diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-12 15:37:27 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-12 15:37:27 -0500 |
commit | bcf8a3dfcb274cf6654a19e12e244f3af8c0d355 (patch) | |
tree | f1d0e0f36c0575a9202750aff65ba17ce91bc437 /tools/lguest | |
parent | 61bd5e5683244a564ecfe31c73575ee0bc708ccc (diff) | |
parent | b6c96c0214138186f495e3ee73737c6fc5e4efa2 (diff) |
Merge tag 'to-linus' of git://github.com/rustyrussell/linux
* tag 'to-linus' of git://github.com/rustyrussell/linux: (24 commits)
lguest: Make sure interrupt is allocated ok by lguest_setup_irq
lguest: move the lguest tool to the tools directory
lguest: switch segment-voodoo-numbers to readable symbols
virtio: balloon: Add freeze, restore handlers to support S4
virtio: balloon: Move vq initialization into separate function
virtio: net: Add freeze, restore handlers to support S4
virtio: net: Move vq and vq buf removal into separate function
virtio: net: Move vq initialization into separate function
virtio: blk: Add freeze, restore handlers to support S4
virtio: blk: Move vq initialization to separate function
virtio: console: Disable callbacks for virtqueues at start of S4 freeze
virtio: console: Add freeze and restore handlers to support S4
virtio: console: Move vq and vq buf removal into separate functions
virtio: pci: add PM notification handlers for restore, freeze, thaw, poweroff
virtio: pci: switch to new PM API
virtio_blk: fix config handler race
virtio: add debugging if driver doesn't kick.
virtio: expose added descriptors immediately.
virtio: avoid modulus operation.
virtio: support unlocked queue kick
...
Diffstat (limited to 'tools/lguest')
-rw-r--r-- | tools/lguest/.gitignore | 1 | ||||
-rw-r--r-- | tools/lguest/Makefile | 8 | ||||
-rw-r--r-- | tools/lguest/extract | 58 | ||||
-rw-r--r-- | tools/lguest/lguest.c | 2065 | ||||
-rw-r--r-- | tools/lguest/lguest.txt | 129 |
5 files changed, 2261 insertions, 0 deletions
diff --git a/tools/lguest/.gitignore b/tools/lguest/.gitignore new file mode 100644 index 000000000000..115587fd5f65 --- /dev/null +++ b/tools/lguest/.gitignore | |||
@@ -0,0 +1 @@ | |||
lguest | |||
diff --git a/tools/lguest/Makefile b/tools/lguest/Makefile new file mode 100644 index 000000000000..0ac34206f7a7 --- /dev/null +++ b/tools/lguest/Makefile | |||
@@ -0,0 +1,8 @@ | |||
1 | # This creates the demonstration utility "lguest" which runs a Linux guest. | ||
2 | # Missing headers? Add "-I../../../include -I../../../arch/x86/include" | ||
3 | CFLAGS:=-m32 -Wall -Wmissing-declarations -Wmissing-prototypes -O3 -U_FORTIFY_SOURCE | ||
4 | |||
5 | all: lguest | ||
6 | |||
7 | clean: | ||
8 | rm -f lguest | ||
diff --git a/tools/lguest/extract b/tools/lguest/extract new file mode 100644 index 000000000000..7730bb6e4b94 --- /dev/null +++ b/tools/lguest/extract | |||
@@ -0,0 +1,58 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | PREFIX=$1 | ||
6 | shift | ||
7 | |||
8 | trap 'rm -r $TMPDIR' 0 | ||
9 | TMPDIR=`mktemp -d` | ||
10 | |||
11 | exec 3>/dev/null | ||
12 | for f; do | ||
13 | while IFS=" | ||
14 | " read -r LINE; do | ||
15 | case "$LINE" in | ||
16 | *$PREFIX:[0-9]*:\**) | ||
17 | NUM=`echo "$LINE" | sed "s/.*$PREFIX:\([0-9]*\).*/\1/"` | ||
18 | if [ -f $TMPDIR/$NUM ]; then | ||
19 | echo "$TMPDIR/$NUM already exits prior to $f" | ||
20 | exit 1 | ||
21 | fi | ||
22 | exec 3>>$TMPDIR/$NUM | ||
23 | echo $f | sed 's,\.\./,,g' > $TMPDIR/.$NUM | ||
24 | /bin/echo "$LINE" | sed -e "s/$PREFIX:[0-9]*//" -e "s/:\*/*/" >&3 | ||
25 | ;; | ||
26 | *$PREFIX:[0-9]*) | ||
27 | NUM=`echo "$LINE" | sed "s/.*$PREFIX:\([0-9]*\).*/\1/"` | ||
