Remove syncfs fallback for ancient glibc (Debian 7)

QubesOS/qubes-issues#5529

.travis.yml

@@ -1,5 +1,5 @@
 sudo: required
-dist: trusty
+dist: bionic
 language: python
 python:
   - '2.7'
@@ -10,26 +10,26 @@ script:
  - test -z "$TESTS_ONLY" || python -m unittest discover -v imgconverter -p test.py
  - test -n "$TESTS_ONLY" || ~/qubes-builder/scripts/travis-build
 env:
- - DIST_DOM0=fc25 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=fc27 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=fc28 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=fc29 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=jessie USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=stretch USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=buster USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=centos7 USE_QUBES_REPO_VERSION=4.0 USE_QUBES_REPO_TESTING=1
+ - DIST_DOM0=fc31 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
+ - DISTS_VM=fc29 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
+ - DISTS_VM=fc30 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
+ - DISTS_VM=stretch USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
+ - DISTS_VM=buster USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
+ - DISTS_VM=centos7 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
 
 jobs:
   include:
    - env: TESTS_ONLY=1
      python: 2.7
    - env: TESTS_ONLY=1
-     python: 3.4
+     python: 3.5
    - env: TESTS_ONLY=1
-     python: 3.5
+     python: 3.6
+   - env: TESTS_ONLY=1
+     python: 3.7
    - stage: deploy
-     python: 3.5
-     env: DIST_DOM0=fc25 TESTS_ONLY=
+     python: 3.6
+     env: DIST_DOM0=fc31 TESTS_ONLY=
      script: ~/qubes-builder/scripts/travis-deploy
 
 # don't build tags which are meant for code signing only

Makefile

@@ -37,9 +37,6 @@ install-debian-kernel-support:
 	$(MAKE) -C dracut install
 	$(MAKE) -C kernel-modules install
 	$(MAKE) -C grub install-debian
-	# expand module version
-	rm -f debian/qubes-kernel-vm-support.dkms
-	echo debian/tmp/usr/src/u2mfn-*/dkms.conf > debian/qubes-kernel-vm-support.dkms
 
 clean:
 	$(MAKE) -C qrexec-lib clean

archlinux/PKGBUILD

@@ -13,7 +13,7 @@ arch=("x86_64")
 url="http://qubes-os.org/"
 license=('GPL')
 groups=()
-makedepends=(gcc make pkgconfig 'qubes-libvchan' 'python-setuptools' 'python2-setuptools')
+makedepends=(gcc make pkgconfig 'python-setuptools' 'python2-setuptools')
 checkdepends=()
 optdepends=()
 provides=()
@@ -45,7 +45,7 @@ make -C imgconverter all
 }
 
 package_qubes-vm-utils() {
-depends=(qubes-libvchan imagemagick python2-cairo python2-pillow python2-numpy python-pillow python-numpy)
+depends=(imagemagick python2-cairo python2-pillow python2-numpy python-pillow python-numpy)
 install=PKGBUILD-qubes-vm-utils.install
 
 # Install all for python2
@@ -57,7 +57,7 @@ make -C imgconverter install DESTDIR=$pkgdir LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 }
 
 package_qubes-vm-kernel-support() {
-depends=(qubes-libvchan mkinitcpio dkms grub)
+depends=(mkinitcpio grub)
 install=PKGBUILD-qubes-vm-kernel-support.install
 
 mkdir -p ${pkgdir}/usr/lib/initcpio/install/
@@ -68,8 +68,6 @@ mkdir -p ${pkgdir}/usr/bin/
 install -m 611 ${srcdir}/PKGBUILD-initcpio-install.sh ${pkgdir}/usr/lib/initcpio/install/qubes
 install -m 611 ${srcdir}/PKGBUILD-initcpio-hook.sh ${pkgdir}/usr/lib/initcpio/hooks/qubes
 install -m 755 ${srcdir}/dracut/full-dmroot/qubes_cow_setup.sh ${pkgdir}/usr/lib/qubes/qubes_cow_setup.sh
-make install-u2mfn DESTDIR=$pkgdir -C kernel-modules
-
 }
 
 

archlinux/PKGBUILD-initcpio-install.sh

@@ -3,7 +3,6 @@
 build() {
 
   add_module "xen-blkfront"
-  add_module "u2mfn"
   add_binary "/usr/bin/sfdisk"
   add_binary "/usr/bin/mkswap"
   add_binary "/usr/bin/dmsetup"

debian/changelog

@@ -1,3 +1,75 @@
+qubes-utils (4.1.3) unstable; urgency=medium
+
+  [ xaki23 ]
+  * partition full volatile for non-COW setups too
+
+  [ Frédéric Pierret (fepitre) ]
+  * travis: switch to bionic
+
+  [ Marek Marczykowski-Górecki ]
+  * travis: update python versions
+
+  [ Patrick Schleizer ]
+  * qubes-kernel-vm-support.preinst create folder /boot/grub
+  * qubes-kernel-vm-support.postinst run update-grub
+
+  [ Marek Marczykowski-Górecki ]
+  * debian: fix dependencies of qubes-kernel-vm-support pkg
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 07 Dec 2019 05:50:26 +0100
+
+qubes-utils (4.1.2) unstable; urgency=medium
+
+  [ xaki23 ]
+  * align volatile swap partition to 1Mb instead of 512b
+
+  [ Marek Marczykowski-Górecki ]
+  * rpm: update python2 deps
+  * Disable BLS config style in grub
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 22 Sep 2019 05:10:19 +0200
+
+qubes-utils (4.1.1) unstable; urgency=medium
+
+  * initrd: mount / rw for the overlayfs setup time
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 10 Jun 2019 00:48:40 +0200
+
+qubes-utils (4.1.0) unstable; urgency=medium
+
+  * Remove qrexec related files
+  * Remove u2mfn module
+  * travis: update to R4.1
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 08 Jun 2019 03:20:55 +0200
+
+qubes-utils (4.0.24) unstable; urgency=medium
+
+  [ Marek Marczykowski-Górecki ]
+  * Declare u2mfn module version, skip build for qubes kernels
+
+  [ Frédéric Pierret (fepitre) ]
+  * python3: use macro pkgversion
+  * travis: switch to xenial
+  * travis: remove older Fedora releases and add Fedora 30
+
+  [ Marek Marczykowski-Górecki ]
+  * initramfs: use overlayfs for /lib/modules, if available
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 06 Jun 2019 21:30:30 +0200
+
+qubes-utils (4.0.23) unstable; urgency=medium
+
+  * Disable scrubbing memory pages during initial balloon down
+  * dracut: fix checking for "Root filesystem" label, improve udev sync
+  * dracut: add a flag file indicating scrub-pages option support
+  * Adjust permissions of /dev/xen/hypercall
+  * Do not use /proc/xen for detecting dom0 anymore
+  * Really install xen-scrub-pages dracut module
+  * Add xen_scrub_pages=0 kernel option only if initramfs was rebuilt
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 25 Feb 2019 21:46:52 +0100
+
 qubes-utils (4.0.22) unstable; urgency=medium
 
