Skip to content

KVM #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

KVM #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c9ae093
kvm: Initial KVM configuration updates
nrgaway Aug 2, 2020
c00b3a7
dracut/simple: Update init.sh to detect KVM root devices
shawnanastasio Feb 11, 2021
e7a273f
dracut/simple/init.sh: Add support for KVM and Virtio block devices
shawnanastasio Feb 16, 2021
c154c76
spec: update backend_vmm equal checks
fepitre Nov 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,17 @@ export LIBDIR SCRIPTSDIR SYSLIBDIR INCLUDEDIR

all:
$(MAKE) -C qrexec-lib all
ifeq ($(BACKEND_VMM),xen)
$(MAKE) -C qmemman all
endif
$(MAKE) -C imgconverter all

install:
$(MAKE) -C udev install
$(MAKE) -C qrexec-lib install
ifeq ($(BACKEND_VMM),xen)
$(MAKE) -C qmemman install
endif
$(MAKE) -C imgconverter install

install-fedora-kernel-support:
Expand All @@ -29,7 +33,9 @@ install-debian-kernel-support:

clean:
$(MAKE) -C qrexec-lib clean
ifeq ($(BACKEND_VMM),xen)
$(MAKE) -C qmemman clean
endif
$(MAKE) -C imgconverter clean
rm -rf debian/changelog.*
rm -rf pkgs
2 changes: 2 additions & 0 deletions dracut/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,6 @@ install:
$(MAKE) -C simple
$(MAKE) -C full-dmroot
$(MAKE) -C full-modules
ifeq ($(BACKEND_VMM),xen)
$(MAKE) -C xen-balloon-scrub-pages
endif
70 changes: 44 additions & 26 deletions dracut/simple/init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
#!/bin/sh
echo "Qubes initramfs script here:"

if [ -d /sys/devices/system/xen_memory ]; then
HYPERVISOR=xen
else
HYPERVISOR=kvm
fi

if [ $HYPERVISOR = "xen" ]; then
echo "Running under xen"
DEVPREFIX="xvd"
else
echo "Running under kvm"
DEVPREFIX="vd"
fi

mkdir -p /proc /sys /dev
mount -t proc proc /proc
mount -t sysfs sysfs /sys
Expand All @@ -15,72 +29,76 @@ if [ -e /dev/mapper/dmroot ] ; then
echo "Qubes: FATAL error: /dev/mapper/dmroot already exists?!"
fi

/sbin/modprobe xenblk || /sbin/modprobe xen-blkfront || echo "Qubes: Cannot load Xen Block Frontend..."
if [ $HYPERVISOR = "xen" ]; then
/sbin/modprobe xenblk || /sbin/modprobe xen-blkfront || echo "Qubes: Cannot load Xen Block Frontend..."
elif [ $HYPERVISOR = "kvm" ]; then
/sbin/modprobe virtio_blk || echo "Qubes: Cannot load Virtio Block Driver..."
fi

die() {
echo "$@" >&2
exit 1
}

echo "Waiting for /dev/xvda* devices..."
while ! [ -e /dev/xvda ]; do sleep 0.1; done
echo "Waiting for /dev/${DEVPREFIX}a* devices..."
while ! [ -e /dev/${DEVPREFIX}a ]; do sleep 0.1; done

# prefer partition if exists
if [ -b /dev/xvda1 ]; then
if [ -b /dev/${DEVPREFIX}a1 ]; then
if [ -d /dev/disk/by-partlabel ]; then
ROOT_DEV=$(readlink "/dev/disk/by-partlabel/Root\\x20filesystem")
ROOT_DEV=${ROOT_DEV##*/}
else
ROOT_DEV=$(grep -l "PARTNAME=Root filesystem" /sys/block/xvda/xvda*/uevent |\
grep -o "xvda[0-9]")
ROOT_DEV=$(grep -l "PARTNAME=Root filesystem" /sys/block/${DEVPREFIX}a/${DEVPREFIX}a*/uevent |\
grep -o "${DEVPREFIX}a[0-9]")
fi
if [ -z "$ROOT_DEV" ]; then
# fallback to third partition
ROOT_DEV=xvda3
ROOT_DEV=${DEVPREFIX}a3
fi
else
ROOT_DEV=xvda
ROOT_DEV=${DEVPREFIX}a
fi