28 | if [ -f $TMPDIR/$NUM ]; then | ||
29 | echo "$TMPDIR/$NUM already exits prior to $f" | ||
30 | exit 1 | ||
31 | fi | ||
32 | exec 3>>$TMPDIR/$NUM | ||
33 | echo $f | sed 's,\.\./,,g' > $TMPDIR/.$NUM | ||
34 | /bin/echo "$LINE" | sed "s/$PREFIX:[0-9]*//" >&3 | ||
35 | ;; | ||
36 | *:\**) | ||
37 | /bin/echo "$LINE" | sed -e "s/:\*/*/" -e "s,/\*\*/,," >&3 | ||
38 | echo >&3 | ||
39 | exec 3>/dev/null | ||
40 | ;; | ||
41 | *) | ||
42 | /bin/echo "$LINE" >&3 | ||
43 | ;; | ||
44 | esac | ||
45 | done < $f | ||
46 | echo >&3 | ||
47 | exec 3>/dev/null | ||
48 | done | ||
49 | |||
50 | LASTFILE="" | ||
51 | for f in $TMPDIR/*; do | ||
52 | if [ "$LASTFILE" != $(cat $TMPDIR/.$(basename $f) ) ]; then | ||
53 | LASTFILE=$(cat $TMPDIR/.$(basename $f) ) | ||
54 | echo "[ $LASTFILE ]" | ||
55 | fi | ||
56 | cat $f | ||
57 | done | ||
58 | |||
diff --git a/tools/lguest/lguest.c b/tools/lguest/lguest.c new file mode 100644 index 000000000000..f759f4f097c7 --- /dev/null +++ b/tools/lguest/lguest.c | |||
@@ -0,0 +1,2065 @@ | |||
1 | /*P:100 | ||
2 | * This is the Launcher code, a simple program which lays out the "physical" | ||
3 | * memory for the new Guest by mapping the kernel image and the virtual | ||
4 | * devices, then opens /dev/lguest to tell the kernel about the Guest and | ||
5 | * control it. | ||
6 | :*/ | ||
7 | #define _LARGEFILE64_SOURCE | ||
8 | #define _GNU_SOURCE | ||
9 | #include <stdio.h> | ||
10 | #include <string.h> | ||
11 | #include <unistd.h> | ||
12 | #include <err.h> | ||
13 | #include <stdint.h> | ||
14 | #include <stdlib.h> | ||
15 | #include <elf.h> | ||
16 | #include <sys/mman.h> | ||
17 | #include <sys/param.h> | ||
18 | #include <sys/types.h> | ||
19 | #include <sys/stat.h> | ||
20 | #include <sys/wait.h> | ||
21 | #include <sys/eventfd.h> | ||
22 | #include <fcntl.h> | ||
23 | #include <stdbool.h> | ||
24 | #include <errno.h> | ||
25 | #include <ctype.h> | ||
26 | #include <sys/socket.h> | ||
27 | #include <sys/ioctl.h> | ||
28 | #include <sys/time.h> | ||
29 | #include <time.h> | ||
30 | #include <netinet/in.h> | ||
31 | #include <net/if.h> | ||
32 | #include <linux/sockios.h> | ||
33 | #include <linux/if_tun.h> | ||
34 | #include <sys/uio.h> | ||
35 | #include <termios.h> | ||
36 | #include <getopt.h> | ||
37 | #include <assert.h> | ||
38 | #include <sched.h> | ||
39 | #include <limits.h> | ||
40 | #include <stddef.h> | ||
41 | #include <signal.h> | ||
42 | #include <pwd.h> | ||
43 | #include <grp.h> | ||
44 | |||
45 | #include <linux/virtio_config.h> | ||
46 | #include <linux/virtio_net.h> | ||
47 | #include <linux/virtio_blk.h> | ||
48 | #include <linux/virtio_console.h> | ||
49 | #include <linux/virtio_rng.h> | ||
50 | #include <linux/virtio_ring.h> | ||
51 | #include <asm/bootparam.h> | ||
52 | #include "../../include/linux/lguest_launcher.h" | ||
53 | /*L:110 | ||
54 | * We can ignore the 43 include files we need for this program, but I do want | ||
55 | * to draw attention to the use of kernel-style types. | ||
56 | * | ||
57 | * As Linus said, "C is a Spartan language, and so should your naming be." I | ||
58 | * like these abbreviations, so we define them here. Note that u64 is always | ||
59 | * unsigned long long, which works on all Linux systems: this means that we can | ||
60 | * use %llu in printf for any u64. | ||
61 | */ | ||
62 | typedef unsigned long long u64; | ||
63 | typedef uint32_t u32; | ||
64 | typedef uint16_t u16; | ||
65 | typedef uint8_t u8; | ||
66 | /*:*/ | ||
67 | |||
68 | #define BRIDGE_PFX "bridge:" | ||
69 | #ifndef SIOCBRADDIF | ||