   * tests: skip img converter test if qubes-img-converter is not

debian/control

@@ -3,12 +3,10 @@ Section: admin
 Priority: extra
 Maintainer: Davíð Steinn Geirsson <david@dsg.is>
 Build-Depends:
- libvchan-xen-dev,
  libxen-dev,
  pkg-config,
  debhelper (>= 9.0.0),
  dh-systemd,
- dkms,
  python-setuptools,
 Standards-Version: 3.9.3
 Homepage: http://www.qubes-os.org
@@ -17,7 +15,7 @@ Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git
 
 Package: qubes-utils
 Architecture: any
-Depends: libvchan-xen, lsb-base, python-pil, python-numpy, python3-pil, python3-numpy, ${shlibs:Depends}, ${misc:Depends}
+Depends: lsb-base, python-pil, python-numpy, python3-pil, python3-numpy, ${shlibs:Depends}, ${misc:Depends}
 Conflicts: qubes-linux-utils
 Breaks: qubes-core-agent (<< 3.1.4)
 Recommends: python2.7
@@ -26,24 +24,16 @@ Description: Qubes Linux utilities
 
 Package: qubes-kernel-vm-support
 Architecture: any
-Recommends: initramfs-tools
-Depends: dkms, ${misc:Depends}
+Depends:
+ busybox,
+ initramfs-tools | dracut,
+ grub2-common,
+ ${misc:Depends}
 Description: Qubes VM kernel and initramfs modules
  This package contains:
  1. mkinitramfs module required to setup Qubes VM root filesystem. This package
  is needed in VM only when the VM uses its own kernel (via pvgrub or so).
  Otherwise initrd is provided by dom0.
- .
- 2. u2mfn kernel module sources (dkms) required by GUI agent and R2 version of
- libvchan library.
-
-Package: libqrexec-utils2
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Breaks: qubes-utils (<< 3.1.4)
-Replaces: qubes-utils (<< 3.1.4)
-Description: Library of common functions of qrexec agent and daemon
- This library contains common helper functions for qrexec agent and daemon.
 
 Package: libqubes-rpc-filecopy2
 Architecture: any
@@ -54,15 +44,6 @@ Description: Qubes file copy protocol library
  This library can be used for both sending files using qfile protocol and for
  receiving them.
 
-Package: libqrexec-utils-dev
-Architecture: any
-Section: libdevel
-Depends: libqrexec-utils2 (= ${binary:Version}), ${misc:Depends}
-Breaks: qubes-utils (<< 3.1.4)
-Replaces: qubes-utils (<< 3.1.4)
-Description: Development headers for libqrexec-utils
- This package contains files required to compile qrexec-agent and qrexec-daemon.
-
 Package: libqubes-rpc-filecopy-dev
 Architecture: any
 Section: libdevel

debian/libqrexec-utils-dev.install

@@ -1,3 +0,0 @@
-usr/include/libqrexec-utils.h
-usr/include/qrexec.h
-usr/lib/libqrexec-utils.so

debian/libqrexec-utils2.install

@@ -1 +0,0 @@
-usr/lib/libqrexec-utils.so.2*

debian/libqrexec-utils2.shlibs

@@ -1 +0,0 @@
-libqrexec-utils 2 libqrexec-utils2 (>= 4.0.16)

debian/qubes-kernel-vm-support.dkms

@@ -1 +0,0 @@
-debian/tmp/usr/src/u2mfn-3.1.2/dkms.conf

debian/qubes-kernel-vm-support.install

@@ -4,5 +4,5 @@ usr/share/initramfs-tools/hooks/qubes_vm
 usr/lib/dracut/modules.d/90qubes-vm/*
 usr/lib/dracut/modules.d/90qubes-vm-modules/*
 usr/lib/dracut/modules.d/90qubes-vm-simple/*
-usr/src/u2mfn-*/*
+usr/lib/dracut/modules.d/80xen-scrub-pages/*
 etc/default/grub.d/30-qubes-kernel-vm-support.cfg

debian/qubes-kernel-vm-support.postinst

@@ -23,7 +23,11 @@ set -e
 case "${1}" in
     configure)
         if [ -x /usr/sbin/update-initramfs ]; then
-            update-initramfs -u
+            if update-initramfs -u; then
+                # "milestone" initramfs update version:
+                # 1 - addition of xen scrub_pages enabling code
+                echo 1 > /var/lib/qubes/initramfs-updated
+            fi
         fi
         ;;
 
@@ -42,6 +46,19 @@ esac
 
 #DEBHELPER#
 
+## https://phabricator.whonix.org/T377
+## Debian has no update-grub trigger yet:
+## https://bugs.debian.org/481542
+
+if command -v update-grub >/dev/null 2>&1; then
+   update-grub || \
+      echo "$DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ERROR: Running \
+'update-grub' failed with exit code $?. $DPKG_MAINTSCRIPT_PACKAGE is most \
+likely only the trigger, not the cause. Unless you know this is not an issue, \
+you should fix running 'update-grub', otherwise your system might no longer \
+boot." >&2
+fi
+
 exit 0
 
 # vim: set ts=4 sw=4 sts=4 et :

debian/qubes-kernel-vm-support.preinst

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+mkdir --parents /boot/grub || true
+
+#DEBHELPER#
+
+exit 0

debian/rules

@@ -7,7 +7,7 @@ export DESTDIR=$(shell pwd)/debian/tmp
 #export DH_VERBOSE=1
 
 %:
-	dh $@ --with=systemd,dkms
+	dh $@ --with=systemd
 
 override_dh_auto_build:
 	make all LIBDIR=/usr/lib DEBIANBUILD=1

dracut/Makefile

@@ -2,3 +2,4 @@ install:
 	$(MAKE) -C simple
 	$(MAKE) -C full-dmroot
 	$(MAKE) -C full-modules
+	$(MAKE) -C xen-balloon-scrub-pages

dracut/full-dmroot/qubes_cow_setup.sh

@@ -79,8 +79,8 @@ if [ `cat /sys/class/block/$ROOT_DEV/ro` = 1 ] ; then
         die "volatile.img smaller than 1GB, cannot continue"
     fi
     sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
-1,$SWAP_SIZE,S
-,,L
+xvdc1: type=82,start=2048,size=$SWAP_SIZE
+xvdc2: type=83
 EOF
     if [ $? -ne 0 ]; then
         die "Qubes: failed to setup partitions on volatile device"
@@ -97,7 +97,8 @@ else
     log_begin "Qubes: Doing R/W setup for TemplateVM..."
     while ! [ -e /dev/xvdc ]; do sleep 0.1; done
     sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
-1,$SWAP_SIZE,S
+xvdc1: type=82,start=2048,size=$SWAP_SIZE
+xvdc3: type=83
 EOF
     if [ $? -ne 0 ]; then
         die "Qubes: failed to setup partitions on volatile device"

