/* Same as guestfs___recv, but it discards the reply message. */ int guestfs___recv_discard (guestfs_h *g, const char *fn) { void *buf; uint32_t size; int r; again: r = guestfs___recv_from_daemon (g, &size, &buf); free (buf); if (r == -1) return -1; /* This can happen if a cancellation happens right at the end * of us sending a FileIn parameter to the daemon. Discard. The * daemon should send us an error message next. */ if (size == GUESTFS_CANCEL_FLAG) goto again; if (size == GUESTFS_LAUNCH_FLAG) { error (g, "%s: received unexpected launch flag from daemon when expecting reply", fn); return -1; } return 0; }
/* Receive a reply. */ int guestfs___recv (guestfs_h *g, const char *fn, guestfs_message_header *hdr, guestfs_message_error *err, xdrproc_t xdrp, char *ret) { XDR xdr; void *buf; uint32_t size; int r; again: r = guestfs___recv_from_daemon (g, &size, &buf); if (r == -1) return -1; /* This can happen if a cancellation happens right at the end * of us sending a FileIn parameter to the daemon. Discard. The * daemon should send us an error message next. */ if (size == GUESTFS_CANCEL_FLAG) goto again; if (size == GUESTFS_LAUNCH_FLAG) { error (g, "%s: received unexpected launch flag from daemon when expecting reply", fn); return -1; } xdrmem_create (&xdr, buf, size, XDR_DECODE); if (!xdr_guestfs_message_header (&xdr, hdr)) { error (g, "%s: failed to parse reply header", fn); xdr_destroy (&xdr); free (buf); return -1; } if (hdr->status == GUESTFS_STATUS_ERROR) { if (!xdr_guestfs_message_error (&xdr, err)) { error (g, "%s: failed to parse reply error", fn); xdr_destroy (&xdr); free (buf); return -1; } } else { if (xdrp && ret && !xdrp (&xdr, ret)) { error (g, "%s: failed to parse reply", fn); xdr_destroy (&xdr); free (buf); return -1; } } xdr_destroy (&xdr); free (buf); return 0; }
/* Returns -1 = error, 0 = EOF, > 0 = more data */ static ssize_t receive_file_data (guestfs_h *g, void **buf_r) { int r; void *buf; uint32_t len; XDR xdr; guestfs_chunk chunk; r = guestfs___recv_from_daemon (g, &len, &buf); if (r == -1) { error (g, _("receive_file_data: parse error in reply callback")); return -1; } if (len == GUESTFS_LAUNCH_FLAG || len == GUESTFS_CANCEL_FLAG) { error (g, _("receive_file_data: unexpected flag received when reading file chunks")); return -1; } memset (&chunk, 0, sizeof chunk); xdrmem_create (&xdr, buf, len, XDR_DECODE); if (!xdr_guestfs_chunk (&xdr, &chunk)) { error (g, _("failed to parse file chunk")); free (buf); return -1; } xdr_destroy (&xdr); /* After decoding, the original buffer is no longer used. */ free (buf); if (chunk.cancel) { if (g->user_cancel) { error (g, _("operation cancelled by user")); g->last_errnum = EINTR; } else error (g, _("file receive cancelled by daemon")); free (chunk.data.data_val); return -1; } if (chunk.data.data_len == 0) { /* end of transfer */ free (chunk.data.data_val); return 0; } if (buf_r) *buf_r = chunk.data.data_val; else free (chunk.data.data_val); /* else caller frees */ return chunk.data.data_len; }
