Commit Graph

76 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7d9fe8e39f
Add xen_scrub_pages=0 kernel option only if initramfs was rebuilt
Rebuild initramfs on package upgrade (already done for Debian
previously) and store 1 into /var/lib/qubes/initramfs-updated. Then,
only add xen_scrub_pages=0 kernel option if
/var/lib/qubes/initramfs-updated is there (with "1" or greater number).
This way, if initramfs rebuild doesn't happen for any reason,
xen_scrub_pages=0 will not be added.

Fixes 456fe99 "Disable scrubbing memory pages during initial balloon down"
QubesOS/qubes-issues#1963
2019-02-25 01:17:07 +01:00
Marek Marczykowski-Górecki
456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
Marek Marczykowski-Górecki
14be8aa5ae
version 4.0.22 2018-10-29 01:04:00 +01:00
Marek Marczykowski-Górecki
e2d7f08d42
version 4.0.21 2018-10-09 00:25:11 +02:00
Marek Marczykowski-Górecki
ab7ca7be89
version 4.0.20 2018-07-03 21:11:00 +02:00
Marek Marczykowski-Górecki
915c8f0cf7
version 4.0.19 2018-05-02 17:55:10 +02:00
Marek Marczykowski-Górecki
4157f919b6
version 4.0.18 2018-04-21 14:36:39 +02:00
Marek Marczykowski-Górecki
610e7d8f3e
version 4.0.17 2018-02-27 15:17:12 +01:00
Marek Marczykowski-Górecki
ff36d11c19
version 4.0.16 2018-02-20 00:05:31 +01:00
Marek Marczykowski-Górecki
d623a3e7d3
debian: adjust required version after adding new function 2018-02-20 00:01:46 +01:00
Marek Marczykowski-Górecki
ff2e2dbc22
version 4.0.15 2018-01-18 19:07:40 +01:00
Marek Marczykowski-Górecki
6eab71f678
version 4.0.14 2018-01-12 06:16:06 +01:00
Marek Marczykowski-Górecki
929e03bcba
version 4.0.13 2017-12-23 02:50:20 +01:00
Marek Marczykowski-Górecki
72343fe0cd
version 4.0.12 2017-12-12 01:41:53 +01:00
Marek Marczykowski-Górecki
ee66bb4c80
Merge remote-tracking branch 'qubesos/pr/27'
* qubesos/pr/27:
  qubes-kernel-vm-support compatibility with dracut
2017-12-01 00:12:17 +01:00
Marek Marczykowski-Górecki
dc5d025247
debian: include drauct module in qubes-kernel-vm-support
Support dracut also on Debian systems.

Fixes QubesOS/qubes-issues#3361
2017-12-01 00:11:28 +01:00
Marek Marczykowski-Górecki
3d44d3a80b
debian: make it easier to spot missing files in debian/*.install 2017-12-01 00:02:46 +01:00
Patrick Schleizer
7360aee988
qubes-kernel-vm-support compatibility with dracut
move initramfs-tools from Depends: to Recommends:

fixes https://github.com/QubesOS/qubes-issues/issues/3361
2017-12-01 00:00:28 +01:00
Marek Marczykowski-Górecki
e784f3caa3
version 4.0.11 2017-11-21 05:34:50 +01:00
Marek Marczykowski-Górecki
0a7d2c0789
Merge remote-tracking branch 'qubesos/pr/25'
* qubesos/pr/25:
  replace tinting algorithm with one that partially preserves saturation too
  reimplement tint algorithm with numpy for reasonable performance
  use PIL image library instead of ImageMagick to load/save images when tinting
  add Python pillow and numpy dependencies
  remove unused cairo import
2017-11-21 05:14:11 +01:00
Marek Marczykowski-Górecki
92a86fad18
version 4.0.10 2017-11-21 04:46:49 +01:00
qubesuser
6c6070ab49 add Python pillow and numpy dependencies 2017-11-08 17:45:21 +01:00
Marek Marczykowski-Górecki
f7cd2b2a76
version 4.0.9 2017-10-17 23:54:15 +02:00
Marek Marczykowski-Górecki
766f83de8e
version 4.0.8 2017-09-30 01:59:38 +02:00
Marek Marczykowski-Górecki
c62c8e4416
version 4.0.7 2017-09-15 13:43:18 +02:00
Marek Marczykowski-Górecki
d703652070
version 4.0.6 2017-09-12 04:52:48 +02:00
Marek Marczykowski-Górecki
22c94c37a9
version 4.0.5 2017-08-11 13:34:11 +02:00
Marek Marczykowski-Górecki
43908b7eaa
version 4.0.4 2017-07-29 05:19:34 +02:00
Marek Marczykowski-Górecki
4dd813c14b
version 4.0.3 2017-07-06 19:41:04 +02:00
Marek Marczykowski-Górecki
eb1b20fd48
version 4.0.2 2017-06-24 14:55:03 +02:00
Marek Marczykowski-Górecki
77c6d8be6a
version 4.0.1 2017-05-18 01:54:46 +02:00
Marek Marczykowski-Górecki
513a1cecf2
version 4.0.0 2017-04-08 13:58:53 +02:00
Marek Marczykowski-Górecki
13b9ea7f1c
debian: fix install location of python files
Debian use /usr/lib/python*/dist-packages (instead of site-packages) for
packaged python modules. It's achieved using --install-layout=deb
option, so pass it on Debian build.
2017-04-08 13:58:34 +02:00
Marek Marczykowski-Górecki
9f6018bdb5
debian: adjust file list 2017-04-08 13:58:33 +02:00
Marek Marczykowski-Górecki
b52f4e0f36
Add python-setuptools to build depends 2017-04-08 13:58:33 +02:00
Wojtek Porczyk
b6ad625b85
debian/control: remove unneeded qubesdb dependency 2017-04-08 13:58:32 +02:00
Marek Marczykowski-Górecki
4de6e4d9be
version 3.2.4 2017-03-23 11:34:01 +01:00
Marek Marczykowski-Górecki
fbcad1cb17
version 3.2.3 2016-07-17 05:17:40 +02:00
Marek Marczykowski-Górecki
e9a21c03c2
debian: add pkg-config to Build-Depends 2016-07-08 11:51:56 +02:00
Marek Marczykowski-Górecki
a9d26d6ed0
debian: reformat Build-Depends 2016-07-08 11:51:19 +02:00
Marek Marczykowski-Górecki
281c628b0e
version 3.2.2 2016-06-02 02:55:12 +02:00
Marek Marczykowski-Górecki
b442929695
version 3.2.1 2016-05-18 02:59:37 +02:00
Marek Marczykowski-Górecki
b25bab4421
version 3.2.0 2016-05-16 11:54:16 +02:00
Marek Marczykowski-Górecki
29cf44233a
version 3.1.8 2016-02-08 05:06:21 +01:00
Marek Marczykowski-Górecki
1d20cdea89
version 3.1.7 2016-01-07 05:59:41 +01:00
Marek Marczykowski-Górecki
4dc959e94f
version 3.1.6 2015-12-13 04:38:28 +01:00
HW42
931944f118 debian: remove obsolete conffiles in /etc/udev/rules.d 2015-12-10 04:47:39 +01:00
Marek Marczykowski-Górecki
8da3f09ccc
version 3.1.5 2015-11-30 05:55:14 +01:00
Marek Marczykowski-Górecki
fae64a2c69
Fix for "debian: split libraries out of qubes-utils package"
Package python modules
2015-11-30 05:51:50 +01:00
Marek Marczykowski-Górecki
3fc71a3b40
version 3.1.4 2015-11-27 20:44:04 +01:00