Build xen-hypervisor 4.10 / 4.11 and xen-tools on Ubuntu 16.04 or 18.04 for PVH

Posted by kelly on Thu, 02/08/2018 - 15:05

Ubuntu 16.04 comes with xen-hypervisor 4.6, the next LTS-version Ubuntu 18.04 ships xen 4.9. Updates for meltdown ("Xen PTI") will be published for versions 4.6 and newer, but PVH will only published for xen 4.8 and 4.10. See XSA-254.

To protect your system with PVH against meltdown you have to build your xen-hypervisor from source.

This howto based on this official howto.

Xen-Hypervisor

Install requirements for build

Your Ubuntu must run with HWE-Kernel (linux-generic-hwe-16.04) for Linux 4.11 or newer kernel.

For Ubuntu 16.04:

apt-get install build-essential
apt-get install bcc bin86 gawk bridge-utils iproute libcurl3 libcurl4-openssl-dev bzip2 module-init-tools transfig tgif 
apt-get install texinfo texlive-latex-base texlive-latex-recommended texlive-fonts-extra texlive-fonts-recommended pciutils-dev mercurial
apt-get install make gcc libc6-dev zlib1g-dev python python-dev python-twisted libncurses5-dev patch libvncserver-dev libsdl-dev libjpeg-dev
apt-get install libnl-route-3-200 libnl-3-dev libnl-cli-3-dev libnl-genl-3-dev libnl-route-3-dev
apt-get install iasl libbz2-dev e2fslibs-dev git-core uuid-dev ocaml ocaml-findlib libx11-dev bison flex xz-utils libyajl-dev
apt-get install gettext libpixman-1-dev libaio-dev markdown pandoc
 
apt-get install libc6-dev-i386
apt-get install lzma lzma-dev liblzma-dev
apt-get install libsystemd-dev

For Ubuntu 18.04:

apt-get install build-essential
apt-get install bcc bin86 gawk bridge-utils iproute2 libcurl4 libcurl4-openssl-dev bzip2 module-init-tools transfig tgif
apt-get install texinfo texlive-latex-base texlive-latex-recommended texlive-fonts-extra texlive-fonts-recommended pciutils-dev mercurial
apt-get install make gcc libc6-dev zlib1g-dev python python-dev python-twisted libncurses5-dev patch libvncserver-dev libsdl-dev libjpeg-dev
apt-get install libnl-route-3-200 libnl-3-dev libnl-cli-3-dev libnl-genl-3-dev libnl-route-3-dev
apt-get install iasl libbz2-dev e2fslibs-dev git-core uuid-dev ocaml ocaml-findlib libx11-dev bison flex xz-utils libyajl-dev
apt-get install gettext libpixman-1-dev libaio-dev markdown pandoc
 
apt-get install libc6-dev-i386
apt-get install lzma lzma-dev liblzma-dev
apt-get install libsystemd-dev

Download and prepare and make

Ubuntu 16.04

We will use the stable version 4.10. xen-hypervisor 4.10 brings the new guest-type "pvh" baremetal.

git clone git://xenbits.xen.org/xen.git
cd xen
git checkout origin/stable-4.10

Ubuntu 18.04

We will use stable version 4.11 due to a bug to qemu-xen and newer libc - in a few days this commits will be available for stable-4.10 either (thanks to Anthony Perard for quick response - 2018-06-29).

git clone git://xenbits.xen.org/xen.git
cd xen
git checkout origin/stable-4.11

Configure and make

Ubuntu uses systemd:

./configure --enable-systemd

For first make use:

make dist

For new make use make world (same like make clean && make dist).

Get a coffee now.

Install

The install-files are in /dist/install. And you will find an install-script in dist/install.sh. Dont use this script! It will breaks your /var/run-folder.

You can copy the files via cp -a or rsync in your system. Or you may use make debball and install the package from file (I didnt try).

Post-Install

After copying the files you will do some changes in your system:

Reload dynamic libraries:

/sbin/ldconfig

Grub-Settings:

mkdir -p /etc/default/grub.d

Create /etc/default/grub.d/xen.cfg:

vi /etc/default/grub.d/xen.cfg
GRUB_DISABLE_OS_PROBER=true
GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=2560M,max:2560M"
GRUB_DEFAULT="Ubuntu GNU/Linux, mit Xen-Hypervisor"

Be careful! The last settings depends on your system-language! For english use: "Ubuntu GNU/Linux, with Xen hypervisor" - Ubuntu 18.04 does not use the german translation!

You have to update grub:

update-grub

Enable systemd-files:

In the current version is a bug and xendomains.service and /etc/init.d/xendomains are created both. To use systemd you have to remove /etc/init.d/xendomains

rm /etc/init.d/xendomains

 

systemctl enable xen-qemu-dom0-disk-backend.service
systemctl enable xen-init-dom0.service
systemctl enable xenconsoled.service
systemctl enable xenstored.service
systemctl enable xendomains.service

Optional you can enable xen-watchdog.service

systemctl enable xen-watchdog.service

Configure xen

Configure xen for your needs.

xen-tools

For creating new VMs you can use xen-tools. Unfortunately you cannot use the ubuntu-package because it requires xen-hypervisor. So we build from source.

Install requirements for build

apt install lvm2 debootstrap libconfig-inifiles-perl libdata-validate-domain-perl libdata-validate-ip-perl libdata-validate-uri-perl libfile-slurp-perl libfile-which-perl libsort-versions-perl libterm-ui-perl libtext-template-perl openssh-client perl debian-archive-keyring rinse libtest-notabs-perl

Download and prepare and make

git clone https://github.com/xen-tools/xen-tools.git
cd xen-tools
make install

You can ignore the warning about loop-module because in Ubuntu 16.04 loop is compliled into the kernel and the default value for max_loop is 0 (see /sys/module/loop/parameters/max_loop).

If you want only the install-files (e.g. for build you own package), you can edit the Makefile and manually set the variable DESTDIR before make install.

Configure xen-tools

Configure xen-tools for your needs.

 

Reboot

After reboot you have your Ubuntu 16.04 on xen-hypervisor 4.10.

Test:

xentop

Settings for PVH

For PVH you have to use Linux 4.11 or newer (e.g. HWE-Kernel) in guest:

apt install linux-virtual-hwe-16.04 linux-tools-virtual-hwe-16.04

Then you can use:

bootloader = '/usr/local/bin/pygrub'
type="pvh"

If you have an old kernel in your guest-system, you have to boot from dom0-kernel with this settings:

type="pvh"
kernel='/vmlinuz'
ramdisk="/initrd.img"

 

Systems
Server