static int launch_uml (guestfs_h *g, void *datav, const char *arg) { struct backend_uml_data *data = datav; CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline); int console_sock = -1, daemon_sock = -1; int r; int csv[2], dsv[2]; CLEANUP_FREE char *kernel = NULL, *dtb = NULL, *initrd = NULL, *appliance = NULL; int has_appliance_drive; CLEANUP_FREE char *appliance_cow = NULL; uint32_t size; CLEANUP_FREE void *buf = NULL; struct drive *drv; size_t i; struct hv_param *hp; char *term = getenv ("TERM"); if (!uml_supported (g)) return -1; if (!g->nr_drives) { error (g, _("you must call guestfs_add_drive before guestfs_launch")); return -1; } /* Assign a random unique ID to this run. */ if (guestfs___random_string (data->umid, UML_UMID_LEN) == -1) { perrorf (g, "guestfs___random_string"); return -1; } /* Locate and/or build the appliance. */ if (guestfs___build_appliance (g, &kernel, &dtb, &initrd, &appliance) == -1) return -1; has_appliance_drive = appliance != NULL; /* Create COW overlays for the appliance. Note that the documented * syntax ubd0=cow,orig does not work since kernel 3.3. See: * http://thread.gmane.org/gmane.linux.uml.devel/13556 */ if (has_appliance_drive) { appliance_cow = make_cow_overlay (g, appliance); if (!appliance_cow) goto cleanup0; } /* The socket that the daemon will talk to us on. */ if (socketpair (AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, dsv) == -1) { perrorf (g, "socketpair"); goto cleanup0; } /* The console socket. */ if (!g->direct_mode) { if (socketpair (AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, csv) == -1) { perrorf (g, "socketpair"); close (dsv[0]); close (dsv[1]); goto cleanup0; } } /* Construct the vmlinux command line. We have to do this before * forking, because after fork we are not allowed to use * non-signal-safe functions such as malloc. */ #define ADD_CMDLINE(str) \ guestfs___add_string (g, &cmdline, (str)) #define ADD_CMDLINE_PRINTF(fs,...) \ guestfs___add_sprintf (g, &cmdline, (fs), ##__VA_ARGS__) ADD_CMDLINE (g->hv); /* Give this instance a unique random ID. */ ADD_CMDLINE_PRINTF ("umid=%s", data->umid); /* Set memory size. */ ADD_CMDLINE_PRINTF ("mem=%dM", g->memsize); /* vmlinux appears to ignore this, but let's add it anyway. */ ADD_CMDLINE_PRINTF ("initrd=%s", initrd); /* Make sure our appliance init script runs first. */ ADD_CMDLINE ("init=/init"); /* This tells the /init script not to reboot at the end. */ ADD_CMDLINE ("guestfs_noreboot=1"); /* Root filesystem should be mounted read-write (default seems to * be "ro"). */ ADD_CMDLINE ("rw"); /* See also guestfs___appliance_command_line. */ if (g->verbose) ADD_CMDLINE ("guestfs_verbose=1"); ADD_CMDLINE ("panic=1"); ADD_CMDLINE_PRINTF ("TERM=%s", term ? term : "linux"); if (g->selinux) ADD_CMDLINE ("selinux=1 enforcing=0"); else ADD_CMDLINE ("selinux=0"); /* XXX This isn't quite right. Multiple append args won't work. */ if (g->append) ADD_CMDLINE (g->append); /* Add the drives. */ ITER_DRIVES (g, i, drv) { if (!drv->overlay) ADD_CMDLINE_PRINTF ("ubd%zu=%s", i, drv->src.u.path); else ADD_CMDLINE_PRINTF ("ubd%zu=%s", i, drv->overlay); } /* Add the ext2 appliance drive (after all the drives). */ if (has_appliance_drive) { char drv_name[64] = "ubd"; guestfs___drive_name (g->nr_drives, &drv_name[3]); ADD_CMDLINE_PRINTF ("ubd%zu=%s", g->nr_drives, appliance_cow); ADD_CMDLINE_PRINTF ("root=/dev/%s", drv_name); } /* Create the daemon socket. */ ADD_CMDLINE_PRINTF ("ssl3=fd:%d", dsv[1]); ADD_CMDLINE ("guestfs_channel=/dev/ttyS3"); #if 0 /* XXX This could be made to work. */ #ifdef VALGRIND_DAEMON /* Set up virtio-serial channel for valgrind messages. */ ADD_CMDLINE ("-chardev"); ADD_CMDLINE_PRINTF ("file,path=%s/valgrind.log.