KVM

Makefile

@@ -38,6 +38,9 @@ SYSTEM_DROPINS += systemd-random-seed.service
 SYSTEM_DROPINS += tor.service tor@default.service
 SYSTEM_DROPINS += systemd-timesyncd.service
 SYSTEM_DROPINS += systemd-logind.service
+#### KVM:
+SYSTEM_DROPINS += qubes-mount-dirs.service qubes-rootfs-resize.service qubes-sysinit.service
+########
 
 SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service
 SYSTEM_DROPINS_NETWORKING += tinyproxy.service

debian/control

@@ -87,7 +87,8 @@ Description: Qubes core agent
 Package: qubes-core-agent-nautilus
 Architecture: any
 Depends:
-    ${pythonver:Depends}-nautilus,
+    ##${pythonver:Depends}-nautilus,
+    python-nautilus,
     qubes-core-qrexec,
 Replaces: qubes-core-agent (<< 4.0.0-1)
 Breaks: qubes-core-agent (<< 4.0.0-1)

init/resize-rootfs-if-needed.sh

@@ -3,15 +3,35 @@
 # Possibly resize root device (partition, filesystem), if underlying device was
 # enlarged.
 
+#### KVM:
+. /usr/lib/qubes/hypervisor.sh
+########
+
 set -e
 
-# if underlying root device is read-only, don't do anything
-if [ "$(blockdev --getro /dev/xvda)" -eq "1" ]; then
-    echo "xvda is read-only, not resizing" >&2
+#### KVM:
+if hypervisor xen; then
+    ROOTDEV="xvda"
+elif hypervisor kvm; then
+    ROOTDEV="vda"
+else
     exit 0
 fi
+########
 
-sysfs_xvda="/sys/class/block/xvda"
+# if underlying root device is read-only, don't do anything
+#### KVM:
+##if [ "$(blockdev --getro /dev/xvda)" -eq "1" ]; then
+##    echo "xvda is read-only, not resizing" >&2
+##    exit 0
+##fi
+##sysfs_xvda="/sys/class/block/xvda"
+if [ "$(blockdev --getro /dev/$ROOTDEV)" -eq "1" ]; then
+    echo "$ROOTDEV is read-only, not resizing" >&2
+    exit 0
+fi
+sysfs_rootdev="/sys/class/block/$ROOTDEV"
+########
 
 # if root filesystem is already using (almost) the whole disk
 # 203M for BIOS and /boot data
@@ -26,7 +46,10 @@ ext4_block_size=$(dumpe2fs /dev/mapper/dmroot | grep '^Block size:' | sed -E 's/
 rootfs_size=$((ext4_block_count * ext4_block_size / 512))
 # 5 MB in 512-byte units for some random extra bits
 size_margin=$((5 * 1024 * 2))
-if [ "$(cat $sysfs_xvda/size)" -lt \
+#### KVM:
+##if [ "$(cat $sysfs_xvda/size)" -lt \
+########
+if [ "$(cat $sysfs_rootdev/size)" -lt \
        $(( rootfs_size + boot_data_size + size_margin )) ]; then
    echo "root filesystem already at $rootfs_size blocks" >&2
    exit 0

init/setup-rw.sh

@@ -1,6 +1,19 @@
 #!/bin/sh
 
-dev=/dev/xvdb
+#### KVM:
+. /usr/lib/qubes/hypervisor.sh
+########
+
+#### KVM:
+##dev=/dev/xvdb
+if hypervisor xen; then
+    dev="xvdb"
+elif hypervisor kvm; then
+    dev="vdb"
+else
+    exit 0
+fi
+########
 
 if mountpoint -q /rw ; then
     # This means /rw is mounted now.

init/setup-rwdev.sh

@@ -4,9 +4,22 @@
 # shellcheck source=init/functions
 . /usr/lib/qubes/init/functions
 
+#### KVM:
+. /usr/lib/qubes/hypervisor.sh
+########
+
 set -e
 
-dev=/dev/xvdb
+#### KVM:
+##dev=/dev/xvdb
+if hypervisor xen; then
+    dev=/dev/xvdb
+elif hypervisor kvm; then
+    dev=/dev/vdb
+else
+    exit 0
+fi
+########
 max_size=10485760  # check at most 10 MiB
 
