kernelopts_pcidevs = "iommu=soft swiotlb=2048" +default_kernelopts_pcidevs = "iommu=soft swiotlb=4096" default_hvm_disk_size = 20*1024*1024*1024 default_hvm_private_img_size = 2*1024*1024*1024 From 67e9a785fb5c49dfb49be5781956242d63d0bd7f Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 8 Nov 2012 00:02:13 +0100 Subject: [PATCH 13/13] spec: fix compilation order --- rpm_spec/core-dom0.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 27bee47b..6845cf31 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -56,8 +56,8 @@ python -O -m compileall qvm-core qmemman make -C restore make -C qubes_rpc make -C ../qubes_rpc -make -C ../vchan -f Makefile.linux make -C ../u2mfn +make -C ../vchan -f Makefile.linux make -C ../qrexec make -C ../misc