2 * Copyright (C) 2009 Red Hat Inc.
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 #define _BSD_SOURCE /* for mkdtemp, usleep */
22 #define _GNU_SOURCE /* for vasprintf, GNU strerror_r */
32 #include <sys/select.h>
33 #include <rpc/types.h>
40 #ifdef HAVE_SYS_TYPES_H
41 #include <sys/types.h>
44 #ifdef HAVE_SYS_WAIT_H
48 #ifdef HAVE_SYS_SOCKET_H
49 #include <sys/socket.h>
58 static void error (guestfs_h *g, const char *fs, ...);
59 static void perrorf (guestfs_h *g, const char *fs, ...);
60 static void *safe_malloc (guestfs_h *g, int nbytes);
61 static void *safe_realloc (guestfs_h *g, void *ptr, int nbytes);
62 static char *safe_strdup (guestfs_h *g, const char *str);
64 static void default_error_cb (guestfs_h *g, void *data, const char *msg);
65 static void stdout_event (void *data, int watch, int fd, int events);
66 static void sock_read_event (void *data, int watch, int fd, int events);
67 //static void sock_write_event (void *data, int watch, int fd, int events);
69 static int select_add_handle (guestfs_h *g, int fd, int events, guestfs_handle_event_cb cb, void *data);
70 static int select_remove_handle (guestfs_h *g, int watch);
71 static int select_add_timeout (guestfs_h *g, int interval, guestfs_handle_timeout_cb cb, void *data);
72 static int select_remove_timeout (guestfs_h *g, int timer);
73 static void select_main_loop_run (guestfs_h *g);
74 static void select_main_loop_quit (guestfs_h *g);
76 #define UNIX_PATH_MAX 108
78 /* Also in guestfsd.c */
79 #define VMCHANNEL_PORT 6666
80 #define VMCHANNEL_ADDR "10.0.2.4"
82 /* Current main loop. */
83 static guestfs_main_loop main_loop = {
84 .add_handle = select_add_handle,
85 .remove_handle = select_remove_handle,
86 .add_timeout = select_add_timeout,
87 .remove_timeout = select_remove_timeout,
88 .main_loop_run = select_main_loop_run,
89 .main_loop_quit = select_main_loop_quit,
92 /* GuestFS handle and connection. */
93 enum state { CONFIG, LAUNCHING, READY, BUSY, NO_HANDLE };
97 /* State: see the state machine diagram in the man page guestfs(3). */
100 int fd[2]; /* Stdin/stdout of qemu. */
101 int sock; /* Daemon communications socket. */
102 int pid; /* Qemu PID. */
103 time_t start_t; /* The time when we started qemu. */
105 int stdout_watch; /* Watches qemu stdout for log messages. */
106 int sock_watch; /* Watches daemon comm socket. */
108 char *tmpdir; /* Temporary directory containing socket. */
110 char **cmdline; /* Qemu command line. */
116 guestfs_abort_cb abort_cb;
117 guestfs_error_handler_cb error_cb;
118 void * error_cb_data;
119 guestfs_reply_cb reply_cb;
120 void * reply_cb_data;
121 guestfs_log_message_cb log_message_cb;
122 void * log_message_cb_data;
123 guestfs_subprocess_quit_cb subprocess_quit_cb;
124 void * subprocess_quit_cb_data;
125 guestfs_launch_done_cb launch_done_cb;
126 void * launch_done_cb_data;
128 /* These callbacks are called before reply_cb and launch_done_cb,
129 * and are used to implement the high-level API without needing to
130 * interfere with callbacks that the user might have set.