 if [ -e "$dev" ] ; then

misc/hypervisor.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# Return hypervisor name or match result if 'name' provided
+hypervisor () {
+    local name="$1"
+    local hypervisor
+
+    if [[ $(cat /sys/hypervisor/type 2>/dev/null) == 'xen' ]]; then
+        hypervisor="xen"
+
+    elif [ -e /sys/devices/virtual/misc/kvm ]; then
+        hypervisor="kvm"
+    fi
+
+    if [ ! -z $hypervisor ]; then
+        if [ -z "$name" ]; then
+            echo "$hypervisor"
+            return 0
+        fi
+        if [ "$name" == "$hypervisor" ]; then
+            return 0
+        fi
+    fi
+    return 1
+}
+
+
+(return 0 2>/dev/null) && sourced=1 || sourced=0
+if (( ! sourced )); then
+    hypervisor "$1"
+fi
+

qubes-rpc/resize-rootfs

@@ -1,32 +1,63 @@
 #!/bin/sh
 
+#### KVM:
+. /usr/lib/qubes/hypervisor.sh
+########
+
 set -e
 
+#### KVM:
+if hypervisor xen; then
+    ROOTDEV_PREFIX="xvd"
+elif hypervisor kvm; then
+    ROOTDEV_PREFIX="vd"
+else
+    exit 0
+fi
+########
+
 dm_major=$(printf %x "$(grep device-mapper /proc/devices | cut -f 1 -d ' ')")
 case "$(stat -Lc %t:%T /dev/mapper/dmroot)" in
     ca:0)
         # nothing needed, xvda used directly
         ;;
-    ca:3)
+    ca:3:|fc:3)
         # resize partition table itself and xda3 partition
-        echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/xvda
+        #### KVM:
+        ##echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/xvda
+        # ca:3==xvd, fc:3==virtblk (vd)
+        echo ',+' | sfdisk --no-reread --no-tell-kernel -q -N 3 /dev/${ROOTDEV_PREFIX}a
+        ########
+
         # and reload partition table; prefer partprobe over blockdev
         # --rereadpt, as it works on mounted partitions
-        partprobe /dev/xvda
+        #### KVM:
+        ##partprobe /dev/xvda
+        partprobe /dev/${ROOTDEV_PREFIX}a
+        ########
         udevadm settle
         ;;
     ca:*)
         echo "Unsupported partition layout, resize it manually" >&2
         exit 1
         ;;
     $dm_major:*)
-        new_size=$(cat /sys/block/xvda/size)
-        ro=$(cat /sys/block/xvda/ro)
+        #### KVM:
+        ##new_size=$(cat /sys/block/xvda/size)
+        ##ro=$(cat /sys/block/xvda/ro)
+        ##if [ "$ro" -eq 1 ]; then
+        ##    new_table="0 $new_size snapshot /dev/xvda /dev/xvdc2 N 16"
+        ##else
+        ##    new_table="0 $new_size linear /dev/xvda 0"
+        ##fi
+        new_size=$(cat /sys/block/${ROOTDEV_PREFIX}a/size)
+        ro=$(cat /sys/block/${ROOTDEV_PREFIX}a/ro)
         if [ "$ro" -eq 1 ]; then
-            new_table="0 $new_size snapshot /dev/xvda /dev/xvdc2 N 16"
+            new_table="0 $new_size snapshot /dev/${ROOTDEV_PREFIX}a /dev/${ROOTDEV_PREFIX}c2 N 16"
         else
-            new_table="0 $new_size linear /dev/xvda 0"
+            new_table="0 $new_size linear /dev/${ROOTDEV_PREFIX}a 0"
         fi
+        ########
         dmsetup load dmroot --table "$new_table"
         dmsetup resume dmroot
         ;;

rpm_spec/core-agent.spec.in

@@ -22,6 +22,7 @@
 
 %define qubes_services qubes-core qubes-core-netvm qubes-core-early qubes-firewall qubes-iptables qubes-updates-proxy qubes-updates-proxy-forwarder
 %define qubes_preset_file 75-qubes-vm.preset
+%define backend_vmm @BACKEND_VMM@
 
 # systemd is used in Fedora and CentOS
 %if 0%{?fedora} || 0%{?rhel}
@@ -170,7 +171,9 @@ Conflicts:  qubes-gui-agent < 4.1.6
 BuildRequires: gcc
 BuildRequires: desktop-file-utils
 BuildRequires: pandoc
+%if "%{?backend_vmm}" == "xen"
 BuildRequires: xen-devel
+%endif
 BuildRequires: libX11-devel
 BuildRequires: qubes-utils-devel >= 3.1.3
 BuildRequires: qubes-libvchan-@BACKEND_VMM@-devel
@@ -986,6 +989,11 @@ The Qubes core startup configuration for SystemD init.
 /usr/lib/systemd/system/tmp.mount.d/30_qubes.conf
 /usr/lib/systemd/user/pulseaudio.service.d/30_qubes.conf
 /usr/lib/systemd/user/pulseaudio.socket.d/30_qubes.conf
+#### KVM:
+/usr/lib/systemd/system/qubes-mount-dirs.service.d/30_qubes-kvm.conf
+/usr/lib/systemd/system/qubes-rootfs-resize.service.d/30_qubes-kvm.conf
+/usr/lib/systemd/system/qubes-sysinit.service.d/30_qubes-kvm.conf
+########
 
