Commit Graph

342 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
92a86fad18
version 4.0.10 2017-11-21 04:46:49 +01:00
Marek Marczykowski-Górecki
141b9912e8
Initialize pad field in filecopy final response
Do not leak 4 bytes from the receiver stack.

Reported by @cfcs
2017-11-20 13:58:39 +01:00
Marek Marczykowski-Górecki
75fa0d3cb0
Merge remote-tracking branch 'qubesos/pr/26'
* qubesos/pr/26:
  This commit specifies the integer width explicitly to match `result_header_ext` etc.
2017-11-20 13:56:55 +01:00
Your Name
a96fe7203e This commit specifies the integer width explicitly to match result_header_ext etc.
also, can someone explain to me why `send_status_and_crc` does not need
to set `_pad` to prevent leaking stack memory in the responses?
2017-11-20 02:40:35 +01:00
qubesuser
ee58088dec replace tinting algorithm with one that partially preserves saturation too
This algorithm partially preserves saturation, for a  better result, but
enforces a minimum chroma, so that greyscale images get tinted.
2017-11-08 18:57:22 +01:00
qubesuser
843ac6c477 reimplement tint algorithm with numpy for reasonable performance
The old algorithm was so slow it would take seconds to tint all images
for a VM.
2017-11-08 18:57:22 +01:00
qubesuser
86e9231ac9 use PIL image library instead of ImageMagick to load/save images when tinting 2017-11-08 18:57:22 +01:00
qubesuser
6c6070ab49 add Python pillow and numpy dependencies 2017-11-08 17:45:21 +01:00
qubesuser
f893420871 remove unused cairo import 2017-11-08 17:45:21 +01:00
qubesuser
4d08ff40a9 Speed up udev-block-add-change by not using xenstore
xenstore-ls is incredibly slow, while reading sysfs is much faster
2017-11-08 03:37:53 +01:00
Olivier MEDOC
19cb61a0ed archlinux: build imgconverter with both python2 and python3 2017-10-22 19:17:12 +02:00
Marek Marczykowski-Górecki
f7cd2b2a76
version 4.0.9 2017-10-17 23:54:15 +02:00
Marek Marczykowski-Górecki
09e6d2ac95
initramfs: add support for variable partitions layout
Try to find root filesystem by partition label (not filesystem label!).
If that fails, default to 3rd partition according to (new) default
layout.

Fixes QubesOS/qubes-issues#3173
2017-10-17 22:45:07 +02:00
Marek Marczykowski-Górecki
e9615899ff
qubes-prepare-vm-kernel: Include kernel and initramfs inside modules.img
This will allow to boot the HVM using provided kernel directly (loaded
by qemu in stubdomain), without need for additional bootloader.

Fixes QubesOS/qubes-issues#2822
2017-10-16 23:43:03 +02:00
Marek Marczykowski-Górecki
b227d01a8a
Fix initramfs scripts on Debian
1. /etc/udev/rules.d needs to be created
2. udev needs to be reloaded explicitly

Fixes QubesOS/qubes-issues#3178
2017-10-16 23:41:21 +02:00
Marek Marczykowski-Górecki
766f83de8e
version 4.0.8 2017-09-30 01:59:38 +02:00
Marek Marczykowski-Górecki
b2207b44fc
travis: add fc26 build 2017-09-29 21:13:16 +02:00
Frédéric Pierret
b3f24caaf2
Fix CentOS dependencies: python3 2017-09-28 14:34:20 +02:00
Marek Marczykowski-Górecki
c62c8e4416
version 4.0.7 2017-09-15 13:43:18 +02:00
Marek Marczykowski-Górecki
c7420318e2
udev: fix loop devices exclusion based on directory flagfile
Getting loop device backing file path was broken:
${NAME%p*} for not-partitioned devices will cut the actual device name.
Use full name instead. This probably breaks handling partitioned
devices, but such devices should not appear in a directory flagged to be
ignored (VM images)

QubesOS/qubes-issues#3084
2017-09-15 05:25:42 +02:00
Olivier MEDOC
0207537b50
Fix gcc Werror because of a typo in a switch/case explicit fallthrough comment
GCC crash because of -Werror=implicit-fallthrough. However the fallthrough exists but has a typo.

