version 3.0.17

When device becomes non-attachable (for example because it gets mounted,
or used as part of LVM/RAID/whatever), it should be removed from
advertised available devices. The code for removing QubesDB entry was
buggy - the device is actually a directory in QubesDB, not a single
entry.

QubesOS/qubes-issues#1600

(cherry picked from commit 22d6892ec9)

debian/changelog

@@ -1,3 +1,64 @@
+qubes-utils (3.0.17) wheezy; urgency=medium
+
+  * udev: fix hiding devices from qvm-block
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 01 May 2016 22:42:15 +0200
+
+qubes-utils (3.0.16) wheezy; urgency=medium
+
+  * udev: do not assume static device-mapper major number
+  * udev: ignore devices set to be ignore elsewhere
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 15 Jan 2016 12:40:17 +0100
+
+qubes-utils (3.0.15) wheezy; urgency=medium
+
+  * qrexec-lib: add glibc version test check for having syncfs
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 11 Dec 2015 21:44:12 +0100
+
+qubes-utils (3.0.14) wheezy; urgency=medium
+
+  [ Marek Marczykowski-Górecki ]
+  * debian: prevent upgrades without new enough qubes-core-agent
+
+  [ Rusty Bird ]
+  * qfile-unpacker: syncfs() to avoid qvm-move-to-vm data loss
+
+  [ Marek Marczykowski-Górecki ]
+  * qrexec: add clarification commends in qrexec.h
+  * qubes-prepare-vm-kernel: ensure proper permissions on initramfs
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 11 Dec 2015 21:09:45 +0100
+
+qubes-utils (3.0.13) wheezy; urgency=medium
+
+  [ Rusty Bird ]
+  * Check if QubesIncoming filesystem supports O_TMPFILE
+
+  [ Marek Marczykowski-Górecki ]
+  * rpm: disable debuginfo subpackage in qubes-kernel-vm-support
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 13 Nov 2015 23:20:22 +0100
+
+qubes-utils (3.0.12) wheezy; urgency=medium
+
+  * libqrexec-utils: fix linker options
+  * libqrexec-utils: bring back buffered write helpers
+  * libqrexec-utils: bump SO version because of ABI change
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 30 Oct 2015 15:33:28 +0100
+
+qubes-utils (3.0.11) wheezy; urgency=medium
+
+  [ qubesuser ]
+  * Report Xen balloon current size instead of Linux total memory
+
+  [ Marek Marczykowski-Górecki ]
+  * qfile-unpacker: do not call fdatasync() at each file (#1257)
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 11 Oct 2015 02:51:07 +0200
+
 qubes-utils (3.0.10) wheezy; urgency=medium
 
   [ Olivier MEDOC ]

debian/control

@@ -12,6 +12,7 @@ Package: qubes-utils
 Architecture: any
 Depends: qubesdb-vm, libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends}
 Conflicts: qubes-linux-utils
+Breaks: qubes-core-agent (<< 3.0.19)
 Recommends: python2.7
 Description: Qubes Linux utilities
  This package includes the basic qubes utilities necessary for domU.

kernel-modules/qubes-prepare-vm-kernel

@@ -56,6 +56,7 @@ function build_initramfs() {
         --conf /dev/null --confdir /var/empty \
         -d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \
         $output_file $kver
+    chmod 644 "$output_file"
 }
 
 if [ -z "$1" ]; then

qmemman/meminfo-writer.c

@@ -16,9 +16,9 @@ int used_mem_change_threshold;
 int delay;
 int usr1_received;
 
-const char *parse(const char *buf)
+const char *parse(const char *meminfo_buf, const char* dom_current_buf)
 {
-	const char *ptr = buf;
+	const char *ptr = meminfo_buf;
 	static char outbuf[4096];
 	int val;
 	int len;
@@ -59,6 +59,12 @@ const char *parse(const char *buf)
 		ptr += len;
 	}
 