dracut/simple/init.sh

@@ -53,8 +53,8 @@ if [ `cat /sys/class/block/$ROOT_DEV/ro` = 1 ] ; then
         die "volatile.img smaller than 1GB, cannot continue"
     fi
     /sbin/sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
-1,$SWAP_SIZE,S
-,,L
+xvdc1: type=82,start=2048,size=$SWAP_SIZE
+xvdc2: type=83
 EOF
     if [ $? -ne 0 ]; then
         echo "Qubes: failed to setup partitions on volatile device"
@@ -72,7 +72,8 @@ else
     echo "Qubes: Doing R/W setup for TemplateVM..."
     while ! [ -e /dev/xvdc ]; do sleep 0.1; done
     /sbin/sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
-1,$SWAP_SIZE,S
+xvdc1: type=82,start=2048,size=$SWAP_SIZE
+xvdc3: type=83
 EOF
     if [ $? -ne 0 ]; then
         die "Qubes: failed to setup partitions on volatile device"
@@ -86,7 +87,7 @@ fi
 /sbin/modprobe ext4
 
 mkdir -p /sysroot
-mount /dev/mapper/dmroot /sysroot -o ro
+mount /dev/mapper/dmroot /sysroot -o rw
 NEWROOT=/sysroot
 
 kver="`uname -r`"
@@ -94,19 +95,27 @@ if ! [ -d "$NEWROOT/lib/modules/$kver/kernel" ]; then
     echo "Waiting for /dev/xvdd device..."
     while ! [ -e /dev/xvdd ]; do sleep 0.1; done
 
-    # Mount only `uname -r` subdirectory, to leave the rest of /lib/modules writable
     mkdir -p /tmp/modules
     mount -n -t ext3 /dev/xvdd /tmp/modules
-    if ! [ -d "$NEWROOT/lib/modules/$kver" ]; then
-        mount "$NEWROOT" -o remount,rw
-        mkdir -p "$NEWROOT/lib/modules/$kver"
-        mount "$NEWROOT" -o remount,ro
+    if /sbin/modprobe overlay; then
+        # if overlayfs is supported, use that to provide fully writable /lib/modules
+        if ! [ -d "$NEWROOT/lib/.modules_work" ]; then
+            mkdir -p "$NEWROOT/lib/.modules_work"
+        fi
+        mount -t overlay none $NEWROOT/lib/modules -o lowerdir=/tmp/modules,upperdir=$NEWROOT/lib/modules,workdir=$NEWROOT/lib/.modules_work
+    else
+        # otherwise mount only `uname -r` subdirectory, to leave the rest of
+        # /lib/modules writable
+        if ! [ -d "$NEWROOT/lib/modules/$kver" ]; then
+            mkdir -p "$NEWROOT/lib/modules/$kver"
+        fi
+        mount --bind "/tmp/modules/$kver" "$NEWROOT/lib/modules/$kver"
     fi
-    mount --bind "/tmp/modules/$kver" "$NEWROOT/lib/modules/$kver"
     umount /tmp/modules
     rmdir /tmp/modules
 fi
 
 umount /dev /sys /proc
+mount "$NEWROOT" -o remount,ro
 
 exec /sbin/switch_root $NEWROOT /sbin/init

dracut/simple/module-setup.sh

@@ -9,6 +9,10 @@ depends() {
     return 0
 }
 
+installkernel() {
+    hostonly='' instmods overlay
+}
+
 install() {
     inst $moddir/init.sh /init
     inst_multiple \

grub/grub.qubes-kernel-vm-support

@@ -1,5 +1,8 @@
-# add kernel options only in VM
-if [ -r /usr/share/qubes/marker-vm ]; then
+# add kernel options only in VM, and only if initramfs is updated already
+# /var/lib/qubes/initramfs-updated contains "milestone" initramfs update version:
+# 1 - addition of xen scrub_pages enabling code
+if [ -r /usr/share/qubes/marker-vm ] &&
+        [ "$(cat /var/lib/qubes/initramfs-updated 2>/dev/null || echo 0)" -ge 1 ]; then
     GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX xen_scrub_pages=0"
 fi
-
+GRUB_ENABLE_BLSCFG=false

initramfs-tools/qubes_vm

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-if grep -q control_d /proc/xen/capabilities; then
+if grep -q '^[0-]*$' /sys/hypervisor/uuid; then
     echo "Not intended for dom0"
     exit 0
 fi

kernel-modules/Makefile

@@ -1,13 +1,5 @@
-ver		:= $(shell cat ../version)
-srcdir	:= /usr/src/u2mfn-$(ver)
-
-install:	install-u2mfn install-scripts
+install:	install-scripts
 
 install-scripts:
 	install -d $(DESTDIR)/usr/sbin
 	install qubes-prepare-vm-kernel $(DESTDIR)/usr/sbin
-
-install-u2mfn:
-	install -d $(DESTDIR)$(srcdir)
-	install -m 644 u2mfn/u2mfn.c u2mfn/Makefile $(DESTDIR)$(srcdir)
-	sed -e 's#@@VERSION@@#$(ver)#' u2mfn/dkms.conf.in > $(DESTDIR)$(srcdir)/dkms.conf

kernel-modules/qubes-prepare-vm-kernel

@@ -25,14 +25,6 @@ set -e
 
 basedir=/var/lib/qubes/vm-kernels
 
-function recompile_u2mfn() {
-    kver=$1
-    u2mfn_ver=`dkms status u2mfn|tail -n 1|cut -f 2 -d ' '|tr -d ':,'`
-    if ! modinfo -k "$kver" -n u2mfn >/dev/null; then
-        dkms install u2mfn/$u2mfn_ver -k $kver --no-initrd
-    fi
-}
-
 function build_modules_img() {
     kver=$1
     initramfs=$2
@@ -81,8 +73,6 @@ fi
 
 echo "--> Building files for $kernel_version in $output_dir"
 