Thanks for omac777 analysis (7d0b8155a3)

However the fallthrough exists but has a typo

(cherry picked from commit ea0c714139)
2017-09-13 01:06:04 +02:00
Marek Marczykowski-Górecki
d703652070
version 4.0.6 2017-09-12 04:52:48 +02:00
Marek Marczykowski-Górecki
764b0f3f07
udev: major cleanup in block devices handling
1. Do not detach device forcefully when it's removed. This breaks
libvirt (which thinks the device is still there). After this change, it
is possible to detach device using libvirt, even if it was already
removed physically from backend domain (unless it is dom0 - in which
case it is still broken). So, this is partial fix for
QubesOS/qubes-issues#1082.

2. Do not trigger "change" udev event when only QubesDB state needs to
be updated - this leads to massive udev events queue, and heavy I/O
usage - for example scanning all LVM many times. In some cases it even
caused infinite event queue.

3. Do not use QUBES_EXPOSED udev property - it was needed a while back
before QubesDB, because concurrent xenstore accesses are expensive
(because of transactions). It isn't the problem on QubesDB.

4. Cache information about device-mapper, so it is possible to
reconstruct it at device remove - when the actual device cannot be
queried anymore. This is specifically about list of lower layer devices
used.

5. Allow excluding loop devices pointing at a file in directory marked
with ".qubes-exclude-block-devices" file. This is more generic than
hardcoding /var/lib/qubes.

QubesOS/qubes-issues#3084
Fixes QubesOS/qubes-issues#3073
QubesOS/qubes-issues#1082
2017-09-12 04:25:34 +02:00
Marek Marczykowski-Górecki
dd71f295e5
Merge remote-tracking branch 'qubesos/pr/16'
* qubesos/pr/16:
  Fix off-by-one error in header length calculation
2017-08-12 14:02:51 +02:00
Jean-Philippe Ouellet
349f79bc66
Fix off-by-one error in header length calculation
int(ceil(log10(100))) is one lower than it should be when max widths are
powers of 10. This means providing a value of 100 when the max is 100
produces an unexpected failure.

Was never triggered because imghdrlen args are only hard-coded
constants, but a bug is a bug.
2017-08-11 09:43:41 -04:00
Marek Marczykowski-Górecki
22c94c37a9
version 4.0.5 2017-08-11 13:34:11 +02:00
Marek Marczykowski-Górecki
823d73a524
udev: filter-out QEMU devices
Fixes QubesOS/qubes-issues#2969
2017-08-07 23:00:53 +02:00
Marek Marczykowski-Górecki
43908b7eaa
version 4.0.4 2017-07-29 05:19:34 +02:00
Marek Marczykowski-Górecki
b130b79b28
Merge remote-tracking branch 'qubesos/pr/15'
* qubesos/pr/15:
  u2mfn: get mfn via pte
2017-07-24 14:02:37 +02:00
Marek Marczykowski-Górecki
4dd813c14b
version 4.0.3 2017-07-06 19:41:04 +02:00
Marek Marczykowski-Górecki
0d4c561064
udev: don't list in qvm-block any device marked to be ignored by udev
Not only device-mapper one.
This especially include loop devices for VM disk images.

QubesOS/qubes-issues#2319
2017-07-06 19:40:51 +02:00
HW42
f14637a615 u2mfn: get mfn via pte
Before this commit u2mfn got the address via kmap(get_user_pages(...)).
This has the problem that get_user_pages() does not work in some cases.
For example when qemu in a stubdom tries to get the mfn for a page which
is mapped from the target domain u2mfn fails because get_user_pages()
cannot be used for such mappings.

