[pve-devel] [PATCH manager] Add USB3 support for Spice USB redirection
Signed-off-by: Aaron Lauterer
---
www/manager6/qemu/USBEdit.js | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/www/manager6/qemu/USBEdit.js b/www/manager6/qemu/USBEdit.js
index 8fc95c99..20c30fe6 100644
--- a/www/manager6/qemu/USBEdit.js
+++ b/www/manager6/qemu/USBEdit.js
@@ -18,8 +18,6 @@ Ext.define('PVE.qemu.USBInputPanel', {
hwidfield.setDisabled(!newValue);
} else if(field.inputValue === 'port') {
portfield.setDisabled(!newValue);
- } else if(field.inputValue === 'spice') {
- usb3field.setDisabled(newValue);
}
}
},
@@ -62,7 +60,11 @@ Ext.define('PVE.qemu.USBInputPanel', {
var type = me.down('radiofield').getGroupValue();
switch (type) {
case 'spice':
- val = 'spice'; break;
+ val = 'spice';
+ if (!/usb3/.test(val) && me.down('field[name=usb3]').getValue()
=== true) {
+ val += ',usb3=1';
+ }
+ break;
case 'hostdevice':
case 'port':
val = me.down('pveUSBSelector[name=' + type +
']').getUSBValue();
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH qemu-server 1/2] Add USB3 support to Spice USB redirection
Signed-off-by: Aaron Lauterer
---
PVE/QemuServer/USB.pm | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/PVE/QemuServer/USB.pm b/PVE/QemuServer/USB.pm
index a2097b9..05c78cf 100644
--- a/PVE/QemuServer/USB.pm
+++ b/PVE/QemuServer/USB.pm
@@ -87,9 +87,12 @@ sub get_usb_devices {
my $hostdevice = parse_usb_device($d->{host});
$hostdevice->{usb3} = $d->{usb3};
if (defined($hostdevice->{spice}) && $hostdevice->{spice}) {
- # usb redir support for spice, currently no usb3
+ # usb redir support for spice
+ my $bus = 'ehci';
+ $bus = 'xhci' if $hostdevice->{usb3};
+
push @$devices, '-chardev',
"spicevmc,id=usbredirchardev$i,name=usbredir";
- push @$devices, '-device',
"usb-redir,chardev=usbredirchardev$i,id=usbredirdev$i,bus=ehci.0";
+ push @$devices, '-device',
"usb-redir,chardev=usbredirchardev$i,id=usbredirdev$i,bus=$bus.0";
} else {
push @$devices, '-device', print_usbdevice_full($conf, "usb$i",
$hostdevice);
}
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH qemu-server 2/2] Fix local resources check for USB3 Spice devices
The check relied on the fact, that spice usb devices could not be usb3
in the past.
Signed-off-by: Aaron Lauterer
---
PVE/QemuServer.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 6e3b19e..0a0fda7 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2903,7 +2903,7 @@ sub check_local_resources {
push @loc_res, "ivshmem" if $conf->{ivshmem};
foreach my $k (keys %$conf) {
- next if $k =~ m/^usb/ && ($conf->{$k} eq 'spice');
+ next if $k =~ m/^usb/ && ($conf->{$k} =~ m/spice/);
# sockets are safe: they will recreated be on the target side
post-migrate
next if $k =~ m/^serial/ && ($conf->{$k} eq 'socket');
push @loc_res, $k if $k =~ m/^(usb|hostpci|serial|parallel)\d+$/;
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH v2 qemu-server 0/2 pve-manager 0/1] Fix #2343 Spice USB3 support
This patch series enables USB3 for the passthrough / redirection of USB devices via the Spice client. AFAIU there is no need for special checks regarding live migration due to the following reasons: * USB3 for Spice was disabled in the GUI * Setting `usb3=1` via the API or manually in the config file was ignored - hardcoded ehci bus - xhci controller added - if not needed by another USB device no ehci controller added -> VM couldn't start * Live migration with `usb3=1` set is not possible with older versions because it got recognized as a local resource. v1[0] -> v2: * no qemu version checks * fix local resource check on migration * add GUI support [0]: https://pve.proxmox.com/pipermail/pve-devel/2019-August/038672.html Aaron Lauterer (2): Add USB3 support to Spice USB redirection Fix local resources check for USB3 Spice devices Add USB3 support for Spice USB redirection (qemu-server) PVE/QemuServer.pm| 2 +- (qemu-server) PVE/QemuServer/USB.pm| 7 +-- (pve-manager) www/manager6/qemu/USBEdit.js | 8 +--- 2 files changed, 6 insertions(+), 3 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied: [PATCH cluster] pmxcfs: get config properties: ensure we do not read after the config