-echo "---> Recompiling kernel module (u2mfn)"
-recompile_u2mfn "$kernel_version"
 mkdir -p "$output_dir"
 cp "/boot/vmlinuz-$kernel_version" "$output_dir/vmlinuz"
 echo "---> Generating initramfs"

kernel-modules/u2mfn/Makefile

@@ -1,28 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-obj-m                       += u2mfn.o
-
-clean:
-	rm -f *.o *.ko *~
-	rm -f .u2mfn.* *.mod.c Module.symvers modules.order
-	rm -fr .tmp_versions
-	rm -f Makefile.xen

kernel-modules/u2mfn/dkms.conf.in

@@ -1,8 +0,0 @@
-PACKAGE_VERSION="@@VERSION@@"
-
-# Items below here should not have to change with each driver version
-PACKAGE_NAME="u2mfn"
-
-BUILT_MODULE_NAME[0]="u2mfn"
-DEST_MODULE_LOCATION[0]="/extra/"
-AUTOINSTALL=yes

kernel-modules/u2mfn/u2mfn.c

@@ -1,172 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <linux/module.h>
-#include <linux/version.h>
-#include <linux/proc_fs.h>
-#include <linux/fs.h>
-#include <linux/mm.h>
-#include <linux/sched.h>
-#ifndef FOREIGN_FRAME_BIT
-#include <xen/page.h>
-#endif
-#include <linux/highmem.h>
-
-/* copy of /usr/include/u2mfn-kernel.h, to reduce requirements */
-#include <linux/ioctl.h>
-#define U2MFN_MAGIC 0xf5
-#define U2MFN_GET_MFN_FOR_PAGE _IOW(U2MFN_MAGIC, 1, int)
-#define U2MFN_GET_LAST_MFN _IO(U2MFN_MAGIC, 2)
-
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0)
-static inline unsigned long virt_to_phys(volatile void *address)
-{
-	return __pa((unsigned long) address);
-}
-#endif
-
-#ifdef virt_to_mfn
-#define VIRT_TO_MFN virt_to_mfn
-#else
-extern unsigned long *phys_to_machine_mapping;
-static inline unsigned long VIRT_TO_MFN(void *addr)
-{
-	return phys_to_machine_mapping[virt_to_phys(addr) >> PAGE_SHIFT] & ~FOREIGN_FRAME_BIT;
-}
-#endif
-
-static int u2mfn_get_mfn(pte_t *pte, pgtable_t token, unsigned long addr, void *data) {
-    *((unsigned long *) data) = pfn_to_mfn(pte_pfn(*pte));
-    return 0;
-}
-
-/// User virtual address to mfn translator
-/**
-    \param cmd ignored
-    \param data the user-specified address
-    \return mfn corresponding to "data" argument, or -1 on error
-*/
-static long u2mfn_ioctl(struct file *f, unsigned int cmd,
-		       unsigned long data)
-{
-	long ret;
-	unsigned long mfn;
-
-	if (_IOC_TYPE(cmd) != U2MFN_MAGIC) {
-		printk("Qubes u2mfn: wrong IOCTL magic");
-		return -ENOTTY;
-	}
-
-	switch (cmd) {
-	case U2MFN_GET_MFN_FOR_PAGE:
-		ret = apply_to_page_range(current->mm, data, PAGE_SIZE, u2mfn_get_mfn, &mfn);
-
-		if (ret < 0 || mfn == INVALID_P2M_ENTRY) {
-			printk("U2MFN_GET_MFN_FOR_PAGE: failed to get mfn, "
-			       "addr=0x%lx ret=0x%lx\n", data, ret);
-			return -1;
-		}
-
-		ret = mfn;
-		break;
-
-	case U2MFN_GET_LAST_MFN:
-		if (f->private_data)
-			ret = VIRT_TO_MFN(f->private_data);
-		else
-			ret = 0;
-		break;
-
-	default:
-		printk("Qubes u2mfn: wrong ioctl passed!\n");
-		return -ENOTTY;
-	}
-
-
-	return ret;
-}
-
-static int u2mfn_mmap(struct file *f, struct vm_area_struct *vma)
-{
-	int ret;
-	char *kbuf;
-	long length = vma->vm_end - vma->vm_start;
-	printk("u2mfn_mmap: entering, private=%p\n", f->private_data);
-	if (f->private_data)
-		return -EBUSY;
-	if (length != PAGE_SIZE)
-		return -EINVAL;
-	kbuf = (char *) __get_free_page(GFP_KERNEL);
-	if (!kbuf)
-		return -ENOMEM;
-
-	f->private_data = kbuf;
-
-	ret = remap_pfn_range(vma, vma->vm_start,
-			      virt_to_phys(kbuf) >> PAGE_SHIFT,
-			      length, vma->vm_page_prot);
-
-	printk("u2mfn_mmap: calling remap return %d\n", ret);
-	if (ret)
-		return ret;
-
-
-	return 0;
-}
-
-static int u2mfn_release(struct inode *i, struct file *f)
-{
-	printk("u2mfn_release, priv=%p\n", f->private_data);
-	if (f->private_data)
-		__free_page(f->private_data);
-	f->private_data = NULL;
-	return 0;
-}
-
-static struct file_operations u2mfn_fops = {
-	.unlocked_ioctl = u2mfn_ioctl,
-	.mmap = u2mfn_mmap,
-	.release = u2mfn_release
-};
-
-/// u2mfn module registration
-/**
-    tries to register "/proc/u2mfn" pseudofile
-*/
-static int u2mfn_init(void)
-{
-	struct proc_dir_entry *u2mfn_node =
-	    proc_create_data("u2mfn", 0666, NULL,
-			     &u2mfn_fops, 0);
-	if (!u2mfn_node)
-		return -1;
-	return 0;
-}
-
-static void u2mfn_exit(void)
-{
-	remove_proc_entry("u2mfn", 0);
-}
-
-module_init(u2mfn_init);
-module_exit(u2mfn_exit);
-MODULE_LICENSE("GPL");

qrexec-lib/Makefile

@@ -1,19 +1,9 @@
 CC=gcc
-CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
-COMMONIOALL=ioall.o
+CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC
 SO_VER=2
 LDFLAGS+=-shared
-VCHANLIBS = `pkg-config --libs vchan-$(BACKEND_VMM)`
 
-_XENSTORE_H=$(shell ls /usr/include/xenstore.h)
-ifneq "$(_XENSTORE_H)" ""
-	CFLAGS+= -DUSE_XENSTORE_H
-endif
-
-
-all: libqrexec-utils.so.$(SO_VER) libqubes-rpc-filecopy.so.$(SO_VER)
-libqrexec-utils.so.$(SO_VER): unix-server.o ioall.o buffer.o exec.o txrx-vchan.o write-stdin.o
-	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^ $(VCHANLIBS)
+all: libqubes-rpc-filecopy.so.$(SO_VER)
 libqubes-rpc-filecopy.so.$(SO_VER): ioall.o copy-file.o crc32.o unpack.o pack.o
 	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^
 
