1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

vmspawn: added vsock functionality

also includes cosmetic fixups from: https://github.com/systemd/systemd/pull/29874
This commit is contained in:
Sam Leonard 2023-10-31 11:35:22 +00:00
parent 8930285234
commit f72a085641
No known key found for this signature in database
GPG Key ID: 96850F0978CE78F0
3 changed files with 508 additions and 51 deletions

View File

@ -1,9 +1,9 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <stdio.h>
#include <unistd.h>
#include <linux/vhost.h>
#include <sys/ioctl.h>
#include "alloc-util.h"
#include "architecture.h"
#include "conf-files.h"
#include "errno-util.h"
@ -15,7 +15,10 @@
#include "memory-util.h"
#include "path-lookup.h"
#include "path-util.h"
#include "random-util.h"
#include "recurse-dir.h"
#include "siphash24.h"
#include "socket-util.h"
#include "sort-util.h"
#include "string-util.h"
#include "strv.h"
@ -45,6 +48,32 @@ int qemu_check_kvm_support(void) {
return -errno;
}
int qemu_check_vsock_support(void) {
_cleanup_close_ int fd = -EBADF;
/* Just using access() will just check if the device node exists, but not whether a
* device driver is behind it (this is a common case since systemd-tmpfiles creates
* the device node on boot, typically).
*
* Hence we open() the path to see if there's actually something behind.
*
* If not this should return ENODEV.
*/
fd = open("/dev/vhost-vsock", O_RDWR|O_CLOEXEC);
if (fd >= 0)
return true;
if (errno == ENODEV) {
log_debug_errno(errno, "/dev/vhost-vsock device doesn't exist. Not adding a vsock device to the virtual machine.");
return false;
}
if (errno == EPERM) {
log_debug_errno(errno, "Permission denied to access /dev/vhost-vsock. Not adding a vsock device to the virtual machine.");
return false;
}
return -errno;
}
/* holds the data retrieved from the QEMU firmware interop JSON data */
typedef struct FirmwareData {
char **features;
@ -237,3 +266,79 @@ int find_qemu_binary(char **ret_qemu_binary) {
return find_executable(qemu_arch_specific, ret_qemu_binary);
}
int vsock_fix_child_cid(unsigned *machine_cid, const char *machine, int *ret_child_sock) {
/* this is an arbitrary value picked from /dev/urandom */
static const uint8_t sip_key[HASH_KEY_SIZE] = {
0x03, 0xad, 0xf0, 0xa4,
0x59, 0x2c, 0x77, 0x11,
0xda, 0x39, 0x0c, 0xba,
0xf5, 0x4c, 0x80, 0x52
};
struct siphash machine_hash_state, state;
_cleanup_close_ int vfd = -EBADF;
int r;
/* uint64_t is required here for the ioctl call, but valid CIDs are only 32 bits */
uint64_t cid = *ASSERT_PTR(machine_cid);
assert(machine);
assert(ret_child_sock);
/* Fix the CID of the AF_VSOCK socket passed to qemu
*
* If the user has passed us a CID (machine_cid != VMADDR_CID_ANY), then attempt to bind to that CID
* and error if we cannot.
*
* Otherwise hash the machine name to get a random CID and attempt to bind to that.
* If it is occupied add more information into the hash and try again.
* If after 64 attempts this hasn't worked fallback to truly random CIDs.
* If after another 64 attempts this hasn't worked then give up and return EADDRNOTAVAIL.
