Compare commits
12 Commits
master
...
release3.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
787f3f1502 | ||
|
|
a4f0ddecb7 | ||
|
|
addc1d9776 | ||
|
|
1777a1e589 | ||
|
|
580272ed41 | ||
|
|
c6eb739151 | ||
|
|
80a1c7d3d0 | ||
|
|
0ff9e5a785 | ||
|
|
774803003e | ||
|
|
a465359a5d | ||
|
|
95eeeef86c | ||
|
|
4fee631c94 |
25
debian/changelog
vendored
25
debian/changelog
vendored
@ -1,3 +1,28 @@
|
||||
qubes-utils (3.1.10) wheezy; urgency=medium
|
||||
|
||||
[ Marek Marczykowski-Górecki ]
|
||||
* debian: reformat Build-Depends
|
||||
* debian: add pkg-config to Build-Depends
|
||||
|
||||
[ Rusty Bird ]
|
||||
* udev-block-add-change: better mount status check
|
||||
* udev-block-add-change: don't exclude already attached devs
|
||||
* udev-block-add-change: simplify a check
|
||||
|
||||
[ Marek Marczykowski-Górecki ]
|
||||
* udev-block-add-change: fix checking if partition is mounted
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sun, 20 Nov 2016 17:05:41 +0100
|
||||
|
||||
qubes-utils (3.1.9) wheezy; urgency=medium
|
||||
|
||||
* udev/qvm-block: exclude devices used elsewhere
|
||||
* udev/qvm-block: exclude device if its partition is already attached
|
||||
* udev: fix deadlock on xenstore access during dom0 boot
|
||||
* qrexec-lib: convert tabs to spaces
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sat, 25 Jun 2016 15:35:35 +0200
|
||||
|
||||
qubes-utils (3.1.8) wheezy; urgency=medium
|
||||
|
||||
[ Marek Marczykowski-Górecki ]
|
||||
|
||||
8
debian/control
vendored
8
debian/control
vendored
@ -2,7 +2,13 @@ Source: qubes-utils
|
||||
Section: admin
|
||||
Priority: extra
|
||||
Maintainer: Davíð Steinn Geirsson <david@dsg.is>
|
||||
Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 9.0.0), dh-systemd, dkms
|
||||
Build-Depends:
|
||||
libvchan-xen-dev,
|
||||
libxen-dev,
|
||||
pkg-config,
|
||||
debhelper (>= 9.0.0),
|
||||
dh-systemd,
|
||||
dkms
|
||||
Standards-Version: 3.9.3
|
||||
Homepage: http://www.qubes-os.org
|
||||
Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git
|
||||
|
||||
@ -62,10 +62,10 @@ void buffer_free(struct buffer *b)
|
||||
}
|
||||
|
||||
/*
|
||||
The following two functions can be made much more efficient.
|
||||
Yet the profiling output show they are not significant CPU hogs, so
|
||||
we keep them so simple to make them obviously correct.
|
||||
*/
|
||||
The following two functions can be made much more efficient.
|
||||
Yet the profiling output show they are not significant CPU hogs, so
|
||||
we keep them so simple to make them obviously correct.