SWAP_SIZE=$(( 1024 * 1024 * 2 )) # sectors, 1GB

if [ `cat /sys/class/block/$ROOT_DEV/ro` = 1 ] ; then
echo "Qubes: Doing COW setup for AppVM..."

while ! [ -e /dev/xvdc ]; do sleep 0.1; done
VOLATILE_SIZE=$(cat /sys/class/block/xvdc/size) # sectors
while ! [ -e /dev/${DEVPREFIX}c ]; do sleep 0.1; done
VOLATILE_SIZE=$(cat /sys/class/block/${DEVPREFIX}c/size) # sectors
ROOT_SIZE=$(cat /sys/class/block/$ROOT_DEV/size) # sectors
if [ $VOLATILE_SIZE -lt $SWAP_SIZE ]; then
die "volatile.img smaller than 1GB, cannot continue"
fi
/sbin/sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
xvdc1: type=82,start=2048,size=$SWAP_SIZE
xvdc2: type=83
/sbin/sfdisk -q --unit S /dev/${DEVPREFIX}c >/dev/null <<EOF
${DEVPREFIX}c1: type=82,start=2048,size=$SWAP_SIZE
${DEVPREFIX}c2: type=83
EOF
if [ $? -ne 0 ]; then
echo "Qubes: failed to setup partitions on volatile device"
exit 1
fi
while ! [ -e /dev/xvdc1 ]; do sleep 0.1; done
/sbin/mkswap /dev/xvdc1
while ! [ -e /dev/xvdc2 ]; do sleep 0.1; done
while ! [ -e /dev/${DEVPREFIX}c1 ]; do sleep 0.1; done
/sbin/mkswap /dev/${DEVPREFIX}c1
while ! [ -e /dev/${DEVPREFIX}c2 ]; do sleep 0.1; done

echo "0 `cat /sys/class/block/$ROOT_DEV/size` snapshot /dev/$ROOT_DEV /dev/xvdc2 N 16" | \
echo "0 `cat /sys/class/block/$ROOT_DEV/size` snapshot /dev/$ROOT_DEV /dev/${DEVPREFIX}c2 N 16" | \
/sbin/dmsetup create dmroot || { echo "Qubes: FATAL: cannot create dmroot!"; exit 1; }
/sbin/dmsetup mknodes dmroot
echo Qubes: done.
else
echo "Qubes: Doing R/W setup for TemplateVM..."
while ! [ -e /dev/xvdc ]; do sleep 0.1; done
/sbin/sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
xvdc1: type=82,start=2048,size=$SWAP_SIZE
xvdc3: type=83
while ! [ -e /dev/${DEVPREFIX}c ]; do sleep 0.1; done
/sbin/sfdisk -q --unit S /dev/${DEVPREFIX}c >/dev/null <<EOF
${DEVPREFIX}c1: type=82,start=2048,size=$SWAP_SIZE
${DEVPREFIX}c3: type=83
EOF
if [ $? -ne 0 ]; then
die "Qubes: failed to setup partitions on volatile device"
fi
while ! [ -e /dev/xvdc1 ]; do sleep 0.1; done
/sbin/mkswap /dev/xvdc1
while ! [ -e /dev/${DEVPREFIX}c1 ]; do sleep 0.1; done
/sbin/mkswap /dev/${DEVPREFIX}c1
ln -s ../$ROOT_DEV /dev/mapper/dmroot
echo Qubes: done.
fi
Expand All @@ -93,11 +111,11 @@ NEWROOT=/sysroot

kver="`uname -r`"
if ! [ -d "$NEWROOT/lib/modules/$kver/kernel" ]; then
echo "Waiting for /dev/xvdd device..."
while ! [ -e /dev/xvdd ]; do sleep 0.1; done
echo "Waiting for /dev/${DEVPREFIX}d device..."
while ! [ -e /dev/${DEVPREFIX}d ]; do sleep 0.1; done