*/
/* remove O_CLOEXEC before this fd is passed to QEMU */
vfd = open("/dev/vhost-vsock", O_RDWR|O_CLOEXEC);
if (vfd < 0)
return log_debug_errno(errno, "Failed to open /dev/vhost-vsock as read/write: %m");
if (cid != VMADDR_CID_ANY) {
r = ioctl(vfd, VHOST_VSOCK_SET_GUEST_CID, &cid);
if (r < 0)
return log_debug_errno(errno, "Failed to set CID for child vsock with user provided CID %" PRIu64 ": %m", cid);
*ret_child_sock = TAKE_FD(vfd);
return 0;
}
siphash24_init(&machine_hash_state, sip_key);
siphash24_compress_string(machine, &machine_hash_state);
for (unsigned i = 0; i < 64; i++) {
state = machine_hash_state;
siphash24_compress_safe(&i, sizeof i, &state);
uint64_t hash = siphash24_finalize(&state);
cid = 3 + (hash % (UINT_MAX - 4));
r = ioctl(vfd, VHOST_VSOCK_SET_GUEST_CID, &cid);
if (r >= 0) {
*machine_cid = cid;
*ret_child_sock = TAKE_FD(vfd);
return 0;
}
if (errno != EADDRINUSE)
return -errno;
}
for (unsigned i = 0; i < 64; i++) {
cid = 3 + random_u64_range(UINT_MAX - 4);
r = ioctl(vfd, VHOST_VSOCK_SET_GUEST_CID, &cid);
if (r >= 0) {
*machine_cid = cid;
*ret_child_sock = TAKE_FD(vfd);
return 0;
}
if (errno != EADDRINUSE)
return -errno;
}
return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), "Failed to assign a CID to the guest vsock");
}

View File

@ -20,5 +20,7 @@ OvmfConfig* ovmf_config_free(OvmfConfig *ovmf_config);
DEFINE_TRIVIAL_CLEANUP_FUNC(OvmfConfig*, ovmf_config_free);
int qemu_check_kvm_support(void);
int qemu_check_vsock_support(void);
int find_ovmf_config(int search_sb, OvmfConfig **ret_ovmf_config);
int find_qemu_binary(char **ret_qemu_binary);
int vsock_fix_child_cid(unsigned *machine_cid, const char *machine, int *ret_child_sock);

View File

@ -9,12 +9,15 @@
#include "alloc-util.h"
#include "architecture.h"
#include "build.h"
#include "common-signal.h"
#include "copy.h"
#include "creds-util.h"
#include "escape.h"
#include "fileio.h"
#include "format-util.h"
#include "fs-util.h"
#include "hexdecoct.h"
#include "hostname-util.h"
#include "log.h"
#include "machine-credential.h"
#include "main-func.h"
@ -24,6 +27,9 @@
#include "path-util.h"
#include "pretty-print.h"
#include "process-util.h"
#include "sd-event.h"
#include "signal-util.h"
#include "socket-util.h"
#include "strv.h"
#include "tmpfile-util.h"
#include "vmspawn-settings.h"
@ -31,9 +37,12 @@
static PagerFlags arg_pager_flags = 0;
static char *arg_image = NULL;
static char *arg_machine = NULL;
static char *arg_qemu_smp = NULL;
static uint64_t arg_qemu_mem = 2ULL * 1024ULL * 1024ULL * 1024ULL;
static int arg_qemu_kvm = -1;
static int arg_qemu_vsock = -1;
static uint64_t arg_vsock_cid = UINT64_MAX;
static bool arg_qemu_gui = false;
static int arg_secure_boot = -1;
static MachineCredential *arg_credentials = NULL;
@ -42,6 +51,7 @@ static SettingsMask arg_settings_mask = 0;
static char **arg_parameters = NULL;
STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
STATIC_DESTRUCTOR_REGISTER(arg_machine, freep);
STATIC_DESTRUCTOR_REGISTER(arg_qemu_smp, freep);
STATIC_DESTRUCTOR_REGISTER(arg_parameters, strv_freep);
@ -66,9 +76,14 @@ static int help(void) {
"%3$sHost Configuration:%4$s\n"
" --qemu-smp=SMP Configure guest's SMP settings\n"
" --qemu-mem=MEM Configure guest's RAM size\n"
" --qemu-kvm= Configure whether to use KVM or not\n"