|
||||
*/
|
||||
|
||||
void buffer_append(struct buffer *b, const char *data, int len)
|
||||
{
|
||||
|
||||
@ -61,7 +61,7 @@ int write_all(int fd, const void *buf, int size)
|
||||
}
|
||||
written += ret;
|
||||
}
|
||||
// fprintf(stderr, "sent %d bytes\n", size);
|
||||
// fprintf(stderr, "sent %d bytes\n", size);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -89,7 +89,7 @@ int read_all(int fd, void *buf, int size)
|
||||
}
|
||||
got_read += ret;
|
||||
}
|
||||
// fprintf(stderr, "read %d bytes\n", size);
|
||||
// fprintf(stderr, "read %d bytes\n", size);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ int get_server_socket(const char *socket_address)
|
||||
close(s);
|
||||
exit(1);
|
||||
}
|
||||
// chmod(sockname.sun_path, 0666);
|
||||
// chmod(sockname.sun_path, 0666);
|
||||
if (listen(s, 5) == -1) {
|
||||
perror("listen() failed\n");
|
||||
close(s);
|
||||
|
||||
@ -94,9 +94,9 @@ void fix_times_and_perms(struct file_header *untrusted_hdr,
|
||||
const char *untrusted_name)
|
||||
{
|
||||
struct timeval times[2] =
|
||||
{ {untrusted_hdr->atime, untrusted_hdr->atime_nsec / 1000},
|
||||
{untrusted_hdr->mtime,
|
||||
untrusted_hdr->mtime_nsec / 1000}
|
||||
{
|
||||
{untrusted_hdr->atime, untrusted_hdr->atime_nsec / 1000},
|
||||
{untrusted_hdr->mtime, untrusted_hdr->mtime_nsec / 1000}
|
||||
};
|
||||
if (chmod(untrusted_name, untrusted_hdr->mode & 07777)) /* safe because of chroot */
|
||||
do_exit(errno, untrusted_name);
|
||||
@ -155,8 +155,8 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
|
||||
void process_one_file_dir(struct file_header *untrusted_hdr,
|
||||
const char *untrusted_name)
|
||||
{
|
||||
// fix perms only when the directory is sent for the second time
|
||||
// it allows to transfer r.x directory contents, as we create it rwx initially
|
||||
// fix perms only when the directory is sent for the second time
|
||||
// it allows to transfer r.x directory contents, as we create it rwx initially
|
||||
struct stat buf;
|
||||
if (!mkdir(untrusted_name, 0700)) /* safe because of chroot */
|
||||
return;
|
||||
|
||||
@ -59,9 +59,9 @@ int flush_client_data(int fd, struct buffer *buffer)
|
||||
}
|
||||
|
||||
/*
|
||||
Write "len" bytes from "data" to "fd". If not all written, buffer the rest
|
||||
to "buffer".
|
||||
*/
|
||||
* Write "len" bytes from "data" to "fd". If not all written, buffer the rest
|
||||
* to "buffer".
|
||||
*/
|
||||
int write_stdin(int fd, const char *data, int len, struct buffer *buffer)
|
||||
{
|
||||
int ret;
|
||||
@ -92,10 +92,10 @@ int write_stdin(int fd, const char *data, int len, struct buffer *buffer)
|
||||
}
|
||||
|
||||
/*
|
||||
Data feed process has exited, so we need to clear all control structures for
|
||||
the client. However, if we have buffered data for the client (which is rare btw),
|
||||
fire&forget a separate process to flush them.
|
||||
*/
|
||||
* Data feed process has exited, so we need to clear all control structures for
|
||||
* the client. However, if we have buffered data for the client (which is rare btw),
|
||||
* fire&forget a separate process to flush them.
|
||||
*/
|
||||
int fork_and_flush_stdin(int fd, struct buffer *buffer)
|
||||
{
|
||||
int i;
|
||||
|
||||
@ -1,5 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
shopt -s nullglob
|
||||
|
||||
|
||||
export LC_CTYPE=en_US.UTF-8
|
||||
NAME=${DEVNAME#/dev/}
|
||||
DESC="`echo "${ID_MODEL} (${ID_FS_LABEL})" | iconv -f utf8 -t ascii//TRANSLIT`"
|
||||
@ -8,6 +11,10 @@ MODE=w
|
||||
QDB_KEY="/qubes-block-devices/$NAME"
|
||||
|
||||
xs_remove() {
|
||||
if is_attached /sys$DEVPATH; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [ "$QUBES_EXPOSED" == "1" ]; then
|
||||
qubesdb-rm "$QDB_KEY/"
|
||||
qubesdb-write /qubes-block-devices ''
