From c9ae09399789b268eabde302bb977d76621ae8f1 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sun, 2 Aug 2020 12:35:54 -0400 Subject: [PATCH 1/4] kvm: Initial KVM configuration updates --- Makefile | 6 ++++++ dracut/Makefile | 2 ++ rpm_spec/qubes-kernel-vm-support.spec.in | 7 +++++++ rpm_spec/qubes-utils.spec.in | 9 +++++++++ 4 files changed, 24 insertions(+) diff --git a/Makefile b/Makefile index 0754bec4..98c92b75 100644 --- a/Makefile +++ b/Makefile @@ -7,13 +7,17 @@ export LIBDIR SCRIPTSDIR SYSLIBDIR INCLUDEDIR all: $(MAKE) -C qrexec-lib all +ifeq ($(BACKEND_VMM),xen) $(MAKE) -C qmemman all +endif $(MAKE) -C imgconverter all install: $(MAKE) -C udev install $(MAKE) -C qrexec-lib install +ifeq ($(BACKEND_VMM),xen) $(MAKE) -C qmemman install +endif $(MAKE) -C imgconverter install install-fedora-kernel-support: @@ -29,7 +33,9 @@ install-debian-kernel-support: clean: $(MAKE) -C qrexec-lib clean +ifeq ($(BACKEND_VMM),xen) $(MAKE) -C qmemman clean +endif $(MAKE) -C imgconverter clean rm -rf debian/changelog.* rm -rf pkgs diff --git a/dracut/Makefile b/dracut/Makefile index 30f90cbb..55873103 100644 --- a/dracut/Makefile +++ b/dracut/Makefile @@ -2,4 +2,6 @@ install: $(MAKE) -C simple $(MAKE) -C full-dmroot $(MAKE) -C full-modules +ifeq ($(BACKEND_VMM),xen) $(MAKE) -C xen-balloon-scrub-pages +endif diff --git a/rpm_spec/qubes-kernel-vm-support.spec.in b/rpm_spec/qubes-kernel-vm-support.spec.in index 285651e6..5f3ee3b9 100644 --- a/rpm_spec/qubes-kernel-vm-support.spec.in +++ b/rpm_spec/qubes-kernel-vm-support.spec.in @@ -19,6 +19,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # +%define backend_vmm @BACKEND_VMM@ + Name: qubes-kernel-vm-support Version: @VERSION@ Release: 1%{?dist} @@ -49,7 +51,9 @@ make install-fedora-kernel-support DESTDIR=%{buildroot} /usr/lib/dracut/modules.d/90qubes-vm /usr/lib/dracut/modules.d/90qubes-vm-modules /usr/lib/dracut/modules.d/90qubes-vm-simple +%if x%{?backend_vmm} == xxen /usr/lib/dracut/modules.d/80xen-scrub-pages +%endif /usr/sbin/qubes-prepare-vm-kernel %config(noreplace) /etc/default/grub.qubes-kernel-vm-support @@ -77,11 +81,14 @@ if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then kver="${kver%.img}" dracut -f "$img" "$kver" || ret=$? done + + %if x%{?backend_vmm} == xxen if [ "$ret" -eq 0 ]; then # "milestone" initramfs update version: # 1 - addition of xen scrub_pages enabling code echo 1 > /var/lib/qubes/initramfs-updated fi + %endif fi %changelog diff --git a/rpm_spec/qubes-utils.spec.in b/rpm_spec/qubes-utils.spec.in index cc177df4..b55dafd2 100644 --- a/rpm_spec/qubes-utils.spec.in +++ b/rpm_spec/qubes-utils.spec.in @@ -1,3 +1,6 @@ + +%define backend_vmm @BACKEND_VMM@ + Name: qubes-utils Version: @VERSION@ Release: 1%{?dist} @@ -16,8 +19,10 @@ Requires: python%{python3_pkgversion}-qubesimgconverter BuildRequires: systemd BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python3-rpm-macros +%if x%{?backend_vmm} == xxen # for meminfo-writer BuildRequires: xen-devel +%endif BuildRequires: gcc %description @@ -57,6 +62,7 @@ make all BACKEND_VMM=@BACKEND_VMM@ PYTHON=%{__python3} %install make install DESTDIR=%{buildroot} PYTHON=%{__python3} +%if x%{?backend_vmm} == xxen %post # dom0 %systemd_post qubes-meminfo-writer-dom0.service @@ -70,6 +76,7 @@ make install DESTDIR=%{buildroot} PYTHON=%{__python3} %postun %systemd_postun_with_restart qubes-meminfo-writer-dom0.service %systemd_postun_with_restart qubes-meminfo-writer.service +%endif %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig @@ -82,9 +89,11 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/udev/rules.d/*-qubes-*.rules /usr/lib/tmpfiles.d/xen-devices-qubes.conf /usr/lib/qubes/udev-* +%if x%{?backend_vmm} == xxen %{_sbindir}/meminfo-writer %{_unitdir}/qubes-meminfo-writer.service %{_unitdir}/qubes-meminfo-writer-dom0.service +%endif %files -n python%{python3_pkgversion}-qubesimgconverter %{python3_sitelib}/qubesimgconverter/__init__.py From c00b3a75b77e62bdb9f8db7521982c7b559f5622 Mon Sep 17 00:00:00 2001 From: Shawn Anastasio Date: Thu, 11 Feb 2021 13:58:53 -0600 Subject: [PATCH 2/4] dracut/simple: Update init.sh to detect KVM root devices --- dracut/simple/init.sh | 96 ++++++++++++++++++++++++++++++++----------- 1 file changed, 71 insertions(+), 25 deletions(-) diff --git a/dracut/simple/init.sh b/dracut/simple/init.sh index 1d6f6b1d..f31f7032 100644 --- a/dracut/simple/init.sh +++ b/dracut/simple/init.sh @@ -1,6 +1,52 @@ #!/bin/sh echo "Qubes initramfs script here:" +# TODO: don't inline hypervisor.sh +# BEGIN hypervisor.sh + +# Return hypervisor name or match result if 'name' provided +hypervisor () { + local name="$1" + local hypervisor + + if [[ $(cat /sys/hypervisor/type 2>/dev/null) == 'xen' ]]; then + hypervisor="xen" + + elif [ -e /sys/devices/virtual/misc/kvm ]; then + hypervisor="kvm" + fi + + if [ ! -z $hypervisor ]; then + if [ -z "$name" ]; then + echo "$hypervisor" + return 0 + fi + if [ "$name" == "$hypervisor" ]; then + return 0 + fi + fi + return 1 +} + + +(return 0 2>/dev/null) && sourced=1 || sourced=0 +if (( ! sourced )); then + hypervisor "$1" +fi + +# END hypervisor.sh + +if hypervisor xen; then + echo "Running under xen" + DEVPREFIX="xvd" +elif hypervisor kvm; then + echo "Running under kvm" + DEVPREFIX="vd" +else + echo "Unknown hypervisor! Can't continue." + exit 1 +fi + mkdir -p /proc /sys /dev mount -t proc proc /proc mount -t sysfs sysfs /sys @@ -22,24 +68,24 @@ die() { exit 1 } -echo "Waiting for /dev/xvda* devices..." -while ! [ -e /dev/xvda ]; do sleep 0.1; done +echo "Waiting for /dev/*vda* devices..." +while ! [ -e /dev/${DEVPREFIX}a ]; do sleep 0.1; done # prefer partition if exists -if [ -b /dev/xvda1 ]; then +if [ -b /dev/${DEVPREFIX}a1 ]; then if [ -d /dev/disk/by-partlabel ]; then ROOT_DEV=$(readlink "/dev/disk/by-partlabel/Root\\x20filesystem") ROOT_DEV=${ROOT_DEV##*/} else - ROOT_DEV=$(grep -l "PARTNAME=Root filesystem" /sys/block/xvda/xvda*/uevent |\ - grep -o "xvda[0-9]") + ROOT_DEV=$(grep -l "PARTNAME=Root filesystem" /sys/block/${DEVPREFIX}a/${DEVPREFIX}a*/uevent |\ + grep -o "${DEVPREFIX}a[0-9]") fi if [ -z "$ROOT_DEV" ]; then # fallback to third partition - ROOT_DEV=xvda3 + ROOT_DEV=${DEVPREFIX}a3 fi else - ROOT_DEV=xvda + ROOT_DEV=${DEVPREFIX}a fi SWAP_SIZE=$(( 1024 * 1024 * 2 )) # sectors, 1GB @@ -47,40 +93,40 @@ SWAP_SIZE=$(( 1024 * 1024 * 2 )) # sectors, 1GB if [ `cat /sys/class/block/$ROOT_DEV/ro` = 1 ] ; then echo "Qubes: Doing COW setup for AppVM..." - while ! [ -e /dev/xvdc ]; do sleep 0.1; done - VOLATILE_SIZE=$(cat /sys/class/block/xvdc/size) # sectors + while ! [ -e /dev/${DEVPREFIX}c ]; do sleep 0.1; done + VOLATILE_SIZE=$(cat /sys/class/block/${DEVPREFIX}c/size) # sectors ROOT_SIZE=$(cat /sys/class/block/$ROOT_DEV/size) # sectors if [ $VOLATILE_SIZE -lt $SWAP_SIZE ]; then die "volatile.img smaller than 1GB, cannot continue" fi - /sbin/sfdisk -q --unit S /dev/xvdc >/dev/null </dev/null </dev/null </dev/null < Date: Tue, 16 Feb 2021 15:26:10 -0600 Subject: [PATCH 3/4] dracut/simple/init.sh: Add support for KVM and Virtio block devices --- dracut/simple/init.sh | 52 ++++++-------------------- kernel-modules/qubes-prepare-vm-kernel | 2 +- 2 files changed, 13 insertions(+), 41 deletions(-) diff --git a/dracut/simple/init.sh b/dracut/simple/init.sh index f31f7032..2b6c341f 100644 --- a/dracut/simple/init.sh +++ b/dracut/simple/init.sh @@ -1,50 +1,18 @@ #!/bin/sh echo "Qubes initramfs script here:" -# TODO: don't inline hypervisor.sh -# BEGIN hypervisor.sh - -# Return hypervisor name or match result if 'name' provided -hypervisor () { - local name="$1" - local hypervisor - - if [[ $(cat /sys/hypervisor/type 2>/dev/null) == 'xen' ]]; then - hypervisor="xen" - - elif [ -e /sys/devices/virtual/misc/kvm ]; then - hypervisor="kvm" - fi - - if [ ! -z $hypervisor ]; then - if [ -z "$name" ]; then - echo "$hypervisor" - return 0 - fi - if [ "$name" == "$hypervisor" ]; then - return 0 - fi - fi - return 1 -} - - -(return 0 2>/dev/null) && sourced=1 || sourced=0 -if (( ! sourced )); then - hypervisor "$1" +if [ -d /sys/devices/system/xen_memory ]; then + HYPERVISOR=xen +else + HYPERVISOR=kvm fi -# END hypervisor.sh - -if hypervisor xen; then +if [ $HYPERVISOR = "xen" ]; then echo "Running under xen" DEVPREFIX="xvd" -elif hypervisor kvm; then +else echo "Running under kvm" DEVPREFIX="vd" -else - echo "Unknown hypervisor! Can't continue." - exit 1 fi mkdir -p /proc /sys /dev @@ -61,14 +29,18 @@ if [ -e /dev/mapper/dmroot ] ; then echo "Qubes: FATAL error: /dev/mapper/dmroot already exists?!" fi -/sbin/modprobe xenblk || /sbin/modprobe xen-blkfront || echo "Qubes: Cannot load Xen Block Frontend..." +if [ $HYPERVISOR = "xen" ]; then + /sbin/modprobe xenblk || /sbin/modprobe xen-blkfront || echo "Qubes: Cannot load Xen Block Frontend..." +elif [ $HYPERVISOR = "kvm" ]; then + /sbin/modprobe virtio_blk || echo "Qubes: Cannot load Virtio Block Driver..." +fi die() { echo "$@" >&2 exit 1 } -echo "Waiting for /dev/*vda* devices..." +echo "Waiting for /dev/${DEVPREFIX}a* devices..." while ! [ -e /dev/${DEVPREFIX}a ]; do sleep 0.1; done # prefer partition if exists diff --git a/kernel-modules/qubes-prepare-vm-kernel b/kernel-modules/qubes-prepare-vm-kernel index d7064ad2..33435dba 100644 --- a/kernel-modules/qubes-prepare-vm-kernel +++ b/kernel-modules/qubes-prepare-vm-kernel @@ -49,7 +49,7 @@ function build_initramfs() { dracut --nomdadmconf --nolvmconf --force \ --modules "kernel-modules qubes-vm-simple" \ --conf /dev/null --confdir /var/empty \ - -d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \ + -d "xenblk xen-blkfront cdrom ext4 virtio virtio_blk jbd2 crc16 dm_snapshot" \ $output_file $kver chmod 644 "$output_file" } From c154c766e371b2d0e0531133ab9ce4f3a5126950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Fri, 12 Nov 2021 22:29:33 +0100 Subject: [PATCH 4/4] spec: update backend_vmm equal checks --- rpm_spec/qubes-kernel-vm-support.spec.in | 4 ++-- rpm_spec/qubes-utils.spec.in | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rpm_spec/qubes-kernel-vm-support.spec.in b/rpm_spec/qubes-kernel-vm-support.spec.in index 5f3ee3b9..87567c83 100644 --- a/rpm_spec/qubes-kernel-vm-support.spec.in +++ b/rpm_spec/qubes-kernel-vm-support.spec.in @@ -51,7 +51,7 @@ make install-fedora-kernel-support DESTDIR=%{buildroot} /usr/lib/dracut/modules.d/90qubes-vm /usr/lib/dracut/modules.d/90qubes-vm-modules /usr/lib/dracut/modules.d/90qubes-vm-simple -%if x%{?backend_vmm} == xxen +%if "%{?backend_vmm}" == "xen" /usr/lib/dracut/modules.d/80xen-scrub-pages %endif /usr/sbin/qubes-prepare-vm-kernel @@ -82,7 +82,7 @@ if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then dracut -f "$img" "$kver" || ret=$? done - %if x%{?backend_vmm} == xxen + %if "%{?backend_vmm}" == "xen" if [ "$ret" -eq 0 ]; then # "milestone" initramfs update version: # 1 - addition of xen scrub_pages enabling code diff --git a/rpm_spec/qubes-utils.spec.in b/rpm_spec/qubes-utils.spec.in index b55dafd2..93da25a0 100644 --- a/rpm_spec/qubes-utils.spec.in +++ b/rpm_spec/qubes-utils.spec.in @@ -19,7 +19,7 @@ Requires: python%{python3_pkgversion}-qubesimgconverter BuildRequires: systemd BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python3-rpm-macros -%if x%{?backend_vmm} == xxen +%if "%{?backend_vmm}" == "xen" # for meminfo-writer BuildRequires: xen-devel %endif @@ -62,7 +62,7 @@ make all BACKEND_VMM=@BACKEND_VMM@ PYTHON=%{__python3} %install make install DESTDIR=%{buildroot} PYTHON=%{__python3} -%if x%{?backend_vmm} == xxen +%if "%{?backend_vmm}" == "xen" %post # dom0 %systemd_post qubes-meminfo-writer-dom0.service @@ -89,7 +89,7 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/udev/rules.d/*-qubes-*.rules /usr/lib/tmpfiles.d/xen-devices-qubes.conf /usr/lib/qubes/udev-* -%if x%{?backend_vmm} == xxen +%if "%{?backend_vmm}" == "xen" %{_sbindir}/meminfo-writer %{_unitdir}/qubes-meminfo-writer.service %{_unitdir}/qubes-meminfo-writer-dom0.service