diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm')
7 files changed, 593 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch new file mode 100644 index 000000000..de316c4fa --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch @@ -0,0 +1,61 @@ +From b6863f9a0c1c36705eba0c3181541f67cd1a202a Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Wed, 14 Jul 2021 09:04:42 +0000 +Subject: [PATCH] Revert "Disable nbd proxy from the build" + +NBD Proxy has been disabled upstream. Reenable as we use it for Virtual +Media + +This reverts commit efb8062c306474942bc94f15d748b2eb0b58fbb6. + +Change-Id: I19a88b30c1074dd376f2df8f5668245b638b881f +--- + meson.build | 3 ++- + meson_options.txt | 10 ++-------- + 2 files changed, 4 insertions(+), 9 deletions(-) + +diff --git a/meson.build b/meson.build +index 650a5ec..5738b10 100644 +--- a/meson.build ++++ b/meson.build +@@ -83,7 +83,8 @@ feature_map = { + 'rest' : '-DBMCWEB_ENABLE_DBUS_REST', + 'static-hosting' : '-DBMCWEB_ENABLE_STATIC_HOSTING', + 'insecure-tftp-update' : '-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE', +- #'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY', ++ 'validate-unsecure-feature' : '-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE', ++ 'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY', + 'vm-websocket' : '-DBMCWEB_ENABLE_VM_WEBSOCKET', + } + +diff --git a/meson_options.txt b/meson_options.txt +index ff5b887..645f224 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -3,14 +3,7 @@ option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCT + option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.') + option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb') + option('vm-websocket', type : 'feature', value : 'enabled', description : '''Enable the Virtual Media WebSocket. Path is \'/vm/0/0\'to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''') +- +-# if you use this option and are seeing this comment, please comment here: +-# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions +-# for this code. At this point, no daemon has been upstreamed that implements +-# this interface, so for the moment this appears to be dead code; In leiu of +-# removing it, it has been disabled to try to give those that use it the +-# opportunity to upstream their backend implementation +-#option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.') ++option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.') + option('rest', type : 'feature', value : 'enabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''') + option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.') + option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.') +@@ -39,6 +32,7 @@ option ('https_port', type : 'integer', min : 1, max : 65535, value : 443, descr + # the implications of doing so.In general, enabling these options will cause security + # problems of varying degrees + ++option ('validate-unsecure-feature', type : 'feature', value : 'disabled', description : '''Enables unsecure features required by validation. Note: mustbe turned off for production images.''') + option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.') + option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.') + option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems') +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch new file mode 100644 index 000000000..e267dc60f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch @@ -0,0 +1,214 @@ +From bbb69d73ca8b74d34fa250813123de4274d5327b Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Fri, 23 Jul 2021 12:07:02 +0000 +Subject: [PATCH] bmcweb handle device or resource busy exception + +Use async_method_call_timed() for mount/unmount dbus oprations. +Long mount/unmount times are supported by VirtualMedia service, +this works because of settable timeout property, available for each block +device. +Default dbus calls will timeout when mount/unmount timeout is long enough. + +Get mount/unmount timeout property and use it for mount/unmount calls. +Add handling of device or resource busy exception (EBUSY) that +can be thrown by VirtualMedia