+	if(dom_current_buf) {
+		int DomTotal = strtol(dom_current_buf, 0, 10);
+		if(DomTotal)
+			MemTotal = DomTotal;
+	}
+
 	used_mem =
 	    MemTotal - Buffers - Cached - MemFree + SwapTotal - SwapFree;
 	if (used_mem < 0)
@@ -103,13 +109,50 @@ void usr1_handler(int sig __attribute__((__unused__))) {
 	usr1_received = 1;
 }
 
-int main(int argc, char **argv)
+static inline void pread0_string(int fd, char* buf, size_t buf_size)
 {
-	char buf[4096];
+	int n = pread(fd, buf, buf_size - 1, 0);
-	int n;
+	if (n < 0) {
+		perror("pread");
+		exit(1);
+	}
+	buf[n] = 0;
+}
+
+static void update(struct xs_handle *xs, int meminfo_fd, int dom_current_fd)
+{
+	char dom_current_buf[32];
+	char dom_current_buf2[32];
+	char meminfo_buf[4096];
 	const char *meminfo_data;
-	int fd;
+
+	pread0_string(dom_current_fd, dom_current_buf, sizeof(dom_current_buf));
+
+	/* check until the dom current reading is stable to avoid races */
+	for(;;) {
+		pread0_string(meminfo_fd, meminfo_buf, sizeof(meminfo_buf));
+		pread0_string(dom_current_fd, dom_current_buf2, sizeof(dom_current_buf2));
+
+		if(!strcmp(dom_current_buf, dom_current_buf2))
+			break;
+
+		pread0_string(meminfo_fd, meminfo_buf, sizeof(meminfo_buf));
+		pread0_string(dom_current_fd, dom_current_buf, sizeof(dom_current_buf));
+
+		if(!strcmp(dom_current_buf, dom_current_buf2))
+			break;
+	}
+
+	meminfo_data = parse(meminfo_buf, dom_current_buf);
+	if (meminfo_data)
+		send_to_qmemman(xs, meminfo_data);
+}
+
+int main(int argc, char **argv)
+{
+	int meminfo_fd, dom_current_fd;
 	struct xs_handle *xs;
+	int n;
 
 	if (argc != 3 && argc != 4)
 		usage();
@@ -121,6 +164,8 @@ int main(int argc, char **argv)
 	if (argc == 4) {
 		pid_t pid;
 		sigset_t mask, oldmask;
+		int fd;
+		char buf[32];
 
 		switch (pid = fork()) {
 			case -1:
@@ -155,9 +200,14 @@ int main(int argc, char **argv)
 		}
 	}
 
-	fd = open("/proc/meminfo", O_RDONLY);
+	meminfo_fd = open("/proc/meminfo", O_RDONLY);
-	if (fd < 0) {
+	if (meminfo_fd < 0) {
-		perror("open meminfo");
+		perror("open /proc/meminfo");
+		exit(1);
+	}
+	dom_current_fd = open("/sys/devices/system/xen_memory/xen_memory0/info/current_kb", O_RDONLY);
+	if (dom_current_fd < 0) {
+		perror("open /sys/devices/system/xen_memory/xen_memory0/info/current_kb");
 		exit(1);
 	}
 	xs = xs_domain_open();
@@ -167,15 +217,8 @@ int main(int argc, char **argv)
 	}
 	if (argc == 3) {
 		/* if not waiting for signal, fork after first info written to xenstore */
-		n = pread(fd, buf, sizeof(buf)-1, 0);
+		update(xs, meminfo_fd, dom_current_fd);
-		if (n < 0) {
+
-			perror("pread");
-			exit(1);
-		}
-		buf[n] = 0;
-		meminfo_data = parse(buf);
-		if (meminfo_data)
-			send_to_qmemman(xs, meminfo_data);
 		n = fork();
 		if (n < 0) {
 			perror("fork");
@@ -187,15 +230,8 @@ int main(int argc, char **argv)
 	}
 
