2 * Copyright (C) 2009-2010 Red Hat Inc.
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 #define _BSD_SOURCE /* for mkdtemp, usleep */
34 #include <sys/select.h>
38 #include <rpc/types.h>
45 #ifdef HAVE_SYS_TYPES_H
46 #include <sys/types.h>
49 #ifdef HAVE_SYS_WAIT_H
53 #ifdef HAVE_SYS_SOCKET_H
54 #include <sys/socket.h>
61 #include <arpa/inet.h>
62 #include <netinet/in.h>
65 #include "glthread/lock.h"
66 #include "ignore-value.h"
69 #include "guestfs-internal.h"
70 #include "guestfs-internal-actions.h"
71 #include "guestfs_protocol.h"
73 static int qemu_supports (guestfs_h *g, const char *option);
75 /* Add a string to the current command line. */
77 incr_cmdline_size (guestfs_h *g)
79 if (g->cmdline == NULL) {
80 /* g->cmdline[0] is reserved for argv[0], set in guestfs_launch. */
82 g->cmdline = safe_malloc (g, sizeof (char *));
87 g->cmdline = safe_realloc (g, g->cmdline, sizeof (char *) * g->cmdline_size);
91 add_cmdline (guestfs_h *g, const char *str)
93 if (g->state != CONFIG) {
95 _("command line cannot be altered after qemu subprocess launched"));
99 incr_cmdline_size (g);
100 g->cmdline[g->cmdline_size-1] = safe_strdup (g, str);
105 guestfs__config (guestfs_h *g,
106 const char *qemu_param, const char *qemu_value)
108 if (qemu_param[0] != '-') {
109 error (g, _("guestfs_config: parameter must begin with '-' character"));
113 /* A bit fascist, but the user will probably break the extra
114 * parameters that we add if they try to set any of these.
116 if (STREQ (qemu_param, "-kernel") ||
117 STREQ (qemu_param, "-initrd") ||
118 STREQ (qemu_param, "-nographic") ||
119 STREQ (qemu_param, "-serial") ||
120 STREQ (qemu_param, "-full-screen") ||
121 STREQ (qemu_param, "-std-vga") ||
122 STREQ (qemu_param, "-vnc")) {
123 error (g, _("guestfs_config: parameter '%s' isn't allowed"), qemu_param);
127 if (add_cmdline (g, qemu_param) != 0) return -1;
129 if (qemu_value != NULL) {
130 if (add_cmdline (g, qemu_value) != 0) return -1;
137 guestfs__add_drive_with_if (guestfs_h *g, const char *filename,
138 const char *drive_if)
140 size_t len = strlen (filename) + 64;
143 if (strchr (filename, ',') != NULL) {
144 error (g, _("filename cannot contain ',' (comma) character"));
148 /* cache=off improves reliability in the event of a host crash.
150 * However this option causes qemu to try to open the file with
151 * O_DIRECT. This fails on some filesystem types (notably tmpfs).
152 * So we check if we can open the file with or without O_DIRECT,
153 * and use cache=off (or not) accordingly.
155 * This test also checks for the presence of the file, which
156 * is a documented semantic of this interface.