" --qemu-kvm=BOOL Configure whether to use KVM or not\n"
" --qemu-vsock=BOOL Configure whether to use qemu with a vsock or not\n"
" --vsock-cid= Specify the CID to use for the qemu guest's vsock\n"
" --qemu-gui Start QEMU in graphical mode\n"
" --secure-boot= Configure searching for firmware with SB support\n\n"
" --secure-boot=BOOL Configure whether to search for firmware which\n"
" supports Secure Boot\n\n"
"%3$sSystem Identity:%4$s\n"
" -M --machine=NAME Set the machine name for the container\n"
"%3$sCredentials:%4$s\n"
" --set-credential=ID:VALUE\n"
" Pass a credential with literal value to container.\n"
@ -93,6 +108,8 @@ static int parse_argv(int argc, char *argv[]) {
ARG_QEMU_SMP,
ARG_QEMU_MEM,
ARG_QEMU_KVM,
ARG_QEMU_VSOCK,
ARG_VSOCK_CID,
ARG_QEMU_GUI,
ARG_SECURE_BOOT,
ARG_SET_CREDENTIAL,
@ -104,9 +121,12 @@ static int parse_argv(int argc, char *argv[]) {
{ "version", no_argument, NULL, ARG_VERSION },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{ "image", required_argument, NULL, 'i' },
{ "machine", required_argument, NULL, 'M' },
{ "qemu-smp", required_argument, NULL, ARG_QEMU_SMP },
{ "qemu-mem", required_argument, NULL, ARG_QEMU_MEM },
{ "qemu-kvm", required_argument, NULL, ARG_QEMU_KVM },
{ "qemu-vsock", required_argument, NULL, ARG_QEMU_VSOCK },
{ "vsock-cid", required_argument, NULL, ARG_VSOCK_CID },
{ "qemu-gui", no_argument, NULL, ARG_QEMU_GUI },
{ "secure-boot", required_argument, NULL, ARG_SECURE_BOOT },
{ "set-credential", required_argument, NULL, ARG_SET_CREDENTIAL },
@ -120,7 +140,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argv);
optind = 0;
while ((c = getopt_long(argc, argv, "+hi:", options, NULL)) >= 0)
while ((c = getopt_long(argc, argv, "+hi:M", options, NULL)) >= 0)
switch (c) {
case 'h':
return help();
@ -136,6 +156,20 @@ static int parse_argv(int argc, char *argv[]) {
arg_settings_mask |= SETTING_DIRECTORY;
break;
case 'M':
if (isempty(optarg))
arg_machine = mfree(arg_machine);
else {
if (!hostname_is_valid(optarg, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid machine name: %s", optarg);
r = free_and_strdup(&arg_machine, optarg);
if (r < 0)
return log_oom();
}
break;
case ARG_NO_PAGER:
arg_pager_flags |= PAGER_DISABLE;
break;
@ -158,6 +192,27 @@ static int parse_argv(int argc, char *argv[]) {
return log_error_errno(r, "Failed to parse --qemu-kvm=%s: %m", optarg);
break;
case ARG_QEMU_VSOCK:
r = parse_tristate(optarg, &arg_qemu_vsock);
if (r < 0)
return log_error_errno(r, "Failed to parse --qemu-vsock=%s: %m", optarg);
break;
case ARG_VSOCK_CID: {
unsigned cid;
if (isempty(optarg))
cid = VMADDR_CID_ANY;
else {
r = safe_atou_bounded(optarg, 3, UINT_MAX - 1, &cid);
if (r == -ERANGE)
return log_error_errno(r, "Invalid value for --vsock-cid=: %m");
if (r < 0)
return log_error_errno(r, "Failed to parse --vsock-cid=%s: %m", optarg);
}
arg_vsock_cid = (uint64_t)cid;
break;
}
case ARG_QEMU_GUI:
arg_qemu_gui = true;
break;
@ -208,11 +263,187 @@ static int parse_argv(int argc, char *argv[]) {
return 1;
}
static int open_vsock(void) {
_cleanup_close_ int vsock_fd = -EBADF;
int r;
static const union sockaddr_union bind_addr = {
.vm.svm_family = AF_VSOCK,
.vm.svm_cid = VMADDR_CID_ANY,
.vm.svm_port = VMADDR_PORT_ANY,
};
vsock_fd = socket(AF_VSOCK, SOCK_STREAM|SOCK_CLOEXEC, 0);