@@ -24,12 +14,7 @@ clean:
 
 install:
 	mkdir -p $(DESTDIR)$(LIBDIR)
-	cp libqrexec-utils.so.$(SO_VER) $(DESTDIR)$(LIBDIR)
-	ln -s libqrexec-utils.so.$(SO_VER) $(DESTDIR)$(LIBDIR)/libqrexec-utils.so
 	cp libqubes-rpc-filecopy.so.$(SO_VER) $(DESTDIR)$(LIBDIR)
 	ln -s libqubes-rpc-filecopy.so.$(SO_VER) $(DESTDIR)$(LIBDIR)/libqubes-rpc-filecopy.so
 	mkdir -p $(DESTDIR)$(INCLUDEDIR)
-	cp libqrexec-utils.h $(DESTDIR)$(INCLUDEDIR)
 	cp libqubes-rpc-filecopy.h $(DESTDIR)$(INCLUDEDIR)
-	cp qrexec.h $(DESTDIR)$(INCLUDEDIR)
-

qrexec-lib/buffer.c

@@ -1,115 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "libqrexec-utils.h"
-
-#define BUFFER_LIMIT 50000000
-static int total_mem;
-static char *limited_malloc(int len)
-{
-    char *ret;
-    total_mem += len;
-    if (total_mem > BUFFER_LIMIT) {
-        fprintf(stderr, "attempt to allocate >BUFFER_LIMIT\n");
-        exit(1);
-    }
-    ret = malloc(len);
-    if (!ret) {
-        perror("malloc");
-        exit(1);
-    }
-    return ret;
-}
-
-static void limited_free(char *ptr, int len)
-{
-    free(ptr);
-    total_mem -= len;
-}
-
-void buffer_init(struct buffer *b)
-{
-    b->buflen = 0;
-    b->data = NULL;
-}
-
-void buffer_free(struct buffer *b)
-{
-    if (b->buflen)
-        limited_free(b->data, b->buflen);
-    buffer_init(b);
-}
-
-/*
-   The following two functions can be made much more efficient.
-   Yet the profiling output show they are not significant CPU hogs, so
-   we keep them so simple to make them obviously correct.
-   */
-
-void buffer_append(struct buffer *b, const char *data, int len)
-{
-    int newsize;
-    char *qdata;
-    if (len < 0 || len > BUFFER_LIMIT) {
-        fprintf(stderr, "buffer_append %d\n", len);
-        exit(1);
-    }
-    if (len == 0)
-        return;
-    newsize = len + b->buflen;
-    qdata = limited_malloc(len + b->buflen);
-    memcpy(qdata, b->data, b->buflen);
-    memcpy(qdata + b->buflen, data, len);
-    buffer_free(b);
-    b->buflen = newsize;
-    b->data = qdata;
-}
-
-void buffer_remove(struct buffer *b, int len)
-{
-    int newsize;
-    char *qdata = NULL;
-    if (len < 0 || len > b->buflen) {
-        fprintf(stderr, "buffer_remove %d/%d\n", len, b->buflen);
-        exit(1);
-    }
-    newsize = b->buflen - len;
-    if (newsize > 0) {
-        qdata = limited_malloc(newsize);
-        memcpy(qdata, b->data + len, newsize);
-    }
-    buffer_free(b);
-    b->buflen = newsize;
-    b->data = qdata;
-}
-
-int buffer_len(struct buffer *b)
-{
-    return b->buflen;
-}
-
-void *buffer_data(struct buffer *b)
-{
-    return b->data;
-}

qrexec-lib/exec.c

@@ -1,108 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include "qrexec.h"
-#include "libqrexec-utils.h"
-
-static do_exec_t *exec_func = NULL;
-void register_exec_func(do_exec_t *func) {
-    exec_func = func;
-}
-
-void exec_qubes_rpc_if_requested(char *prog, char *const envp[]) {
-    /* avoid calling qubes-rpc-multiplexer through shell */
-    if (strncmp(prog, RPC_REQUEST_COMMAND, RPC_REQUEST_COMMAND_LEN) == 0) {
-        char *tok;
-        char *argv[16]; // right now 6 are used, but allow future extensions
-        size_t i = 0;
-
-        tok=strtok(prog, " ");
-        do {
-            if (i >= sizeof(argv)/sizeof(argv[0])-1) {
-                fprintf(stderr, "To many arguments to %s\n", RPC_REQUEST_COMMAND);
-                exit(1);
-            }
-            argv[i++] = tok;
-        } while ((tok=strtok(NULL, " ")));
-        argv[i] = NULL;
-        argv[0] = QUBES_RPC_MULTIPLEXER_PATH;
-        execve(QUBES_RPC_MULTIPLEXER_PATH, argv, envp);
-        perror("exec qubes-rpc-multiplexer");
-        exit(1);
-    }
-}
-
-void fix_fds(int fdin, int fdout, int fderr)
-{
-    int i;
-    for (i = 0; i < 256; i++)
-        if (i != fdin && i != fdout && i != fderr)
-            close(i);
-    dup2(fdin, 0);
-    dup2(fdout, 1);
-    dup2(fderr, 2);
-    close(fdin);
-    close(fdout);
-    if (fderr != 2)
-        close(fderr);
-}
-
-void do_fork_exec(const char *cmdline, int *pid, int *stdin_fd, int *stdout_fd,
-        int *stderr_fd)
-{
-    int inpipe[2], outpipe[2], errpipe[2];
-
-    if (socketpair(AF_UNIX, SOCK_STREAM, 0, inpipe) || 
-            socketpair(AF_UNIX, SOCK_STREAM, 0, outpipe) || 
-            (stderr_fd && socketpair(AF_UNIX, SOCK_STREAM, 0, errpipe))) {
-        perror("socketpair");
-        exit(1);
-    }
-    switch (*pid = fork()) {
-        case -1:
-            perror("fork");
-            exit(-1);
-        case 0:
-            if (stderr_fd) {
-                fix_fds(inpipe[0], outpipe[1], errpipe[1]);
-            } else
-                fix_fds(inpipe[0], outpipe[1], 2);
-
-            if (exec_func != NULL)
-                exec_func((char*)cmdline);
-            exit(-1);
-        default:;
-    }
-    close(inpipe[0]);
-    close(outpipe[1]);
-    *stdin_fd = inpipe[1];
-    *stdout_fd = outpipe[0];
-    if (stderr_fd) {
-        close(errpipe[1]);
-        *stderr_fd = errpipe[0];
-    }
-}