132 guestfs_reply_cb reply_cb_internal;
133 void * reply_cb_internal_data;
134 guestfs_launch_done_cb launch_done_cb_internal;
135 void * launch_done_cb_internal_data;
137 /* Messages sent and received from the daemon. */
139 int msg_in_size, msg_in_allocated;
145 guestfs_create (void)
150 g = malloc (sizeof (*g));
153 memset (g, 0, sizeof (*g));
160 g->stdout_watch = -1;
164 g->error_cb = default_error_cb;
165 g->error_cb_data = NULL;
167 str = getenv ("LIBGUESTFS_DEBUG");
168 g->verbose = str != NULL && strcmp (str, "1") == 0;
174 guestfs_close (guestfs_h *g)
179 if (g->state == NO_HANDLE) {
180 /* Not safe to call 'error' here, so ... */
181 fprintf (stderr, "guestfs_close: called twice on the same handle\n");
185 /* Remove any handlers that might be called back before we kill the
188 g->log_message_cb = NULL;
190 if (g->state != CONFIG)
191 guestfs_kill_subprocess (g);
194 snprintf (filename, sizeof filename, "%s/sock", g->tmpdir);
203 for (i = 0; i < g->cmdline_size; ++i)
204 free (g->cmdline[i]);
208 /* Mark the handle as dead before freeing it. */
209 g->state = NO_HANDLE;
215 default_error_cb (guestfs_h *g, void *data, const char *msg)
217 fprintf (stderr, "libguestfs: error: %s\n", msg);
221 error (guestfs_h *g, const char *fs, ...)
226 if (!g->error_cb) return;
229 vasprintf (&msg, fs, args);
232 g->error_cb (g, g->error_cb_data, msg);
238 perrorf (guestfs_h *g, const char *fs, ...)
244 if (!g->error_cb) return;
247 vasprintf (&msg, fs, args);
252 strerror_r (err, buf, sizeof buf);
256 buf = strerror_r (err, _buf, sizeof _buf);
259 msg = safe_realloc (g, msg, strlen (msg) + 2 + strlen (buf) + 1);
263 g->error_cb (g, g->error_cb_data, msg);
269 safe_malloc (guestfs_h *g, int nbytes)
271 void *ptr = malloc (nbytes);
272 if (!ptr) g->abort_cb ();
277 safe_realloc (guestfs_h *g, void *ptr, int nbytes)
279 void *p = realloc (ptr, nbytes);
280 if (!p) g->abort_cb ();
285 safe_strdup (guestfs_h *g, const char *str)
287 char *s = strdup (str);
288 if (!s) g->abort_cb ();
293 guestfs_set_out_of_memory_handler (guestfs_h *g, guestfs_abort_cb cb)
299 guestfs_get_out_of_memory_handler (guestfs_h *g)
305 guestfs_set_error_handler (guestfs_h *g, guestfs_error_handler_cb cb, void *data)
308 g->error_cb_data = data;
311 guestfs_error_handler_cb
312 guestfs_get_error_handler (guestfs_h *g, void **data_rtn)
314 if (data_rtn) *data_rtn = g->error_cb_data;
319 guestfs_set_verbose (guestfs_h *g, int v)
325 guestfs_get_verbose (guestfs_h *g)
330 /* Add a string to the current command line. */
332 incr_cmdline_size (guestfs_h *g)
334 if (g->cmdline == NULL) {
335 /* g->cmdline[0] is reserved for argv[0], set in guestfs_launch. */
337 g->cmdline = safe_malloc (g, sizeof (char *));
338 g->cmdline[0] = NULL;
342 g->cmdline = safe_realloc (g, g->cmdline, sizeof (char *) * g->cmdline_size);
346 add_cmdline (guestfs_h *g, const char *str)
348 if (g->state != CONFIG) {
349 error (g, "command line cannot be altered after qemu subprocess launched");
353 incr_cmdline_size (g);
354 g->cmdline[g->cmdline_size-1] = safe_strdup (g, str);
359 guestfs_config (guestfs_h *g,
360 const char *qemu_param, const char *qemu_value)
362 if (qemu_param[0] != '-') {
363 error (g, "guestfs_config: parameter must begin with '-' character");
367 /* A bit fascist, but the user will probably break the extra
368 * parameters that we add if they try to set any of these.