if (vsock_fd < 0)
return log_error_errno(errno, "Failed to open AF_VSOCK socket: %m");
r = bind(vsock_fd, &bind_addr.sa, sizeof(bind_addr.vm));
if (r < 0)
return log_error_errno(errno, "Failed to bind to vsock to address %u:%u: %m", bind_addr.vm.svm_cid, bind_addr.vm.svm_port);
r = listen(vsock_fd, SOMAXCONN_DELUXE);
if (r < 0)
return log_error_errno(errno, "Failed to listen on vsock: %m");
return TAKE_FD(vsock_fd);
}
static int vmspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
char buf[NOTIFY_BUFFER_MAX+1];
const char *p = NULL;
struct iovec iovec = {
.iov_base = buf,
.iov_len = sizeof(buf)-1,
};
struct msghdr msghdr = {
.msg_iov = &iovec,
.msg_iovlen = 1,
};
ssize_t n;
_cleanup_strv_free_ char **tags = NULL;
int r, *exit_status = ASSERT_PTR(userdata);
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT);
if (ERRNO_IS_NEG_TRANSIENT(n))
return 0;
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated control data, ignoring: %m");
return 0;
}
if (n < 0)
return log_warning_errno(n, "Couldn't read notification socket: %m");
if ((size_t) n >= sizeof(buf)) {
log_warning("Received notify message exceeded maximum size. Ignoring.");
return 0;
}
buf[n] = 0;
tags = strv_split(buf, "\n\r");
if (!tags)
return log_oom();
STRV_FOREACH(s, tags)
log_debug("Received tag %s from notify socket", *s);
if (strv_contains(tags, "READY=1")) {
r = sd_notify(false, "READY=1\n");
if (r < 0)
log_warning_errno(r, "Failed to send readiness notification, ignoring: %m");
}
p = strv_find_startswith(tags, "STATUS=");
if (p)
(void) sd_notifyf(false, "STATUS=VM running: %s", p);
p = strv_find_startswith(tags, "EXIT_STATUS=");
if (p) {
r = safe_atoi(p, exit_status);
if (r < 0)
log_warning_errno(r, "Failed to parse exit status from %s, ignoring: %m", p);
}
/* we will only receive one message from each connection so disable this source once one is received */
source = sd_event_source_disable_unref(source);
return 0;
}
static int vmspawn_dispatch_vsock_connections(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
int r;
sd_event *event;
_cleanup_close_ int conn_fd = -EBADF;
assert(userdata);
if (revents != EPOLLIN) {
log_warning("Got unexpected poll event for vsock fd.");
return 0;
}
conn_fd = accept4(fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
if (conn_fd < 0) {
log_warning_errno(errno, "Failed to accept connection from vsock fd (%m), ignoring...");
return 0;
}
event = sd_event_source_get_event(source);
if (!event)
return log_error_errno(SYNTHETIC_ERRNO(ENOENT), "Failed to retrieve event from event source, exiting task");
/* add a new floating task to read from the connection */
r = sd_event_add_io(event, NULL, conn_fd, revents, vmspawn_dispatch_notify_fd, userdata);
if (r < 0)
return log_error_errno(r, "Failed to allocate notify connection event source: %m");
/* conn_fd is now owned by the event loop so don't clean it up */
TAKE_FD(conn_fd);
return 0;
}
static int setup_notify_parent(sd_event *event, int fd, int *exit_status, sd_event_source **notify_event_source) {
int r;
r = sd_event_add_io(event, notify_event_source, fd, EPOLLIN, vmspawn_dispatch_vsock_connections, exit_status);
if (r < 0)
return log_error_errno(r, "Failed to allocate notify socket event source: %m");