qrexec-lib/libqrexec-utils.h

@@ -1,70 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- * Copyright (C) 2013  Marek Marczykowski  <marmarek@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <sys/select.h>
-#include <libvchan.h>
-
-struct buffer {
-    char *data;
-    int buflen;
-};
-
-/* return codes for buffered writes */
-#define WRITE_STDIN_OK        0 /* all written */
-#define WRITE_STDIN_BUFFERED  1 /* something still in the buffer */
-#define WRITE_STDIN_ERROR     2 /* write error, errno set */
-
-typedef void (do_exec_t)(char *);
-void register_exec_func(do_exec_t *func);
-/*
- * exec() qubes-rpc-multiplexer if *prog* starts with magic "QUBESRPC" keyword,
- * do not return in that case; pass *envp* to execve() as en environment
- * otherwise, return false without any action
- */
-void exec_qubes_rpc_if_requested(char *prog, char *const envp[]);
-
-void buffer_init(struct buffer *b);
-void buffer_free(struct buffer *b);
-void buffer_append(struct buffer *b, const char *data, int len);
-void buffer_remove(struct buffer *b, int len);
-int buffer_len(struct buffer *b);
-void *buffer_data(struct buffer *b);
-
-int flush_client_data(int fd, struct buffer *buffer);
-int write_stdin(int fd, const char *data, int len, struct buffer *buffer);
-int fork_and_flush_stdin(int fd, struct buffer *buffer);
-
-void do_fork_exec(const char *cmdline, int *pid, int *stdin_fd, int *stdout_fd,
-        int *stderr_fd);
-void wait_for_vchan_or_argfd(libvchan_t *vchan, int max, fd_set * rdset, fd_set * wrset);
-int read_vchan_all(libvchan_t *vchan, void *data, size_t size);
-int write_vchan_all(libvchan_t *vchan, const void *data, size_t size);
-int read_all(int fd, void *buf, int size);
-int write_all(int fd, const void *buf, int size);
-void fix_fds(int fdin, int fdout, int fderr);
-void set_nonblock(int fd);
-void set_block(int fd);
-
-int get_server_socket(const char *);
-int do_accept(int s);
-
-void set_nonblock(int fd);

qrexec-lib/qrexec.h

@@ -1,121 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-/* See also http://wiki.qubes-os.org/trac/wiki/Qrexec */
-
-#include <stdint.h>
-
-#define QREXEC_PROTOCOL_VERSION 2
-#define MAX_FDS 256
-#define MAX_DATA_CHUNK 4096
-
-#define RPC_REQUEST_COMMAND "QUBESRPC"
-#define RPC_REQUEST_COMMAND_LEN (sizeof(RPC_REQUEST_COMMAND)-1)
-#define NOGUI_CMD_PREFIX "nogui:"
-#define NOGUI_CMD_PREFIX_LEN (sizeof(NOGUI_CMD_PREFIX)-1)
-#define VCHAN_BASE_PORT 512
-
-/* Messages sent over control vchan between daemon(dom0) and agent(vm).
- * The same are used between client(dom0) and daemon(dom0).
- */
-enum {
-    /* daemon->agent messages */
-
-    /* start process in VM and pass its stdin/out/err to dom0
-     * struct exec_params passed as data */
-    MSG_EXEC_CMDLINE = 0x200,
-
-    /* start process in VM discarding its stdin/out/err (connect to /dev/null)
-    * struct exec_params passed as data */
-    MSG_JUST_EXEC,
-
-    /* connect to existing process in VM to receive its stdin/out/err
-     * struct service_params passed as cmdline field in exec_params */
-    MSG_SERVICE_CONNECT,
-
-    /* refuse to start a service (denied by policy, invalid parameters etc)
-     * struct service_params passed as data to identify which service call was
-     * refused */
-    MSG_SERVICE_REFUSED,
-
-    /* agent->daemon messages */
-    /* call Qubes RPC service
-     * struct trigger_service_params passed as data */
-    MSG_TRIGGER_SERVICE = 0x210,
-
-
-    /* connection was terminated, struct exec_params passed as data (with empty
-     * cmdline field) informs about released vchan port */
-    MSG_CONNECTION_TERMINATED,
-
-    /* common messages */
-    /* initialize connection, struct peer_info passed as data
-     * should be sent as the first message (server first, then client) */
-    MSG_HELLO = 0x300,
-};
-
-/* uniform for all peers, data type depends on message type */
-struct msg_header {
-    uint32_t type;           /* message type */
-    uint32_t len;            /* data length */
-};
-
-/* variable size */
-struct exec_params {
-    uint32_t connect_domain; /* target domain name */
-    uint32_t connect_port;   /* target vchan port for i/o exchange */
-    char cmdline[0];         /* command line to execute, null terminated, size = msg_header.len - sizeof(struct exec_params) */
-};
-
-struct service_params {
-    char ident[32];          /* null terminated ASCII string */
-};
-
-struct trigger_service_params {
-    char service_name[64];            /* null terminated ASCII string */
-    char target_domain[32];           /* null terminated ASCII string */
-    struct service_params request_id; /* service request id */
-};
-
-struct peer_info {
-    uint32_t version; /* qrexec protocol version */
-};
-
-/* data vchan client<->agent, separate for each VM process */
-enum {
-    /* stdin dom0->VM */
-    MSG_DATA_STDIN = 0x190,
-    /* stdout VM->dom0 */
-    MSG_DATA_STDOUT,
-    /* stderr VM->dom0 */
-    MSG_DATA_STDERR,
-    /* VM process exit code VM->dom0 (uint32_t) */
-    MSG_DATA_EXIT_CODE,
-};
-
-// linux-specific stuff below
-
-#define QREXEC_AGENT_TRIGGER_PATH "/var/run/qubes/qrexec-agent"
-#define QREXEC_AGENT_FDPASS_PATH "/var/run/qubes/qrexec-agent-fdpass"
-#define MEMINFO_WRITER_PIDFILE "/var/run/meminfo-writer.pid"
-#define QUBES_RPC_MULTIPLEXER_PATH "/usr/lib/qubes/qubes-rpc-multiplexer"
-#define QREXEC_DAEMON_SOCKET_DIR "/var/run/qubes"
-