applied with the following fixup commit we talked about off-list:
---8<---
>From c22040264ebe7b5b8b1dcd16c1af8d174600b1ea Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller
Date: Fri, 30 Aug 2019 10:09:46 +0200
Subject: [PATCH cluster] pmxcfs: cleanup remaining_size calculation
using an end-pointer it's a bit more readable and gets rid
of an (int) cast
Signed-off-by: Wolfgang Bumiller
---
data/src/status.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/data/src/status.c b/data/src/status.c
index 1dfde53..e9983b7 100644
--- a/data/src/status.c
+++ b/data/src/status.c
@@ -803,8 +803,9 @@ cfs_create_vmlist_msg(GString *str)
static char *
_get_property_value(char *conf, int conf_size, const char *prop, int prop_len)
{
+ const char *const conf_end = conf + conf_size;
char *line = conf;
- int remaining_size;
+ size_t remaining_size;
char *next_newline = memchr(conf, '\n', conf_size);
if (next_newline == NULL) {
@@ -838,11 +839,11 @@ _get_property_value(char *conf, int conf_size, const char
*prop, int prop_len)
return v_start;
}
next:
- remaining_size = conf_size - (int) (next_newline - conf);
- if (remaining_size <= 1 || remaining_size <= prop_len) {
+ line = next_newline + 1;
+ remaining_size = conf_end - line;
+ if (remaining_size <= prop_len) {
return NULL;
}
- line = next_newline + 1;
next_newline = memchr(line, '\n', remaining_size);
if (next_newline == NULL) {
return NULL; // valid property lines end with \n, but
none in the config
--
2.20.1
---8<---
On Thu, Aug 29, 2019 at 02:45:08PM +0200, Thomas Lamprecht wrote:
> pmxcfs files need to be treated as blobs, while we can have some
> assumptions on certain files, like the $vmid.conf ones, we should
> still cope with problematic files.
> Especially, the files may not end with \0, so always ensure that we
> read at most file-size bytes.
>
> Replace strtok_r, which assumes that the data is NUL terminated, and
> use memchr, with logic ensuring that we never read over the size
> returned by memdb_read.
>
> Signed-off-by: Thomas Lamprecht
> ---
> data/src/status.c | 29 ++---
> 1 file changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/data/src/status.c b/data/src/status.c
> index e437476..1dfde53 100644
> --- a/data/src/status.c
> +++ b/data/src/status.c
> @@ -801,15 +801,21 @@ cfs_create_vmlist_msg(GString *str)
> // currently we only look at the current configuration in place, i.e., *no*
> // snapshort and *no* pending changes
> static char *
> -_get_property_value(char *conf, const char *prop, int prop_len)
> +_get_property_value(char *conf, int conf_size, const char *prop, int
> prop_len)
> {
> - char *line = NULL, *temp = NULL;
> + char *line = conf;
> + int remaining_size;
> +
> + char *next_newline = memchr(conf, '\n', conf_size);
> + if (next_newline == NULL) {
> + return NULL; // valid property lines end with \n, but none in
> the config
> + }
> + *next_newline = '\0';
>
> - line = strtok_r(conf, "\n", &temp);
> while (line != NULL) {
> if (!line[0]) goto next;
>
> - // snapshot or pending section start and nothing found yet
> + // snapshot or pending section start, but nothing found yet ->
> not found
> if (line[0] == '[') return NULL;
> // properties start with /^[a-z]/, so continue early if not
> if (line[0] < 'a' || line[0] > 'z') goto next;