service during Mount/Unmount dbus operations. + +Tested: Verified that after mounting non-existing HTTPS resource + in proxy mode, VirtualMedia recovers restoring ready state + and returns EBUSY during that transition. + Verfied that resources can be mounted/unmounted in both legacy + and proxy mode. +Signed-off-by: Karol Wachowski <karol.wachowski@intel.com> +Change-Id: Ica62c34db0cce24c4c6169fc661edfde49e948d0 +--- + redfish-core/lib/virtual_media.hpp | 142 +++++++++++++++++++++-------- + 1 file changed, 105 insertions(+), 37 deletions(-) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 6e69f20..7fcbf73 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -26,6 +26,8 @@ + #include <boost/url/url_view.hpp> + #include <registries/privilege_registry.hpp> + ++#include <chrono> ++ + namespace redfish + { + /** +@@ -162,6 +164,26 @@ inline void + } + } + ++/** ++ * @brief parses Timeout property and converts to microseconds ++ */ ++static std::optional<uint64_t> ++ vmParseTimeoutProperty(const std::variant<int>& timeoutProperty) ++{ ++ const int* timeoutValue = std::get_if<int>(&timeoutProperty); ++ if (timeoutValue) ++ { ++ constexpr int timeoutMarginSeconds = 10; ++ return std::chrono::duration_cast<std::chrono::microseconds>( ++ std::chrono::seconds(*timeoutValue + timeoutMarginSeconds)) ++ .count(); ++ } ++ else ++ { ++ return std::nullopt; ++ } ++} ++ + /** + * @brief Fill template for Virtual Media Item. + */ +@@ -712,22 +734,57 @@ inline void doMountVmLegacy(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + } + + crow::connections::systemBus->async_method_call( +- [asyncResp, secretPipe](const boost::system::error_code ec, +- bool success) { ++ [asyncResp, service, name, imageUrl, rw, unixFd, ++ secretPipe](const boost::system::error_code ec, ++ const std::variant<int> timeoutProperty) { + if (ec) + { + BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; + messages::internalError(asyncResp->res); ++ return; + } +- else if (!success) ++ ++ auto timeout = vmParseTimeoutProperty(timeoutProperty); ++ if (timeout == std::nullopt) + { +- BMCWEB_LOG_ERROR << "Service responded with error"; +- messages::generalError(asyncResp->res); ++ BMCWEB_LOG_ERROR << "Timeout property is empty."; ++ messages::internalError(asyncResp->res); ++ return; + } ++ ++ crow::connections::systemBus->async_method_call_timed( ++ [asyncResp, secretPipe](const boost::system::error_code ec, ++ bool success) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ if (ec == boost::system::errc::device_or_resource_busy) ++ { ++ messages::resourceInUse(asyncResp->res); ++ } ++ else if (ec == boost::system::errc::permission_denied) ++ { ++ messages::accessDenied(asyncResp->res, ++ "VirtualMedia.Insert"); ++ } ++ else ++ { ++ messages::internalError(asyncResp->res); ++ } ++ } ++ else if (!success) ++ { ++ BMCWEB_LOG_ERROR << "Service responded with error "; ++ messages::generalError(asyncResp->res); ++ } ++ }, ++ service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, ++ "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", *timeout, ++ imageUrl, rw, unixFd); + }, + service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, +- "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", imageUrl, rw, +- unixFd); ++ "org.freedesktop.DBus.Properties", "Get", ++ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); + } + + /** +@@ -739,38 +796,49 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& service, const std::string& name, + bool legacy) + { ++ const std::string vmMode = legacy ? "Legacy" : "Proxy"; ++ const std::string objectPath = ++ "/xyz/openbmc_project/VirtualMedia/" + vmMode + "/" + name; ++ const std::string ifaceName = "xyz.openbmc_project.VirtualMedia." + vmMode; + +- // Legacy mount requires parameter with image +- if (legacy) +- { +- crow::connections::systemBus->async_method_call( +- [asyncResp](const boost::system::error_code ec) { +- if (ec) +- { +- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; +- +- messages::internalError(asyncResp->res); +- return; +- } +- }, +- service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, +- "xyz.openbmc_project.VirtualMedia.Legacy", "Unmount"); +- } +- else // proxy +- { +- crow::connections::systemBus->async_method_call( +- [asyncResp](const boost::system::error_code ec) { +- if (ec) +- { +- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ crow::connections::systemBus->async_method_call( ++ [asyncResp, service, name, objectPath, ++ ifaceName](const boost::system::error_code ec, ++ const std::variant<int> timeoutProperty) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ messages::internalError(asyncResp->res); ++ return; ++ } + +- messages::internalError(asyncResp->res); +- return; +- } +- }, +- service, "/xyz/openbmc_project/VirtualMedia/Proxy/" + name, +- "xyz.openbmc_project.VirtualMedia.Proxy", "Unmount"); +- } ++ auto timeout = vmParseTimeoutProperty(timeoutProperty); ++ if (timeout == std::nullopt) ++ { ++ BMCWEB_LOG_ERROR << "Timeout property is empty."; ++ messages::internalError(asyncResp->res); ++ return; ++ } ++ crow::connections::systemBus->async_method_call_timed( ++ [asyncResp](const boost::system::error_code ec) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ if (ec == boost::system::errc::device_or_resource_busy) ++ { ++ messages::resourceInUse(asyncResp->res); ++ } ++ else ++ { ++ messages::internalError(asyncResp->res); ++ } ++ return; ++ } ++ }, ++ service, objectPath, ifaceName, "Unmount", *timeout); ++ }, ++ service, objectPath, "org.freedesktop.DBus.Properties", "Get", ++ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); + } + + inline void requestNBDVirtualMediaRoutes(App& app) +-- +2.25.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0003-Add-ConnectedVia-property-to-virtual-media-item-temp.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0003-Add-ConnectedVia-property-to-virtual-media-item-temp.patch new file mode 100644 index 000000000..c8af3a659 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0003-Add-ConnectedVia-property-to-virtual-media-item-temp.patch @@ -0,0 +1,28 @@ +From 1abf9a1d336eed835472fe933210d3be7ad5ba7a Mon Sep 17 00:00:00 2001 +From: Karol Wachowski <karol.wachowski@intel.com> +Date: Thu, 11 Feb 2021 08:35:41 +0000 +Subject: [PATCH] Add ConnectedVia property to virtual media item template + +Tested: Verified that ConnectedVia property is returned and set to + "NotConnected" for disconnected media. + +Signed-off-by: Karol Wachowski <karol.wachowski@intel.com> +--- + redfish-core/lib/virtual_media.hpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 57c2bd2..de1cc94 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -200,6 +200,7 @@ inline nlohmann::json vmItemTemplate(const std::string& name, + item["@odata.id"] = std::move(id); + + item["@odata.type"] = "#VirtualMedia.v1_3_0.VirtualMedia"; ++ item["ConnectedVia"] = "NotConnected"; + item["Name"] = "Virtual Removable Media"; + item["Id"] = resName; + item["WriteProtected"] = true; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch new file mode 100644 index 000000000..439b05b3c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch @@ -0,0 +1,175 @@ +From 437a2a854303ed4e05344684b1990806464268cd Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Thu, 1 Jul 2021 10:08:27 +0000 +Subject: [PATCH] Invalid status code from InsertMedia REST methods GET, PUT, + DELETE, PATCH in proxy mode + +Add handlers for GET, PUT, DELETE, PATCH method and function that +checks which mode is used and set suitable status code: +Not allowed for Legacy and Not found for Proxy. + +Change-Id: Ib4c0a3e9a2a8853caa74c59239d9fcfed99c5e8b +Signed-off-by: Alicja Rybak <alicja.rybak@intel.com> +Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> +--- + redfish-core/lib/virtual_media.hpp | 137 +++++++++++++++++++++++++++++ + 1 file changed, 137 insertions(+) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 3b9f7ef..7d77b9f 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -30,6 +30,117 @@ + + namespace redfish + { ++ ++/** ++ * @brief Function checks if insert media request is Legacy or Proxy type ++ * and sets suitable response code for unsupported REST method. ++ * ++ */ ++void CheckProxyMode(const std::shared_ptr<bmcweb::AsyncResp>& aResp, ++ const