static int launch_direct (guestfs_h *g, void *datav, const char *arg) { struct backend_direct_data *data = datav; CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline); int daemon_accept_sock = -1, console_sock = -1; int r; int flags; int sv[2]; char guestfsd_sock[256]; struct sockaddr_un addr; CLEANUP_FREE char *kernel = NULL, *dtb = NULL, *initrd = NULL, *appliance = NULL; int has_appliance_drive; CLEANUP_FREE char *appliance_dev = NULL; uint32_t size; CLEANUP_FREE void *buf = NULL; struct drive *drv; size_t i; int virtio_scsi; struct hv_param *hp; bool has_kvm; bool force_tcg; /* At present you must add drives before starting the appliance. In * future when we enable hotplugging you won't need to do this. */ if (!g->nr_drives) { error (g, _("you must call guestfs_add_drive before guestfs_launch")); return -1; } force_tcg = guestfs___get_backend_setting_bool (g, "force_tcg"); if (!force_tcg) debian_kvm_warning (g); guestfs___launch_send_progress (g, 0); TRACE0 (launch_build_appliance_start); /* Locate and/or build the appliance. */ if (guestfs___build_appliance (g, &kernel, &dtb, &initrd, &appliance) == -1) return -1; has_appliance_drive = appliance != NULL; TRACE0 (launch_build_appliance_end); guestfs___launch_send_progress (g, 3); if (g->verbose) guestfs___print_timestamped_message (g, "begin testing qemu features"); /* Get qemu help text and version. */ if (qemu_supports (g, data, NULL) == -1) goto cleanup0; /* Using virtio-serial, we need to create a local Unix domain socket * for qemu to connect to. */ snprintf (guestfsd_sock, sizeof guestfsd_sock, "%s/guestfsd.sock", g->tmpdir); unlink (guestfsd_sock); daemon_accept_sock = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); if (daemon_accept_sock == -1) { perrorf (g, "socket"); goto cleanup0; } addr.sun_family = AF_UNIX; strncpy (addr.sun_path, guestfsd_sock, UNIX_PATH_MAX); addr.sun_path[UNIX_PATH_MAX-1] = '\0'; if (bind (daemon_accept_sock, &addr, sizeof addr) == -1) { perrorf (g, "bind"); goto cleanup0; } if (listen (daemon_accept_sock, 1) == -1) { perrorf (g, "listen"); goto cleanup0; } if (!g->direct_mode) { if (socketpair (AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, sv) == -1) { perrorf (g, "socketpair"); goto cleanup0; } } if (g->verbose) guestfs___print_timestamped_message (g, "finished testing qemu features"); /* Construct the qemu command line. We have to do this before * forking, because after fork we are not allowed to use * non-signal-safe functions such as malloc. */ #define ADD_CMDLINE(str) \ guestfs___add_string (g, &cmdline, (str)) #define ADD_CMDLINE_STRING_NODUP(str) \ guestfs___add_string_nodup (g, &cmdline, (str)) #define ADD_CMDLINE_PRINTF(fs,...) \ guestfs___add_sprintf (g, &cmdline, (fs), ##__VA_ARGS__) ADD_CMDLINE (g->hv); /* CVE-2011-4127 mitigation: Disable SCSI ioctls on virtio-blk * devices. The -global option must exist, but you can pass any * strings to it so we don't need to check for the specific virtio * feature. */ if (qemu_supports (g, data, "-global")) { ADD_CMDLINE ("-global"); ADD_CMDLINE (VIRTIO_BLK ".scsi=off"); } if (qemu_supports (g, data, "-nodefconfig")) ADD_CMDLINE ("-nodefconfig"); /* This oddly named option doesn't actually enable FIPS. It just * causes qemu to do the right thing if FIPS is enabled in the * kernel. So like libvirt, we pass it unconditionally. */ if (qemu_supports (g, data, "-enable-fips")) ADD_CMDLINE ("-enable-fips"); /* Newer versions of qemu (from around 2009/12) changed the * behaviour of monitors so that an implicit '-monitor stdio' is * assumed if we are in -nographic mode and there is no other * -monitor option. Only a single stdio device is allowed, so * this broke the '-serial stdio' option. There is a new flag * called -nodefaults which gets rid of all this default crud, so * let's use that to avoid this and any future surprises. */ if (qemu_supports (g, data, "-nodefaults")) ADD_CMDLINE ("-nodefaults"); ADD_CMDLINE ("-display"); ADD_CMDLINE ("none"); #ifdef MACHINE_TYPE ADD_CMDLINE ("-M"); ADD_CMDLINE (MACHINE_TYPE); #endif /* If this is