Add support for 'pci_strictreset' option

This allows to assign PCI device to the VM, even if it doesn't support proper reset. The default behaviour (when the value is True) is to not allow such attachment (VM will not start if such device is assigned). Require libvirt patch for this option.
2015-05-28 00:06:25 +02:00 · 2015-05-28 00:06:25 +02:00 · 9cbf9a8a59
commit 9cbf9a8a59
parent c9a670cbd1
4 changed files with 28 additions and 4 deletions
--- a/core-modules/000QubesVm.py
+++ b/core-modules/000QubesVm.py
@ -128,6 +128,7 @@ class QubesVm(object):
                "func": lambda value: [] if value in ["none", None]  else
                    eval(value) if value.find("[") >= 0 else
                    eval("[" + value + "]") },
+            "pci_strictreset": {"default": True},
            # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
            "internal": { "default": False, 'attr': '_internal' },
            "vcpus": { "default": None },
@ -188,7 +189,7 @@ class QubesVm(object):
        ### Mark attrs for XML inclusion
        # Simple string attrs
        for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
-            'pcidevs', 'vcpus', 'internal',\
+            'pcidevs', 'pci_strictreset', 'vcpus', 'internal',\
            'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
            'kernelopts', 'services', 'installed_by_rpm',\
            'uses_default_netvm', 'include_in_backups', 'debug',\
@ -1056,7 +1057,7 @@ class QubesVm(object):
        return template.format(ip=ip, mac=mac, backend=backend)

    def _format_pci_dev(self, address):
-        template = "    <hostdev type='pci' managed='yes'>\n" \
+        template = "    <hostdev type='pci' managed='yes'{strictreset}>\n" \
                   "      <source>\n" \
                   "        <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
                   "      </source>\n" \
@ -1067,7 +1068,10 @@ class QubesVm(object):
        return template.format(
                bus=dev_match.group(1),
                slot=dev_match.group(2),
-                fun=dev_match.group(3))
+                fun=dev_match.group(3),
+                strictreset=("" if self.pci_strictreset else
+                             " nostrictreset='yes'"),
+        )

    def get_config_params(self):
        args = {}
--- a/doc/qvm-tools/qvm-prefs.rst
+++ b/doc/qvm-tools/qvm-prefs.rst
@ -37,6 +37,16 @@ include_in_backups
 pcidevs
    PCI devices assigned to the VM. Should be edited using qvm-pci tool.

+pci_strictreset
+    Accepted values: ``True``, ``False``
+
+    Control whether prevent assigning to VM a device which does not support any
+    reset method. Generally such devices should not be assigned to any VM,
+    because there will be no way to reset device state after VM shutdown, so
+    the device could attack next VM to which it will be assigned. But in some
+    cases it could make sense - for example when the VM to which it is assigned
+    is trusted one, or is running all the time.
+
 label
    Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``

--- a/qvm-tools/qvm-prefs
+++ b/qvm-tools/qvm-prefs
@ -55,6 +55,7 @@ def do_list(vm):
    print fmt.format ("dir", vm.dir_path)
    print fmt.format ("config", vm.conf_file)
    print fmt.format ("pcidevs", vm.pcidevs)
+    print fmt.format ("pci_strictreset", vm.pci_strictreset)
    if vm.template is None:
        print fmt.format ("root_img", vm.root_img)
    if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None:
@ -217,6 +218,14 @@ def set_pcidevs(vms, vm, args):
    vm.pcidevs = list(eval(args[0]))
    return True

+def set_pci_strictreset(vms, vm, args):
+    if len (args) != 1:
+        print >> sys.stderr, "Missing value (True/False)!"
+        return False
+
+    vm.pci_strictreset = bool(eval(args[0].capitalize()))
+    return True
+
 def set_netvm(vms, vm, args):
    if len (args) != 1:
        print >> sys.stderr, "Missing netvm name argument!"
@ -475,6 +484,7 @@ def set_timezone(vms, vm, args):
 properties = {
    "include_in_backups": set_include_in_backups,
    "pcidevs": set_pcidevs,
+    "pci_strictreset": set_pci_strictreset,
    "label" : set_label,
    "netvm" : set_netvm,
    "dispvm_netvm" : set_dispvm_netvm,
--- a/rpm_spec/core-dom0.spec
+++ b/rpm_spec/core-dom0.spec
@ -57,7 +57,7 @@ Requires:       libvirt-python
 %if x%{?backend_vmm} == xxen
 Requires:       xen-runtime
 Requires:       xen-hvm
-Requires:       libvirt-daemon-xen
+Requires:       libvirt-daemon-xen >= 1.2.12-3
 %endif
 Requires:       createrepo
 Requires:       gnome-packagekit