|
||||
@ -15,26 +22,84 @@ xs_remove() {
|
||||
echo QUBES_EXPOSED=0
|
||||
}
|
||||
|
||||
# Ignore mounted...
|
||||
if fgrep -q $DEVNAME /proc/mounts; then
|
||||
is_used() {
|
||||
local sys_devpath=$1
|
||||
local devname=$(grep ^DEVNAME= $sys_devpath/uevent | cut -f 2 -d =)
|
||||
# mounted; or enabled swap
|
||||
if lsblk -dnr -o MOUNTPOINT "/dev/$devname" | grep -q .; then
|
||||
return 0
|
||||
fi
|
||||
# part of other device-mapper
|
||||
if [ -n "`ls -A $sys_devpath/holders 2> /dev/null`" ]; then
|
||||
return 0
|
||||
fi
|
||||
# open device-mapper device
|
||||
if [ -f "$sys_devpath/dm/name" ] && \
|
||||
/sbin/dmsetup info "$(cat $sys_devpath/dm/name)" |\
|
||||
grep -q "^Open count:.*[1-9]"; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
# communicate with xenstored through socket in dom0
|
||||
# trying to access xenstore before xenstored is started, hang forever (in
|
||||
# non-killable state), so better fail ('-s' in VM if /proc/xen isn't mounted
|
||||
# yet) than hang dom0 boot
|
||||
if [ ! -r /proc/xen/capabilities ] || grep -q control_d /proc/xen/capabilities; then
|
||||
XENSTORE_LS="xenstore-ls -s"
|
||||
else
|
||||
XENSTORE_LS="xenstore-ls"
|
||||
fi
|
||||
is_attached() {
|
||||
dev_hex=$(stat -c %t:%T /dev/$(basename $1))
|
||||
$XENSTORE_LS backend/vbd | grep -q "physical-device = \"$dev_hex\""
|
||||
}
|
||||
|
||||
# update info about parent devices, if any:
|
||||
if [ -f /sys$DEVPATH/partition ]; then
|
||||
parent=$(dirname $(readlink -f /sys$DEVPATH))
|
||||
udevadm trigger \
|
||||
--property-match=DEVPATH=/$(realpath --relative-to=/sys $parent)
|
||||
# if parent device is already attached, skip its partitions
|
||||
if is_attached $parent; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
# and underlying devices of device-mapper (if any)
|
||||
for dev in /sys$DEVPATH/slaves/*; do
|
||||
udevadm trigger \
|
||||
--property-match=DEVPATH=/$(realpath --relative-to=/sys $dev)
|
||||
done
|
||||
|
||||
# then take care of this device:
|
||||
|
||||
# device itself is already used
|
||||
if is_used /sys$DEVPATH; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
# ... and used by device-mapper
|
||||
if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then
|
||||
|
||||
# or one of its partitions is used
|
||||
# or already attached (prevent attaching both device and its partition(s) at
|
||||
# the same time)
|
||||
for part in /sys$DEVPATH/$NAME*; do
|
||||
if [ -d $part ]; then
|
||||
if is_used $part || is_attached $part; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
# ... and used device-mapper devices
|
||||
if [ -n "$DM_NAME" ] && /sbin/dmsetup info "$DM_NAME" | grep -q "^Open count:.*[1-9]"; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
# ... and "empty" loop devices
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# or "empty" loop device
|
||||
if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# ... and temporary devices used during VM startup
|
||||
if [[ "$NAME" = 'loop'* ]] && \
|
||||
[[ "`cat /sys/block/${NAME%p*}/loop/backing_file`" = \
|
||||
|
||||
@ -26,6 +26,11 @@ device_detach() {
|
||||
xenstore-rm $xs_path
|
||||
}
|
||||
|
||||
# update info about underlying devices of device-mapper (if any)
|
||||
# at this stage device-mapper is already removed, so can't check what devices
|
||||
# were used there
|
||||
udevadm trigger --subsystem-match=block
|
||||
|
||||
for XS_DEV_PATH in `xenstore-ls -f backend/vbd | grep 'backend/vbd/[0-9]*/[0-9]* ' | cut -f 1 -d ' '`; do
|
||||
CUR_DEVICE=`xenstore-read "$XS_DEV_PATH/params"`
|
||||
if [ "$CUR_DEVICE" == "$DEVNAME" ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user