Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,086 Commits 1 Branch 0 Tags 15 MiB
6d1f40219c
Commit Graph

3086 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
bdae560770 backup: fix deadlock on error while receiving backup from a VM 
When qfile-dom0-unpacker detects an error, it sends error report to
stdout and terminate (so stdout is closed). That close should be
transferred to the VM process (as EOF on its stdin), which will signal
it to stop sending the data and handle error report.
Also qrexec-client holds the connection until both stdin and
stdout are closed.
So when that EOF is missing, tar2qfile will not detect error report and
still tries to send the data and qrexec-client will hold the
connection while receiving process is long dead.

To prevent that deadlock from happening, close FD in python code, so
qfile-dom0-unpacker will be the last owner of write end of the pipe.
When it closes its stdout, qrexec-client will receive EOF at its stdin.
 2015-02-18 21:41:22 +01:00
Marek Marczykowski-Górecki
affb39f435 Merge remote-tracking branch 'woju/master' 2015-02-18 15:11:05 +01:00
Wojtek Porczyk
d81ae01d48 tests: add logging 
Test suite now logs to three places:
 * syslog
 * ${HOME}/qubes-tests.log
 * /dev/kmsg (only start and errors; this is handy while debugging Oopses by
   correlating them with tests)
 2015-02-11 16:34:35 +01:00
Marek Marczykowski-Górecki
ef1bf9b33b dispvm: fix setting up DispVM based on non-default template 
Replace 'vmdir' symlink instead of creating new one inside of 'vmdir'
directory.
 2015-02-11 15:02:33 +01:00
Marek Marczykowski-Górecki
246de96dcd core: make vm.rootcow_img a property 2015-02-11 13:59:57 +01:00
Wojtek Porczyk
b6530200c9 tests: fix after Marek's review 2015-02-11 13:15:35 +01:00
Wojtek Porczyk
7f75ed4d73 tests: runner backported from core3 2015-02-10 23:24:24 +01:00
Wojtek Porczyk
226e257d2a tests: refactored 2015-02-10 23:24:24 +01:00
Marek Marczykowski-Górecki
cf41d94754 core: implement VM suspend 
Required for proper host sleep when netvm is running.
 2015-02-10 06:45:47 +01:00
Marek Marczykowski-Górecki
e67e9a4be1 Revert part of "core: remove kernel properties from DispVM and Dom0 (#948)" 
This reverts DispVM part of commit 72cf3a8201.
 2015-02-09 22:29:23 +01:00
Marek Marczykowski-Górecki
726d5686ac tests: disable qrexec_filecopy_self test 
When vchan connection is established back to the source domain, gntalloc
crashes with this message:
[    9.937990] BUG: Bad page map in process qrexec-agent  pte:80000000f9d41167 pmd:131c3067
[    9.938010] page:ffffea00036a6638 count:1 mapcount:-1 mapping:          (null) index:0xffffffffffffffff
[    9.938018] page flags: 0x4000000000000c14(referenced|dirty|reserved|private)
[    9.938033] addr:00007fa856d47000 vm_flags:140400fb anon_vma:          (null) mapping:ffff880011efe940 index:11
[    9.938042] vma->vm_ops->fault:           (null)
[    9.938057] vma->vm_file->f_op->mmap: gntalloc_mmap+0x0/0x1c0 [xen_gntalloc]
[    9.938066] CPU: 0 PID: 1108 Comm: qrexec-agent Tainted: G           O 3.12.23-1.pvops.qubes.x86_64 #1
[    9.938074]  ffff8800131f3818 ffff88001316fc78 ffffffff814db550 00007fa856d47000
[    9.938085]  ffff88001316fcb8 ffffffff81139413 ffff880011efe940 ffff8800131c3a38
[    9.938096]  ffffea00036a6638 00007fa856d47000 00007fa856d57000 ffff88001316fe18
[    9.938107] Call Trace:
[    9.938117]  [<ffffffff814db550>] dump_stack+0x45/0x56
[    9.938126]  [<ffffffff81139413>] print_bad_pte+0x1a3/0x240