(void) sd_event_source_set_description(*notify_event_source, "vmspawn-notify-sock");
return 0;
}
static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
pid_t pid;
pid = PTR_TO_PID(userdata);
if (pid > 0) {
/* TODO: actually talk to qemu and ask the guest to shutdown here */
if (kill(pid, SIGKILL) >= 0) {
log_info("Trying to halt qemu. Send SIGTERM again to trigger vmspawn to immediately terminate.");
sd_event_source_set_userdata(s, NULL);
return 0;
}
}
sd_event_exit(sd_event_source_get_event(s), 0);
return 0;
}
static int on_child_exit(sd_event_source *s, const siginfo_t *si, void *userdata) {
sd_event_exit(sd_event_source_get_event(s), 0);
return 0;
}
static int cmdline_add_vsock(char ***cmdline, int vsock_fd) {
int r;
r = strv_extend(cmdline, "-smbios");
if (r < 0)
return r;
union sockaddr_union addr;
socklen_t addr_len = sizeof addr.vm;
r = getsockname(vsock_fd, &addr.sa, &addr_len);
if (r < 0)
return -errno;
assert(addr_len >= sizeof addr.vm);
assert(addr.vm.svm_family == AF_VSOCK);
log_info("Using vsock-stream:%u:%u", (unsigned) VMADDR_CID_HOST, addr.vm.svm_port);
r = strv_extendf(cmdline, "type=11,value=io.systemd.credential:vmm.notify_socket=vsock-stream:%u:%u", (unsigned) VMADDR_CID_HOST, addr.vm.svm_port);
if (r < 0)
return r;
return 0;
}
static int run_virtual_machine(void) {
_cleanup_(ovmf_config_freep) OvmfConfig *ovmf_config = NULL;
_cleanup_strv_free_ char **cmdline = NULL;
_cleanup_free_ char *machine = NULL, *qemu_binary = NULL, *mem = NULL, *kcl = NULL;
_cleanup_free_ char *machine = NULL, *qemu_binary = NULL, *mem = NULL;
int r;
_cleanup_close_ int vsock_fd = -EBADF;
bool use_kvm = arg_qemu_kvm > 0;
if (arg_qemu_kvm < 0) {
@ -232,11 +463,10 @@ static int run_virtual_machine(void) {
"falling back to OVMF firmware blobs without Secure Boot support.");
const char *accel = use_kvm ? "kvm" : "tcg";
#ifdef __aarch64__
machine = strjoin("type=virt,accel=", accel);
#else
machine = strjoin("type=q35,accel=", accel, ",smm=", on_off(ovmf_config->supports_sb));
#endif
if (IN_SET(native_architecture(), ARCHITECTURE_ARM64, ARCHITECTURE_ARM64_BE))
machine = strjoin("type=virt,accel=", accel);
else
machine = strjoin("type=q35,accel=", accel, ",smm=", on_off(ovmf_config->supports_sb));
if (!machine)
return log_oom();
@ -256,12 +486,46 @@ static int run_virtual_machine(void) {
"-m", mem,
"-object", "rng-random,filename=/dev/urandom,id=rng0",
"-device", "virtio-rng-pci,rng=rng0,id=rng-device0",
"-nic", "user,model=virtio-net-pci",
"-cpu", "max"
"-nic", "user,model=virtio-net-pci"
);
if (!cmdline)
return log_oom();
bool use_vsock = arg_qemu_vsock > 0 && ARCHITECTURE_SUPPORTS_SMBIOS;
if (arg_qemu_vsock < 0) {
r = qemu_check_vsock_support();
if (r < 0)
return log_error_errno(r, "Failed to check for VSock support: %m");
use_vsock = r;
}
unsigned child_cid = VMADDR_CID_ANY;
_cleanup_close_ int child_vsock_fd = -EBADF;
if (use_vsock) {
if (arg_vsock_cid < UINT_MAX)
child_cid = (unsigned)arg_vsock_cid;
r = vsock_fix_child_cid(&child_cid, arg_machine, &child_vsock_fd);
if (r < 0)
return log_error_errno(r, "Failed to fix CID for the guest vsock socket: %m");
r = strv_extend(&cmdline, "-device");
if (r < 0)
return log_oom();
log_debug("vhost-vsock-pci,guest-cid=%u,vhostfd=%d", child_cid, child_vsock_fd);