 	for (;;) {
-		n = pread(fd, buf, sizeof(buf)-1, 0);
+		update(xs, meminfo_fd, dom_current_fd);
-		if (n < 0) {
-			perror("pread");
-			exit(1);
-		}
-		buf[n] = 0;
-		meminfo_data = parse(buf);
-		if (meminfo_data)
-			send_to_qmemman(xs, meminfo_data);
 		usleep(delay);
 	}
 }
+

qrexec-lib/Makefile

@@ -1,8 +1,9 @@
 CC=gcc
 CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
 COMMONIOALL=ioall.o
-SO_VER=1
+SO_VER=2
 LDFLAGS=-shared
+VCHANLIBS = `pkg-config --libs vchan-$(BACKEND_VMM)`
 
 _XENSTORE_H=$(shell ls /usr/include/xenstore.h)
 ifneq "$(_XENSTORE_H)" ""
@@ -11,8 +12,8 @@ endif
 
 
 all: libqrexec-utils.so.$(SO_VER) libqubes-rpc-filecopy.so.$(SO_VER)
-libqrexec-utils.so.$(SO_VER): unix-server.o ioall.o buffer.o exec.o txrx-vchan.o
+libqrexec-utils.so.$(SO_VER): unix-server.o ioall.o buffer.o exec.o txrx-vchan.o write-stdin.o
-	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^ $(XENLIBS)
+	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^ $(VCHANLIBS)
 libqubes-rpc-filecopy.so.$(SO_VER): ioall.o copy-file.o crc32.o unpack.o
 	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^
 

qrexec-lib/libqrexec-utils.h

@@ -28,6 +28,11 @@ struct buffer {
 	int buflen;
 };
 
+/* return codes for buffered writes */
+#define WRITE_STDIN_OK        0 /* all written */
+#define WRITE_STDIN_BUFFERED  1 /* something still in the buffer */
+#define WRITE_STDIN_ERROR     2 /* write error, errno set */
+
 typedef void (do_exec_t)(const char *);
 void register_exec_func(do_exec_t *func);
 
@@ -38,6 +43,9 @@ void buffer_remove(struct buffer *b, int len);
 int buffer_len(struct buffer *b);
 void *buffer_data(struct buffer *b);
 
+int flush_client_data(int fd, struct buffer *buffer);
+int write_stdin(int fd, const char *data, int len, struct buffer *buffer);
+int fork_and_flush_stdin(int fd, struct buffer *buffer);
 
 void do_fork_exec(const char *cmdline, int *pid, int *stdin_fd, int *stdout_fd,
 		  int *stderr_fd);

qrexec-lib/qrexec.h

@@ -80,16 +80,16 @@ struct msg_header {
 struct exec_params {
     uint32_t connect_domain; /* target domain name */
     uint32_t connect_port;   /* target vchan port for i/o exchange */
-    char cmdline[0];         /* command line to execute, size = msg_header.len - sizeof(struct exec_params) */
+    char cmdline[0];         /* command line to execute, null terminated, size = msg_header.len - sizeof(struct exec_params) */
 };
 
 struct service_params {
-    char ident[32];
+    char ident[32];          /* null terminated ASCII string */
 };
 
 struct trigger_service_params {
-    char service_name[64];
+    char service_name[64];            /* null terminated ASCII string */
-    char target_domain[32];
+    char target_domain[32];           /* null terminated ASCII string */
     struct service_params request_id; /* service request id */
 };
 
@@ -105,7 +105,7 @@ enum {
     MSG_DATA_STDOUT,
     /* stderr VM->dom0 */
     MSG_DATA_STDERR,
-    /* VM process exit code VM->dom0 (int) */
+    /* VM process exit code VM->dom0 (uint32_t) */
     MSG_DATA_EXIT_CODE,
 };
 

qrexec-lib/unpack.c

@@ -33,6 +33,10 @@ void send_status_and_crc(int code, const char *last_filename);
 #define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT)
 #endif
 