[    9.938133]  [<ffffffff8113ac9e>] unmap_page_range+0x6ee/0x7d0
[    9.938142]  [<ffffffff8113adf6>] unmap_single_vma+0x76/0xa0
[    9.938149]  [<ffffffff8113be09>] unmap_vmas+0x49/0x90
[    9.938157]  [<ffffffff8114443c>] exit_mmap+0x9c/0x170
[    9.938166]  [<ffffffff8105950c>] mmput+0x5c/0x110
[    9.938175]  [<ffffffff8105d74c>] do_exit+0x27c/0xa20
[    9.938184]  [<ffffffff810908ef>] ? vtime_account_user+0x4f/0x60
[    9.938194]  [<ffffffff81116502>] ? context_tracking_user_exit+0x52/0xc0
[    9.938203]  [<ffffffff8105ed2a>] do_group_exit+0x3a/0xa0
[    9.938211]  [<ffffffff8105ed9f>] SyS_exit_group+0xf/0x10
[    9.938220]  [<ffffffff814ea907>] tracesys+0xdd/0xe2
 2015-02-09 22:09:15 +01:00
Marek Marczykowski-Górecki
c663b1dd2d tests: add simple HVM tests 2015-02-09 06:18:57 +01:00
Marek Marczykowski-Górecki
bc35b99549 tests: update DispVM test 
Apparently 'l' and 'n' characters aren't passed correctly by xdotool
(some keymap problem?). Do not use them in test text.
 2015-02-09 06:17:43 +01:00
Marek Marczykowski-Górecki
27be178a04 tests: add tests for qrexec exit code 2015-02-09 06:08:48 +01:00
Marek Marczykowski-Górecki
086e88183e Explicitly enable emulated GPU 
Previously it was enabled only because of bug in libvirt. Now it is
fixed (9e0e0224438b79073bf404627fed8e2889669374), so config needs to be
updated.
 2015-02-09 06:04:31 +01:00
Marek Marczykowski-Górecki
adfc4e0ac9 core: disks handling cleanup, fix them for TemplateHVM 
Move rootcow_img to storage class, remove clean_volatile_img. And most
importantly - set source_template in QubesHVm.create_on_disk.
 2015-02-09 06:02:20 +01:00
Marek Marczykowski-Górecki
2def43517a core/hvm: handle verbose option for guid 2015-02-09 05:39:44 +01:00
Marek Marczykowski-Górecki
5d9fa977e2 Ensure that qvm-shutdown is called while libvirtd is still running 2015-02-09 03:47:45 +01:00
Marek Marczykowski-Górecki
393bb00471 core: update reporting for missing VT-x 2015-02-09 03:46:53 +01:00
Marek Marczykowski-Górecki
869675c15c core: convert memory/cpu stats to libvirt API 2015-02-09 03:28:01 +01:00
Marek Marczykowski-Górecki
f9b2636c73 tests: dom0 update 2015-02-09 03:26:57 +01:00
Marek Marczykowski-Górecki
48fd2669cb raise correct exception 2015-02-07 01:14:22 +01:00
Marek Marczykowski-Górecki
4e26588bb3 core/hvm: remove xenstore code 
QubesDB does not require setting up directory (and permissions), so just
remove the function.
 2015-02-07 01:12:29 +01:00
Marek Marczykowski-Górecki
89f8f219bf core: changes in libvirt config for libvirt-1.2.12 2015-02-05 06:31:00 +01:00
Marek Marczykowski-Górecki
17a92dd179 tests: fix checking of ping return code 
Switch ==1 to !=0 - ping can exit with different errors (timeout,
resolve failed etc), but we don't care what was the reason.
 2015-02-02 04:50:37 +01:00
Marek Marczykowski-Górecki
26a9dcda66 tests: actually install network tests 2015-02-02 04:50:26 +01:00
Marek Marczykowski-Górecki
2554d6aee3 Ensure that qubes-netvm.service is started after libvirtd 2015-02-02 04:49:56 +01:00
Marek Marczykowski-Górecki
c74fda802c Use tmpfile.d to create /var/run subdirs 
This way it will be done much earlier, so qubes-db can be started before
qubes-core.service - which will solve startup dependency loop problem.
 2015-02-02 04:48:42 +01:00
Marek Marczykowski-Górecki
db95153619 doc: typo fix 2015-01-30 01:40:41 +01:00
Marek Marczykowski-Górecki
72cf3a8201 core: remove kernel properties from DispVM and Dom0 (#948) 
Qubes does not keep track of those kernel versions.