158 int fd = open (filename, O_RDONLY|O_DIRECT);
161 snprintf (buf, len, "file=%s,cache=off,if=%s", filename, drive_if);
163 fd = open (filename, O_RDONLY);
166 snprintf (buf, len, "file=%s,if=%s", filename, drive_if);
168 perrorf (g, "%s", filename);
173 return guestfs__config (g, "-drive", buf);
177 guestfs__add_drive_ro_with_if (guestfs_h *g, const char *filename,
178 const char *drive_if)
180 if (strchr (filename, ',') != NULL) {
181 error (g, _("filename cannot contain ',' (comma) character"));
185 if (access (filename, F_OK) == -1) {
186 perrorf (g, "%s", filename);
190 size_t len = strlen (filename) + 64;
193 snprintf (buf, len, "file=%s,snapshot=on,if=%s", filename, drive_if);
195 return guestfs__config (g, "-drive", buf);
199 guestfs__add_drive (guestfs_h *g, const char *filename)
201 return guestfs__add_drive_with_if (g, filename, DRIVE_IF);
205 guestfs__add_drive_ro (guestfs_h *g, const char *filename)
207 return guestfs__add_drive_ro_with_if (g, filename, DRIVE_IF);
211 guestfs__add_cdrom (guestfs_h *g, const char *filename)
213 if (strchr (filename, ',') != NULL) {
214 error (g, _("filename cannot contain ',' (comma) character"));
218 if (access (filename, F_OK) == -1) {
219 perrorf (g, "%s", filename);
223 return guestfs__config (g, "-cdrom", filename);
226 static int is_openable (guestfs_h *g, const char *path, int flags);
227 static void print_cmdline (guestfs_h *g);
230 guestfs__launch (guestfs_h *g)
236 struct sockaddr_un addr;
240 error (g, _("you must call guestfs_add_drive before guestfs_launch"));
244 if (g->state != CONFIG) {
245 error (g, _("the libguestfs handle has already been launched"));
249 /* Start the clock ... */
250 gettimeofday (&g->launch_t, NULL);
252 /* Make the temporary directory. */
254 const char *tmpdir = guestfs___tmpdir ();
255 char dir_template[strlen (tmpdir) + 32];
256 sprintf (dir_template, "%s/libguestfsXXXXXX", tmpdir);
258 g->tmpdir = safe_strdup (g, dir_template);
259 if (mkdtemp (g->tmpdir) == NULL) {
260 perrorf (g, _("%s: cannot create temporary directory"), dir_template);
265 /* Allow anyone to read the temporary directory. The socket in this
266 * directory won't be readable but anyone can see it exists if they
267 * want. (RHBZ#610880).
269 if (chmod (g->tmpdir, 0755) == -1)
270 fprintf (stderr, "chmod: %s: %m (ignored)\n", g->tmpdir);
272 /* Locate and/or build the appliance. */
273 char *kernel = NULL, *initrd = NULL, *appliance = NULL;
274 if (guestfs___build_appliance (g, &kernel, &initrd, &appliance) == -1)
278 guestfs___print_timestamped_message (g, "begin testing qemu features");
280 /* Get qemu help text and version. */
281 if (qemu_supports (g, NULL) == -1)
284 /* Using virtio-serial, we need to create a local Unix domain socket
285 * for qemu to connect to.
287 snprintf (unixsock, sizeof unixsock, "%s/sock", g->tmpdir);
290 g->sock = socket (AF_UNIX, SOCK_STREAM, 0);
292 perrorf (g, "socket");
296 if (fcntl (g->sock, F_SETFL, O_NONBLOCK) == -1) {
297 perrorf (g, "fcntl");
301 addr.sun_family = AF_UNIX;
302 strncpy (addr.sun_path, unixsock, UNIX_PATH_MAX);
303 addr.sun_path[UNIX_PATH_MAX-1] = '\0';
305 if (bind (g->sock, &addr, sizeof addr) == -1) {
310 if (listen (g->sock, 1) == -1) {
311 perrorf (g, "listen");
316 if (pipe (wfd) == -1 || pipe (rfd) == -1) {
323 guestfs___print_timestamped_message (g, "finished testing qemu features");
337 if (r == 0) { /* Child (qemu). */
340 /* Set up the full command line. Do this in the subprocess so we
341 * don't need to worry about cleaning up.
343 g->cmdline[0] = g->qemu;
345 /* qemu sometimes needs this option to enable hardware
346 * virtualization, but some versions of 'qemu-kvm' will use KVM
347 * regardless (even where this option appears in the help text).
348 * It is rumoured that there are versions of qemu where supplying
349 * this option when hardware virtualization is not available will
350 * cause qemu to fail, so we we have to check at least that
351 * /dev/kvm is openable. That's not reliable, since /dev/kvm
352 * might be openable by qemu but not by us (think: SELinux) in
353 * which case the user would not get hardware virtualization,
354 * although at least shouldn't fail. A giant clusterfuck with the
355 * qemu command line, again.