370 if (strcmp (qemu_param, "-kernel") == 0 ||
371 strcmp (qemu_param, "-initrd") == 0 ||
372 strcmp (qemu_param, "-nographic") == 0 ||
373 strcmp (qemu_param, "-serial") == 0 ||
374 strcmp (qemu_param, "-vnc") == 0 ||
375 strcmp (qemu_param, "-full-screen") == 0 ||
376 strcmp (qemu_param, "-std-vga") == 0 ||
377 strcmp (qemu_param, "-vnc") == 0) {
378 error (g, "guestfs_config: parameter '%s' isn't allowed", qemu_param);
382 if (add_cmdline (g, qemu_param) != 0) return -1;
384 if (qemu_value != NULL) {
385 if (add_cmdline (g, qemu_value) != 0) return -1;
392 guestfs_add_drive (guestfs_h *g, const char *filename)
394 int len = strlen (filename) + 64;
397 if (strchr (filename, ',') != NULL) {
398 error (g, "filename cannot contain ',' (comma) character");
402 snprintf (buf, len, "file=%s", filename);
404 return guestfs_config (g, "-drive", buf);
408 guestfs_add_cdrom (guestfs_h *g, const char *filename)
410 if (strchr (filename, ',') != NULL) {
411 error (g, "filename cannot contain ',' (comma) character");
415 return guestfs_config (g, "-cdrom", filename);
419 guestfs_launch (guestfs_h *g)
421 static const char *dir_template = "/tmp/libguestfsXXXXXX";
425 /*const char *qemu = QEMU;*/ /* XXX */
426 const char *qemu = "/usr/bin/qemu-system-x86_64";
427 const char *kernel = "vmlinuz.fedora-10.x86_64";
428 const char *initrd = "initramfs.fedora-10.x86_64.img";
430 struct sockaddr_un addr;
432 /* XXX Choose which qemu to run. */
433 /* XXX Choose initrd, etc. */
437 error (g, "you must call guestfs_add_drive before guestfs_launch");
441 if (g->state != CONFIG) {
442 error (g, "qemu has already been launched");
446 /* Make the temporary directory containing the socket. */
448 g->tmpdir = safe_strdup (g, dir_template);
449 if (mkdtemp (g->tmpdir) == NULL) {
450 perrorf (g, "%s: cannot create temporary directory", dir_template);
455 snprintf (unixsock, sizeof unixsock, "%s/sock", g->tmpdir);
458 if (pipe (wfd) == -1 || pipe (rfd) == -1) {
473 if (r == 0) { /* Child (qemu). */
477 /* Set up the full command line. Do this in the subprocess so we
478 * don't need to worry about cleaning up.
480 g->cmdline[0] = (char *) qemu;
482 /* Construct the -net channel parameter for qemu. */
483 snprintf (vmchannel, sizeof vmchannel,
484 "channel,%d:unix:%s,server,nowait",
485 VMCHANNEL_PORT, unixsock);
487 /* Linux kernel command line. */
488 snprintf (append, sizeof append,
489 "console=ttyS0 guestfs=%s:%d", VMCHANNEL_ADDR, VMCHANNEL_PORT);
491 add_cmdline (g, "-m");
492 add_cmdline (g, "384"); /* XXX Choose best size. */
493 add_cmdline (g, "-kernel");
494 add_cmdline (g, (char *) kernel);
495 add_cmdline (g, "-initrd");
496 add_cmdline (g, (char *) initrd);
497 add_cmdline (g, "-append");
498 add_cmdline (g, append);
499 add_cmdline (g, "-nographic");
500 add_cmdline (g, "-serial");
501 add_cmdline (g, "stdio");
502 add_cmdline (g, "-net");
503 add_cmdline (g, vmchannel);
504 add_cmdline (g, "-net");
505 add_cmdline (g, "user,vlan=0");
506 add_cmdline (g, "-net");
507 add_cmdline (g, "nic,vlan=0");
508 incr_cmdline_size (g);
509 g->cmdline[g->cmdline_size-1] = NULL;
512 fprintf (stderr, "%s", qemu);
513 for (i = 0; g->cmdline[i]; ++i)
514 fprintf (stderr, " %s", g->cmdline[i]);
515 fprintf (stderr, "\n");
518 /* Set up stdin, stdout. */
527 /* Set up a new process group, so we can signal this process
528 * and all subprocesses (eg. if qemu is really a shell script).
