Add support for 'pci_strictreset' option

This allows to assign PCI device to the VM, even if it doesn't support
proper reset. The default behaviour (when the value is True) is to not
allow such attachment (VM will not start if such device is assigned).

Require libvirt patch for this option.
This commit is contained in:
Marek Marczykowski-Górecki 2015-05-28 00:06:25 +02:00
parent c9a670cbd1
commit 9cbf9a8a59
4 changed files with 28 additions and 4 deletions

View File

@ -128,6 +128,7 @@ class QubesVm(object):
"func": lambda value: [] if value in ["none", None] else "func": lambda value: [] if value in ["none", None] else
eval(value) if value.find("[") >= 0 else eval(value) if value.find("[") >= 0 else
eval("[" + value + "]") }, eval("[" + value + "]") },
"pci_strictreset": {"default": True},
# Internal VM (not shown in qubes-manager, doesn't create appmenus entries # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
"internal": { "default": False, 'attr': '_internal' }, "internal": { "default": False, 'attr': '_internal' },
"vcpus": { "default": None }, "vcpus": { "default": None },
@ -188,7 +189,7 @@ class QubesVm(object):
### Mark attrs for XML inclusion ### Mark attrs for XML inclusion
# Simple string attrs # Simple string attrs
for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem', for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
'pcidevs', 'vcpus', 'internal',\ 'pcidevs', 'pci_strictreset', 'vcpus', 'internal',\
'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\ 'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
'kernelopts', 'services', 'installed_by_rpm',\ 'kernelopts', 'services', 'installed_by_rpm',\
'uses_default_netvm', 'include_in_backups', 'debug',\ 'uses_default_netvm', 'include_in_backups', 'debug',\
@ -1056,7 +1057,7 @@ class QubesVm(object):
return template.format(ip=ip, mac=mac, backend=backend) return template.format(ip=ip, mac=mac, backend=backend)
def _format_pci_dev(self, address): def _format_pci_dev(self, address):
template = " <hostdev type='pci' managed='yes'>\n" \ template = " <hostdev type='pci' managed='yes'{strictreset}>\n" \
" <source>\n" \ " <source>\n" \
" <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \ " <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
" </source>\n" \ " </source>\n" \
@ -1067,7 +1068,10 @@ class QubesVm(object):
return template.format( return template.format(
bus=dev_match.group(1), bus=dev_match.group(1),
slot=dev_match.group(2), slot=dev_match.group(2),
fun=dev_match.group(3)) fun=dev_match.group(3),
strictreset=("" if self.pci_strictreset else
" nostrictreset='yes'"),
)
def get_config_params(self): def get_config_params(self):
args = {} args = {}

View File

@ -37,6 +37,16 @@ include_in_backups
pcidevs pcidevs
PCI devices assigned to the VM. Should be edited using qvm-pci tool. PCI devices assigned to the VM. Should be edited using qvm-pci tool.
pci_strictreset
Accepted values: ``True``, ``False``
Control whether prevent assigning to VM a device which does not support any
reset method. Generally such devices should not be assigned to any VM,
because there will be no way to reset device state after VM shutdown, so
the device could attack next VM to which it will be assigned. But in some
cases it could make sense - for example when the VM to which it is assigned
is trusted one, or is running all the time.
label label
Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black`` Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``

View File

@ -55,6 +55,7 @@ def do_list(vm):
print fmt.format ("dir", vm.dir_path) print fmt.format ("dir", vm.dir_path)
print fmt.format ("config", vm.conf_file) print fmt.format ("config", vm.conf_file)
print fmt.format ("pcidevs", vm.pcidevs) print fmt.format ("pcidevs", vm.pcidevs)
print fmt.format ("pci_strictreset", vm.pci_strictreset)
if vm.template is None: if vm.template is None:
print fmt.format ("root_img", vm.root_img) print fmt.format ("root_img", vm.root_img)
if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None: if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None:
@ -217,6 +218,14 @@ def set_pcidevs(vms, vm, args):
vm.pcidevs = list(eval(args[0])) vm.pcidevs = list(eval(args[0]))
return True return True
def set_pci_strictreset(vms, vm, args):
if len (args) != 1:
print >> sys.stderr, "Missing value (True/False)!"
return False
vm.pci_strictreset = bool(eval(args[0].capitalize()))
return True
def set_netvm(vms, vm, args): def set_netvm(vms, vm, args):
if len (args) != 1: if len (args) != 1:
print >> sys.stderr, "Missing netvm name argument!" print >> sys.stderr, "Missing netvm name argument!"
@ -475,6 +484,7 @@ def set_timezone(vms, vm, args):
properties = { properties = {
"include_in_backups": set_include_in_backups, "include_in_backups": set_include_in_backups,
"pcidevs": set_pcidevs, "pcidevs": set_pcidevs,
"pci_strictreset": set_pci_strictreset,
"label" : set_label, "label" : set_label,
"netvm" : set_netvm, "netvm" : set_netvm,
"dispvm_netvm" : set_dispvm_netvm, "dispvm_netvm" : set_dispvm_netvm,

View File

@ -57,7 +57,7 @@ Requires: libvirt-python
%if x%{?backend_vmm} == xxen %if x%{?backend_vmm} == xxen
Requires: xen-runtime Requires: xen-runtime
Requires: xen-hvm Requires: xen-hvm
Requires: libvirt-daemon-xen Requires: libvirt-daemon-xen >= 1.2.12-3
%endif %endif
Requires: createrepo Requires: createrepo
Requires: gnome-packagekit Requires: gnome-packagekit