From 61d07034ae1344009d201f4a69fcd713e5c3a3b5 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Mon, 17 Aug 2020 12:45:16 -0400 Subject: [PATCH 1/5] kvm: Add hypervisor.sh for xen/kvm detection --- misc/hypervisor.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100755 misc/hypervisor.sh diff --git a/misc/hypervisor.sh b/misc/hypervisor.sh new file mode 100755 index 000000000..b81c13d03 --- /dev/null +++ b/misc/hypervisor.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# Return hypervisor name or match result if 'name' provided +hypervisor () { + local name="$1" + local hypervisor + + if [[ $(cat /sys/hypervisor/type 2>/dev/null) == 'xen' ]]; then + hypervisor="xen" + + elif [ -e /sys/devices/virtual/misc/kvm ]; then + hypervisor="kvm" + fi + + if [ ! -z $hypervisor ]; then + if [ -z "$name" ]; then + echo "$hypervisor" + return 0 + fi + if [ "$name" == "$hypervisor" ]; then + return 0 + fi + fi + return 1 +} + + +(return 0 2>/dev/null) && sourced=1 || sourced=0 +if (( ! sourced )); then + hypervisor "$1" +fi + From cbc4a6081dc2efd4e09899f33079000ad9fbcbfe Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Mon, 17 Aug 2020 12:47:10 -0400 Subject: [PATCH 2/5] kvm: init-scripts: Only run xen specific code if hypervisor is xen --- init/resize-rootfs-if-needed.sh | 33 ++++++++++++++++++++---- init/setup-rw.sh | 15 ++++++++++- init/setup-rwdev.sh | 15 ++++++++++- qubes-rpc/resize-rootfs | 45 ++++++++++++++++++++++++++++----- vm-systemd/mount-dirs.sh | 19 +++++++++++++- vm-systemd/qubes-sysinit.sh | 37 +++++++++++++++++++++++---- 6 files changed, 144 insertions(+), 20 deletions(-) diff --git a/init/resize-rootfs-if-needed.sh b/init/resize-rootfs-if-needed.sh index 1bd5220b1..4e9033fde 100755 --- a/init/resize-rootfs-if-needed.sh +++ b/init/resize-rootfs-if-needed.sh @@ -3,15 +3,35 @@ # Possibly resize root device (partition, filesystem), if underlying device was # enlarged. +#### KVM: +. /usr/lib/qubes/hypervisor.sh +######## + set -e -# if underlying root device is read-only, don't do anything -if [ "$(blockdev --getro /dev/xvda)" -eq "1" ]; then - echo "xvda is read-only, not resizing" >&2 +#### KVM: +if hypervisor xen; then + ROOTDEV="xvda" +elif hypervisor kvm; then + ROOTDEV="vda" +else exit 0 fi +######## -sysfs_xvda="/sys/class/block/xvda" +# if underlying root device is read-only, don't do anything +#### KVM: +##if [ "$(blockdev --getro /dev/xvda)" -eq "1" ]; then +## echo "xvda is read-only, not resizing" >&2 +## exit 0 +##fi +##sysfs_xvda="/sys/class/block/xvda" +if [ "$(blockdev --getro /dev/$ROOTDEV)" -eq "1" ]; then + echo "$ROOTDEV is read-only, not resizing" >&2 + exit 0 +fi +sysfs_rootdev="/sys/class/block/$ROOTDEV" +######## # if root filesystem is already using (almost) the whole disk # 203M for BIOS and /boot data @@ -26,7 +46,10 @@ ext4_block_size=$(dumpe2fs /dev/mapper/dmroot | grep '^Block size:' | sed -E 's/ rootfs_size=$((ext4_block_count * ext4_block_size / 512)) # 5 MB in 512-byte units for some random extra bits size_margin=$((5 * 1024 * 2)) -if [ "$(cat $sysfs_xvda/size)" -lt \ +#### KVM: +##if [ "$(cat $sysfs_xvda/size)" -lt \ +######## +if [ "$(cat $sysfs_rootdev/size)" -lt \ $(( rootfs_size + boot_data_size + size_margin )) ]; then echo "root filesystem already at $rootfs_size blocks" >&2 exit 0 diff --git a/init/setup-rw.sh b/init/setup-rw.sh index 3ee53c49f..9f7a82f2b 100755 --- a/init/setup-rw.sh +++ b/init/setup-rw.sh @@ -1,6 +1,19 @@ #!