kFreeBSD for Xen (and related lintian stuff)


I soon plan to set up kFreeBSD virtual machines on a new Xen host, so
I've been researching this.  In case anyone else is confused by this:

* the kFreeBSD "xen" flavour is only intended for 'fully
paravirtualised' hosts without HVM capability;  upstream support this as
a 686-pae guest only which is why it's only built for kfreebsd-i386.

* the 686(-smp) and amd64 flavours should work fine as-is on an
HVM-capable Xen host;  performance would be better by rebuilding with
extra options from upstream's XENHVM configurations;  these add drivers
for optional paravirtualised disk/net devices, and Xen PCI passthrough,
and also set the NO_ADAPTIVE_* options as an optimisation.

I then noticed the lintian errors for kfreebsd-image-8.2-1-xen.

Unlike for the other kFreeBSD flavours, the xen.config includes
upstream's own XEN config file rather than being a copy of it.  In the
included file is 'DEBUG=-g', which results in a kernel.symbols file
being generated.  Lintian flags the file as an
'unstripped-binary-or-object' and also (presumably a false detection) as

A -DWITHOUT_KERNEL_SYMBOLS was added to both kfreebsd-8 and kfreebsd-9.
possibly as a workaround for this.

This issue didn't seem to happen anyway in kfreebsd-9 because of a
kmod.mk change (actually, I think setting WITHOUT_KERNEL_SYMBOLS to some
value other than 'no' will cause the issue to recur...).

> .if defined(DEBUG_FLAGS) && !defined(INSTALL_NODEBUG) && \
>     (defined(MK_KERNEL_SYMBOLS) && ${MK_KERNEL_SYMBOLS} != "no")
>         ${INSTALL} -o ${KMODOWN} -g ${KMODGRP} -m ${KMODMODE} \
>             ${_INSTALLFLAGS} ${PROG}.symbols ${DESTDIR}${KMODDIR}
> .endif

The kfreebsd-8 8.2/8.3 xen binary packages contain no kernel modules.

The upstream XEN config file contains MODULES_OVERRIDE="", causing no
modules to be built at all for the "xen" flavour.  I don't see a reason
to disable all modules like that, because some would be still useful.

This was fixed in kfreebsd-9 by replacing that with a
WITHOUT_MODULES="..." list of some 'real hardware' drivers that are not
of use to a fully paravirtualised guest.

The "xen" flavour of both kernel series has WITNESS and WITNESS_SKIPSPIN
options enabled which I think are supposed to be turned off for release
builds.  A kernel message at boot time will warn about the incurred
performance hit, and a few online references specifically advise
commenting out those options for Xen guests.

Once I have my Xen host system (hopefully tomorrow) I should be able to
properly test and provide diffs to fix some of the above issues.

Steven Chamberlain

