Add support for 'pci_strictreset' option
This allows to assign PCI device to the VM, even if it doesn't support proper reset. The default behaviour (when the value is True) is to not allow such attachment (VM will not start if such device is assigned). Require libvirt patch for this option.
This commit is contained in:
parent
c9a670cbd1
commit
9cbf9a8a59
@ -128,6 +128,7 @@ class QubesVm(object):
|
|||||||
"func": lambda value: [] if value in ["none", None] else
|
"func": lambda value: [] if value in ["none", None] else
|
||||||
eval(value) if value.find("[") >= 0 else
|
eval(value) if value.find("[") >= 0 else
|
||||||
eval("[" + value + "]") },
|
eval("[" + value + "]") },
|
||||||
|
"pci_strictreset": {"default": True},
|
||||||
# Internal VM (not shown in qubes-manager, doesn't create appmenus entries
|
# Internal VM (not shown in qubes-manager, doesn't create appmenus entries
|
||||||
"internal": { "default": False, 'attr': '_internal' },
|
"internal": { "default": False, 'attr': '_internal' },
|
||||||
"vcpus": { "default": None },
|
"vcpus": { "default": None },
|
||||||
@ -188,7 +189,7 @@ class QubesVm(object):
|
|||||||
### Mark attrs for XML inclusion
|
### Mark attrs for XML inclusion
|
||||||
# Simple string attrs
|
# Simple string attrs
|
||||||
for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
|
for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
|
||||||
'pcidevs', 'vcpus', 'internal',\
|
'pcidevs', 'pci_strictreset', 'vcpus', 'internal',\
|
||||||
'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
|
'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
|
||||||
'kernelopts', 'services', 'installed_by_rpm',\
|
'kernelopts', 'services', 'installed_by_rpm',\
|
||||||
'uses_default_netvm', 'include_in_backups', 'debug',\
|
'uses_default_netvm', 'include_in_backups', 'debug',\
|
||||||
@ -1056,7 +1057,7 @@ class QubesVm(object):
|
|||||||
return template.format(ip=ip, mac=mac, backend=backend)
|
return template.format(ip=ip, mac=mac, backend=backend)
|
||||||
|
|
||||||
def _format_pci_dev(self, address):
|
def _format_pci_dev(self, address):
|
||||||
template = " <hostdev type='pci' managed='yes'>\n" \
|
template = " <hostdev type='pci' managed='yes'{strictreset}>\n" \
|
||||||
" <source>\n" \
|
" <source>\n" \
|
||||||
" <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
|
" <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
|
||||||
" </source>\n" \
|
" </source>\n" \
|
||||||
@ -1067,7 +1068,10 @@ class QubesVm(object):
|
|||||||
return template.format(
|
return template.format(
|
||||||
bus=dev_match.group(1),
|
bus=dev_match.group(1),
|
||||||
slot=dev_match.group(2),
|
slot=dev_match.group(2),
|
||||||
fun=dev_match.group(3))
|
fun=dev_match.group(3),
|
||||||
|
strictreset=("" if self.pci_strictreset else
|
||||||
|
" nostrictreset='yes'"),
|
||||||
|
)
|
||||||
|
|
||||||
def get_config_params(self):
|
def get_config_params(self):
|
||||||
args = {}
|
args = {}
|
||||||
|
@ -37,6 +37,16 @@ include_in_backups
|
|||||||
pcidevs
|
pcidevs
|
||||||
PCI devices assigned to the VM. Should be edited using qvm-pci tool.
|
PCI devices assigned to the VM. Should be edited using qvm-pci tool.
|
||||||
|
|
||||||
|
pci_strictreset
|
||||||
|
Accepted values: ``True``, ``False``
|
||||||
|
|
||||||
|
Control whether prevent assigning to VM a device which does not support any
|
||||||
|
reset method. Generally such devices should not be assigned to any VM,
|
||||||
|
because there will be no way to reset device state after VM shutdown, so
|
||||||
|
the device could attack next VM to which it will be assigned. But in some
|
||||||
|
cases it could make sense - for example when the VM to which it is assigned
|
||||||
|
is trusted one, or is running all the time.
|
||||||
|
|
||||||
label
|
label
|
||||||
Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``
|
Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``
|
||||||
|
|
||||||
|
@ -55,6 +55,7 @@ def do_list(vm):
|
|||||||
print fmt.format ("dir", vm.dir_path)
|
print fmt.format ("dir", vm.dir_path)
|
||||||
print fmt.format ("config", vm.conf_file)
|
print fmt.format ("config", vm.conf_file)
|
||||||
print fmt.format ("pcidevs", vm.pcidevs)
|
print fmt.format ("pcidevs", vm.pcidevs)
|
||||||
|
print fmt.format ("pci_strictreset", vm.pci_strictreset)
|
||||||
if vm.template is None:
|
if vm.template is None:
|
||||||
print fmt.format ("root_img", vm.root_img)
|
print fmt.format ("root_img", vm.root_img)
|
||||||
if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None:
|
if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None:
|
||||||
@ -217,6 +218,14 @@ def set_pcidevs(vms, vm, args):
|
|||||||
vm.pcidevs = list(eval(args[0]))
|
vm.pcidevs = list(eval(args[0]))
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def set_pci_strictreset(vms, vm, args):
|
||||||
|
if len (args) != 1:
|
||||||
|
print >> sys.stderr, "Missing value (True/False)!"
|
||||||
|
return False
|
||||||
|
|
||||||
|
vm.pci_strictreset = bool(eval(args[0].capitalize()))
|
||||||
|
return True
|
||||||
|
|
||||||
def set_netvm(vms, vm, args):
|
def set_netvm(vms, vm, args):
|
||||||
if len (args) != 1:
|
if len (args) != 1:
|
||||||
print >> sys.stderr, "Missing netvm name argument!"
|
print >> sys.stderr, "Missing netvm name argument!"
|
||||||
@ -475,6 +484,7 @@ def set_timezone(vms, vm, args):
|
|||||||
properties = {
|
properties = {
|
||||||
"include_in_backups": set_include_in_backups,
|
"include_in_backups": set_include_in_backups,
|
||||||
"pcidevs": set_pcidevs,
|
"pcidevs": set_pcidevs,
|
||||||
|
"pci_strictreset": set_pci_strictreset,
|
||||||
"label" : set_label,
|
"label" : set_label,
|
||||||
"netvm" : set_netvm,
|
"netvm" : set_netvm,
|
||||||
"dispvm_netvm" : set_dispvm_netvm,
|
"dispvm_netvm" : set_dispvm_netvm,
|
||||||
|
@ -57,7 +57,7 @@ Requires: libvirt-python
|
|||||||
%if x%{?backend_vmm} == xxen
|
%if x%{?backend_vmm} == xxen
|
||||||
Requires: xen-runtime
|
Requires: xen-runtime
|
||||||
Requires: xen-hvm
|
Requires: xen-hvm
|
||||||
Requires: libvirt-daemon-xen
|
Requires: libvirt-daemon-xen >= 1.2.12-3
|
||||||
%endif
|
%endif
|
||||||
Requires: createrepo
|
Requires: createrepo
|
||||||
Requires: gnome-packagekit
|
Requires: gnome-packagekit
|
||||||
|
Loading…
Reference in New Issue
Block a user