+#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 14)
+#define HAVE_SYNCFS
+#endif
+
 void do_exit(int code, const char *last_filename)
 {
 	close(0);
@@ -112,11 +116,11 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 	if (use_tmpfile) {
 		fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
 		if (fdout < 0) {
-		   if (errno==ENOENT)
+			if (errno==ENOENT || /* most likely, kernel too old for O_TMPFILE */
-			   /* if it fails, do not attempt further use - most likely kernel too old */
+			    errno==EOPNOTSUPP) /* filesystem has no support for O_TMPFILE */
-			   use_tmpfile = 0;
+				use_tmpfile = 0;
-		   else
+			else
-			   do_exit(errno, untrusted_name);
+				do_exit(errno, untrusted_name);
 		}
 	}
 	if (fdout < 0)
@@ -137,7 +141,6 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 		else
 			do_exit(errno, untrusted_name);
 	}
-	fdatasync(fdout);
 	if (use_tmpfile) {
 		char fd_str[7];
 		snprintf(fd_str, sizeof(fd_str), "%d", fdout);
@@ -209,6 +212,11 @@ void process_one_file(struct file_header *untrusted_hdr)
 int do_unpack(void)
 {
 	struct file_header untrusted_hdr;
+#ifdef HAVE_SYNCFS
+	int cwd_fd;
+	int saved_errno;
+#endif
+
 	total_bytes = total_files = 0;
 	/* initialize checksum */
 	crc32_sum = 0;
@@ -223,6 +231,14 @@ int do_unpack(void)
 			do_exit(EDQUOT, untrusted_namebuf);
 		process_one_file(&untrusted_hdr);
 	}
+
+#ifdef HAVE_SYNCFS
+	saved_errno = errno;
+	cwd_fd = open(".", O_RDONLY);
+	if (cwd_fd >= 0 && syncfs(cwd_fd) == 0 && close(cwd_fd) == 0)
+		errno = saved_errno;
+#endif
+
 	send_status_and_crc(errno, untrusted_namebuf);
 	return errno;
 }

qrexec-lib/write-stdin.c

@@ -29,16 +29,18 @@
 #include "libqrexec-utils.h"
 
 /* 
-There is buffered data in "buffer" for client id "client_id", and select()
+There is buffered data in "buffer" for client and select()
-reports that "fd" is writable. Write as much as possible to fd, if all sent,
+reports that "fd" is writable. Write as much as possible to fd.
-notify the peer that this client's pipe is no longer full.
 */
-int flush_client_data(libvchan_t *vchan, int fd, int client_id, struct buffer *buffer)
+int flush_client_data(int fd, struct buffer *buffer)
 {
 	int ret;
 	int len;
 	for (;;) {
 		len = buffer_len(buffer);
+		if (!len) {
+			return WRITE_STDIN_OK;
+		}
 		if (len > MAX_DATA_CHUNK)
 			len = MAX_DATA_CHUNK;
 		ret = write(fd, buffer_data(buffer), len);
@@ -52,27 +54,15 @@ int flush_client_data(libvchan_t *vchan, int fd, int client_id, struct buffer *b
 		// it will be wrong if we change MAX_DATA_CHUNK to something large
 		// as pipes writes are atomic only to PIPE_MAX limit 
 		buffer_remove(buffer, ret);
-		len = buffer_len(buffer);
-		if (!len) {
-			struct server_header s_hdr;
-			s_hdr.type = MSG_XON;
-			s_hdr.client_id = client_id;
-			s_hdr.len = 0;
-			if (libvchan_send(vchan, (char*)&s_hdr, sizeof s_hdr) < 0)
-				return WRITE_STDIN_ERROR;
-			return WRITE_STDIN_OK;
-		}
 	}
 
