Commit Graph

14 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki
dc5d025247
debian: include drauct module in qubes-kernel-vm-support
Support dracut also on Debian systems.

Fixes QubesOS/qubes-issues#3361
2017-12-01 00:11:28 +01:00
Wojtek Porczyk
2a0bbe1c6f
Package imgconverter as separate Python module
This is partly because qubes/__init__.py conflicted with core3.
It is also a good practice.
2017-04-08 13:58:32 +02:00
Marek Marczykowski-Górecki
e23cbbc261
Fix building Fedora package after Archlinux build fixes
LIBDIR on Fedora is /usr/lib64, not something that we want for scripts,
Also make sure to export SYSLIBDIR.
2016-01-06 04:21:42 +01:00
pqg
86e7f7c2c8 Fix build (installation) on Archlinux
/lib is a symlink to /usr/lib on Arch, so /lib/blah... paths are
rejected when installation is attempted.
2015-12-15 14:19:24 +00:00
Marek Marczykowski-Górecki
14297508e5
debian: break hardlink before modifying debian/....dkms
(When building using qubes-builder) otherwise the change will be visible
in original source tree as uncommitted. Not a bad thing, just
inconvenience.
2015-11-27 16:41:22 +01:00
Marek Marczykowski-Górecki
3cd77e4f70
debian: introduce qubes-kernel-vm-support package
This package is responsible for kernel modules and initramfs additions
needed in Qubes VM. When installed, it is possible to switch the VM to
use PV Grub and load the kernel from inside of VM. This greatly ease
installing custom kernel modules.

Changes:
 - make qubes_cow_setup.sh working with both dracut and initramfs-tools
 - add initramfs-tools configuration/scripts (including
         qubes_cow_setup.sh)
 - modify DESTDIR to handle multiple binary packages out of single
   source

QubesOS/qubes-issues#1354
2015-11-11 05:10:59 +01:00
Olivier MEDOC
80b4c2ecd5 archlinux: update to match new dependancies and archlinux /usr/lib guidelines 2015-07-08 11:08:47 +02:00
Marek Marczykowski-Górecki
0c4c2323c0 Add VM kernel related files as qubes-core-vm-kernel-support package
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.
2015-03-25 23:25:33 +01:00
Davíð Steinn Geirsson
b4751c55dc Add qmemman to make clean 2014-07-23 04:32:46 +02:00
Wojciech Porczyk
59fb8daa03
site-packages/qubes/imgconverter.py
This module does three things:
- secure image transfer protocol between VMs
- icon tinting for appmenus
- generic icon (padlock) generation
2014-01-14 16:04:03 +01:00
Marek Marczykowski-Górecki
f0b1271a5e Include meminfo-writer
It is common for dom0 and VM, so keep in one place for both of them.
2014-01-05 05:32:57 +01:00
Marek Marczykowski
c7277740b0 Add 'clean' make target 2013-03-20 15:31:30 +01:00
Marek Marczykowski
42e133b753 Qrexec common code, qubes.Filecopy common code, udev scripts 2013-03-20 06:27:32 +01:00