/bin/sh -dev=/dev/xvdb +#### KVM: +. /usr/lib/qubes/hypervisor.sh +######## + +#### KVM: +##dev=/dev/xvdb +if hypervisor xen; then + dev="xvdb" +elif hypervisor kvm; then + dev="vdb" +else + exit 0 +fi +######## if mountpoint -q /rw ; then # This means /rw is mounted now. diff --git a/init/setup-rwdev.sh b/init/setup-rwdev.sh index 6ab9d2fb8..b1da11604 100755 --- a/init/setup-rwdev.sh +++ b/init/setup-rwdev.sh @@ -4,9 +4,22 @@ # shellcheck source=init/functions . /usr/lib/qubes/init/functions +#### KVM: +. /usr/lib/qubes/hypervisor.sh +######## + set -e -dev=/dev/xvdb +#### KVM: +##dev=/dev/xvdb +if hypervisor xen; then + dev=/dev/xvdb +elif hypervisor kvm; then + dev=/dev/vdb +else + exit 0 +fi +######## max_size=10485760 # check at most 10 MiB if [ -e "$dev" ] ; then diff --git a/qubes-rpc/resize-rootfs b/qubes-rpc/resize-rootfs index cd45f2dfd..b9bb31625 100755 --- a/qubes-rpc/resize-rootfs +++ b/qubes-rpc/resize-rootfs @@ -1,18 +1,40 @@ #!/bin/sh +#### KVM: +. /usr/lib/qubes/hypervisor.sh +######## + set -e +#### KVM: +if hypervisor xen; then + ROOTDEV_PREFIX="xvd" +elif hypervisor kvm; then + ROOTDEV_PREFIX="vd" +else + exit 0 +fi +######## + dm_major=$(printf %x "$(grep device-mapper /proc/devices | cut -f 1 -d ' ')") case "$(stat -Lc %t:%T /dev/mapper/dmroot)" in ca:0) # nothing needed, xvda used directly ;; - ca:3) + ca:3:|fc:3) # resize partition table itself and xda3 partition - echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/xvda + #### KVM: + ##echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/xvda + # ca:3==xvd, fc:3==virtblk (vd) + echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/${ROOTDEV_PREFIX}a + ######## + # and reload partition table; prefer partprobe over blockdev # --rereadpt, as it works on mounted partitions - partprobe /dev/xvda + #### KVM: + ##partprobe /dev/xvda + partprobe /dev/${ROOTDEV_PREFIX}a + ######## udevadm settle ;; ca:*) @@ -20,13 +42,22 @@ case "$(stat -Lc %t:%T /dev/mapper/dmroot)" in exit 1 ;; $dm_major:*) - new_size=$(cat /sys/block/xvda/size) - ro=$(cat /sys/block/xvda/ro) + #### KVM: + ##new_size=$(cat /sys/block/xvda/size) + ##ro=$(cat /sys/block/xvda/ro) + ##if [ "$ro" -eq 1 ]; then + ## new_table="0 $new_size snapshot /dev/xvda /dev/xvdc2 N 16" + ##else + ## new_table="0 $new_size linear /dev/xvda 0" + ##fi + new_size=$(cat /sys/block/${ROOTDEV_PREFIX}a/size) + ro=$(cat /sys/block/${ROOTDEV_PREFIX}a/ro) if [ "$ro" -eq 1 ]; then - new_table="0 $new_size snapshot /dev/xvda /dev/xvdc2 N 16" + new_table="0 $new_size snapshot /dev/${ROOTDEV_PREFIX}a /dev/${ROOTDEV_PREFIX}c2 N 16" else - new_table="0 $new_size linear /dev/xvda 0" + new_table="0 $new_size linear /dev/${ROOTDEV_PREFIX}a 0" fi + ######## dmsetup load dmroot --table "$new_table" dmsetup resume dmroot ;; diff --git a/vm-systemd/mount-dirs.sh b/vm-systemd/mount-dirs.sh index 1c3a9e626..c56a4aba6 100755 --- a/vm-systemd/mount-dirs.sh +++ b/vm-systemd/mount-dirs.sh @@ -4,10 +4,27 @@ # shellcheck source=init/functions . /usr/lib/qubes/init/functions +#### KVM: +. /usr/lib/qubes/hypervisor.sh +######## + set -e +#### KVM: +if hypervisor xen; then + DEVID="xvdb" +elif hypervisor kvm; then + DEVID="vdb" +else + exit 0 +fi +######## + /usr/lib/qubes/init/setup-rwdev.sh -if [ -e /dev/xvdb ] ; then mount /rw ; fi +#### KVM: +##if [ -e /dev/xvdb ] ; then mount /rw ; fi +if [ -e /dev/${DEVID} ] ; then mount /rw ; fi +######## /usr/lib/qubes/init/setup-rw.sh initialize_home "/rw/home" ifneeded diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 83c17b56c..ae9537ffe 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -3,6 +3,9 @@ # Source Qubes library. # shellcheck source=init/functions . /usr/lib/qubes/init/functions +#### KVM: +. /usr/lib/qubes/init/hypervisor.sh +######## # List of services enabled by default (in case of absence of qubesdb entry) DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy meminfo-writer qubes-firewall" @@ -11,16 +14,40 @@ DEFAULT_ENABLED_APPVM="cups qubes-update-check meminfo-writer" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup" DEFAULT_ENABLED="meminfo-writer" -# Wait for xenbus initialization -while [ ! -e /dev/xen/xenbus ]; do - sleep 0.1 -done +if systemd_version_changed ; then + # Ensure we're running right version of systemd (the one started by initrd + # may be different) + systemctl daemon-reexec +fi + +#### KVM: +if hypervisor xen; then + # Wait for xenbus initialization + while [ ! -e /dev/xen/xenbus ] && [ -e /proc/xen/xenbus ]; do + sleep 0.1 + done +fi +######## mkdir -p /var/run/qubes chgrp qubes /var/run/qubes chmod 0775 /var/run/qubes mkdir -p /var/run/qubes-service -mkdir -p /var/run/xen-hotplug + +#### KVM: +if hypervisor xen; then + mkdir -p /var/run/xen-hotplug + + # Set permissions to /proc/xen/xenbus, so normal user can talk to xenstore, + # to open vchan connection. Note that new code uses /dev/xen/xenbus (which + # have # permissions set by udev), so this probably can go away soon + chmod 666 /proc/xen/xenbus + + # Set permissions to /proc/xen/privcmd, so a user in qubes group can access + chmod 660 /proc/xen/privcmd + chgrp qubes /proc/xen/privcmd +fi +######## # Set default services depending on VM type is_appvm && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM && touch /var/run/qubes/this-is-appvm From 37cecf2ac99200510893f3373f69392f8899b237 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 21 Aug 2020 12:35:21 -0400 Subject: [PATCH 3/5] kvm: Added systemd dropin unit files --- Makefile | 3 +++ debian/control | 3 ++- rpm_spec/core-agent.spec.in | 5 +++++ .../qubes-mount-dirs.service.d/30_qubes-kvm.conf | 10 ++++++++++ .../qubes-rootfs-resize.service.d/30_qubes-kvm.conf | 5 +++++ vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf | 5 +++++ 6 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 vm-systemd/qubes-mount-dirs.service.d/30_qubes-kvm.conf create mode 100644 vm-systemd/qubes-rootfs-resize.service.d/30_qubes-kvm.conf create mode 100644 vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf diff --git a/Makefile b/Makefile index 8e6e5b68d..d4e90a0bf 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,9 @@ SYSTEM_DROPINS += systemd-random-seed.service SYSTEM_DROPINS += tor.service tor@default.service SYSTEM_DROPINS += systemd-timesyncd.service SYSTEM_DROPINS += systemd-logind.service +#### KVM: +SYSTEM_DROPINS += qubes-mount-dirs.service qubes-rootfs-resize.service qubes-sysinit.service +######## SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service SYSTEM_DROPINS_NETWORKING += tinyproxy.service diff --git a/debian/control b/debian/control index ae413f04e..1ce7e363e 100644 --- a/debian/control +++ b/debian/control @@ -87,7 +87,8 @@ Description: Qubes core agent Package: qubes-core-agent-nautilus Architecture: any Depends: - ${pythonver:Depends}-nautilus, + ##${pythonver:Depends}-nautilus, + python-nautilus, qubes-core-qrexec, Replaces: qubes-core-agent (<< 4.0.0-1) Breaks: qubes-core-agent (<< 4.0.0-1) diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index 05e51eee5..840203d43 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -986,6 +986,11 @@ The Qubes core startup configuration for SystemD init. /usr/lib/systemd/system/tmp.mount.d/30_qubes.conf /usr/lib/systemd/user/pulseaudio.service.d/30_qubes.conf /usr/lib/systemd/user/pulseaudio.socket.d/30_qubes.conf +#### KVM: +/lib/systemd/system/qubes-mount-dirs.service.d/30_qubes-kvm.conf +/lib/systemd/system/qubes-rootfs-resize.service.d/30_qubes-kvm.conf +/lib/systemd/system/qubes-sysinit.service.d/30_qubes-kvm.conf +######## %post systemd diff --git a/vm-systemd/qubes-mount-dirs.service.d/30_qubes-kvm.conf b/vm-systemd/qubes-mount-dirs.service.d/30_qubes-kvm.conf new file mode 100644 index 000000000..cfe21a071 --- /dev/null +++ b/vm-systemd/qubes-mount-dirs.service.d/30_qubes-kvm.conf @@ -0,0 +1,10 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/hypervisor-kvm +# Device is 'dev-vdb' in KVM (dev-xvdb in XEN) +After= +After=qubes-sysinit.service dev-vdb.device + +# XXX: Remove 'qubes-gui-agent.service' depend as it is disabled until it is +# working with KVM. +Before= +Before=local-fs.target rw.mount home.mount diff --git a/vm-systemd/qubes-rootfs-resize.service.d/30_qubes-kvm.conf b/vm-systemd/qubes-rootfs-resize.service.d/30_qubes-kvm.conf new file mode 100644 index 000000000..0b2d3304a --- /dev/null +++ b/vm-systemd/qubes-rootfs-resize.service.d/30_qubes-kvm.conf @@ -0,0 +1,5 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/hypervisor-kvm +# Device is 'dev-vda' in KVM (dev-xvda in XEN) +After= +After=qubes-sysinit.service dev-vda.device diff --git a/vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf b/vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf new file mode 100644 index 000000000..5d8da26bf --- /dev/null +++ b/vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf @@ -0,0 +1,5 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/hypervisor-kvm +# No depend on 'proc-xen.mount' in KVM +After= +After=systemd-modules-load.service qubes-db.service From 7734483d76818ea3861d5cb3b6bda91582bc51b4 Mon Sep 17 00:00:00 2001 From: Shawn Anastasio Date: Fri, 5 Feb 2021 17:26:25 -0600 Subject: [PATCH 4/5] rpm_spec: Change kvm systemd config locations --- rpm_spec/core-agent.spec.in | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index 840203d43..c93399d87 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -22,6 +22,7 @@ %define qubes_services qubes-core qubes-core-netvm qubes-core-early qubes-firewall qubes-iptables qubes-updates-proxy qubes-updates-proxy-forwarder %define qubes_preset_file 75-qubes-vm.preset +%define backend_vmm @BACKEND_VMM@ # systemd is used in Fedora and CentOS %if 0%{?fedora} || 0%{?rhel} @@ -170,7 +171,9 @@ Conflicts: qubes-gui-agent < 4.1.6 BuildRequires: gcc BuildRequires: desktop-file-utils BuildRequires: pandoc +%if x%{?backend_vmm} == xxen BuildRequires: xen-devel +%endif BuildRequires: libX11-devel BuildRequires: qubes-utils-devel >= 3.1.3 BuildRequires: qubes-libvchan-@BACKEND_VMM@-devel @@ -987,9 +990,9 @@ The Qubes core startup configuration for SystemD init. /usr/lib/systemd/user/pulseaudio.service.d/30_qubes.conf /usr/lib/systemd/user/pulseaudio.socket.d/30_qubes.conf #### KVM: -/lib/systemd/system/qubes-mount-dirs.service.d/30_qubes-kvm.conf -/lib/systemd/system/qubes-rootfs-resize.service.d/30_qubes-kvm.conf -/lib/systemd/system/qubes-sysinit.service.d/30_qubes-kvm.conf +/usr/lib/systemd/system/qubes-mount-dirs.service.d/30_qubes-kvm.conf +/usr/lib/systemd/system/qubes-rootfs-resize.service.d/30_qubes-kvm.conf +/usr/lib/systemd/system/qubes-sysinit.service.d/30_qubes-kvm.conf ######## %post systemd From 13c4fac3e0a1bc1bd957190f86d85de1f496cc93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 21 Nov 2021 10:57:57 +0100 Subject: [PATCH 5/5] spec: update backend_vmm equal checks --- rpm_spec/core-agent.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index c93399d87..7e8e53786 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -171,7 +171,7 @@ Conflicts: qubes-gui-agent < 4.1.6 BuildRequires: gcc BuildRequires: desktop-file-utils BuildRequires: pandoc -%if x%{?backend_vmm} == xxen +%if "%{?backend_vmm}" == "xen" BuildRequires: xen-devel %endif BuildRequires: libX11-devel