 }
 
 /*
 Write "len" bytes from "data" to "fd". If not all written, buffer the rest
-to "buffer", and notify the peer that the client "client_id" pipe is full via 
+to "buffer".
-MSG_XOFF message.
 */
-int write_stdin(libvchan_t *vchan, int fd, int client_id, const char *data, int len,
+int write_stdin(int fd, const char *data, int len, struct buffer *buffer)
-		struct buffer *buffer)
 {
 	int ret;
 	int written = 0;
@@ -88,26 +78,17 @@ int write_stdin(libvchan_t *vchan, int fd, int client_id, const char *data, int
 			exit(1);
 		}
 		if (ret == -1) {
-			struct server_header s_hdr;
-
 			if (errno != EAGAIN)
 				return WRITE_STDIN_ERROR;
 
 			buffer_append(buffer, data + written,
 				      len - written);
 
-			s_hdr.type = MSG_XOFF;
-			s_hdr.client_id = client_id;
-			s_hdr.len = 0;
-			if (libvchan_send(vchan, (char*)&s_hdr, sizeof s_hdr) < 0)
-				return WRITE_STDIN_ERROR;
-
 			return WRITE_STDIN_BUFFERED;
 		}
 		written += ret;
 	}
 	return WRITE_STDIN_OK;
-
 }
 
 /* 

rpm_spec/qubes-kernel-vm-support.spec

@@ -22,6 +22,9 @@
 
 %{!?version: %define version %(cat version)}
 
+# Package contains /usr/lib, but not binary files, which confuses find-debuginfo.sh script.
+%global debug_package %{nil}
+
 Name:		qubes-kernel-vm-support
 Version:	%{version}
 Release:	1%{?dist}

rpm_spec/qubes-utils.spec

@@ -85,8 +85,8 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/qubes/imgconverter.pyo
 
 %files libs
-%{_libdir}/libqrexec-utils.so.1
+%{_libdir}/libqrexec-utils.so.2
-%{_libdir}/libqubes-rpc-filecopy.so.1
+%{_libdir}/libqubes-rpc-filecopy.so.2
 
 %files devel
 %defattr(-,root,root,-)

udev/udev-block-add-change

@@ -9,7 +9,7 @@ QDB_KEY="/qubes-block-devices/$NAME"
 
 xs_remove() {
     if [ "$QUBES_EXPOSED" == "1" ]; then
-        qubesdb-rm "$QDB_KEY"
+        qubesdb-rm "$QDB_KEY/"
         qubesdb-write /qubes-block-devices ''
     fi
     echo QUBES_EXPOSED=0

udev/udev-qubes-block.rules

@@ -11,9 +11,10 @@ KERNEL=="xvda|xvdb|xvdc*|xvdd", ENV{UDISKS_IGNORE}="1"
 ENV{MAJOR}=="202", GOTO="qubes_block_end"
 
 # Skip device-mapper devices
-ENV{MAJOR}=="253", ENV{DM_NAME}=="snapshot-*", GOTO="qubes_block_end"
+KERNEL=="dm-*", ENV{DM_NAME}=="snapshot-*", GOTO="qubes_block_end"
-ENV{MAJOR}=="253", ENV{DM_NAME}=="origin-*", GOTO="qubes_block_end"
+KERNEL=="dm-*", ENV{DM_NAME}=="origin-*", GOTO="qubes_block_end"
-ENV{MAJOR}=="253", ENV{DM_NAME}=="", GOTO="qubes_block_end"
+KERNEL=="dm-*", ENV{DM_NAME}=="", GOTO="qubes_block_end"
+ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}=="1", GOTO="qubes_block_end"
 
 IMPORT{db}="QUBES_EXPOSED"
 ACTION=="add", IMPORT{program}="/usr/libexec/qubes/udev-block-add-change"

version

@@ -1 +1 @@
-3.0.10
+3.0.17