Commit Graph

28 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
9c6c825691
initramfs: use overlayfs for /lib/modules, if available
If overlay fs is available, use it for /lib/modules. This way the whole
/lib/modules will be writable and changes (like extra modules) will
persist in TemplateVM/StandaloneVM.

In practice, this will allow to conveniently build in-vm kernel modules,
even for dom0-provided kernels.

QubesOS/qubes-issues#2908
2019-06-06 01:41:51 +02:00
Marek Marczykowski-Górecki
ad790a53d4
Really install xen-scrub-pages dracut module
Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down"
QubesOS/qubes-issues#1963
2019-02-25 06:38:53 +01:00
Marek Marczykowski-Górecki
da61cb7511
dracut: add a flag file indicating scrub-pages option support
Indicate when the dracut "qubes-vm-simple" module supports (re-)enabling
xen_scrub_pages option. This means the kernel can be safely booted with
xen_scrub_pages=0.

QubesOS/qubes-issues#1963
2019-02-15 20:33:03 +01:00
Marek Marczykowski-Górecki
5eb526da4b
dracut: fix checking for "Root filesystem" label, improve udev sync
Don't try to dereference "Root filesytem" partlabel symlink, unless it's
really present (not only directory for it).

Also, use udevadm settle for waiting for /dev/xvda, instead of naive
wait sleep loop.
2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki
456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
Frédéric Pierret
e3179e066c
Remove busybox as it is not provided in RHEL7 anymore 2018-02-22 18:02:24 +01:00
Marek Marczykowski-Górecki
09e6d2ac95
initramfs: add support for variable partitions layout
Try to find root filesystem by partition label (not filesystem label!).
If that fails, default to 3rd partition according to (new) default
layout.

Fixes QubesOS/qubes-issues#3173
2017-10-17 22:45:07 +02:00
Marek Marczykowski-Górecki
b227d01a8a
Fix initramfs scripts on Debian
1. /etc/udev/rules.d needs to be created
2. udev needs to be reloaded explicitly

Fixes QubesOS/qubes-issues#3178
2017-10-16 23:41:21 +02:00
Marek Marczykowski-Górecki
da3f3cd426
initramfs: use symlink for rw root.img, instead of dm-linear
Do not add 1:1 dm-linear when root.img (/dev/xvda) is read-write. This
was to always have root device at /dev/mapper/dmroot, but unfortunately
grub can't parse it properly (fails at looking for partition number of
/dev/xvda1). There was a hack specifically for this, but it caused other
partitions on xvda unavailable.
On the other hand, symlink is enough to be able to mount always the same
device. Now, grub detect that root fs is on /dev/xvda1, which is
enough to have grub2-install working. Unfortunate effect is that it puts
root=/dev/xvda1 at kernel command line, which breaks AppVMs based on
this TemplateVM. But it's easier to fix kernel command line, than grub
device detection logic.

Fixes "initramfs: add support for root.img with partition table"

QubesOS/qubes-issues#2557
2017-06-12 13:02:31 +02:00
Marek Marczykowski-Górecki
d0fe5e6f9a
initramfs: add support for root.img with partition table
Installing grub on root.img require some space before the filesystem.
Create it by adding partition table to root.img. This commit take care
of assembling dmroot device when such partition table is present, while
preserving compatibility with partition-less images.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
5c7c54adab
initramfs: move qubes_cow_setup hook to pre-trigger
This hook require new device nodes to appear in /dev. If devtmpfs is
used, it's not a problem ("simple" initramfs case), but otherwise udevd
is needed - and it isn't running in pre-udev hook yet.

QubesOS/qubes-issues#2577
2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
44edc8a9b2
dracut: add missing 'die' function to 'simple' module 2017-04-08 13:58:32 +02:00
Marek Marczykowski-Górecki
a23030e49f
initramfs: initialize volatile.img partition table also in TemplateVM
While there is no additional snapshot device, swap partition is still
used.

Fixes QubesOS/qubes-issues#1308
2015-11-25 03:41:04 +01:00
Marek Marczykowski-Górecki
6cd22a42bb
initramfs: use units of sectors in sfdisk call
New version of sfdisk have different syntax for other units (suffixes
beside the numbers, instead of global --unit). The only common unit is
sector, so use that.

Fixes QubesOS/qubes-issues#1427
2015-11-25 03:38:51 +01:00
Marek Marczykowski-Górecki
8311e1263d
initramfs: fix swap size
It should be 1GB, not 1MB...