533 execv (qemu, g->cmdline); /* Run qemu. */
538 /* Parent (library). */
541 /* Start the clock ... */
544 /* Close the other ends of the pipe. */
548 if (fcntl (wfd[1], F_SETFL, O_NONBLOCK) == -1 ||
549 fcntl (rfd[0], F_SETFL, O_NONBLOCK) == -1) {
550 perrorf (g, "fcntl");
554 g->fd[0] = wfd[1]; /* stdin of child */
555 g->fd[1] = rfd[0]; /* stdout of child */
557 /* Open the Unix socket. The vmchannel implementation that got
558 * merged with qemu sucks in a number of ways. Both ends do
559 * connect(2), which means that no one knows what, if anything, is
560 * connected to the other end, or if it becomes disconnected. Even
561 * worse, we have to wait some indeterminate time for qemu to create
562 * the socket and connect to it (which happens very early in qemu's
563 * start-up), so any code that uses vmchannel is inherently racy.
564 * Hence this silly loop.
566 g->sock = socket (AF_UNIX, SOCK_STREAM, 0);
568 perrorf (g, "socket");
572 if (fcntl (g->sock, F_SETFL, O_NONBLOCK) == -1) {
573 perrorf (g, "fcntl");
577 addr.sun_family = AF_UNIX;
578 strncpy (addr.sun_path, unixsock, UNIX_PATH_MAX);
579 addr.sun_path[UNIX_PATH_MAX-1] = '\0';
583 /* Always sleep at least once to give qemu a small chance to start up. */
586 r = connect (g->sock, (struct sockaddr *) &addr, sizeof addr);
587 if ((r == -1 && errno == EINPROGRESS) || r == 0)
590 perrorf (g, "connect");
594 error (g, "failed to connect to vmchannel socket");
598 /* Watch the file descriptors. */
601 g->msg_in_size = g->msg_in_allocated = 0;
608 main_loop.add_handle (g, g->fd[1],
609 GUESTFS_HANDLE_READABLE,
611 if (g->stdout_watch == -1) {
612 error (g, "could not watch qemu stdout");
617 main_loop.add_handle (g, g->sock,
618 GUESTFS_HANDLE_READABLE |
619 GUESTFS_HANDLE_HANGUP |
620 GUESTFS_HANDLE_ERROR,
622 if (g->sock_watch == -1) {
623 error (g, "could not watch daemon communications socket");
627 g->state = LAUNCHING;
631 if (g->stdout_watch >= 0)
632 main_loop.remove_handle (g, g->stdout_watch);
633 if (g->sock_watch >= 0)
634 main_loop.remove_handle (g, g->sock_watch);
643 waitpid (g->pid, NULL, 0);
649 g->stdout_watch = -1;
655 finish_wait_ready (guestfs_h *g, void *vp)
658 main_loop.main_loop_quit (g);
662 guestfs_wait_ready (guestfs_h *g)
666 if (g->state == READY) return 0;
668 if (g->state == BUSY) {
669 error (g, "qemu has finished launching already");
673 if (g->state != LAUNCHING) {
674 error (g, "qemu has not been launched yet");
678 g->launch_done_cb_internal = finish_wait_ready;
679 g->launch_done_cb_internal_data = &r;
680 main_loop.main_loop_run (g);
681 g->launch_done_cb_internal = NULL;
682 g->launch_done_cb_internal_data = NULL;
685 error (g, "guestfs_wait_ready failed, see earlier error messages");
689 /* This is possible in some really strange situations, such as
690 * guestfsd starts up OK but then qemu immediately exits. Check for
691 * it because the caller is probably expecting to be able to send
692 * commands after this function returns.