%d,id=valgrind", VALGRIND_LOG_PATH, getpid ()); ADD_CMDLINE ("-device"); ADD_CMDLINE ("virtserialport,chardev=valgrind,name=org.libguestfs.valgrind"); #endif #endif /* Add any vmlinux parameters. */ for (hp = g->hv_params; hp; hp = hp->next) { ADD_CMDLINE (hp->hv_param); if (hp->hv_value) ADD_CMDLINE (hp->hv_value); } /* Finish off the command line. */ guestfs___end_stringsbuf (g, &cmdline); r = fork (); if (r == -1) { perrorf (g, "fork"); if (!g->direct_mode) { close (csv[0]); close (csv[1]); } close (dsv[0]); close (dsv[1]); goto cleanup0; } if (r == 0) { /* Child (vmlinux). */ /* Set up the daemon socket for the child. */ close (dsv[0]); set_cloexec_flag (dsv[1], 0); /* so it doesn't close across exec */ if (!g->direct_mode) { /* Set up stdin, stdout, stderr. */ close (0); close (1); close (csv[0]); /* We set the FD_CLOEXEC flag on the socket above, but now (in * the child) it's safe to unset this flag so vmlinux can use the * socket. */ set_cloexec_flag (csv[1], 0); /* Stdin. */ if (dup (csv[1]) == -1) { dup_failed: perror ("dup failed"); _exit (EXIT_FAILURE); } /* Stdout. */ if (dup (csv[1]) == -1) goto dup_failed; /* Send stderr to the pipe as well. */ close (2); if (dup (csv[1]) == -1) goto dup_failed; close (csv[1]); } /* Dump the command line (after setting up stderr above). */ if (g->verbose) print_vmlinux_command_line (g, cmdline.argv); /* Put vmlinux in a new process group. */ if (g->pgroup) setpgid (0, 0); setenv ("LC_ALL", "C", 1); execv (g->hv, cmdline.argv); /* Run vmlinux. */ perror (g->hv); _exit (EXIT_FAILURE); } /* Parent (library). */ data->pid = r; /* Fork the recovery process off which will kill vmlinux if the * parent process fails to do so (eg. if the parent segfaults). */ data->recoverypid = -1; if (g->recovery_proc) { r = fork (); if (r == 0) { int i, fd, max_fd; struct sigaction sa; pid_t vmlinux_pid = data->pid; pid_t parent_pid = getppid (); /* Remove all signal handlers. See the justification here: * https://www.redhat.com/archives/libvir-list/2008-August/msg00303.html * We don't mask signal handlers yet, so this isn't completely * race-free, but better than not doing it at all. */ memset (&sa, 0, sizeof sa); sa.sa_handler = SIG_DFL; sa.sa_flags = 0; sigemptyset (&sa.sa_mask); for (i = 1; i < NSIG; ++i) sigaction (i, &sa, NULL); /* Close all other file descriptors. This ensures that we don't * hold open (eg) pipes from the parent process. */ max_fd = sysconf (_SC_OPEN_MAX); if (max_fd == -1) max_fd = 1024; if (max_fd > 65536) max_fd = 65536; /* bound the amount of work we do here */ for (fd = 0; fd < max_fd; ++fd) close (fd); /* It would be nice to be able to put this in the same process * group as vmlinux (ie. setpgid (0, vmlinux_pid)). However * this is not possible because we don't have any guarantee here * that the vmlinux process has started yet. */ if (g->pgroup) setpgid (0, 0); /* Writing to argv is hideously complicated and error prone. See: * http://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/utils/misc/ps_status.c;hb=HEAD */ /* Loop around waiting for one or both of the other processes to * disappear. It's fair to say this is very hairy. The PIDs that * we are looking at might be reused by