vglass: replace surfman/input-server with vglass

[eric-ch]

In this changeset:

• Retire Surfman related projects (surfman, libsusrfman, surfman-plugins, input_server, libdmbus, shutdown-screen, xenfb2, gem-foreign/i915-foreign patches, libedid);
• Retire the SELinux definitions associated with the aforementioned projects;
• Retire the IDL exclusively associated with the aforementioned projects;
• Include the vglass layer: https://gitlab.com/vglass/meta-vglass as a dependency, note this inherits meta-qt5 as a dependency;
• Amend the necessary configuration to use the required vGlass PV drivers where necessary (ivc, pv-display-helper, openxtfb in UIVM)

General notes:

• dom0 memory is bumped to 768M. This has been changed by recommandation, yet it is suspected keeping 512M should be enough with the backported patch for gntdev (9b24f64).

vGlass notes:

• This submission currently relies on openxtfb as a PV framebuffer driver in UIVM. An alternative is available (glassdrm), and will be the object of later submissions.
• IVC (libivc2) in dom0 is not the same component as IVC (libivc) in service-VMs (stubdomains included).
• HVM w/o stubdomain guests are not supported by the current vGlass stack. There is no graphic support for this use-case due to IVC2/IVC limitations at the moment.
• Monitor hotplug issues have been reported and are being investigted, they can and should be reported in the vGlass gitlab group: gitlab.com/groups/vglass
• There is a known limitation with Windows PV Tools when using the emulated mouse. This changeset includes the work-around to let Windows HVM w/ stubdomain guests create and use a PV device.

Windows PV tools:

• vGlass PV tools interface with Xen Windows PV drivers 9.0, the builder provides a built binary: https://openxt.ainfosec.com/OpenXT/auto/windows/9.0.0/;
• The bundled installer also includes a port of OpenXT Windows PV USB drivers on Xen Windows PV drivers 9.0;
• There is no PV audio drivers available at the moment;

Builds and test:

• There is a dedicated builder for this changeset: https://openxt.ainfosec.com/OpenXT/auto/master/master-custom-vglass/

Depends on:

• vglass: introduce RPCs used by vglass and remove deprecated ones idl#41
• vglass: deprecate surfman logics and wire up vglass manager#180
• vglass: remove HDX UI elements and surfman RPC toolstack-data#61
• vglass: replace surfman RPC in xcpmd, retire libdmbus xctools#66
• hkg-split: add recipe meta-openxt-haskell-platform#20

[eric-ch]

v2: Rebase on top of master. No change.

[jandryuk]

Noticed two avcs when a usb-c dock triggered display and usb hotplug. This was a local build - are the public ones running in permissive?

vusb.te should gain
glass_dbus_chat(vusbd_t)
It used to have input_server_dbus_chat(vusbd_t).

dbus-daemon[1142]: avc:  denied  { send_msg } for msgtype=method_call interface=com.citrix.xenclient.input member=get_focus_domid dest=com.citrix.xenclient.input spid=1299 tpid=1388 scontext=system_u:system_r:vusbd_t:s0 tcontext=system_u:system_r:glass_t:s0 tclass=dbus permissive=0

disman.te should gain
disman_dbus_chat(udev_t)
So that udev -> 99-disman-hotplug.rules -> /usr/bin/disman-hotplug.sh -> dbus-send can work. Or disman_script_t needs to be fully implemented as I've indicated elsewhere.

dbus-daemon[1142]: avc:  denied  { send_msg } for msgtype=method_call interface=mil.af.secureview.disman member=hotplug dest=mil.af.secureview.disman spid=3726 tpid=1395 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:disman_t:s0 tclass=dbus permissive=0

[jandryuk]

Swith this to disman_script_exec_t:
/usr/bin/disman-hotplug.sh -- gen_context(system_u:object_r:disman_script_exec_t,s0)

[eric-ch]

... and also \ that ..

[jandryuk]

Yes. Good self-review 🙂

[jandryuk]

These can go in separately and immediately, I think:
d9eac76
e12d717

[jandryuk]

This seems like it's in the wrong commit 761aed3

[eric-ch]

It is indeed.

[jandryuk]

I was hoping that dependencies could handle this, but libpvglass depends on virtual/libivc, so we can't just make vglass depend on libvc2 and qemu depend on libivc, right?

[eric-ch]

Yes that is why I ended up defining a prefered per-machine provider, which in turns comes from libpvbackendhelper/libpvdisplayhelper, aka recipe libpvglass, exporting the same public headers, OE rightfully reports one can overwrite the other if they are provided by two different recipes.

[jandryuk]

We can just update all the relevant defconfigs.

[eric-ch]

Agreed. It was somewhat convenient to isolate the changes initially.
Just for documentation: With #1383 it would become configuration fragments.

[jandryuk]

Instead of adding this here, this hunk can be dropped to re-instate the original code

xenclient-oe/recipes-extended/xen/files/libxl-xenmgr-support.patch

Line 78 in 4f925c4

- libxl__device_add(gc, domid, &libxl__vkb_devtype, &vkb);

That is assuming 1 vkb is acceptable, but I think only one is added with vglass.