357 if (qemu_supports (g, "-enable-kvm") &&
358 is_openable (g, "/dev/kvm", O_RDWR))
359 add_cmdline (g, "-enable-kvm");
361 /* Newer versions of qemu (from around 2009/12) changed the
362 * behaviour of monitors so that an implicit '-monitor stdio' is
363 * assumed if we are in -nographic mode and there is no other
364 * -monitor option. Only a single stdio device is allowed, so
365 * this broke the '-serial stdio' option. There is a new flag
366 * called -nodefaults which gets rid of all this default crud, so
367 * let's use that to avoid this and any future surprises.
369 if (qemu_supports (g, "-nodefaults"))
370 add_cmdline (g, "-nodefaults");
372 add_cmdline (g, "-nographic");
374 snprintf (buf, sizeof buf, "%d", g->memsize);
375 add_cmdline (g, "-m");
376 add_cmdline (g, buf);
378 /* Force exit instead of reboot on panic */
379 add_cmdline (g, "-no-reboot");
381 /* These options recommended by KVM developers to improve reliability. */
382 if (qemu_supports (g, "-no-hpet"))
383 add_cmdline (g, "-no-hpet");
385 if (qemu_supports (g, "-rtc-td-hack"))
386 add_cmdline (g, "-rtc-td-hack");
388 /* Create the virtio serial bus. */
389 add_cmdline (g, "-device");
390 add_cmdline (g, "virtio-serial");
393 /* Use virtio-console (a variant form of virtio-serial) for the
394 * guest's serial console.
396 add_cmdline (g, "-chardev");
397 add_cmdline (g, "stdio,id=console");
398 add_cmdline (g, "-device");
399 add_cmdline (g, "virtconsole,chardev=console,name=org.libguestfs.console.0");
401 /* When the above works ... until then: */
402 add_cmdline (g, "-serial");
403 add_cmdline (g, "stdio");
406 /* Set up virtio-serial for the communications channel. */
407 add_cmdline (g, "-chardev");
408 snprintf (buf, sizeof buf, "socket,path=%s,id=channel0", unixsock);
409 add_cmdline (g, buf);
410 add_cmdline (g, "-device");
411 add_cmdline (g, "virtserialport,chardev=channel0,name=org.libguestfs.channel.0");
413 #define LINUX_CMDLINE \
414 "panic=1 " /* force kernel to panic if daemon exits */ \
415 "console=ttyS0 " /* serial console */ \
416 "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */ \
417 "noapic " /* workaround for RHBZ#502058 - ok if not SMP */ \
418 "acpi=off " /* we don't need ACPI, turn it off */ \
419 "printk.time=1 " /* display timestamp before kernel messages */ \
420 "cgroup_disable=memory " /* saves us about 5 MB of RAM */
422 /* Linux kernel command line. */
423 snprintf (buf, sizeof buf,
425 "%s " /* (selinux) */
426 "%s " /* (verbose) */
427 "TERM=%s " /* (TERM environment variable) */
429 g->selinux ? "selinux=1 enforcing=0" : "selinux=0",
430 g->verbose ? "guestfs_verbose=1" : "",
431 getenv ("TERM") ? : "linux",
432 g->append ? g->append : "");
434 add_cmdline (g, "-kernel");
435 add_cmdline (g, kernel);
436 add_cmdline (g, "-initrd");
437 add_cmdline (g, initrd);
438 add_cmdline (g, "-append");
439 add_cmdline (g, buf);
441 /* Add the ext2 appliance drive (last of all). */
443 const char *cachemode = "";
444 if (qemu_supports (g, "cache=")) {
445 if (qemu_supports (g, "unsafe"))
446 cachemode = ",cache=unsafe";
447 else if (qemu_supports (g, "writeback"))
448 cachemode = ",cache=writeback";
451 char buf2[PATH_MAX + 64];
452 add_cmdline (g, "-drive");
453 snprintf (buf2, sizeof buf2, "file=%s,snapshot=on,if=" DRIVE_IF "%s",
454 appliance, cachemode);
455 add_cmdline (g, buf2);
458 /* Finish off the command line. */
459 incr_cmdline_size (g);
460 g->cmdline[g->cmdline_size-1] = NULL;
466 /* Set up stdin, stdout. */
472 if (dup (wfd[0]) == -1) {
474 perror ("dup failed");
475 _exit (EXIT_FAILURE);
477 if (dup (rfd[1]) == -1)
485 /* Set up a new process group, so we can signal this process
486 * and all subprocesses (eg. if qemu is really a shell script).