r = strv_extendf(&cmdline, "vhost-vsock-pci,guest-cid=%u,vhostfd=%d", child_cid, child_vsock_fd);
if (r < 0)
return log_oom();
}
r = strv_extend_strv(&cmdline, STRV_MAKE("-cpu", "max"), /* filter_duplicates= */ false);
if (r < 0)
return log_oom();
if (arg_qemu_gui) {
r = strv_extend_strv(&cmdline, STRV_MAKE("-vga", "virtio"), /* filter_duplicates= */ false);
r = strv_extend_strv(&cmdline, STRV_MAKE("-vga", "virtio"), /* filter_duplicates= */ false);
if (r < 0)
return log_oom();
} else {
@ -271,29 +535,29 @@ static int run_virtual_machine(void) {
"-chardev", "stdio,mux=on,id=console,signal=off",
"-serial", "chardev:console",
"-mon", "console"
), false);
), /* filter_duplicates= */ false);
if (r < 0)
return log_oom();
}
#if ARCHITECTURE_SUPPORTS_SMBIOS
ssize_t n;
FOREACH_ARRAY(cred, arg_credentials, arg_n_credentials) {
_cleanup_free_ char *cred_data_b64 = NULL;
if (ARCHITECTURE_SUPPORTS_SMBIOS) {
ssize_t n;
FOREACH_ARRAY(cred, arg_credentials, arg_n_credentials) {
_cleanup_free_ char *cred_data_b64 = NULL;
n = base64mem(cred->data, cred->size, &cred_data_b64);
if (n < 0)
return log_oom();
n = base64mem(cred->data, cred->size, &cred_data_b64);
if (n < 0)
return log_oom();
r = strv_extend(&cmdline, "-smbios");
if (r < 0)
return log_oom();
r = strv_extend(&cmdline, "-smbios");
if (r < 0)
return log_oom();
r = strv_extendf(&cmdline, "type=11,value=io.systemd.credential.binary:%s=%s", cred->id, cred_data_b64);
if (r < 0)
return log_oom();
r = strv_extendf(&cmdline, "type=11,value=io.systemd.credential.binary:%s=%s", cred->id, cred_data_b64);
if (r < 0)
return log_oom();
}
}
#endif
r = strv_extend(&cmdline, "-drive");
if (r < 0)
@ -303,9 +567,9 @@ static int run_virtual_machine(void) {
if (r < 0)
return log_oom();
_cleanup_(unlink_and_freep) char *ovmf_vars_to = NULL;
if (ovmf_config->supports_sb) {
const char *ovmf_vars_from = ovmf_config->vars;
_cleanup_free_ char *ovmf_vars_to = NULL;
_cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF;
r = tempfn_random_child(NULL, "vmspawn-", &ovmf_vars_to);
@ -333,7 +597,7 @@ static int run_virtual_machine(void) {
"-global", "ICH9-LPC.disable_s3=1",
"-global", "driver=cfi.pflash01,property=secure,value=on",
"-drive"
), false);
), /* filter_duplicates= */ false);
if (r < 0)
return log_oom();
@ -353,30 +617,56 @@ static int run_virtual_machine(void) {
r = strv_extend_strv(&cmdline, STRV_MAKE(
"-device", "virtio-scsi-pci,id=scsi",
"-device", "scsi-hd,drive=mkosi,bootindex=1"
), false);
), /* filter_duplicates= */ false);
if (r < 0)
return log_oom();
if (strv_length(arg_parameters) != 0) {
#if ARCHITECTURE_SUPPORTS_SMBIOS
kcl = strv_join(arg_parameters, " ");
if (!kcl)
return log_oom();
if (!strv_isempty(arg_parameters)) {
if (ARCHITECTURE_SUPPORTS_SMBIOS) {
_cleanup_free_ char *kcl = strv_join(arg_parameters, " ");
if (!kcl)
return log_oom();
r = strv_extend(&cmdline, "-smbios");
if (r < 0)
return log_oom();
r = strv_extend(&cmdline, "-smbios");
if (r < 0)
return log_oom();
r = strv_extendf(&cmdline, "type=11,value=io.systemd.stub.kernel-cmdline-extra=%s", kcl);
if (r < 0)
return log_oom();
#else
log_warning("Cannot append extra args to kernel cmdline, native architecture doesn't support SMBIOS");
#endif
r = strv_extendf(&cmdline, "type=11,value=io.systemd.stub.kernel-cmdline-extra=%s", kcl);
if (r < 0)