> @@ -832,7 +838,16 @@ _get_property_value(char *conf, const char *prop, int
> prop_len)
> return v_start;
> }
> next:
> - line = strtok_r(NULL, "\n", &temp);
> + remaining_size = conf_size - (int) (next_newline - conf);
> + if (remaining_size <= 1 || remaining_size <= prop_len) {
> + return NULL;
> + }
> + line = next_newline + 1;
> + next_newline = memchr(line, '\n', remaining_size);
> + if (next_newline == NULL) {
> + return NULL; // valid property lines end with \n, but
> none in the config
> + }
> + *next_newline = '\0';
> }
>
> return NULL; // not found
> @@ -884,7 +899,7 @@ cfs_create_guest_conf_property_msg(GString *str, memdb_t
> *memdb, const char *pro
> if (tmp == NULL) goto err;
> if (size <= prop_len) goto ret;
>
> - char *val = _get_property_value(tmp, prop, prop_len);
> + char *val = _get_property_value(tmp, size, prop, prop_len);
> if (val == NULL) goto ret;
>
> g_string_append_printf(str, "\"%u\":{", vmid);
> @@ -907,7 +922,7 @@ cfs_create_
[pve-devel] [PATCH v2 pve-docs] update vxlan-evpn doc
Now that vrf leaking is supported with default vrf, setup is more simple for exit node. (not need extra interface) Also cleanup symmetric config Signed-off-by: Alexandre Derumier --- vxlan-and-evpn.adoc | 231 1 file changed, 63 insertions(+), 168 deletions(-) diff --git a/vxlan-and-evpn.adoc b/vxlan-and-evpn.adoc index 9cd55fc..703329d 100644 --- a/vxlan-and-evpn.adoc +++ b/vxlan-and-evpn.adoc @@ -879,7 +879,6 @@ iface vmbr4000 inet manual bridge_ports vxlan4000 bridge_stp off bridge_fd 0 -hwaddress 44:39:39:FF:40:90 #must be different on each node vrf vrf1 @@ -888,6 +887,7 @@ frr.conf vrf vrf1 vni 4000 + exit-vrf ! router bgp 1234 bgp router-id 192.168.0.1 @@ -902,18 +902,6 @@ router bgp 1234 advertise-all-vni exit-address-family ! -router bgp 1234 vrf vrf1 -! - bgp router-id 192.168.0.1 - ! - address-family ipv4 unicast - redistribute connected - exit-address-family - ! - address-family l2vpn evpn - advertise ipv4 unicast - exit-address-family -! line vty ! @@ -992,7 +980,6 @@ iface vmbr4000 inet manual bridge_ports vxlan4000 bridge_stp off bridge_fd 0 -hwaddress 44:39:39:FF:40:91 #must be different on each node vrf vrf1 @@ -1002,6 +989,7 @@ frr.conf vrf vrf1 vni 4000 + exit-vrf ! router bgp 1234 bgp router-id 192.168.0.2 @@ -1016,18 +1004,6 @@ router bgp 1234 advertise-all-vni exit-address-family ! -router bgp 1234 vrf vrf1 -! - bgp router-id 192.168.0.2 - ! - address-family ipv4 unicast - redistribute connected - exit-address-family - ! - address-family l2vpn evpn - advertise ipv4 unicast - exit-address-family -! line vty ! @@ -1106,7 +1082,6 @@ iface vmbr4000 inet manual bridge_ports vxlan4000 bridge_stp off bridge_fd 0 -hwaddress 44:39:39:FF:40:92 #must be different on each node vrf vrf1 @@ -1116,6 +1091,7 @@ frr.conf vrf vrf1 vni 4000 + exit-vrf ! router bgp 1234 bgp router-id 192.168.0.3 @@ -1130,18 +1106,6 @@ router bgp 1234 advertise-all-vni exit-address-family ! -router bgp 1234 vrf vrf1 -! - bgp router-id 192.168.0.3 - ! - address-family ipv4 unicast - redistribute connected - exit-address-family - ! - address-family l2vpn evpn - advertise ipv4 unicast - exit-address-family -! line vty ! @@ -1153,8 +1117,7 @@ Routing to outside need the symmetric model. 