Laszlo Ersek
2022-Feb-23 16:23 UTC
[Libguestfs] [v2v PATCH] convert_linux: include the "xts" module in the initrd
The conversion may change the CPU model of the domain, which in turn can lead to the disappearance of various CPU flags/features, such as "aes" (the AES-NI instruction set). In RHEL7, the hw-accelerated AES module "aesni_intel" does not depend on the "xts" module, whereas the built-in, non-accelerated AES module does depend on the (external) "xts" module. As a result of the conversion, the target domain may therefore become dependent on the "xts" module, for decrypting LUKS block devices that employ the "aes-xts-plain64" cipher (which is the default LUKS cipher nowadays). When dracut runs in the appliance (in my case: dracut-055-6.fc35.x86_64), it does not seem to notice this dependency. Thus we need to explicitly include "xts" in the rebuilt initrd, if the original kernel provides that module. https://bugzilla.redhat.com/show_bug.cgi?id=1658126 Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- convert/convert_linux.ml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml index 45ce069ad9bf..116d9e06f792 100644 --- a/convert/convert_linux.ml +++ b/convert/convert_linux.ml @@ -595,6 +595,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ | None -> () | Some initrd -> (* Enable the basic virtio modules in the kernel. *) + (* Also forcibly include the "xts" module; see RHBZ#1658126. *) let modules let modules (* The order of modules here is deliberately the same as the @@ -605,7 +606,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ *) List.filter (fun m -> List.mem m kernel.ki_modules) [ "virtio"; "virtio_ring"; "virtio_blk"; - "virtio_scsi"; "virtio_net"; "virtio_pci" ] in + "virtio_scsi"; "virtio_net"; "virtio_pci"; "xts" ] in if modules <> [] then modules else (* Fallback copied from old virt-v2v. XXX Why not "ide"? *) -- 2.19.1.3.g30247aa5d201
Richard W.M. Jones
2022-Feb-24 10:48 UTC
[Libguestfs] [v2v PATCH] convert_linux: include the "xts" module in the initrd
On Wed, Feb 23, 2022 at 05:23:08PM +0100, Laszlo Ersek wrote:> The conversion may change the CPU model of the domain, which in turn can > lead to the disappearance of various CPU flags/features, such as "aes" > (the AES-NI instruction set). > > In RHEL7, the hw-accelerated AES module "aesni_intel" does not depend on > the "xts" module, whereas the built-in, non-accelerated AES module does > depend on the (external) "xts" module. > > As a result of the conversion, the target domain may therefore become > dependent on the "xts" module, for decrypting LUKS block devices that > employ the "aes-xts-plain64" cipher (which is the default LUKS cipher > nowadays). When dracut runs in the appliance (in my case: > dracut-055-6.fc35.x86_64), it does not seem to notice this dependency. > Thus we need to explicitly include "xts" in the rebuilt initrd, if the > original kernel provides that module. > > https://bugzilla.redhat.com/show_bug.cgi?id=1658126 > Signed-off-by: Laszlo Ersek <lersek at redhat.com> > --- > convert/convert_linux.ml | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml > index 45ce069ad9bf..116d9e06f792 100644 > --- a/convert/convert_linux.ml > +++ b/convert/convert_linux.ml > @@ -595,6 +595,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ > | None -> () > | Some initrd -> > (* Enable the basic virtio modules in the kernel. *) > + (* Also forcibly include the "xts" module; see RHBZ#1658126. *) > let modules > let modules > (* The order of modules here is deliberately the same as the > @@ -605,7 +606,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ > *) > List.filter (fun m -> List.mem m kernel.ki_modules) > [ "virtio"; "virtio_ring"; "virtio_blk"; > - "virtio_scsi"; "virtio_net"; "virtio_pci" ] in > + "virtio_scsi"; "virtio_net"; "virtio_pci"; "xts" ] in > if modules <> [] then modules > else > (* Fallback copied from old virt-v2v. XXX Why not "ide"? *) > -- > 2.19.1.3.g30247aa5d201ACK (-ed already) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v