vm,templates: allow to obtain common kernelopts from a kernel package

If kernel package ships default-kernelopts-common.txt file, use that instead of hardcoded Linux-specific options. For Linux kernel it may include xen_scrub_pages=0 option, but only if initrd shipped with this kernel re-enable this option later. QubesOS/qubes-issues#4839 QubesOS/qubes-issues#4736
marmarek · Feb 27, 2019 · 2de5a8e · 2de5a8e
1 parent e110cbe
commit 2de5a8e
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 1 deletion.
diff --git a/qubes/config.py b/qubes/config.py
@@ -69,6 +69,8 @@
     'hvm_memory': 400,
     'kernelopts': "nopat",
     'kernelopts_pcidevs': "nopat iommu=soft swiotlb=8192",
+    'kernelopts_common': ('root=/dev/mapper/dmroot ro nomodeset console=hvc0 '
+             'rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 '),
 
     'dom0_update_check_interval': 6*3600,
 

diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py
@@ -867,6 +867,73 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
         self.assertXMLEqual(lxml.etree.XML(libvirt_xml),
             lxml.etree.XML(expected))
 
+    def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
+        expected = '''<domain type="xen">
+        <name>test-inst-test</name>
+        <uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
+        <memory unit="MiB">500</memory>
+        <currentMemory unit="MiB">400</currentMemory>
+        <vcpu placement="static">2</vcpu>
+        <cpu mode='host-passthrough'>
+            <!-- disable nested HVM -->
+            <feature name='vmx' policy='disable'/>
+            <feature name='svm' policy='disable'/>
+            <!-- disable SMAP inside VM, because of Linux bug -->
+            <feature name='smap' policy='disable'/>
+        </cpu>
+        <os>
+            <type arch="x86_64" machine="xenfv">hvm</type>
+                <!--
+                     For the libxl backend libvirt switches between OVMF (UEFI)
+                     and SeaBIOS based on the loader type. This has nothing to
+                     do with the hvmloader binary.
+                -->
+            <loader type="rom">hvmloader</loader>
+            <boot dev="cdrom" />
+            <boot dev="hd" />
+            <cmdline>kernel specific options nopat</cmdline>
+        </os>
+        <features>
+            <pae/>
+            <acpi/>
+            <apic/>
+            <viridian/>
+        </features>
+        <clock offset="variable" adjustment="0" basis="localtime" />
+        <on_poweroff>destroy</on_poweroff>
+        <on_reboot>destroy</on_reboot>
+        <on_crash>destroy</on_crash>
+        <devices>
+            <!-- server_ip is the address of stubdomain. It hosts it's own DNS server. -->
+            <emulator type="stubdom-linux" />
+            <input type="tablet" bus="usb"/>
+            <video>
+                <model type="vga"/>
+            </video>
+            <graphics type="qubes"/>
+        </devices>
+        </domain>
+        '''
+        my_uuid = '7db78950-c467-4863-94d1-af59806384ea'
+        vm = self.get_vm(uuid=my_uuid)
+        vm.netvm = None
+        vm.virt_mode = 'hvm'
+        vm.features['qrexec'] = True
+        with unittest.mock.patch('qubes.config.qubes_base_dir',
+                '/tmp/qubes-test'):
+            kernel_dir = '/tmp/qubes-test/vm-kernels/dummy'
+            os.makedirs(kernel_dir, exist_ok=True)
+            open(os.path.join(kernel_dir, 'vmlinuz'), 'w').close()
+            open(os.path.join(kernel_dir, 'initramfs'), 'w').close()
+            with open(os.path.join(kernel_dir,
+                    'default-kernelopts-common.txt'), 'w') as f:
+                f.write('kernel specific options \n')
+            self.addCleanup(shutil.rmtree, '/tmp/qubes-test')
+            vm.kernel = 'dummy'
+            libvirt_xml = vm.create_config_file()
+        self.assertXMLEqual(lxml.etree.XML(libvirt_xml),
+            lxml.etree.XML(expected))
+
     def test_600_libvirt_xml_pvh(self):
         expected = '''<domain type="xen">
         <name>test-inst-test</name>

diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py
@@ -1983,6 +1983,25 @@ def start_time(self):
 
         return None
 
+    @property
+    def kernelopts_common(self):
+        '''Kernel options which should be used in addition to *kernelopts*
+        property.
+
+        This is specific to kernel (and initrd if any)
+        '''
+        if not self.kernel:
+            return ''
+        kernels_dir = self.storage.kernels_dir
+
+        kernelopts_path = os.path.join(kernels_dir,
+            'default-kernelopts-common.txt')
+        if os.path.exists(kernelopts_path):
+            with open(kernelopts_path) as f_kernelopts:
+                return f_kernelopts.read().rstrip('\n\r')
+        else:
+            return qubes.config.defaults['kernelopts_common']
+
     #
     # helper methods
     #

diff --git a/templates/libvirt/xen.xml b/templates/libvirt/xen.xml
@@ -47,7 +47,7 @@
                 {% if vm.features.check_with_template('no-default-kernelopts', False) -%}
                 <cmdline>{{ vm.kernelopts }}</cmdline>
                 {% else -%}
-                <cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 {{ vm.kernelopts }}</cmdline>
+                <cmdline>{{ vm.kernelopts_common }}{{ vm.kernelopts }}</cmdline>
                 {% endif -%}
             {% endif %}
         {% endblock %}