mkdir -p /tmp/modules
mount -n -t ext3 /dev/xvdd /tmp/modules
mount -n -t ext3 /dev/${DEVPREFIX}d /tmp/modules
if /sbin/modprobe overlay; then
# if overlayfs is supported, use that to provide fully writable /lib/modules
if ! [ -d "$NEWROOT/lib/.modules_work" ]; then
Expand Down
2 changes: 1 addition & 1 deletion kernel-modules/qubes-prepare-vm-kernel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ function build_initramfs() {
dracut --nomdadmconf --nolvmconf --force \
--modules "kernel-modules qubes-vm-simple" \
--conf /dev/null --confdir /var/empty \
-d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \
-d "xenblk xen-blkfront cdrom ext4 virtio virtio_blk jbd2 crc16 dm_snapshot" \
$output_file $kver
chmod 644 "$output_file"
}
Expand Down
7 changes: 7 additions & 0 deletions rpm_spec/qubes-kernel-vm-support.spec.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#

%define backend_vmm @BACKEND_VMM@

Name: qubes-kernel-vm-support
Version: @VERSION@
Release: 1%{?dist}
Expand Down Expand Up @@ -49,7 +51,9 @@ make install-fedora-kernel-support DESTDIR=%{buildroot}
/usr/lib/dracut/modules.d/90qubes-vm
/usr/lib/dracut/modules.d/90qubes-vm-modules
/usr/lib/dracut/modules.d/90qubes-vm-simple
%if "%{?backend_vmm}" == "xen"
/usr/lib/dracut/modules.d/80xen-scrub-pages
%endif
/usr/sbin/qubes-prepare-vm-kernel
%config(noreplace) /etc/default/grub.qubes-kernel-vm-support

Expand Down Expand Up @@ -77,11 +81,14 @@ if [ -r /usr/share/qubes/marker-vm ] && [ -x /usr/bin/dracut ]; then
kver="${kver%.img}"
dracut -f "$img" "$kver" || ret=$?
done

%if "%{?backend_vmm}" == "xen"
if [ "$ret" -eq 0 ]; then
# "milestone" initramfs update version:
# 1 - addition of xen scrub_pages enabling code
echo 1 > /var/lib/qubes/initramfs-updated
fi
%endif
fi

%changelog
Expand Down
9 changes: 9 additions & 0 deletions rpm_spec/qubes-utils.spec.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@

%define backend_vmm @BACKEND_VMM@

Name: qubes-utils
Version: @VERSION@
Release: 1%{?dist}
Expand All @@ -16,8 +19,10 @@ Requires: python%{python3_pkgversion}-qubesimgconverter
BuildRequires: systemd
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python3-rpm-macros
%if "%{?backend_vmm}" == "xen"
# for meminfo-writer
BuildRequires: xen-devel
%endif
BuildRequires: gcc

%description
Expand Down Expand Up @@ -57,6 +62,7 @@ make all BACKEND_VMM=@BACKEND_VMM@ PYTHON=%{__python3}
%install
make install DESTDIR=%{buildroot} PYTHON=%{__python3}

%if "%{?backend_vmm}" == "xen"
%post
# dom0
%systemd_post qubes-meminfo-writer-dom0.service
Expand All @@ -70,6 +76,7 @@ make install DESTDIR=%{buildroot} PYTHON=%{__python3}
%postun
%systemd_postun_with_restart qubes-meminfo-writer-dom0.service
%systemd_postun_with_restart qubes-meminfo-writer.service
%endif

%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
Expand All @@ -82,9 +89,11 @@ rm -rf $RPM_BUILD_ROOT
/usr/lib/udev/rules.d/*-qubes-*.rules
/usr/lib/tmpfiles.d/xen-devices-qubes.conf
/usr/lib/qubes/udev-*
%if "%{?backend_vmm}" == "xen"
%{_sbindir}/meminfo-writer
%{_unitdir}/qubes-meminfo-writer.service
%{_unitdir}/qubes-meminfo-writer-dom0.service
%endif

%files -n python%{python3_pkgversion}-qubesimgconverter
%{python3_sitelib}/qubesimgconverter/__init__.py
Expand Down