Break the ioctl calls from blkdiscard into max 1GB worth of blocks per call. This ensures that the amount of pending discards (both for the virtual lvm thin volume as well as any lower level device recipients) do not dominate the IO streams to the devices. Before this change, IO blocking was leading to both UI and processing freezes in Qubes while very large LVM volumes were being removed. The change will allow other device IOs to be interleaved between the internal ioctl calls from blkdiscard.
Allow user login while some VMs are still starting. This improves UX of
the system startup, since user can start using the system earlier.
FixesQubesOS/qubes-issues#3149
If the destination domain doesn't exist anymore when the call gets
to qubesd, inform the client accordingly rather than giving it
a generic PermissionDenied error.
This enables client applications to handle such edge cases. Some
may want to inform the user about an incorrect request, others
(e.g. qvm-ls) may want to remove the specific domain from their
result list or try again later.
FixesQubesOS/qubes-issues#5105
Qubesd limits max payload to 64kb. Do the same in qubesd-query, to avoid
loading to memory potentially unbounded amount of data that would be
refused later anyway.
Reported by @DemiMarie
Theoretically libvirt/libxl should reject too long values anyway, but
lets provide early feedback and reject value that would cause VM start
fail later.
Reported by @DemiMarie
Validate the syntax of net.fake-* features values. While improper values
currently would lead "only" to lack of network connectivity for a VM,
the scripts handling those may assume they are properly formatted
already. Furthermore, this gives better error reporting to the user.
This avoids XML-injection by a malformed property value. If a property
value is controlled by a less privileged entity (like Management VM), it
could lead to a privilege escalation.
Reported by @DemiMarie
umask() modifies the whole process, which could lead to odd permission
problems in concurrent code. Use explicit fchmod() calls instead.
Preserve the legacy storage/file behavior of creating files 0o664 in
FileVolume.create() and 0o644 (from the normal qubesd umask) otherwise.
Get rid of an otherwise unused module-level variable (HOST_MACHINE), and
show the relevant file (reflink.py) in the error message:
Traceback (most recent call last):
File "/usr/bin/qubesd", line 2, in <module>
from qubes.tools.qubesd import main
File "/usr/lib/python3.8/site-packages/qubes/__init__.py", line 801, in <module>
from qubes.app import Qubes
File "/usr/lib/python3.8/site-packages/qubes/app.py", line 64, in <module>
import qubes.storage.reflink
File "/usr/lib/python3.8/site-packages/qubes/storage/reflink.py", line 46, in <module>
FICLONE = {
KeyError: 'armv7l'
qubesd.service: Main process exited, code=exited, status=1/FAILURE