694 if (g->state != READY) {
695 error (g, "qemu launched and contacted daemon, but state != READY");
703 guestfs_kill_subprocess (guestfs_h *g)
705 if (g->state == CONFIG) {
706 error (g, "no subprocess to kill");
711 fprintf (stderr, "sending SIGTERM to process group %d\n", g->pid);
713 kill (g->pid, SIGTERM);
718 /* This function is called whenever qemu prints something on stdout.
719 * Qemu's stdout is also connected to the guest's serial console, so
720 * we see kernel messages here too.
723 stdout_event (void *data, int watch, int fd, int events)
725 guestfs_h *g = (guestfs_h *) data;
732 "stdout_event: %p g->state = %d, fd = %d, events = 0x%x\n",
733 g, g->state, fd, events);
736 if (g->fd[1] != fd) {
737 error (g, "stdout_event: internal error: %d != %d", g->fd[1], fd);
741 n = read (fd, buf, sizeof buf);
743 /* Hopefully this indicates the qemu child process has died. */
745 fprintf (stderr, "stdout_event: %p: child process died\n", g);
746 /*kill (g->pid, SIGTERM);*/
747 waitpid (g->pid, NULL, 0);
748 if (g->stdout_watch >= 0)
749 main_loop.remove_handle (g, g->stdout_watch);
750 if (g->sock_watch >= 0)
751 main_loop.remove_handle (g, g->sock_watch);
760 g->stdout_watch = -1;
763 if (g->subprocess_quit_cb)
764 g->subprocess_quit_cb (g, g->subprocess_quit_cb_data);
774 /* In verbose mode, copy all log messages to stderr. */
778 /* It's an actual log message, send it upwards if anyone is listening. */
779 if (g->log_message_cb)
780 g->log_message_cb (g, g->log_message_cb_data, buf, n);
783 /* The function is called whenever we can read something on the
784 * guestfsd (daemon inside the guest) communication socket.
787 sock_read_event (void *data, int watch, int fd, int events)
789 guestfs_h *g = (guestfs_h *) data;
796 "sock_event: %p g->state = %d, fd = %d, events = 0x%x\n",
797 g, g->state, fd, events);
800 error (g, "sock_read_event: internal error: %d != %d", g->sock, fd);
804 if (g->msg_in_size <= g->msg_in_allocated) {
805 g->msg_in_allocated += 4096;
806 g->msg_in = safe_realloc (g, g->msg_in, g->msg_in_allocated);
808 n = read (g->sock, g->msg_in + g->msg_in_size,
809 g->msg_in_allocated - g->msg_in_size);
811 /* Disconnected? Ignore it because stdout_watch will get called
812 * and will do the cleanup.
824 /* Have we got enough of a message to be able to process it yet? */
825 if (g->msg_in_size < 4) return;
827 xdrmem_create (&xdr, g->msg_in, g->msg_in_size, XDR_DECODE);
828 if (!xdr_uint32_t (&xdr, &len)) {
829 error (g, "can't decode length word");
833 /* Length is normally the length of the message, but when guestfsd
834 * starts up it sends a "magic" value (longer than any possible
835 * message). Check for this.
837 if (len == 0xf5f55ff5) {
838 if (g->state != LAUNCHING)
839 error (g, "received magic signature from guestfsd, but in state %d",
841 else if (g->msg_in_size != 4)
842 error (g, "received magic signature from guestfsd, but msg size is %d",
846 if (g->launch_done_cb_internal)
847 g->launch_done_cb_internal (g, g->launch_done_cb_internal_data);
848 if (g->launch_done_cb)
849 g->launch_done_cb (g, g->launch_done_cb_data);
855 if (g->msg_in_size < len) return; /* Need more of this message. */
857 /* This should not happen, and if it does it probably means we've
858 * lost all hope of synchronization.
860 if (g->msg_in_size > len) {
861 error (g, "len = %d, but msg_in_size = %d", len, g->msg_in_size);
865 /* Not in the expected state. */
866 if (g->state != BUSY)
867 error (g, "state %d != BUSY", g->state);
869 /* Push the message up to the higher layer. Note that unlike
870 * launch_done_cb / launch_done_cb_internal, we only call at
871 * most one of the callback functions here.
