Commit Graph

19 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
6501b26a36
initrd: mount / rw for the overlayfs setup time
overlayfs refuse to use R/O upperdir. Since dmroot is properly set
already, it's ok to mount it R/W.
But remount it later R/O, to not confuse startup scripts.

Fixes QubesOS/qubes-issues#5087

(cherry picked from commit 84188910cf)
2019-06-10 00:41:22 +02:00
Marek Marczykowski-Górecki
9c6c825691
initramfs: use overlayfs for /lib/modules, if available
If overlay fs is available, use it for /lib/modules. This way the whole
/lib/modules will be writable and changes (like extra modules) will
persist in TemplateVM/StandaloneVM.

In practice, this will allow to conveniently build in-vm kernel modules,
even for dom0-provided kernels.

QubesOS/qubes-issues#2908
2019-06-06 01:41:51 +02:00
Marek Marczykowski-Górecki
da61cb7511
dracut: add a flag file indicating scrub-pages option support
Indicate when the dracut "qubes-vm-simple" module supports (re-)enabling
xen_scrub_pages option. This means the kernel can be safely booted with
xen_scrub_pages=0.

QubesOS/qubes-issues#1963
2019-02-15 20:33:03 +01:00
Marek Marczykowski-Górecki
456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
Frédéric Pierret
e3179e066c
Remove busybox as it is not provided in RHEL7 anymore 2018-02-22 18:02:24 +01:00
Marek Marczykowski-Górecki
09e6d2ac95
initramfs: add support for variable partitions layout
Try to find root filesystem by partition label (not filesystem label!).
If that fails, default to 3rd partition according to (new) default
layout.

Fixes QubesOS/qubes-issues#3173
2017-10-17 22:45:07 +02:00
Marek Marczykowski-Górecki
da3f3cd426
initramfs: use symlink for rw root.img, instead of dm-linear
Do not add 1:1 dm-linear when root.img (/dev/xvda) is read-write. This
was to always have root device at /dev/mapper/dmroot, but unfortunately
grub can't parse it properly (fails at looking for partition number of
/dev/xvda1). There was a hack specifically for this, but it caused other
partitions on xvda unavailable.
On the other hand, symlink is enough to be able to mount always the same
device. Now, grub detect that root fs is on /dev/xvda1, which is
enough to have grub2-install working. Unfortunate effect is that it puts
root=/dev/xvda1 at kernel command line, which breaks AppVMs based on
this TemplateVM. But it's easier to fix kernel command line, than grub
device detection logic.

Fixes "initramfs: add support for root.img with partition table"

QubesOS/qubes-issues#2557
2017-06-12 13:02:31 +02:00
Marek Marczykowski-Górecki
d0fe5e6f9a
initramfs: add support for root.img with partition table
Installing grub on root.img require some space before the filesystem.
Create it by adding partition table to root.img. This commit take care
of assembling dmroot device when such partition table is present, while
preserving compatibility with partition-less images.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
5c7c54adab
initramfs: move qubes_cow_setup hook to pre-trigger
This hook require new device nodes to appear in /dev. If devtmpfs is
used, it's not a problem ("simple" initramfs case), but otherwise udevd
is needed - and it isn't running in pre-udev hook yet.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
44edc8a9b2
dracut: add missing 'die' function to 'simple' module 2017-04-08 13:58:32 +02:00
Marek Marczykowski-Górecki
a23030e49f
initramfs: initialize volatile.img partition table also in TemplateVM
While there is no additional snapshot device, swap partition is still
used.

Fixes QubesOS/qubes-issues#1308
2015-11-25 03:41:04 +01:00
Marek Marczykowski-Górecki
6cd22a42bb
initramfs: use units of sectors in sfdisk call
New version of sfdisk have different syntax for other units (suffixes
beside the numbers, instead of global --unit). The only common unit is
sector, so use that.

Fixes QubesOS/qubes-issues#1427
2015-11-25 03:38:51 +01:00
Marek Marczykowski-Górecki
8311e1263d
initramfs: fix swap size
It should be 1GB, not 1MB...

QubesOS/qubes-issues#1354
2015-11-13 14:42:51 +01:00
Marek Marczykowski-Górecki
789e9c2549
dracut: mount only subdirectory of /lib/modules
This makes is possible to modify /lib/modules content - especially
install other kernel packages, without unmounting the whole
/lib/modules. Since dom0-provided modules will no longer conflict with
VM kernel packages (assuming kernel versions are different), there is no
need for qubes-kernel-vm-placeholder anymore.

Having only one subdirectory of /lib/modules mounted is somehow tricky,
because:
1. Directory name isn't always the same - it depends on kernel version.
This means that mountpoint must be created dynamically (so $NEWROOT must
be mounted in R/W for a moment).
2. There is one-command way to mount only a subdirectory of some
filesystem. So use a trick: mount it in some temporary directory, get
interesting subdir with `mount --bind`, then unmount temporary
directory.

QubesOS/qubes-issues#1354
2015-11-08 03:46:25 +01:00
Marek Marczykowski-Górecki
a30d583249
dracut: initialize volatile.img partitions
Do not rely on dom0 initializing that device. Actually volatile.img
content should be none of dom0 business.

QubesOS/qubes-issues#1308
2015-10-26 20:00:08 +01:00
Marek Marczykowski-Górecki
0f954034a1
dracut: abort on dmroot assemble error
Add missing "exit 1". In the other case (TemplateVM) it is already
there.
2015-10-15 02:37:20 +02:00
Marek Marczykowski-Górecki
d3d84d5d49
dracut: expand tabs to spaces
Fix to match our code style guide.
2015-10-15 02:36:23 +02:00
Marek Marczykowski-Górecki
bc7a2091db dracut: load ext4 module manually in minimalistic dracut module 2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
15cc3b2d51 dracut: Provide minimalistic initramfs files - no udev, no systemd
Provide simple script to run under busybox, this is all we need in the
VM.
2015-03-25 23:25:33 +01:00