return log_oom();
} else
log_warning("Cannot append extra args to kernel cmdline, native architecture doesn't support SMBIOS");
}
if (use_vsock) {
vsock_fd = open_vsock();
if (vsock_fd < 0)
return log_error_errno(vsock_fd, "Failed to open vsock: %m");
r = cmdline_add_vsock(&cmdline, vsock_fd);
if (r == -ENOMEM)
return log_oom();
if (r < 0)
return log_error_errno(r, "Failed to call getsockname on vsock: %m");
}
_cleanup_(sd_event_source_unrefp) sd_event_source *notify_event_source = NULL;
_cleanup_(sd_event_unrefp) sd_event *event = NULL;
r = sd_event_new(&event);
if (r < 0)
return log_error_errno(r, "Failed to get default event source: %m");
(void) sd_event_set_watchdog(event, true);
pid_t child_pid;
r = safe_fork(qemu_binary, 0, &child_pid);
r = safe_fork_full(
qemu_binary,
NULL,
&child_vsock_fd, 1, /* pass the vsock fd to qemu */
FORK_CLOEXEC_OFF,
&child_pid);
if (r < 0)
return log_error_errno(r, "Failed to fork off %s: %m", qemu_binary);
if (r == 0) {
/* set TERM and LANG if they are missing */
if (setenv("TERM", "vt220", 0) < 0)
@ -390,7 +680,64 @@ static int run_virtual_machine(void) {
_exit(EXIT_FAILURE);
}
return wait_for_terminate_and_check(qemu_binary, child_pid, WAIT_LOG);
int exit_status = INT_MAX;
if (use_vsock) {
r = setup_notify_parent(event, vsock_fd, &exit_status, &notify_event_source);
if (r < 0)
return log_error_errno(r, "Failed to setup event loop to handle vsock notify events: %m");
}
/* shutdown qemu when we are shutdown */
(void) sd_event_add_signal(event, NULL, SIGINT, on_orderly_shutdown, PID_TO_PTR(child_pid));
(void) sd_event_add_signal(event, NULL, SIGTERM, on_orderly_shutdown, PID_TO_PTR(child_pid));
(void) sd_event_add_signal(event, NULL, SIGRTMIN+18, sigrtmin18_handler, NULL);
/* Exit when the child exits */
(void) sd_event_add_child(event, NULL, child_pid, WEXITED, on_child_exit, NULL);
r = sd_event_loop(event);
if (r < 0)
return log_error_errno(r, "Failed to run event loop: %m");
if (use_vsock) {
if (exit_status == INT_MAX) {
log_debug("Couldn't retrieve inner EXIT_STATUS from vsock");
return EXIT_SUCCESS;
}
if (exit_status != 0)
log_warning("Non-zero exit code received: %d", exit_status);
return exit_status;
}
return 0;
}
static int determine_names(void) {
int r;
if (!arg_image)
return log_error_errno(SYNTHETIC_ERRNO(-EINVAL), "Missing required argument -i/--image=, quitting");
if (!arg_machine) {
char *e;
r = path_extract_filename(arg_image, &arg_machine);
if (r < 0)
return log_error_errno(r, "Failed to extract file name from '%s': %m", arg_image);
/* Truncate suffix if there is one */
e = endswith(arg_machine, ".raw");
if (e)
*e = 0;
hostname_cleanup(arg_machine);
if (!hostname_is_valid(arg_machine, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine machine name automatically, please use -M.");
}
return 0;
}
static int run(int argc, char *argv[]) {
@ -402,12 +749,15 @@ static int run(int argc, char *argv[]) {
if (r <= 0)
goto finish;
if (!arg_image) {
log_error("Missing required argument -i/--image, quitting");
r = determine_names();
if (r < 0)
goto finish;
}
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGTERM, SIGINT, SIGRTMIN+18, -1) >= 0);
r = run_virtual_machine();
if (r > 0)
ret = r;
finish:
machine_credential_free_all(arg_credentials, arg_n_credentials);