[Libguestfs] [v2v PATCH] convert_linux: include the "xts" module in the initrd

Richard W.M. Jones rjones at redhat.com
Thu Feb 24 10:48:22 UTC 2022 

On Wed, Feb 23, 2022 at 05:23:08PM +0100, Laszlo Ersek wrote:
> The conversion may change the CPU model of the domain, which in turn can
> lead to the disappearance of various CPU flags/features, such as "aes"
> (the AES-NI instruction set).
> 
> In RHEL7, the hw-accelerated AES module "aesni_intel" does not depend on
> the "xts" module, whereas the built-in, non-accelerated AES module does
> depend on the (external) "xts" module.
> 
> As a result of the conversion, the target domain may therefore become
> dependent on the "xts" module, for decrypting LUKS block devices that
> employ the "aes-xts-plain64" cipher (which is the default LUKS cipher
> nowadays). When dracut runs in the appliance (in my case:
> dracut-055-6.fc35.x86_64), it does not seem to notice this dependency.
> Thus we need to explicitly include "xts" in the rebuilt initrd, if the
> original kernel provides that module.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1658126
> Signed-off-by: Laszlo Ersek <lersek at redhat.com>
> ---
>  convert/convert_linux.ml | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
> index 45ce069ad9bf..116d9e06f792 100644
> --- a/convert/convert_linux.ml
> +++ b/convert/convert_linux.ml
> @@ -595,6 +595,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
>      | None -> ()
>      | Some initrd ->
>        (* Enable the basic virtio modules in the kernel. *)
> +      (* Also forcibly include the "xts" module; see RHBZ#1658126. *)
>        let modules =
>          let modules =
>            (* The order of modules here is deliberately the same as the
> @@ -605,7 +606,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
>             *)
>            List.filter (fun m -> List.mem m kernel.ki_modules)
>                        [ "virtio"; "virtio_ring"; "virtio_blk";
> -                        "virtio_scsi"; "virtio_net"; "virtio_pci" ] in
> +                        "virtio_scsi"; "virtio_net"; "virtio_pci"; "xts" ] in
>          if modules <> [] then modules
>          else
>            (* Fallback copied from old virt-v2v.  XXX Why not "ide"? *)
> -- 
> 2.19.1.3.g30247aa5d201

ACK (-ed already)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

More information about the Libguestfs mailing list