From de2150e3d3e6cbb4c6df239917102f90a946085b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 25 Feb 2019 01:17:07 +0100
Subject: [PATCH] Add xen_scrub_pages=0 kernel option only if initramfs was
 rebuilt

Rebuild initramfs on package upgrade (already done for Debian
previously) and store 1 into /var/lib/qubes/initramfs-updated. Then,
only add xen_scrub_pages=0 kernel option if
/var/lib/qubes/initramfs-updated is there (with "1" or greater number).
This way, if initramfs rebuild doesn't happen for any reason,
xen_scrub_pages=0 will not be added.

Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down"
QubesOS/qubes-issues#1963
---
 debian/qubes-kernel-vm-support.postinst  |  6 +++++-
 grub/grub.qubes-kernel-vm-support        |  7 +++++--
 rpm_spec/qubes-kernel-vm-support.spec.in | 17 +++++++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/debian/qubes-kernel-vm-support.postinst b/debian/qubes-kernel-vm-support.postinst
index 89e375a..d3e7ded 100644
--- a/debian/qubes-kernel-vm-support.postinst
+++ b/debian/qubes-kernel-vm-support.postinst
@@ -23,7 +23,11 @@ set -e
 case "${1}" in
     configure)
         if [ -x /usr/sbin/update-initramfs ]; then
-            update-initramfs -u
+            if update-initramfs -u; then
+                # "milestone" initramfs update version:
+                # 1 - addition of xen scrub_pages enabling code
+                echo 1 > /var/lib/qubes/initramfs-updated
+            fi
         fi
         ;;
 
diff --git a/grub/grub.qubes-kernel-vm-support b/grub/grub.qubes-kernel-vm-support
index 58910c2..1726501 100644
--- a/grub/grub.qubes-kernel-vm-support
+++ b/grub/grub.qubes-kernel-vm-support
@@ -1,5 +1,8 @@
-# add kernel options only in VM
-if [ -r /usr/share/qubes/marker-vm ]; then
+# add kernel options only in VM, and only if initramfs is updated already
+# /var/lib/qubes/initramfs-updated contains "milestone" initramfs update version:
+# 1 - addition of xen scrub_pages enabling code
+if [ -r /usr/share/qubes/marker-vm ] &&
+        [ "$(cat /var/lib/qubes/initramfs-updated 2>/dev/null || echo 0)" -ge 1 ]; then
     GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX xen_scrub_pages=0"
 fi
 
diff --git a/rpm_spec/qubes-kernel-vm-support.spec.in b/rpm_spec/qubes-kernel-vm-support.spec.in
index f02ef5e..965a02a 100644
--- a/rpm_spec/qubes-kernel-vm-support.spec.in
+++ b/rpm_spec/qubes-kernel-vm-support.spec.in
@@ -76,5 +76,22 @@ if [ $1 -eq 0 ]; then
     fi
 fi
 
+%posttrans
+
+# Rebuild all initramfs images to include updated modules
+if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then
+    ret=0
+    for img in /boot/initramfs-*.img; do
+        kver="${img#*initramfs-}"
+        kver="${kver%.img}"
+        dracut -f "$img" "$kver" || ret=$?
+    done
+    if [ "$ret" -eq 0 ]; then
+        # "milestone" initramfs update version:
+        # 1 - addition of xen scrub_pages enabling code
+        echo 1 > /var/lib/qubes/initramfs-updated
+    fi
+fi
+
 %changelog
 @CHANGELOG@