overlayfs refuse to use R/O upperdir. Since dmroot is properly set
already, it's ok to mount it R/W.
But remount it later R/O, to not confuse startup scripts.
FixesQubesOS/qubes-issues#5087
(cherry picked from commit 84188910cf)
If overlay fs is available, use it for /lib/modules. This way the whole
/lib/modules will be writable and changes (like extra modules) will
persist in TemplateVM/StandaloneVM.
In practice, this will allow to conveniently build in-vm kernel modules,
even for dom0-provided kernels.
QubesOS/qubes-issues#2908
Indicate when the dracut "qubes-vm-simple" module supports (re-)enabling
xen_scrub_pages option. This means the kernel can be safely booted with
xen_scrub_pages=0.
QubesOS/qubes-issues#1963
Don't try to dereference "Root filesytem" partlabel symlink, unless it's
really present (not only directory for it).
Also, use udevadm settle for waiting for /dev/xvda, instead of naive
wait sleep loop.
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.
Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.
This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.
FixesQubesOS/qubes-issues#1963
Try to find root filesystem by partition label (not filesystem label!).
If that fails, default to 3rd partition according to (new) default
layout.
FixesQubesOS/qubes-issues#3173
Do not add 1:1 dm-linear when root.img (/dev/xvda) is read-write. This
was to always have root device at /dev/mapper/dmroot, but unfortunately
grub can't parse it properly (fails at looking for partition number of
/dev/xvda1). There was a hack specifically for this, but it caused other
partitions on xvda unavailable.
On the other hand, symlink is enough to be able to mount always the same
device. Now, grub detect that root fs is on /dev/xvda1, which is
enough to have grub2-install working. Unfortunate effect is that it puts
root=/dev/xvda1 at kernel command line, which breaks AppVMs based on
this TemplateVM. But it's easier to fix kernel command line, than grub
device detection logic.
Fixes "initramfs: add support for root.img with partition table"
QubesOS/qubes-issues#2557
Installing grub on root.img require some space before the filesystem.
Create it by adding partition table to root.img. This commit take care
of assembling dmroot device when such partition table is present, while
preserving compatibility with partition-less images.
QubesOS/qubes-issues#2577
This hook require new device nodes to appear in /dev. If devtmpfs is
used, it's not a problem ("simple" initramfs case), but otherwise udevd
is needed - and it isn't running in pre-udev hook yet.
QubesOS/qubes-issues#2577
New version of sfdisk have different syntax for other units (suffixes
beside the numbers, instead of global --unit). The only common unit is
sector, so use that.
FixesQubesOS/qubes-issues#1427
Theoretically it shouldn't be a problem, because module isn't installed
in initramfs by default (in dom0), but since such error would be fatal
to dom0 (will prevent it from booting), add a safety check for it.
Probably it will be required when (if) we migrate dom0 to Debian
This package is responsible for kernel modules and initramfs additions
needed in Qubes VM. When installed, it is possible to switch the VM to
use PV Grub and load the kernel from inside of VM. This greatly ease
installing custom kernel modules.
Changes:
- make qubes_cow_setup.sh working with both dracut and initramfs-tools
- add initramfs-tools configuration/scripts (including
qubes_cow_setup.sh)
- modify DESTDIR to handle multiple binary packages out of single
source
QubesOS/qubes-issues#1354
When udev is installed (and scheduled to be started), but not running
yet, plain dmsetup will deadlock on waiting for udev. Since we call
`dmsetup mknodes dmroot` anyway
QubesOS/qubes-issues#1354
This makes is possible to modify /lib/modules content - especially
install other kernel packages, without unmounting the whole
/lib/modules. Since dom0-provided modules will no longer conflict with
VM kernel packages (assuming kernel versions are different), there is no
need for qubes-kernel-vm-placeholder anymore.
Having only one subdirectory of /lib/modules mounted is somehow tricky,
because:
1. Directory name isn't always the same - it depends on kernel version.
This means that mountpoint must be created dynamically (so $NEWROOT must
be mounted in R/W for a moment).
2. There is one-command way to mount only a subdirectory of some
filesystem. So use a trick: mount it in some temporary directory, get
interesting subdir with `mount --bind`, then unmount temporary
directory.
QubesOS/qubes-issues#1354
When PV Grub will be used, VM initramfs should not contain /lib/modules
mounting code, as the VM root.img will already contains kernel modules.
Make it possible by splitting the module.
QubesOS/qubes-issues#1354
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.