[Libguestfs] [v2v PATCH] convert_linux: include the "xts" module in the initrd
Laszlo Ersek
lersek at redhat.com
Wed Feb 23 16:23:08 UTC 2022
The conversion may change the CPU model of the domain, which in turn can
lead to the disappearance of various CPU flags/features, such as "aes"
(the AES-NI instruction set).
In RHEL7, the hw-accelerated AES module "aesni_intel" does not depend on
the "xts" module, whereas the built-in, non-accelerated AES module does
depend on the (external) "xts" module.
As a result of the conversion, the target domain may therefore become
dependent on the "xts" module, for decrypting LUKS block devices that
employ the "aes-xts-plain64" cipher (which is the default LUKS cipher
nowadays). When dracut runs in the appliance (in my case:
dracut-055-6.fc35.x86_64), it does not seem to notice this dependency.
Thus we need to explicitly include "xts" in the rebuilt initrd, if the
original kernel provides that module.
https://bugzilla.redhat.com/show_bug.cgi?id=1658126
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
convert/convert_linux.ml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index 45ce069ad9bf..116d9e06f792 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -595,6 +595,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
| None -> ()
| Some initrd ->
(* Enable the basic virtio modules in the kernel. *)
+ (* Also forcibly include the "xts" module; see RHBZ#1658126. *)
let modules =
let modules =
(* The order of modules here is deliberately the same as the
@@ -605,7 +606,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
*)
List.filter (fun m -> List.mem m kernel.ki_modules)
[ "virtio"; "virtio_ring"; "virtio_blk";
- "virtio_scsi"; "virtio_net"; "virtio_pci" ] in
+ "virtio_scsi"; "virtio_net"; "virtio_pci"; "xts" ] in
if modules <> [] then modules
else
(* Fallback copied from old virt-v2v. XXX Why not "ide"? *)
--
2.19.1.3.g30247aa5d201
More information about the Libguestfs
mailing list