1 gateway node ^^ In this example, we'll use only 1 proxmox node as exit gateway. (node1) -This node have a simple default gw in the vrf to the external router (no bgp between router and node1) -and announce this default gw to other proxmox nodes. +This node announce the default gw in vrf1 (default originate) and forward to his own default gateway (192.168.0.254) (no bgp between router and node1) *node1 @@ -1172,19 +1135,11 @@ auto vmbr0 iface vmbr0 inet static address 192.168.0.1 netmask 255.255.255.0 + gateway 192.168.0.254 bridge_ports eno1 bridge_stp off bridge_fd 0 -auto eno2 -iface eno2 -address 172.16.0.1 -netmask 255.255.255.0 -vrf vrf1 -post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1 - #if you have multiple external routers, you can use ecmp balancing - #post-up route add default nexthop via 172.16.0.253 dev eno2 vrf vrf1 nexthop via 172.16.0.254 dev eno2 vrf vrf1 - auto vxlan2 iface vxlan2 inet manual vxlan-id 2 @@ -1238,7 +1193,6 @@ iface vmbr4000 inet manual bridge_ports vxlan4000 bridge_stp off bridge_fd 0 -hwaddress 44:39:39:FF:40:90 #must be different on each node vrf vrf1 @@ -1248,6 +1202,7 @@ frr.conf vrf vrf1 vni 4000 + exit-vrf ! router bgp 1234 bgp router-id 192.168.0.1 @@ -1256,6 +1211,10 @@ router bgp 1234 neighbor 192.168.0.2 remote-as 1234 neighbor 192.168.0.3 remote-as 1234 ! + address-family ipv4 unicast + import vrf vrf1 + exit-address-family + ! address-family l2vpn evpn neighbor 192.168.0.2 activate neighbor 192.168.0.3 activate @@ -1264,15 +1223,8 @@ router bgp 1234 ! router bgp 1234 vrf vrf1 ! - bgp router-id 172.16.0.1 - ! - address-family ipv4 unicast - redistribute connected - redistribute kernel !announce your default gw to all nodes - exit-address-family - ! address-family l2vpn evpn - advertise ipv4 unicast + default-originate ipv4 exit-address-family ! line vty @@ -1353,7 +1305,6 @@ iface vmbr4000 inet manual bridge_ports vxlan4000 bridge_stp off bridge_fd 0 -hwaddress 44:39:39:FF:40:91 #must be different on each node vrf vrf1 @@ -1363,6 +1314,7 @@ frr.conf vrf vrf1 vni 4000 + exit-vrf ! router bgp 1234 bgp router-id 192.168.0.2 @@ -1377,18 +1329,6 @@ router bgp 1234 advertise-all-vni exit-addres
[pve-devel] [RFC PATCH manager] api: allow ticket in auth header as fallback
Signed-off-by: Tim Marx
---
PVE/Service/pveproxy.pm | 7 +++
1 file changed, 7 insertions(+)
diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
index dd123dd8..860a05c0 100755
--- a/PVE/Service/pveproxy.pm
+++ b/PVE/Service/pveproxy.pm
@@ -184,6 +184,13 @@ sub get_index {
}
}
my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie,
$server->{cookie_name});
+
+ if (!defined $ticket) {
+ my $authHeader = $r->header('Authorization');
+ $ticket =
PVE::APIServer::Formatter::extract_ticket_from_auth_header($authHeader,
$server->{cookie_name});
+ }
+
+
if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
$token =
PVE::AccessControl::assemble_csrf_prevention_token($username);
}
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [RFC PATCH http-server 0/1] allow ticket in auth header as fallback
This patch makes it possible to pass the PVETicket inside the HTTP Authorization header as second option to the traditional cookie approach. Cookies can only be set by using the browser apis e.g. document.cookie, a client is not allowed to set a cookie header on a request object manually as long as it is in a browser context. To simplfy this you can now pass the received ticket inside the Authorization header on subsequent requests which should work regardless of the context. This should as well free anyone to think about how the browser handles the cookie, e.g. session restore etc. The new "extract_ticket_from_auth_header" is almost identical to the old one. The only difference for now is a space instead of "=" between the type and the actual token, because this is the common way when using the Authorization header AFAIK. Tim Marx (1): allow ticket in auth header as fallback PVE/APIServer/AnyEvent.pm | 5 + PVE/APIServer/Formatter.pm | 12 2 files changed, 17 insertions(+) manager: PVE/Service/pveproxy.pm | 7 +++ 1 file changed, 7 insertions(+) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [RFC PATCH http-server 1/1] allow ticket in auth header as fallback