491 setenv ("LC_ALL", "C", 1);
493 execv (g->qemu, g->cmdline); /* Run qemu. */
495 _exit (EXIT_FAILURE);
498 /* Parent (library). */
506 /* Fork the recovery process off which will kill qemu if the parent
507 * process fails to do so (eg. if the parent segfaults).
510 if (g->recovery_proc) {
513 pid_t qemu_pid = g->pid;
514 pid_t parent_pid = getppid ();
516 /* Writing to argv is hideously complicated and error prone. See:
517 * http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/ps_status.c?rev=1.33.2.1;content-type=text%2Fplain
520 /* Loop around waiting for one or both of the other processes to
521 * disappear. It's fair to say this is very hairy. The PIDs that
522 * we are looking at might be reused by another process. We are
523 * effectively polling. Is the cure worse than the disease?
526 if (kill (qemu_pid, 0) == -1) /* qemu's gone away, we aren't needed */
527 _exit (EXIT_SUCCESS);
528 if (kill (parent_pid, 0) == -1) {
529 /* Parent's gone away, qemu still around, so kill qemu. */
531 _exit (EXIT_SUCCESS);
537 /* Don't worry, if the fork failed, this will be -1. The recovery
538 * process isn't essential.
544 /* Close the other ends of the pipe. */
548 if (fcntl (wfd[1], F_SETFL, O_NONBLOCK) == -1 ||
549 fcntl (rfd[0], F_SETFL, O_NONBLOCK) == -1) {
550 perrorf (g, "fcntl");
554 g->fd[0] = wfd[1]; /* stdin of child */
555 g->fd[1] = rfd[0]; /* stdout of child */
557 g->fd[0] = open ("/dev/null", O_RDWR);
558 if (g->fd[0] == -1) {
559 perrorf (g, "open /dev/null");
562 g->fd[1] = dup (g->fd[0]);
563 if (g->fd[1] == -1) {
570 g->state = LAUNCHING;
572 /* Wait for qemu to start and to connect back to us via
573 * virtio-serial and send the GUESTFS_LAUNCH_FLAG message.
575 r = guestfs___accept_from_daemon (g);
579 close (g->sock); /* Close the listening socket. */
580 g->sock = r; /* This is the accepted data socket. */
582 if (fcntl (g->sock, F_SETFL, O_NONBLOCK) == -1) {
583 perrorf (g, "fcntl");
589 r = guestfs___recv_from_daemon (g, &size, &buf);
592 if (r == -1) return -1;
594 if (size != GUESTFS_LAUNCH_FLAG) {
595 error (g, _("guestfs_launch failed, see earlier error messages"));
600 guestfs___print_timestamped_message (g, "appliance is up");
602 /* This is possible in some really strange situations, such as
603 * guestfsd starts up OK but then qemu immediately exits. Check for
604 * it because the caller is probably expecting to be able to send
605 * commands after this function returns.
607 if (g->state != READY) {
608 error (g, _("qemu launched and contacted daemon, but state != READY"));
619 if (g->pid > 0) kill (g->pid, 9);
620 if (g->recoverypid > 0) kill (g->recoverypid, 9);
621 waitpid (g->pid, NULL, 0);
622 if (g->recoverypid > 0) waitpid (g->recoverypid, NULL, 0);
627 memset (&g->launch_t, 0, sizeof g->launch_t);
642 guestfs___tmpdir (void)
652 const char *t = getenv ("TMPDIR");
658 /* This function is used to print the qemu command line before it gets
659 * executed, when in verbose mode.
662 print_cmdline (guestfs_h *g)
667 while (g->cmdline[i]) {
668 if (g->cmdline[i][0] == '-') /* -option starts a new line */
669 fprintf (stderr, " \\\n ");
671 if (i > 0) fputc (' ', stderr);
673 /* Does it need shell quoting? This only deals with simple cases. */
674 needs_quote = strcspn (g->cmdline[i], " ") != strlen (g->cmdline[i]);
676 if (needs_quote) fputc ('\'', stderr);
677 fprintf (stderr, "%s", g->cmdline[i]);
678 if (needs_quote) fputc ('\'', stderr);
682 fputc ('\n', stderr);
685 /* Compute Y - X and return the result in milliseconds.