qrexec-lib/txrx-vchan.c

@@ -1,105 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <errno.h>
-#include <sys/select.h>
-#include <libvchan.h>
-
-int wait_for_vchan_or_argfd_once(libvchan_t *ctrl, int max, fd_set * rdset, fd_set * wrset)
-{
-    int vfd, ret;
-    struct timespec tv = { 1, 100000000 };
-    sigset_t empty_set;
-
-    sigemptyset(&empty_set);
-
-    vfd = libvchan_fd_for_select(ctrl);
-    FD_SET(vfd, rdset);
-    if (vfd > max)
-        max = vfd;
-    max++;
-    ret = pselect(max, rdset, wrset, NULL, &tv, &empty_set);
-    if (ret < 0) {
-        if (errno != EINTR) {
-            perror("select");
-            exit(1);
-        } else {
-            FD_ZERO(rdset);
-            FD_ZERO(wrset);
-            fprintf(stderr, "eintr\n");
-            return 1;
-        }
-
-    }
-    if (!libvchan_is_open(ctrl)) {
-        fprintf(stderr, "libvchan_is_eof\n");
-        exit(0);
-    }
-    if (FD_ISSET(vfd, rdset))
-        // the following will never block; we need to do this to
-        // clear libvchan_fd pending state 
-        libvchan_wait(ctrl);
-    if (libvchan_data_ready(ctrl))
-        return 1;
-    return ret;
-}
-
-void wait_for_vchan_or_argfd(libvchan_t *ctrl, int max, fd_set * rdset, fd_set * wrset)
-{
-    fd_set r = *rdset, w = *wrset;
-    do {
-        *rdset = r;
-        *wrset = w;
-    }
-    while (wait_for_vchan_or_argfd_once(ctrl, max, rdset, wrset) == 0);
-}
-
-int write_vchan_all(libvchan_t *vchan, const void *data, size_t size) {
-    size_t pos;
-    int ret;
-
-    pos = 0;
-    while (pos < size) {
-        ret = libvchan_write(vchan, data+pos, size-pos);
-        if (ret < 0)
-            return 0;
-        pos += ret;
-    }
-    return 1;
-}
-
-int read_vchan_all(libvchan_t *vchan, void *data, size_t size) {
-    size_t pos;
-    int ret;
-
-    pos = 0;
-    while (pos < size) {
-        ret = libvchan_read(vchan, data+pos, size-pos);
-        if (ret < 0)
-            return 0;
-        pos += ret;
-    }
-    return 1;
-}

qrexec-lib/unix-server.c

@@ -1,74 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-//#include "qrexec.h"
-
-int get_server_socket(const char *socket_address)
-{
-    struct sockaddr_un sockname;
-    int s;
-
-    unlink(socket_address);
-
-    s = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (s < 0) {
-        printf("socket() failed\n");
-        exit(1);
-    }
-    memset(&sockname, 0, sizeof(sockname));
-    sockname.sun_family = AF_UNIX;
-    strncpy(sockname.sun_path, socket_address, sizeof sockname.sun_path);
-    sockname.sun_path[sizeof sockname.sun_path - 1] = 0;
-
-    if (bind(s, (struct sockaddr *) &sockname, sizeof(sockname)) == -1) {
-        printf("bind() failed\n");
-        close(s);
-        exit(1);
-    }
-    //      chmod(sockname.sun_path, 0666);
-    if (listen(s, 5) == -1) {
-        perror("listen() failed\n");
-        close(s);
-        exit(1);
-    }
-    return s;
-}
-
-int do_accept(int s)
-{
-    struct sockaddr_un peer;
-    unsigned int addrlen;
-    int fd;
-    addrlen = sizeof(peer);
-    fd = accept(s, (struct sockaddr *) &peer, &addrlen);
-    if (fd == -1) {
-        perror("unix accept");
-        exit(1);
-    }
-    return fd;
-}

qrexec-lib/unpack.c

@@ -33,10 +33,6 @@ void send_status_and_crc(int code, const char *last_filename);
 #define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT)
 #endif
 
-#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 14)
-#define HAVE_SYNCFS
-#endif
-
 void do_exit(int code, const char *last_filename)
 {
     close(0);
@@ -213,10 +209,8 @@ void process_one_file(struct file_header *untrusted_hdr)
 int do_unpack(void)
 {
     struct file_header untrusted_hdr;
-#ifdef HAVE_SYNCFS
     int cwd_fd;
     int saved_errno;
-#endif
 
     total_bytes = total_files = 0;
     /* initialize checksum */
@@ -233,14 +227,10 @@ int do_unpack(void)
         process_one_file(&untrusted_hdr);
     }
 
-#ifdef HAVE_SYNCFS
     saved_errno = errno;
     cwd_fd = open(".", O_RDONLY);
     if (cwd_fd >= 0 && syncfs(cwd_fd) == 0 && close(cwd_fd) == 0)
         errno = saved_errno;
-#else
-    sync();
-#endif
 
     send_status_and_crc(errno, untrusted_namebuf);
     return errno;

qrexec-lib/write-stdin.c

@@ -1,119 +0,0 @@
-/*
- * The Qubes OS Project, http://www.qubes-os.org
- *
- * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <libvchan.h>
-#include "qrexec.h"
-#include "libqrexec-utils.h"
-
-/* 
-There is buffered data in "buffer" for client and select()
-reports that "fd" is writable. Write as much as possible to fd.
-*/
-int flush_client_data(int fd, struct buffer *buffer)
-{
-    int ret;
-    int len;
-    for (;;) {
-        len = buffer_len(buffer);
-        if (!len) {
-            return WRITE_STDIN_OK;
-        }
-        if (len > MAX_DATA_CHUNK)
-            len = MAX_DATA_CHUNK;
-        ret = write(fd, buffer_data(buffer), len);
-        if (ret == -1) {
-            if (errno != EAGAIN) {
-                return WRITE_STDIN_ERROR;
-            } else
-                return WRITE_STDIN_BUFFERED;
-        }
-        // we previously called buffer_remove(buffer, len)
-        // it will be wrong if we change MAX_DATA_CHUNK to something large
-        // as pipes writes are atomic only to PIPE_MAX limit 
-        buffer_remove(buffer, ret);
-    }
-
-}
-
-/*
- * Write "len" bytes from "data" to "fd". If not all written, buffer the rest
- * to "buffer".
- */
-int write_stdin(int fd, const char *data, int len, struct buffer *buffer)
-{
-    int ret;
-    int written = 0;
-
-    if (buffer_len(buffer)) {
-        buffer_append(buffer, data, len);
-        return WRITE_STDIN_BUFFERED;
-    }
-    while (written < len) {
-        ret = write(fd, data + written, len - written);
-        if (ret == 0) {
-            perror("write_stdin: write returns 0 ???");
-            exit(1);
-        }
-        if (ret == -1) {
-            if (errno != EAGAIN)
-                return WRITE_STDIN_ERROR;
-
-            buffer_append(buffer, data + written,
-                    len - written);
-
-            return WRITE_STDIN_BUFFERED;
-        }
-        written += ret;
-    }
-    return WRITE_STDIN_OK;
-}
-
-/* 
- * Data feed process has exited, so we need to clear all control structures for 
- * the client. However, if we have buffered data for the client (which is rare btw),
- * fire&forget a separate process to flush them.
- */
-int fork_and_flush_stdin(int fd, struct buffer *buffer)
-{
-    int i;
-    if (!buffer_len(buffer))
-        return 0;
-    switch (fork()) {
-        case -1:
-            perror("fork");
-            exit(1);
-        case 0:
-            break;
-        default:
-            return 1;
-    }
-    for (i = 0; i < MAX_FDS; i++)
-        if (i != fd && i != 2)
-            close(i);
-    set_block(fd);
-    write_all(fd, buffer_data(buffer), buffer_len(buffer));
-    _exit(0);
-}

rpm_spec/qubes-kernel-vm-support.spec.in

@@ -22,7 +22,7 @@
 Name:		qubes-kernel-vm-support
 Version:	@VERSION@
 Release:	1%{?dist}
-Summary:	Qubes VM kernel and initramfs modules
+Summary:	Qubes VM initramfs modules
 Source0:    qubes-utils-%{version}.tar.gz
 
 Group:		Qubes
@@ -31,7 +31,6 @@ License:	GPL v2 only
 URL:		http://www.qubes-os.org
 
 Requires:	dracut
-Requires:	dkms
 
 %description
 This package contains:
@@ -39,9 +38,6 @@ This package contains:
 needed in VM only when the VM uses its own kernel (via pvgrub or so). Otherwise
 initrd is provided by dom0.
 