[crogers1]

This was a long time ago and I'm trying to remember why the vkbs ended up like this. libxl-xenmgr-support.patch split apart the vfb and vkb creation in xl_parse.c because I think we wanted 2 vkbs (one for keyboard and one for mouse). I think you're right about vglass not needing 2 vkbs so we could drop the loop in xl_parse.c, but the UIVM still wants vfb=0, and vkb=1, so the initialization needs to remain split.

The d_config->vkbs[] array already has initialized vkbs from the code in xl_parse.c, so we're just calling the libxl__device_add() in this hunk instead of initializing another new vkb, like line 78 in libxl-xenmgr-support.patch.

[jandryuk]

Yes, input server used two vkbs because a single one can only send either relative or absolute events.

UIVM is PVH, so it doesn't go through this code path and vkbs can be added separately anyway. My suggested change would mean every HVM gets a vkb xenstore entry regardless of config.vkbd setting. vglass actually providing a backend seems to be conditioned on the config.vglass-enabled setting.

The previously mentioned xenmgr change to use vkb=[] (https://github.com/jandryuk/manager/commits/vkb-fixup) may mean I'm missing something for the case without it.

[eric-ch]

vkb=[0|1] and vfb=[0|1] are colliding with xl.cfg(5) definitions for vkb=[ "VKB_SPEC_STRING", "VKB_SPEC_STRING", ...] and vfb=[ "VFB_SPEC_STRING", "VFB_SPEC_STRING", ...] which, it sounds like, we could use directly without removing the other PV display support like @jandryuk points out.

Windows HVM guests and UIVM by default boot with vfb=0 and vkb=1 when using vglass.

[eric-ch]

With @jandryuk changes the changes from libxl-xenmgr-support.patch related to vkb and vfb are dropped. Are there still concerns regarding this?

[eric-ch]

v2

• Address refpolicy comments and typos (e,g \.);
• xen-fbfront is no longer in the modprobe configuration, it will be loaded depending on the xenbus probe. xenbus.wait_nonessentials is removed since no longer needed;
• vkb and vfb flags in xenmgr are deprecated, amend the libxl patch in consequence (see relevant commits in vglass: introduce RPCs used by vglass and remove deprecated ones idl#41 and vglass: deprecate surfman logics and wire up vglass manager#180). An upgrade script is still needed;
• Prune the kernel defconfigs using bitbake -c savedefconfig to remove auto-selected configurations;
• Transfer kernel configuration from the linux-openxt recipe to the defconfig themselves;
• sort out cross-commit changes

[eric-ch]

Build: $mcv-9

[jandryuk]

This looks good.
a43a418 got re-introduced?
c77f7d5 should maybe be its own PR?

[eric-ch]

@jandryuk a43a418 is a mistake on my part, I must have rebased before the other PR went in. Agreed for c77f7d5.

[eric-ch]

v3

• Rebase on master
• Removed c77f7d5 for separate submission.

[jandryuk]

I've seen vglass segfault 4 times.
This is Eric's build. Looks like it was from hot unplugging a USB-C Dock with an external display.

Dec 16 16:37:25.486943 kernel:[ 3267.244797] glass[1433]: segfault at 0 ip 00007ff88ba1c10f sp 00007ffd47b71280 error 4 in libfs_wm.so.1.0.0[7ff88ba0b000+1f000]

The December segfault is Eric's build and the January ones are my own builds:

Dec 18 13:54:31.235419 kernel:[ 4169.988263] glass[1295]: segfault at a0 ip 00007f3b6a02c570 sp 00007ffea13b7528 error 4 in libpthread-2.31.so[7f3b6a028000+f000]
Jan  8 20:22:00.205688 kernel:[ 1019.965024] glass[1408]: segfault at a0 ip 00007f32e6a95570 sp 00007fffab7649e8 error 4 in libpthread-2.31.so[7f32e6a91000+f000]
Jan 13 19:27:04.764638 kernel:[16805.510069] glass[1373]: segfault at a0 ip 00007f6d7dcbb570 sp 00007fff73002aa8 error 4 in libpthread-2.31.so[7f6d7dcb7000+f000]

These occur randomly when shutting down a Windows 10 HVM without PV graphics drivers.

If you ssh into dom0, you can manual restart vglass, but uivm doesn't display - it doesn't reconnect its graphics. X, surf and xterm windows are still running seemingly none the wiser. Restarting uivm restores the display. The inittab line makes this tricky, but If you sshargo into uivm, you can kill X, rmmod and modprobe openxtfb, and then restart X to get the display restored.

[eric-ch]

I have also had glass crash when plugging an external display (DVI port, but likely irrelevant) while a windows guest with PV tools is running, but UIVM is in focus:

[75046.121497] glass[1717]: segfault at 0 ip 0000000000000000 sp 00007faaf3013418 error 14 in glass[400000+6000]
[75046.121537] Code: Bad RIP value.

[eric-ch]

OpenXT: Build: $mcqv-11
Windows tools: Build: $9.0.0-5

[eric-ch]

V4

• Rebase on master
• Add new dependency to xenmgr to support the new RPC

[eric-ch]

V5

• Rebase on master

[eric-ch]

OpenXT: Build: $master-custom-vglass-18
WinTools: Build: $windows-tools-9-0-0-13

[dpsmith]

No Rb since I haven't honestly reviewed the latest but willing to ACK merging

[eric-ch]

V6

• Rebase on master

[eric-ch]

Build: $master-custom-vglass-20

[jandryuk]

Merging soon