So get the address from the pte with apply_to_page_range(). Since we are
only interested in one page get_locked_pte() would be simpler but it's
not available to modules.
2017-07-05 20:21:22 +02:00
Marek Marczykowski-Górecki
1b437e57d5
Merge remote-tracking branch 'qubesos/pr/14'
* qubesos/pr/14:
  Fall back to sync() if syncfs() is unavailable
2017-07-04 13:29:13 +02:00
Marek Marczykowski-Górecki
eb1b20fd48
version 4.0.2 2017-06-24 14:55:03 +02:00
Rusty Bird
90a1e6abbd
Fall back to sync() if syncfs() is unavailable
It seems better to err on the side of safety (vs. performance).
2017-06-16 16:13:44 +00:00
Marek Marczykowski-Górecki
da3f3cd426
initramfs: use symlink for rw root.img, instead of dm-linear
Do not add 1:1 dm-linear when root.img (/dev/xvda) is read-write. This
was to always have root device at /dev/mapper/dmroot, but unfortunately
grub can't parse it properly (fails at looking for partition number of
/dev/xvda1). There was a hack specifically for this, but it caused other
partitions on xvda unavailable.
On the other hand, symlink is enough to be able to mount always the same
device. Now, grub detect that root fs is on /dev/xvda1, which is
enough to have grub2-install working. Unfortunate effect is that it puts
root=/dev/xvda1 at kernel command line, which breaks AppVMs based on
this TemplateVM. But it's easier to fix kernel command line, than grub
device detection logic.

Fixes "initramfs: add support for root.img with partition table"

QubesOS/qubes-issues#2557
2017-06-12 13:02:31 +02:00
Paras Chetal
e9b8e5a4d1
Fix include header syntax 2017-06-09 04:45:38 +05:30
Marek Marczykowski-Górecki
77c6d8be6a
version 4.0.1 2017-05-18 01:54:46 +02:00
Marek Marczykowski-Górecki
4d6579474d
rpm: add missing build requires 2017-05-18 01:23:23 +02:00
Marek Marczykowski-Górecki
02d9a1e68f
imgconverter: use core3 API in get_from_vm() 2017-05-18 01:03:06 +02:00
Marek Marczykowski-Górecki
95805f6333
imgconverter: make it really work on python3 2017-05-18 01:03:06 +02:00
Marek Marczykowski-Górecki
6c36cb8de9
rpm: packge qubesimgconverter for both python2 and python3
And while at it, move it to separate subpackages, following Fedora
packaging guidelines.
2017-05-18 01:03:05 +02:00
unman
1db0daea9c
Improve error message when file exists 2017-04-16 02:08:54 +01:00
Marek Marczykowski-Górecki
40fe0d9c8f
travis: drop fc23 vm packages building 2017-04-10 11:01:46 +02:00
Marek Marczykowski-Górecki
ae56d597f3
rpm: add missing build requires 2017-04-10 10:47:48 +02:00
Marek Marczykowski-Górecki
488627e2e6
travis: switch to Qubes 4.0 2017-04-08 14:15:51 +02:00
Marek Marczykowski-Górecki
513a1cecf2
version 4.0.0 2017-04-08 13:58:53 +02:00
Marek Marczykowski-Górecki
13b9ea7f1c
debian: fix install location of python files
Debian use /usr/lib/python*/dist-packages (instead of site-packages) for
packaged python modules. It's achieved using --install-layout=deb
option, so pass it on Debian build.
2017-04-08 13:58:34 +02:00
Marek Marczykowski-Górecki
d0fe5e6f9a
initramfs: add support for root.img with partition table
Installing grub on root.img require some space before the filesystem.
Create it by adding partition table to root.img. This commit take care
of assembling dmroot device when such partition table is present, while
preserving compatibility with partition-less images.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
5c7c54adab
initramfs: move qubes_cow_setup hook to pre-trigger
This hook require new device nodes to appear in /dev. If devtmpfs is
used, it's not a problem ("simple" initramfs case), but otherwise udevd
is needed - and it isn't running in pre-udev hook yet.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00