crow::Request& req, const std::string& name, ++ const std::string& resName) ++{ ++ if (name != "bmc") ++ { ++ messages::resourceNotFound(aResp->res, "VirtualMedia.Insert", resName); ++ ++ return; ++ } ++ ++ crow::connections::systemBus->async_method_call( ++ [aResp, req, resName](const boost::system::error_code ec, ++ const GetObjectType& getObjectType) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "ObjectMapper::GetObject call failed: " ++ << ec; ++ aResp->res.result(boost::beast::http::status::not_found); ++ ++ return; ++ } ++ ++ if (getObjectType.size() == 0) ++ { ++ BMCWEB_LOG_ERROR << "ObjectMapper : No Service found"; ++ aResp->res.result(boost::beast::http::status::not_found); ++ return; ++ } ++ ++ std::string service = getObjectType.begin()->first; ++ BMCWEB_LOG_DEBUG << "GetObjectType: " << service; ++ ++ crow::connections::systemBus->async_method_call( ++ [service, resName, req, ++ aResp](const boost::system::error_code ec, ++ ManagedObjectType& subtree) { ++ if (ec) ++ { ++ BMCWEB_LOG_DEBUG << "DBUS response error"; ++ ++ return; ++ } ++ ++ for (auto& item : subtree) ++ { ++ std::string thispath = item.first.filename(); ++ if (thispath.empty()) ++ { ++ continue; ++ } ++ ++ if (thispath != resName) ++ { ++ continue; ++ } ++ ++ auto mode = item.first.parent_path(); ++ auto type = mode.parent_path(); ++ if (mode.filename().empty() || type.filename().empty()) ++ { ++ continue; ++ } ++ ++ if (type.filename() != "VirtualMedia") ++ { ++ continue; ++ } ++ ++ // Check if dbus path is Legacy type ++ if (mode.filename() == "Legacy") ++ { ++ BMCWEB_LOG_DEBUG << "InsertMedia only allowed " ++ "with POST method " ++ "in legacy mode"; ++ aResp->res.result( ++ boost::beast::http::status::method_not_allowed); ++ ++ return; ++ } ++ // Check if dbus path is Proxy type ++ if (mode.filename() == "Proxy") ++ { ++ // Not possible in proxy mode ++ BMCWEB_LOG_DEBUG << "InsertMedia not " ++ "allowed in proxy mode"; ++ aResp->res.result( ++ boost::beast::http::status::not_found); ++ ++ return; ++ } ++ } ++ ++ BMCWEB_LOG_DEBUG << "Parent item not found"; ++ aResp->res.result(boost::beast::http::status::not_found); ++ }, ++ service, "/xyz/openbmc_project/VirtualMedia", ++ "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); ++ }, ++ "xyz.openbmc_project.ObjectMapper", ++ "/xyz/openbmc_project/object_mapper", ++ "xyz.openbmc_project.ObjectMapper", "GetObject", ++ "/xyz/openbmc_project/VirtualMedia", std::array<const char*, 0>()); ++} ++ + /** + * @brief Function extracts transfer protocol name from URI. + */ +@@ -844,6 +955,32 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + + inline void requestNBDVirtualMediaRoutes(App& app) + { ++ BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" ++ "VirtualMedia.InsertMedia") ++ .privileges({{"Login"}}) ++ .methods(boost::beast::http::verb::get)( ++ [](const crow::Request& req, ++ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, ++ const std::string& name, const std::string& resName) { ++ CheckProxyMode(asyncResp, req, name, resName); ++ }); ++ ++ for (auto method : ++ {boost::beast::http::verb::patch, boost::beast::http::verb::put, ++ boost::beast::http::verb::delete_}) ++ { ++ BMCWEB_ROUTE(app, ++ "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" ++ "VirtualMedia.InsertMedia") ++ .privileges({{"ConfigureManager"}}) ++ .methods(method)( ++ [](const crow::Request& req, ++ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, ++ const std::string& name, const std::string& resName) { ++ CheckProxyMode(asyncResp, req, name, resName); ++ }); ++ } ++ + BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" + "VirtualMedia.InsertMedia") + .privileges(redfish::privileges::postVirtualMedia) +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0005-Set-Inserted-redfish-property-for-not-inserted-resou.