another process. We are * effectively polling. Is the cure worse than the disease? */ for (;;) { if (kill (vmlinux_pid, 0) == -1) /* vmlinux's gone away, we aren't needed */ _exit (EXIT_SUCCESS); if (kill (parent_pid, 0) == -1) { /* Parent's gone away, vmlinux still around, so kill vmlinux. */ kill (data->pid, SIGKILL); _exit (EXIT_SUCCESS); } sleep (2); } } /* Don't worry, if the fork failed, this will be -1. The recovery * process isn't essential. */ data->recoverypid = r; } if (!g->direct_mode) { /* Close the other end of the console socketpair. */ close (csv[1]); console_sock = csv[0]; /* stdin of child */ csv[0] = -1; } daemon_sock = dsv[0]; close (dsv[1]); dsv[0] = -1; g->state = LAUNCHING; /* Wait for vmlinux to start and to connect back to us via * virtio-serial and send the GUESTFS_LAUNCH_FLAG message. */ g->conn = guestfs___new_conn_socket_connected (g, daemon_sock, console_sock); if (!g->conn) goto cleanup1; /* g->conn now owns these sockets. */ daemon_sock = console_sock = -1; /* We now have to wait for vmlinux to start up, the daemon to start * running, and for it to send the GUESTFS_LAUNCH_FLAG to us. */ r = guestfs___recv_from_daemon (g, &size, &buf); if (r == -1) { guestfs___launch_failed_error (g); goto cleanup1; } if (size != GUESTFS_LAUNCH_FLAG) { guestfs___launch_failed_error (g); goto cleanup1; } if (g->verbose) guestfs___print_timestamped_message (g, "appliance is up"); /* This is possible in some really strange situations, such as * guestfsd starts up OK but then vmlinux immediately exits. Check * for it because the caller is probably expecting to be able to * send commands after this function returns. */ if (g->state != READY) { error (g, _("vmlinux launched and contacted daemon, but state != READY")); goto cleanup1; } if (has_appliance_drive) guestfs___add_dummy_appliance_drive (g); return 0; cleanup1: if (!g->direct_mode && csv[0] >= 0) close (csv[0]); if (dsv[0] >= 0) close (dsv[0]); if (data->pid > 0) kill (data->pid, SIGKILL); if (data->recoverypid > 0) kill (data->recoverypid, SIGKILL); if (data->pid > 0) waitpid (data->pid, NULL, 0); if (data->recoverypid > 0) waitpid (data->recoverypid, NULL, 0); data->pid = 0; data->recoverypid = 0; memset (&g->launch_t, 0, sizeof g->launch_t); cleanup0: if (daemon_sock >= 0) close (daemon_sock); if (console_sock >= 0) close (console_sock); if (g->conn) { g->conn->ops->free_connection (g, g->conn); g->conn = NULL; } g->state = CONFIG; return -1; }
int guestfs___recv_from_daemon (guestfs_h *g, uint32_t *size_rtn, void **buf_rtn) { char summary[MAX_MESSAGE_SUMMARY]; fd_set rset, rset2; FD_ZERO (&rset); if (g->fd[1] >= 0) /* Read qemu stdout for log messages & EOF. */ FD_SET (g->fd[1], &rset); FD_SET (g->sock, &rset); /* Read socket for data & EOF. */ int max_fd = MAX (g->sock, g->fd[1]); *size_rtn = 0; *buf_rtn = NULL; char lenbuf[4]; /* nr is the size of the message, but we prime it as -4 because we * have to read the message length word first. */ ssize_t nr = -4; for (;;) { ssize_t message_size = *size_rtn != GUESTFS_PROGRESS_FLAG ? *size_rtn : PROGRESS_MESSAGE_SIZE; if (nr >= message_size) break; rset2 = rset; int r = select (max_fd+1, &rset2, NULL, NULL, NULL); if (r == -1) { if (errno == EINTR || errno == EAGAIN) continue; perrorf (g, "select"); free (*buf_rtn); *buf_rtn = NULL; return -1; } if (g->fd[1] >= 0 && FD_ISSET (g->fd[1], &rset2)) { if (read_log_message_or_eof (g, g->fd[1], 0) == -1) { free (*buf_rtn); *buf_rtn = NULL; return -1; } } if (FD_ISSET (g->sock, &rset2)) { if (nr < 0) { /* Have we read the message length word yet? */ r = read (g->sock, lenbuf+nr+4, -nr); if (r == -1) { if (errno == EINTR || errno == EAGAIN) continue; int err = errno; perrorf (g, "read"); /* Under some circumstances we see "Connection reset by peer" * here when the child dies suddenly. Catch this and call * the cleanup function, same as for EOF. */ if (err == ECONNRESET) child_cleanup (g); return -1; } if (r == 0) { unexpected_end_of_file_from_daemon_error (g); child_cleanup (g); return -1; } nr += r; if (nr < 0) /* Still not got the whole length word. */ continue; XDR xdr; xdrmem_create (&xdr, lenbuf, 4, XDR_DECODE); xdr_uint32_t (&xdr, size_rtn); xdr_destroy (&xdr); /* *size_rtn changed, recalculate message_size */ message_size = *size_rtn != GUESTFS_PROGRESS_FLAG ? *size_rtn : PROGRESS_MESSAGE_SIZE; if (*size_rtn == GUESTFS_LAUNCH_FLAG) { if (g->state != LAUNCHING) error (g, _("received magic signature from guestfsd, but in state %d"), g->state); else { g->state = READY; guestfs___call_callbacks_void (g, GUESTFS_EVENT_LAUNCH_DONE); } debug (g, "recv_from_daemon: received GUESTFS_LAUNCH_FLAG"); return 0; } else if (*size_rtn == GUESTFS_CANCEL_FLAG) { debug (g, "recv_from_daemon: received GUESTFS_CANCEL_FLAG"); return 0; } else if (*size_rtn == GUESTFS_PROGRESS_FLAG) /*FALLTHROUGH*/; /* If this happens, it's pretty bad and we've probably lost * synchronization. */ else if (*size_rtn > GUESTFS_MESSAGE_MAX) { error (g, _("message length (%u) > maximum possible size (%d)"), (unsigned) *size_rtn, GUESTFS_MESSAGE_MAX); return -1; } /* Allocate the complete buffer, size now known. */ *buf_rtn = safe_malloc (g, message_size); /*FALLTHROUGH*/ } size_t sizetoread = message_size - nr; if (sizetoread > BUFSIZ) sizetoread = BUFSIZ; r = read (g->sock, (char *) (*buf_rtn) + nr, sizetoread); if (r == -1) { if (errno == EINTR || errno == EAGAIN) continue; perrorf (g, "read"); free (*buf_rtn); *buf_rtn = NULL; return -1; } if (r == 0) { unexpected_end_of_file_from_daemon_error (g); child_cleanup (g); free (*buf_rtn); *buf_rtn = NULL; return -1; } nr += r; } } /* Got the full message, caller can start processing it. */ #ifdef ENABLE_PACKET_DUMP if (g->verbose) { ssize_t i, j; for (i = 0; i < nr; i += 16) { printf ("%04zx: ", i); for (j = i; j < MIN (i+16, nr); ++j) printf ("%02x ", (*(unsigned char **)buf_rtn)[j]); for (; j < i+16; ++j) printf (" "); printf ("|"); for (j = i; j < MIN (i+16, nr); ++j) if (c_isprint ((*(char **)buf_rtn)[j])) printf ("%c", (*(char **)buf_rtn)[j]); else printf ("."); for (; j < i+16; ++j) printf (" "); printf ("|\n"); } } #endif if (*size_rtn == GUESTFS_PROGRESS_FLAG) { guestfs_progress message; XDR xdr; xdrmem_create (&xdr, *buf_rtn, PROGRESS_MESSAGE_SIZE, XDR_DECODE); xdr_guestfs_progress (&xdr, &message); xdr_destroy (&xdr); guestfs___progress_message_callback (g, &message); free (*buf_rtn); *buf_rtn = NULL; /* Process next message. */ return guestfs___recv_from_daemon (g, size_rtn, buf_rtn); } debug (g, "recv_from_daemon: %" PRIu32 " bytes: %s", *size_rtn, message_summary (*buf_rtn, *size_rtn, summary)); return 0; }