From 9cbf9a8a592404a3f135165a88f771f125577275 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 28 May 2015 00:06:25 +0200
Subject: [PATCH] Add support for 'pci_strictreset' option

This allows to assign PCI device to the VM, even if it doesn't support
proper reset. The default behaviour (when the value is True) is to not
allow such attachment (VM will not start if such device is assigned).

Require libvirt patch for this option.
---
 core-modules/000QubesVm.py  | 10 +++++++---
 doc/qvm-tools/qvm-prefs.rst | 10 ++++++++++
 qvm-tools/qvm-prefs         | 10 ++++++++++
 rpm_spec/core-dom0.spec     |  2 +-
 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py
index 5f637b43..81bb6f10 100644
--- a/core-modules/000QubesVm.py
+++ b/core-modules/000QubesVm.py
@@ -128,6 +128,7 @@ class QubesVm(object):
                 "func": lambda value: [] if value in ["none", None]  else
                     eval(value) if value.find("[") >= 0 else
                     eval("[" + value + "]") },
+            "pci_strictreset": {"default": True},
             # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
             "internal": { "default": False, 'attr': '_internal' },
             "vcpus": { "default": None },
@@ -188,7 +189,7 @@ class QubesVm(object):
         ### Mark attrs for XML inclusion
         # Simple string attrs
         for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
-            'pcidevs', 'vcpus', 'internal',\
+            'pcidevs', 'pci_strictreset', 'vcpus', 'internal',\
             'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
             'kernelopts', 'services', 'installed_by_rpm',\
             'uses_default_netvm', 'include_in_backups', 'debug',\
@@ -1056,7 +1057,7 @@ class QubesVm(object):
         return template.format(ip=ip, mac=mac, backend=backend)
 
     def _format_pci_dev(self, address):
-        template = "    <hostdev type='pci' managed='yes'>\n" \
+        template = "    <hostdev type='pci' managed='yes'{strictreset}>\n" \
                    "      <source>\n" \
                    "        <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
                    "      </source>\n" \
@@ -1067,7 +1068,10 @@ class QubesVm(object):
         return template.format(
                 bus=dev_match.group(1),
                 slot=dev_match.group(2),
-                fun=dev_match.group(3))
+                fun=dev_match.group(3),
+                strictreset=("" if self.pci_strictreset else
+                             " nostrictreset='yes'"),
+        )
 
     def get_config_params(self):
         args = {}
diff --git a/doc/qvm-tools/qvm-prefs.rst b/doc/qvm-tools/qvm-prefs.rst
index ef1c6878..197ef6eb 100644
--- a/doc/qvm-tools/qvm-prefs.rst
+++ b/doc/qvm-tools/qvm-prefs.rst
@@ -37,6 +37,16 @@ include_in_backups
 pcidevs
     PCI devices assigned to the VM. Should be edited using qvm-pci tool.
 
+pci_strictreset
+    Accepted values: ``True``, ``False``
+
+    Control whether prevent assigning to VM a device which does not support any
+    reset method. Generally such devices should not be assigned to any VM,
+    because there will be no way to reset device state after VM shutdown, so
+    the device could attack next VM to which it will be assigned. But in some
+    cases it could make sense - for example when the VM to which it is assigned
+    is trusted one, or is running all the time.
+
 label
     Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``
 
diff --git a/qvm-tools/qvm-prefs b/qvm-tools/qvm-prefs
index 36b57f76..8eac355d 100755
--- a/qvm-tools/qvm-prefs
+++ b/qvm-tools/qvm-prefs
@@ -55,6 +55,7 @@ def do_list(vm):
     print fmt.format ("dir", vm.dir_path)
     print fmt.format ("config", vm.conf_file)
     print fmt.format ("pcidevs", vm.pcidevs)
+    print fmt.format ("pci_strictreset", vm.pci_strictreset)
     if vm.template is None:
         print fmt.format ("root_img", vm.root_img)
     if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None:
@@ -217,6 +218,14 @@ def set_pcidevs(vms, vm, args):
     vm.pcidevs = list(eval(args[0]))
     return True
 
+def set_pci_strictreset(vms, vm, args):
+    if len (args) != 1:
+        print >> sys.stderr, "Missing value (True/False)!"
+        return False
+
+    vm.pci_strictreset = bool(eval(args[0].capitalize()))
+    return True
+
 def set_netvm(vms, vm, args):
     if len (args) != 1:
         print >> sys.stderr, "Missing netvm name argument!"
@@ -475,6 +484,7 @@ def set_timezone(vms, vm, args):
 properties = {
     "include_in_backups": set_include_in_backups,
     "pcidevs": set_pcidevs,
+    "pci_strictreset": set_pci_strictreset,
     "label" : set_label,
     "netvm" : set_netvm,
     "dispvm_netvm" : set_dispvm_netvm,
diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec
index c9612885..86612c48 100644
--- a/rpm_spec/core-dom0.spec
+++ b/rpm_spec/core-dom0.spec
@@ -57,7 +57,7 @@ Requires:       libvirt-python
 %if x%{?backend_vmm} == xxen
 Requires:       xen-runtime
 Requires:       xen-hvm
-Requires:       libvirt-daemon-xen
+Requires:       libvirt-daemon-xen >= 1.2.12-3
 %endif
 Requires:       createrepo
 Requires:       gnome-packagekit