Conflicts:
	core-modules/01QubesDisposableVm.py
 2015-01-30 01:40:40 +01:00
Marek Marczykowski-Górecki
2f7b3adeec doc: qvm-create-default-dvm (#940) 2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
c2675c00e7 doc: sync qvm-service documentation 2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
59a5ae9415 doc: add qvm-services: set-default-route, set-dns-server 2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
6b05d5b392 Add qvm-trim-template tool 
Based on work done by Matt McCutchen <matt@mattmccutchen.net>, details
here:
https://groups.google.com/d/msgid/qubes-users/1417939737.2033.24.camel%40localhost
 2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
49d510dc65 core: prevent permissions error when VM was started by root 
When VM is started by root, config file is created with root owner and
user has no write access to it. As the directory is user-writable,
delete the file first.

Conflicts:
	core-modules/000QubesVm.py
 2015-01-30 01:39:57 +01:00
Marek Marczykowski-Górecki
52334bc414 core: fix firewall update code 
Do not load qubes.xml again, it can cause race conditions between two
instances of the same VM objects.
Especially when VM is starting ProxyVM to which it is connected,
firewall rules could not be loaded.
 2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
c489a81dfa tests: networking 2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
25c425920c qvm-tools: fix error reporting in qvm-kill 2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
73301a67c8 core: fix vm.run(..., passio=False) handling 
Long time ago passio=True was used to replace current process with
qrexec-client directly (qvm-run --pass-io was the called), but this
behaviour is not used anymore (qvm-run was the only user). And this
option was left untouched, with misleading name - one would assume that
using passio=False should disallow any I/O, but this isn't the case.

Especially qvm-sync-clock is calling clockvm.run('...', wait=True),
default value for passio=False. This causes to output data from
untrusted VM, without sanitising terminal sequences, which can be fatal.

This patch changes passio semantic to actually do what it means - when
set to True - VM process will be able to interact with
stdin/stdout/stderr. But when set to False, all those FDs will be
connected to /dev/null.

Conflicts:
	core-modules/000QubesVm.py
 2015-01-30 01:38:52 +01:00
Marek Marczykowski-Górecki
1da8ab5823 core: Add missing import 2015-01-08 03:55:02 +01:00
Marek Marczykowski-Górecki
adff88101a Rework QubesWatch implementation for libvirt events 2014-12-26 02:56:38 +01:00
Marek Marczykowski-Górecki
d4ab70ae9d core: update qvm-block code for HAL API 
Use QubesDB to get list of devices, call libvirt methods to
attach/detach devices.
 2014-12-12 03:59:01 +01:00
Zrubi
b4e0833cb7 qubes-hcl-report v2.2 
- Network devices section added to HCL Info output
 2014-12-05 19:33:17 +01:00
Zrubi
55fce5dd36 qubes-hcl-report v2.1 
- script redesign,
- fixed VT-d, VT-x detection,
- Support File generation is optional,
- the results are kept in dom0 by default,
- version and usage info added.

(cherry picked from commit f5845b2df1db19da37f02ace24f29a82660c39ff)
 2014-12-05 17:06:17 +01:00
Marek Marczykowski-Górecki
7a3bce6c61 core: fix is_paused method 2014-11-29 02:58:47 +01:00
Marek Marczykowski-Górecki
6da608783f version 3.0.0 2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
ebb9a1fcb2 dispvm: fix tray notifications (#874) 
Conflicts:
	dispvm/qfile-daemon-dvm
 2014-11-21 23:46:58 +01:00
Marek Marczykowski-Górecki
592a4901c9 core: import monitorlayoutnotify instead of calling it as external script 
Otherwise deadlock could happen - the script will try to get read lock
on qubes.xml, while the calling tool can already hold the lock. If that
was write lock (which is in case of qfile-daemon-dvm), the deadlock
occurs.
 2014-11-21 21:45:03 +01:00
Marek Marczykowski-Górecki
ce716f9c5a rpm: add R: PyQt4 for guihelpers module 
It was pulled by qubes-manager, but since it is optional, we shouldn't
rely on its dependencies.
 2014-11-21 20:09:57 +01:00
Wojciech Zygmunt Porczyk
6b0a5f9738 storage/xen.py: always initialise args['otherdevs'] 2014-11-19 12:50:32 +01:00