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0005-Set-Inserted-redfish-property-for-not-inserted-resou.patch new file mode 100644 index 000000000..3d80aeb20 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0005-Set-Inserted-redfish-property-for-not-inserted-resou.patch @@ -0,0 +1,43 @@ +From 89ca38dbc3433b3b734a20068e599809f3bd7b90 Mon Sep 17 00:00:00 2001 +From: Karol Wachowski <karol.wachowski@intel.com> +Date: Tue, 23 Feb 2021 15:53:16 +0000 +Subject: [PATCH] Set Inserted redfish property for not inserted resources + +Tested: Verified that Inserted property is returned and set to + "false" for not inserted media. +Signed-off-by: Karol Wachowski <karol.wachowski@intel.com> +--- + redfish-core/lib/virtual_media.hpp | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 3e28164..4c475b7 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -96,6 +96,7 @@ static void + BMCWEB_LOG_DEBUG << "Value Active not found"; + return; + } ++ aResp->res.jsonValue["Inserted"] = *activeValue; + + const std::string* endpointIdValue = + std::get_if<std::string>(&endpointIdProperty->second); +@@ -107,7 +108,6 @@ static void + aResp->res.jsonValue["Oem"]["OpenBMC"]["WebSocketEndpoint"] = + *endpointIdValue; + aResp->res.jsonValue["TransferProtocolType"] = "OEM"; +- aResp->res.jsonValue["Inserted"] = *activeValue; + if (*activeValue == true) + { + aResp->res.jsonValue["ConnectedVia"] = "Applet"; +@@ -138,7 +138,6 @@ static void + } + + aResp->res.jsonValue["Image"] = *imageUrlValue; +- aResp->res.jsonValue["Inserted"] = *activeValue; + aResp->res.jsonValue["TransferProtocolType"] = + getTransferProtocolTypeFromUri(*imageUrlValue); + +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch new file mode 100644 index 000000000..6ad7cf174 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch @@ -0,0 +1,37 @@ +From 1d69a22d0ec1eddbe6d703d6824f413f6b68399e Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Thu, 1 Jul 2021 10:41:47 +0000 +Subject: [PATCH] Bmcweb handle permission denied exception + +Add handling of permission denied exception (EPERM) that +can be thrown by VirtualMedia service during Mount/Unmount dbus operations. + +Tested: +Verified that after mounting/unmounting HTTPS resource twice in a row in legacy mode, +VirtualMedia returns EPERM, which bmcweb handles as 403 status code. + +Change-Id: Ibc18d5ec822c5072605b1fc4651389982002798b +Signed-off-by: Alicja Rybak <alicja.rybak@intel.com> +--- + redfish-core/lib/virtual_media.hpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp +index 186c04b..8e7c2e4 100644 +--- a/redfish-core/lib/virtual_media.hpp ++++ b/redfish-core/lib/virtual_media.hpp +@@ -917,6 +917,11 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + { + messages::resourceInUse(asyncResp->res); + } ++ else if (ec == boost::system::errc::permission_denied) ++ { ++ messages::accessDenied(asyncResp->res, ++ "VirtualMedia.Insert"); ++ } + else + { + messages::internalError(asyncResp->res); +-- +2.25.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0007-Fix-unmounting-image-in-proxy-mode.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0007-Fix-unmounting-image-in-proxy-mode.patch new file mode 100644 index 000000000..88fa89465 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0007-Fix-unmounting-image-in-proxy-mode.patch @@ -0,0 +1,35 @@ +From 6f4b5fc1879f39b0f5fee0838f0ecbc481275d5e Mon Sep 17 00:00:00 2001 +From: Alicja Rybak <alicja.rybak@intel.com> +Date: Fri, 23 Apr 2021 17:35:52 +0200 +Subject: [PATCH] Fix unmounting image in proxy mode. + +Sometimes Slot0 got higher key than Slot1 and erase function for Slot1 +invalidates elements with keys not less than the erased element. +In that case invalid slot0 will be unmounted. +Change order of calling close() and erase() functions to +unmount correct device. + +Change-Id: I7a40a4518982f697d3eed635cde6d06978149cf0 +Signed-off-by: Alicja Rybak <alicja.rybak@intel.com> +--- + include/nbd_proxy.hpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/nbd_proxy.hpp b/include/nbd_proxy.hpp +index 3b28823..897bcf2 100644 +--- a/include/nbd_proxy.hpp ++++ b/include/nbd_proxy.hpp +@@ -439,9 +439,9 @@ inline void requestRoutes(App& app) + BMCWEB_LOG_DEBUG << "No session to close"; + return; + } ++ session->second->close(); + // Remove reference to session in global map + sessions.erase(session); +- session->second->close(); + }) + .onmessage([](crow::websocket::Connection& conn, + const std::string& data, bool) { +-- +2.17.1 + |