 %post systemd
 

vm-systemd/mount-dirs.sh

@@ -4,10 +4,27 @@
 # shellcheck source=init/functions
 . /usr/lib/qubes/init/functions
 
+#### KVM:
+. /usr/lib/qubes/hypervisor.sh
+########
+
 set -e
 
+#### KVM:
+if hypervisor xen; then
+    DEVID="xvdb"
+elif hypervisor kvm; then
+    DEVID="vdb"
+else
+    exit 0
+fi
+########
+
 /usr/lib/qubes/init/setup-rwdev.sh
-if [ -e /dev/xvdb ] ; then mount /rw ; fi
+#### KVM:
+##if [ -e /dev/xvdb ] ; then mount /rw ; fi
+if [ -e /dev/${DEVID} ] ; then mount /rw ; fi
+########
 /usr/lib/qubes/init/setup-rw.sh
 
 initialize_home "/rw/home" ifneeded

vm-systemd/qubes-mount-dirs.service.d/30_qubes-kvm.conf

@@ -0,0 +1,10 @@
+[Unit]
+ConditionPathExists=/var/run/qubes-service/hypervisor-kvm
+# Device is 'dev-vdb' in KVM (dev-xvdb in  XEN)
+After=
+After=qubes-sysinit.service dev-vdb.device
+
+# XXX: Remove 'qubes-gui-agent.service' depend as it is disabled until it is
+#      working with KVM.
+Before=
+Before=local-fs.target rw.mount home.mount

vm-systemd/qubes-rootfs-resize.service.d/30_qubes-kvm.conf

@@ -0,0 +1,5 @@
+[Unit]
+ConditionPathExists=/var/run/qubes-service/hypervisor-kvm
+# Device is 'dev-vda' in KVM (dev-xvda in  XEN)
+After=
+After=qubes-sysinit.service dev-vda.device

vm-systemd/qubes-sysinit.service.d/30_qubes-kvm.conf

@@ -0,0 +1,5 @@
+[Unit]
+ConditionPathExists=/var/run/qubes-service/hypervisor-kvm
+# No depend on 'proc-xen.mount' in KVM
+After=
+After=systemd-modules-load.service qubes-db.service

vm-systemd/qubes-sysinit.sh

@@ -3,6 +3,9 @@
 # Source Qubes library.
 # shellcheck source=init/functions
 . /usr/lib/qubes/init/functions
+#### KVM:
+. /usr/lib/qubes/init/hypervisor.sh
+########
 
 # List of services enabled by default (in case of absence of qubesdb entry)
 DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy meminfo-writer qubes-firewall"
@@ -11,16 +14,40 @@ DEFAULT_ENABLED_APPVM="cups qubes-update-check meminfo-writer"
 DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
 DEFAULT_ENABLED="meminfo-writer"
 
-# Wait for xenbus initialization
-while [ ! -e /dev/xen/xenbus ]; do
-  sleep 0.1
-done
+if systemd_version_changed ; then
+    # Ensure we're running right version of systemd (the one started by initrd
+    # may be different)
+    systemctl daemon-reexec
+fi
+
+#### KVM:
+if hypervisor xen; then
+    # Wait for xenbus initialization
+    while [ ! -e /dev/xen/xenbus ] && [ -e /proc/xen/xenbus ]; do
+        sleep 0.1
+    done
+fi
+########
 
 mkdir -p /var/run/qubes
 chgrp qubes /var/run/qubes
 chmod 0775 /var/run/qubes
 mkdir -p /var/run/qubes-service
-mkdir -p /var/run/xen-hotplug
+
+#### KVM:
+if hypervisor xen; then
+    mkdir -p /var/run/xen-hotplug
+
+    # Set permissions to /proc/xen/xenbus, so normal user can talk to xenstore,
+    # to open vchan connection. Note that new code uses /dev/xen/xenbus (which
+    # have # permissions set by udev), so this probably can go away soon
+    chmod 666 /proc/xen/xenbus
+
+    # Set permissions to /proc/xen/privcmd, so a user in qubes group can access
+    chmod 660 /proc/xen/privcmd
+    chgrp qubes /proc/xen/privcmd
+fi
+########
 
 # Set default services depending on VM type
 is_appvm && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM && touch /var/run/qubes/this-is-appvm