874 if (g->reply_cb_internal)
875 g->reply_cb_internal (g, g->reply_cb_internal_data, &xdr);
876 else if (g->reply_cb)
877 g->reply_cb (g, g->reply_cb, &xdr);
880 /* Free the message buffer if it's grown excessively large. */
881 if (g->msg_in_allocated > 65536) {
884 g->msg_in_size = g->msg_in_allocated = 0;
891 /* This is the default main loop implementation, using select(2). */
893 struct handle_cb_data {
894 guestfs_handle_event_cb cb;
901 static int select_init_done = 0;
902 static int max_fd = -1;
903 static int nr_fds = 0;
904 static struct handle_cb_data *handle_cb_data = NULL;
909 if (!select_init_done) {
914 select_init_done = 1;
919 select_add_handle (guestfs_h *g, int fd, int events,
920 guestfs_handle_event_cb cb, void *data)
924 if (fd < 0 || fd >= FD_SETSIZE) {
925 error (g, "fd %d is out of range", fd);
929 if ((events & ~(GUESTFS_HANDLE_READABLE |
930 GUESTFS_HANDLE_WRITABLE |
931 GUESTFS_HANDLE_HANGUP |
932 GUESTFS_HANDLE_ERROR)) != 0) {
933 error (g, "set of events (0x%x) contains unknown events", events);
938 error (g, "set of events is empty");
942 if (FD_ISSET (fd, &rset) || FD_ISSET (fd, &wset) || FD_ISSET (fd, &xset)) {
943 error (g, "fd %d is already registered", fd);
948 error (g, "callback is NULL");
952 if ((events & GUESTFS_HANDLE_READABLE))
954 if ((events & GUESTFS_HANDLE_WRITABLE))
956 if ((events & GUESTFS_HANDLE_HANGUP) || (events & GUESTFS_HANDLE_ERROR))
961 handle_cb_data = safe_realloc (g, handle_cb_data,
962 sizeof (struct handle_cb_data) * (max_fd+1));
964 handle_cb_data[fd].cb = cb;
965 handle_cb_data[fd].data = data;
969 /* Any integer >= 0 can be the handle, and this is as good as any ... */
974 select_remove_handle (guestfs_h *g, int fd)
978 if (fd < 0 || fd >= FD_SETSIZE) {
979 error (g, "fd %d is out of range", fd);
983 if (!FD_ISSET (fd, &rset) && !FD_ISSET (fd, &wset) && !FD_ISSET (fd, &xset)) {
984 error (g, "fd %d was not registered", fd);
994 handle_cb_data = safe_realloc (g, handle_cb_data,
995 sizeof (struct handle_cb_data) * (max_fd+1));
1004 select_add_timeout (guestfs_h *g, int interval,
1005 guestfs_handle_timeout_cb cb, void *data)
1009 abort (); /* XXX not implemented yet */
1013 select_remove_timeout (guestfs_h *g, int timer)
1017 abort (); /* XXX not implemented yet */
1020 /* Note that main loops can be nested. */
1021 static int level = 0;
1024 select_main_loop_run (guestfs_h *g)
1026 int old_level, fd, r, events;
1027 fd_set rset2, wset2, xset2;
1031 old_level = level++;
1032 while (level > old_level) {
1041 r = select (max_fd+1, &rset2, &wset2, &xset2, NULL);
1043 perrorf (g, "select");
1048 for (fd = 0; r > 0 && fd <= max_fd; ++fd) {
1050 if (FD_ISSET (fd, &rset2))
1051 events |= GUESTFS_HANDLE_READABLE;
1052 if (FD_ISSET (fd, &wset2))
1053 events |= GUESTFS_HANDLE_WRITABLE;
1054 if (FD_ISSET (fd, &xset2))
1055 events |= GUESTFS_HANDLE_ERROR | GUESTFS_HANDLE_HANGUP;
1058 handle_cb_data[fd].cb (handle_cb_data[fd].data,
1066 select_main_loop_quit (guestfs_h *g)
1071 error (g, "cannot quit, we are not in a main loop");