QubesOS/qubes-issues#1354
2015-11-13 14:42:51 +01:00
Marek Marczykowski-Górecki
64331d7e09
dracut: add a safety check preventing qubes_cow_setup.sh running in dom0
Theoretically it shouldn't be a problem, because module isn't installed
in initramfs by default (in dom0), but since such error would be fatal
to dom0 (will prevent it from booting), add a safety check for it.

Probably it will be required when (if) we migrate dom0 to Debian
2015-11-11 05:10:59 +01:00
Marek Marczykowski-Górecki
3cd77e4f70
debian: introduce qubes-kernel-vm-support package
This package is responsible for kernel modules and initramfs additions
needed in Qubes VM. When installed, it is possible to switch the VM to
use PV Grub and load the kernel from inside of VM. This greatly ease
installing custom kernel modules.

Changes:
 - make qubes_cow_setup.sh working with both dracut and initramfs-tools
 - add initramfs-tools configuration/scripts (including
         qubes_cow_setup.sh)
 - modify DESTDIR to handle multiple binary packages out of single
   source

QubesOS/qubes-issues#1354
2015-11-11 05:10:59 +01:00
Marek Marczykowski-Górecki
25c05a3bd3
dracut: add dmsetup --noudevsync since we're running in pre-udev hook
When udev is installed (and scheduled to be started), but not running
yet, plain dmsetup will deadlock on waiting for udev. Since we call
`dmsetup mknodes dmroot` anyway

QubesOS/qubes-issues#1354
2015-11-09 00:44:24 +01:00
Marek Marczykowski-Górecki
789e9c2549
dracut: mount only subdirectory of /lib/modules
This makes is possible to modify /lib/modules content - especially
install other kernel packages, without unmounting the whole
/lib/modules. Since dom0-provided modules will no longer conflict with
VM kernel packages (assuming kernel versions are different), there is no
need for qubes-kernel-vm-placeholder anymore.

Having only one subdirectory of /lib/modules mounted is somehow tricky,
because:
1. Directory name isn't always the same - it depends on kernel version.
This means that mountpoint must be created dynamically (so $NEWROOT must
be mounted in R/W for a moment).
2. There is one-command way to mount only a subdirectory of some
filesystem. So use a trick: mount it in some temporary directory, get
interesting subdir with `mount --bind`, then unmount temporary
directory.

QubesOS/qubes-issues#1354
2015-11-08 03:46:25 +01:00
Marek Marczykowski-Górecki
42469fdbe4
dracut: fix qubes-vm module dependencies
It needs 'dm' for 'dmsetup' utility. Additionally fix check - qubesdb
path starts with '/'.

QubesOS/qubes-issues#1354
2015-11-08 03:44:46 +01:00
Marek Marczykowski-Górecki
882052eca0
dracut: split 'full' dracut module into 'full-dmroot' and 'full-modules'
When PV Grub will be used, VM initramfs should not contain /lib/modules
mounting code, as the VM root.img will already contains kernel modules.
Make it possible by splitting the module.

QubesOS/qubes-issues#1354
2015-11-08 03:44:27 +01:00
Marek Marczykowski-Górecki
a30d583249
dracut: initialize volatile.img partitions
Do not rely on dom0 initializing that device. Actually volatile.img
content should be none of dom0 business.

QubesOS/qubes-issues#1308
2015-10-26 20:00:08 +01:00
Marek Marczykowski-Górecki
0f954034a1
dracut: abort on dmroot assemble error
Add missing "exit 1". In the other case (TemplateVM) it is already
there.
2015-10-15 02:37:20 +02:00
Marek Marczykowski-Górecki
d3d84d5d49
dracut: expand tabs to spaces
Fix to match our code style guide.
2015-10-15 02:36:23 +02:00
Marek Marczykowski-Górecki
bc7a2091db dracut: load ext4 module manually in minimalistic dracut module 2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
15cc3b2d51 dracut: Provide minimalistic initramfs files - no udev, no systemd
Provide simple script to run under busybox, this is all we need in the
VM.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
2b6fd27839 dracut: do not assume full udevd running inside initramfs
Limited udev (or just limited rule set) will not create device-mapper
entries in /dev, so create them manually.
2015-03-25 23:25:33 +01:00
Marek Marczykowski-Górecki
0c4c2323c0 Add VM kernel related files as qubes-core-vm-kernel-support package
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.
2015-03-25 23:25:33 +01:00