uncommented, then qemu won't start running the * appliance immediately. It will wait for you to connect to it * using gdb: * * $ gdb * (gdb) symbol-file /path/to/vmlinux * (gdb) target remote tcp::1234 * (gdb) cont * * You can then debug the appliance kernel, which is useful to debug * boot failures (especially ones where there are no debug messages * printed - tip: look in the kernel log_buf). * * On Fedora, install kernel-debuginfo for the vmlinux file * (containing symbols). Make sure the symbols precisely match the * kernel being used. */ #if 0 ADD_CMDLINE ("-S"); ADD_CMDLINE ("-s"); warning (g, "qemu debugging is enabled, connect gdb to tcp::1234 to begin"); #endif /* Try to guess if KVM is available. We are just checking that * /dev/kvm is openable. That's not reliable, since /dev/kvm * might be openable by qemu but not by us (think: SELinux) in * which case the user would not get hardware virtualization, * although at least shouldn't fail. */ has_kvm = is_openable (g, "/dev/kvm", O_RDWR|O_CLOEXEC); /* The qemu -machine option (added 2010-12) is a bit more sane * since it falls back through various different acceleration * modes, so try that first (thanks Markus Armbruster). */ if (qemu_supports (g, data, "-machine")) { ADD_CMDLINE ("-machine"); if (!force_tcg) ADD_CMDLINE ("accel=kvm:tcg"); else ADD_CMDLINE ("accel=tcg"); } else { /* qemu sometimes needs this option to enable hardware * virtualization, but some versions of 'qemu-kvm' will use KVM * regardless (even where this option appears in the help text). * It is rumoured that there are versions of qemu where * supplying this option when hardware virtualization is not * available will cause qemu to fail. A giant clusterfuck with * the qemu command line, again. */ if (has_kvm && !force_tcg && qemu_supports (g, data, "-enable-kvm")) ADD_CMDLINE ("-enable-kvm"); } if (g->smp > 1) { ADD_CMDLINE ("-smp"); ADD_CMDLINE_PRINTF ("%d", g->smp); } ADD_CMDLINE ("-m"); ADD_CMDLINE_PRINTF ("%d", g->memsize); /* Force exit instead of reboot on panic */ ADD_CMDLINE ("-no-reboot"); /* These are recommended settings, see RHBZ#1053847. */ ADD_CMDLINE ("-rtc"); ADD_CMDLINE ("driftfix=slew"); #ifndef __arm__ /* qemu-system-arm advertises the -no-hpet option but if you try * to use it, it usefully says: * "Option no-hpet not supported for this target". * Cheers qemu developers. How many years have we been asking for * capabilities? Could be 3 or 4 years, I forget. */ ADD_CMDLINE ("-no-hpet"); #endif ADD_CMDLINE ("-no-kvm-pit-reinjection"); ADD_CMDLINE ("-kernel"); ADD_CMDLINE (kernel); if (dtb) { ADD_CMDLINE ("-dtb"); ADD_CMDLINE (dtb); } ADD_CMDLINE ("-initrd"); ADD_CMDLINE (initrd); /* Add drives */ virtio_scsi = qemu_supports_virtio_scsi (g, data); if (virtio_scsi) { /* Create the virtio-scsi bus. */ ADD_CMDLINE ("-device"); ADD_CMDLINE (VIRTIO_SCSI ",id=scsi"); } ITER_DRIVES (g, i, drv) { CLEANUP_FREE char *file = NULL, *escaped_file = NULL, *param = NULL; if (!drv->overlay) { /* Make the file= parameter. */ file = guestfs___drive_source_qemu_param (g, &drv->src); escaped_file = qemu_escape_param (g, file); /* Make the first part of the -drive parameter, everything up to * the if=... at the end. */ param = safe_asprintf (g, "file=%s%s,cache=%s%s%s%s%s,id=hd%zu", escaped_file, drv->readonly ? ",snapshot=on" : "", drv->cachemode ? drv->cachemode : "writeback", drv->src.format ? ",format=" : "", drv->src.format ? drv->src.format : "", drv->disk_label ? ",serial=" : "", drv->disk_label ? drv->disk_label : "", i); } else { /* Writable qcow2 overlay on top of read-only drive. */ escaped_file = qemu_escape_param (g, drv->overlay); param = safe_asprintf (g, "file=%s,cache=unsafe,format=qcow2%s%s,id=hd%zu", escaped_file, drv->disk_label ? ",serial=" : "", drv->disk_label ? drv->disk_label : "", i); } /* If there's an explicit 'iface', use it. Otherwise default to * virtio-scsi if available. Otherwise default to virtio-blk. */ if (drv->iface && STREQ (drv->iface, "virtio")) /* virtio-blk */ goto virtio_blk; #if defined(__arm__) || defined(__powerpc__) else if (drv->iface && STREQ (drv->iface, "ide")) { error (g, "'ide' interface does not work on ARM or PowerPC"); goto cleanup0; } #endif else if (drv->iface) { ADD_CMDLINE ("-drive"); ADD_CMDLINE_PRINTF ("%s,if=%s", param, drv->iface); } else if (virtio_scsi) { ADD_CMDLINE ("-drive"); ADD_CMDLINE_PRINTF ("%s,if=none" /* sic */, param); ADD_CMDLINE ("-device"); ADD_CMDLINE_PRINTF ("scsi-hd,drive=hd%zu", i); } else { virtio_blk: ADD_CMDLINE ("-drive"); ADD_CMDLINE_PRINTF ("%s,if=none" /* sic */, param); ADD_CMDLINE ("-device"); ADD_CMDLINE_PRINTF (VIRTIO_BLK ",drive=hd%zu", i); } }