Signed-off-by: Tim Marx
---
PVE/APIServer/AnyEvent.pm | 5 +
PVE/APIServer/Formatter.pm | 12
2 files changed, 17 insertions(+)
diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index 2e8ca47..c8f7b6d 100644
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -1223,6 +1223,11 @@ sub unshift_read_header {
my $cookie = $r->header('Cookie');
my $ticket =
PVE::APIServer::Formatter::extract_auth_cookie($cookie, $self->{cookie_name});
+ if (!defined $ticket) {
+ my $authHeader = $r->header('Authorization');
+ $ticket =
PVE::APIServer::Formatter::extract_ticket_from_auth_header($authHeader,
$self->{cookie_name});
+ }
+
my ($rel_uri, $format) = &$split_abs_uri($path,
$self->{base_uri});
if (!$format) {
$self->error($reqstate, HTTP_NOT_IMPLEMENTED, "no such
uri");
diff --git a/PVE/APIServer/Formatter.pm b/PVE/APIServer/Formatter.pm
index 0c459bd..f626180 100644
--- a/PVE/APIServer/Formatter.pm
+++ b/PVE/APIServer/Formatter.pm
@@ -87,6 +87,18 @@ sub extract_auth_cookie {
return $ticket;
}
+sub extract_ticket_from_auth_header {
+my ($auth_header, $type) = @_;
+
+return undef if !$auth_header;
+
+my $ticket = ($auth_header =~ /(?:^|\s)\Q$type\E ([^;]*)/)[0];
+
+$ticket = uri_unescape($ticket) if $ticket;
+
+return $ticket;
+}
+
sub create_auth_cookie {
my ($ticket, $cookie_name) = @_;
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied: [PATCH cluster] pmxcfs server: fix off-by-one error when ensuring string NUL termination
done once, then copied over by copy-is-my-hobby, once by me too :)
While this is in the relative big SHM we get from the libqb backed
IPC mechanisms, and thus there's a really really low chance to hit a
corruption of another following data element here, it's still a
possibility.
Signed-off-by: Thomas Lamprecht
---
data/src/server.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/data/src/server.c b/data/src/server.c
index 6371edb..36acc1d 100644
--- a/data/src/server.c
+++ b/data/src/server.c
@@ -245,7 +245,7 @@ static int32_t s1_msg_process_fn(
result = -EINVAL;
} else {
/* make sure path is 0 terminated */
- ((char *)data)[request_size] = 0;
+ ((char *)data)[request_size - 1] = 0;
char *path = (char*) data + sizeof(struct
qb_ipc_request_header);
if (ctx->read_only && path_is_private(path)) {
@@ -305,7 +305,7 @@ static int32_t s1_msg_process_fn(
result = -EINVAL;
} else {
/* make sure user string is 0 terminated */
- ((char *)data)[request_size] = 0;
+ ((char *)data)[request_size - 1] = 0;
char *user = (char*) data +
sizeof(cfs_log_get_request_header_t);
uint32_t max = rh->max_entries ? rh->max_entries : 50;
@@ -337,7 +337,7 @@ static int32_t s1_msg_process_fn(
cfs_debug("proplen <= 0, %d", proplen);
result = -EINVAL;
} else {
- ((char *)data)[request_size] = 0; // ensure property is
0 terminated
+ ((char *)data)[request_size - 1] = 0; // ensure
property is 0 terminated
cfs_debug("cfs_get_guest_config_property: basic valid
checked, do request");
--
2.20.1
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH arch-pacman] updated to 5.1.3-1
Signed-off-by: Oguz Bektas --- Makefile | 2 +- debian/changelog | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 014851c..b58177c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ PACKAGE=arch-pacman -PACMANVER=5.1.2 +PACMANVER=5.1.3 DEBREL=1 SRCDIR=pacman diff --git a/debian/changelog b/debian/changelog index f3d719e..953e9d0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +arch-pacman (5.1.3-1) unstable; urgency=low + + * Update to 5.1.3 + + -- Proxmox Support Team Wed, 30 Aug 2019 12:18:50 +0100 + arch-pacman (5.1.2-1) unstable; urgency=low * Update to 5.1.2 -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