-2. u2mfn kernel module sources (dkms) required by GUI agent and R2 version of
-libvchan library.
-
 %prep
 %setup -q -n qubes-utils-%{version}
 
@@ -52,7 +48,7 @@ make install-fedora-kernel-support DESTDIR=%{buildroot}
 /usr/lib/dracut/modules.d/90qubes-vm
 /usr/lib/dracut/modules.d/90qubes-vm-modules
 /usr/lib/dracut/modules.d/90qubes-vm-simple
-/usr/src/u2mfn-%{version}/
+/usr/lib/dracut/modules.d/80xen-scrub-pages
 /usr/sbin/qubes-prepare-vm-kernel
 %config(noreplace) /etc/default/grub.qubes-kernel-vm-support
 
@@ -63,17 +59,29 @@ if ! grep -q '/etc/default/grub.qubes-kernel-vm-support$' /etc/default/grub 2>/d
     echo '. /etc/default/grub.qubes-kernel-vm-support' >> /etc/default/grub
 fi
 
-%post
-dkms add -m u2mfn -v %{version} --rpm_safe_upgrade
-
 %preun
-dkms remove -m u2mfn -v %{version} --all --rpm_safe_upgrade
-
 if [ $1 -eq 0 ]; then
     if grep -q '/etc/default/grub.qubes-kernel-vm-support$' /etc/default/grub 2>/dev/null; then
         sed -i -e '/grub.qubes-kernel-vm-support$/d' /etc/default/grub
     fi
 fi
 
+%posttrans
+
+# Rebuild all initramfs images to include updated modules
+if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then
+    ret=0
+    for img in /boot/initramfs-*.img; do
+        kver="${img#*initramfs-}"
+        kver="${kver%.img}"
+        dracut -f "$img" "$kver" || ret=$?
+    done
+    if [ "$ret" -eq 0 ]; then
+        # "milestone" initramfs update version:
+        # 1 - addition of xen scrub_pages enabling code
+        echo 1 > /var/lib/qubes/initramfs-updated
+    fi
+fi
+
 %changelog
 @CHANGELOG@

rpm_spec/qubes-utils.spec.in

@@ -11,20 +11,11 @@ URL:		http://www.qubes-os.org
 Requires:	udev
 Requires:	%{name}-libs
 Requires:	ImageMagick
-%if 0%{?rhel} >= 7
-Requires:	python34-qubesimgconverter
-%else
-Requires:	python3-qubesimgconverter
-%endif
+Requires:	python%{python3_pkgversion}-qubesimgconverter
 %{?systemd_requires}
 BuildRequires:  systemd
-BuildRequires:  qubes-libvchan-devel
-BuildRequires:  python-setuptools
-%if 0%{?rhel} >= 7
-BuildRequires:  python34-setuptools
-%else
-BuildRequires:  python3-setuptools
-%endif
+BuildRequires:  python2-setuptools
+BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python2-rpm-macros
 BuildRequires:  python3-rpm-macros
 # for meminfo-writer
@@ -36,7 +27,7 @@ Common Linux files for Qubes Dom0 and VM
 
 %package -n python2-qubesimgconverter
 Summary:    Python package qubesimgconverter
-Requires:   python
+Requires:   python2
 Requires:   pycairo
 %if 0%{?rhel} >= 7
 Requires:   python-pillow
@@ -49,27 +40,15 @@ Requires:   python2-numpy
 %description -n python2-qubesimgconverter
 Python package qubesimgconverter
 
-%if 0%{?rhel} >= 7
-%package -n python34-qubesimgconverter
+%package -n python%{python3_pkgversion}-qubesimgconverter
 Summary:    Python package qubesimgconverter
-Requires:   python34
-Requires:   python34-cairo
-Requires:   python34-pillow
-Requires:   python34-numpy
+Requires:   python%{python3_pkgversion}
+Requires:   python%{python3_pkgversion}-cairo
+Requires:   python%{python3_pkgversion}-pillow
+Requires:   python%{python3_pkgversion}-numpy
 
-%description -n python34-qubesimgconverter
+%description -n python%{python3_pkgversion}-qubesimgconverter
 Python package qubesimgconverter
-%else
-%package -n python3-qubesimgconverter
-Summary:    Python package qubesimgconverter
-Requires:   python3
-Requires:   python3-cairo
-Requires:   python3-pillow
-Requires:   python3-numpy
-
-%description -n python3-qubesimgconverter
-Python package qubesimgconverter
-%endif
 
 %package devel
 Summary:	Development headers for qubes-utils
@@ -133,11 +112,7 @@ rm -rf $RPM_BUILD_ROOT
 %{python2_sitelib}/qubesimgconverter/test_integ.py*
 %{python2_sitelib}/qubesimgconverter-%{version}-py?.?.egg-info
 
-%if 0%{?rhel} >= 7
-%files -n python34-qubesimgconverter
-%else
-%files -n python3-qubesimgconverter
-%endif
+%files -n python%{python3_pkgversion}-qubesimgconverter
 %{python3_sitelib}/qubesimgconverter/__init__.py
 %{python3_sitelib}/qubesimgconverter/imggen.py
 %{python3_sitelib}/qubesimgconverter/test.py
@@ -146,15 +121,11 @@ rm -rf $RPM_BUILD_ROOT
 %{python3_sitelib}/qubesimgconverter/__pycache__
 
 %files libs
-%{_libdir}/libqrexec-utils.so.2
 %{_libdir}/libqubes-rpc-filecopy.so.2
 
 %files devel
 %defattr(-,root,root,-)
-/usr/include/libqrexec-utils.h
 /usr/include/libqubes-rpc-filecopy.h
-/usr/include/qrexec.h
-%{_libdir}/libqrexec-utils.so
 %{_libdir}/libqubes-rpc-filecopy.so
 
 %changelog

version

@@ -1 +1 @@
-4.0.22
+4.1.3