686 * Approximately the same as this code:
687 * http://www.mpp.mpg.de/~huber/util/timevaldiff.c
690 timeval_diff (const struct timeval *x, const struct timeval *y)
694 msec = (y->tv_sec - x->tv_sec) * 1000;
695 msec += (y->tv_usec - x->tv_usec) / 1000;
700 guestfs___print_timestamped_message (guestfs_h *g, const char *fs, ...)
708 err = vasprintf (&msg, fs, args);
713 gettimeofday (&tv, NULL);
715 fprintf (stderr, "[%05" PRIi64 "ms] %s\n",
716 timeval_diff (&g->launch_t, &tv), msg);
721 static int read_all (guestfs_h *g, FILE *fp, char **ret);
723 /* Test qemu binary (or wrapper) runs, and do 'qemu -help' and
724 * 'qemu -version' so we know what options this qemu supports and
728 test_qemu (guestfs_h *g)
733 snprintf (cmd, sizeof cmd, "LC_ALL=C '%s' -nographic -help", g->qemu);
735 fp = popen (cmd, "r");
736 /* qemu -help should always work (qemu -version OTOH wasn't
737 * supported by qemu 0.9). If this command doesn't work then it
738 * probably indicates that the qemu binary is missing.
741 /* XXX This error is never printed, even if the qemu binary
742 * doesn't exist. Why?
745 perrorf (g, _("%s: command failed: If qemu is located on a non-standard path, try setting the LIBGUESTFS_QEMU environment variable."), cmd);
749 if (read_all (g, fp, &g->qemu_help) == -1)
752 if (pclose (fp) == -1)
755 snprintf (cmd, sizeof cmd, "LC_ALL=C '%s' -nographic -version 2>/dev/null",
758 fp = popen (cmd, "r");
760 /* Intentionally ignore errors. */
761 read_all (g, fp, &g->qemu_version);
769 read_all (guestfs_h *g, FILE *fp, char **ret)
776 *ret = safe_realloc (g, *ret, n + 1);
781 *ret = safe_realloc (g, *ret, n + BUFSIZ);
783 r = fread (p, 1, BUFSIZ, fp);
792 /* Test if option is supported by qemu command line (just by grepping
795 * The first time this is used, it has to run the external qemu
796 * binary. If that fails, it returns -1.
798 * To just do the first-time run of the qemu binary, call this with
799 * option == NULL, in which case it will return -1 if there was an
803 qemu_supports (guestfs_h *g, const char *option)
806 if (test_qemu (g) == -1)
813 return strstr (g->qemu_help, option) != NULL;
816 /* Check if a file can be opened. */
818 is_openable (guestfs_h *g, const char *path, int flags)
820 int fd = open (path, flags);
830 /* You had to call this function after launch in versions <= 1.0.70,
831 * but it is now a no-op.
834 guestfs__wait_ready (guestfs_h *g)
836 if (g->state != READY) {
837 error (g, _("qemu has not been launched yet"));
845 guestfs__kill_subprocess (guestfs_h *g)
847 if (g->state == CONFIG) {
848 error (g, _("no subprocess to kill"));
853 fprintf (stderr, "sending SIGTERM to process %d\n", g->pid);
855 if (g->pid > 0) kill (g->pid, SIGTERM);
856 if (g->recoverypid > 0) kill (g->recoverypid, 9);
861 /* Access current state. */
863 guestfs__is_config (guestfs_h *g)
865 return g->state == CONFIG;
869 guestfs__is_launching (guestfs_h *g)
871 return g->state == LAUNCHING;
875 guestfs__is_ready (guestfs_h *g)
877 return g->state == READY;
881 guestfs__is_busy (guestfs_h *g)
883 return g->state == BUSY;
887 guestfs__get_state (guestfs_h *g)
git.annexia.org / libguestfs.git / blob