static int disk_create_qcow2 (guestfs_h *g, const char *orig_filename, int64_t size, const char *backingfile, const struct guestfs_disk_create_argv *optargs) { CLEANUP_FREE char *filename = NULL; const char *backingformat = NULL; const char *preallocation = NULL; const char *compat = NULL; int clustersize = -1; CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (optionsv); CLEANUP_CMD_CLOSE struct command *cmd = guestfs_int_new_command (g); int r; /* If the filename is something like "file:foo" then qemu-img will * try to interpret that as "foo" in the file:/// protocol. To * avoid that, if the path is relative prefix it with "./" since * qemu-img won't try to interpret such a path. */ if (orig_filename[0] != '/') filename = safe_asprintf (g, "./%s", orig_filename); else filename = safe_strdup (g, orig_filename); if (optargs->bitmask & GUESTFS_DISK_CREATE_BACKINGFORMAT_BITMASK) { backingformat = optargs->backingformat; /* Conservative whitelist. This can be extended with other * valid formats as required. */ if (STRNEQ (backingformat, "raw") && STRNEQ (backingformat, "qcow2") && STRNEQ (backingformat, "vmdk")) { error (g, _("invalid value for backingformat parameter '%s'"), backingformat); return -1; } } if (optargs->bitmask & GUESTFS_DISK_CREATE_PREALLOCATION_BITMASK) { if (STREQ (optargs->preallocation, "off") || STREQ (optargs->preallocation, "sparse")) preallocation = "off"; else if (STREQ (optargs->preallocation, "metadata")) preallocation = "metadata"; else if (STREQ (optargs->preallocation, "full")) /* Ugh: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03863.html */ preallocation = "falloc"; else { error (g, _("invalid value for preallocation parameter '%s'"), preallocation); return -1; } } if (optargs->bitmask & GUESTFS_DISK_CREATE_COMPAT_BITMASK) { compat = optargs->compat; if (STRNEQ (compat, "0.10") && STRNEQ (compat, "1.1")) { error (g, _("invalid value for compat parameter '%s'"), compat); return -1; } } if (optargs->bitmask & GUESTFS_DISK_CREATE_CLUSTERSIZE_BITMASK) { clustersize = optargs->clustersize; if (clustersize < 512 || clustersize > 2097152 || !is_power_of_2 ((unsigned) clustersize)) { error (g, _("invalid value for clustersize parameter '%d'"), clustersize); return -1; } } /* Assemble the qemu-img command line. */ guestfs_int_cmd_add_arg (cmd, "qemu-img"); guestfs_int_cmd_add_arg (cmd, "create"); guestfs_int_cmd_add_arg (cmd, "-f"); guestfs_int_cmd_add_arg (cmd, "qcow2"); /* -o parameter. */ if (backingfile) { CLEANUP_FREE char *p = qemu_escape_param (g, backingfile); guestfs_int_add_sprintf (g, &optionsv, "backing_file=%s", p); } if (backingformat) guestfs_int_add_sprintf (g, &optionsv, "backing_fmt=%s", backingformat); if (preallocation) guestfs_int_add_sprintf (g, &optionsv, "preallocation=%s", preallocation); if (compat) guestfs_int_add_sprintf (g, &optionsv, "compat=%s", compat); if (clustersize >= 0) guestfs_int_add_sprintf (g, &optionsv, "cluster_size=%d", clustersize); guestfs_int_end_stringsbuf (g, &optionsv); if (optionsv.size > 1) { CLEANUP_FREE char *options = guestfs_int_join_strings (",", optionsv.argv); guestfs_int_cmd_add_arg (cmd, "-o"); guestfs_int_cmd_add_arg (cmd, options); } /* Complete the command line. */ guestfs_int_cmd_add_arg (cmd, filename); if (size >= 0) guestfs_int_cmd_add_arg_format (cmd, "%" PRIi64, size); r = guestfs_int_cmd_run (cmd); if (!WIFEXITED (r) || WEXITSTATUS (r) != 0) { guestfs_int_external_command_failed (g, r, "qemu-img", orig_filename); return -1; } return 0; }