70 | #define SIOCBRADDIF 0x89a2 /* add interface to bridge */ | ||
71 | #endif | ||
72 | /* We can have up to 256 pages for devices. */ | ||
73 | #define DEVICE_PAGES 256 | ||
74 | /* This will occupy 3 pages: it must be a power of 2. */ | ||
75 | #define VIRTQUEUE_NUM 256 | ||
76 | |||
77 | /*L:120 | ||
78 | * verbose is both a global flag and a macro. The C preprocessor allows | ||
79 | * this, and although I wouldn't recommend it, it works quite nicely here. | ||
80 | */ | ||
81 | static bool verbose; | ||
82 | #define verbose(args...) \ | ||
83 | do { if (verbose) printf(args); } while(0) | ||
84 | /*:*/ | ||
85 | |||
86 | /* The pointer to the start of guest memory. */ | ||
87 | static void *guest_base; | ||
88 | /* The maximum guest physical address allowed, and maximum possible. */ | ||
89 | static unsigned long guest_limit, guest_max; | ||
90 | /* The /dev/lguest file descriptor. */ | ||
91 | static int lguest_fd; | ||
92 | |||
93 | /* a per-cpu variable indicating whose vcpu is currently running */ | ||
94 | static unsigned int __thread cpu_id; | ||
95 | |||
96 | /* This is our list of devices. */ | ||
97 | struct device_list { | ||
98 | /* Counter to assign interrupt numbers. */ | ||
99 | unsigned int next_irq; | ||
100 | |||
101 | /* Counter to print out convenient device numbers. */ | ||
102 | unsigned int device_num; | ||
103 | |||
104 | /* The descriptor page for the devices. */ | ||
105 | u8 *descpage; | ||
106 | |||
107 | /* A single linked list of devices. */ | ||
108 | struct device *dev; | ||
109 | /* And a pointer to the last device for easy append. */ | ||
110 | struct device *lastdev; | ||
111 | }; | ||
112 | |||
113 | /* The list of Guest devices, based on command line arguments. */ | ||
114 | static struct device_list devices; | ||
115 | |||
116 | /* The device structure describes a single device. */ | ||
117 | struct device { | ||
118 | /* The linked-list pointer. */ | ||
119 | struct device *next; | ||
120 | |||
121 | /* The device's descriptor, as mapped into the Guest. */ | ||
122 | struct lguest_device_desc *desc; | ||
123 | |||
124 | /* We can't trust desc values once Guest has booted: we use these. */ | ||
125 | unsigned int feature_len; | ||
126 | unsigned int num_vq; | ||
127 | |||
128 | /* The name of this device, for --verbose. */ | ||
129 | const char *name; | ||
130 | |||
131 | /* Any queues attached to this device */ | ||
132 | struct virtqueue *vq; | ||
133 | |||
134 | /* Is it operational */ | ||
135 | bool running; | ||
136 | |||
137 | /* Device-specific data. */ | ||
138 | void *priv; | ||
139 | }; | ||
140 | |||
141 | /* The virtqueue structure describes a queue attached to a device. */ | ||
142 | struct virtqueue { | ||
143 | struct virtqueue *next; | ||
144 | |||
145 | /* Which device owns me. */ | ||
146 | struct device *dev; | ||
147 | |||
148 | /* The configuration for this queue. */ | ||
149 | struct lguest_vqconfig config; | ||
150 | |||
151 | /* The actual ring of buffers. */ | ||
152 | struct vring vring; | ||
153 | |||
154 | /* Last available index we saw. */ | ||
155 | u16 last_avail_idx; | ||
156 | |||
157 | /* How many are used since we sent last irq? */ | ||
158 | unsigned int pending_used; | ||
159 | |||
160 | /* Eventfd where Guest notifications arrive. */ | ||
161 | int eventfd; | ||
162 | |||
163 | /* Function for the thread which is servicing this virtqueue. */ | ||
164 | void (*service)(struct virtqueue *vq); | ||
165 | pid_t thread; | ||
166 | }; | ||
167 | |||
168 | /* Remember the arguments to the program so we can "reboot" */ | ||
169 | static char **main_args; | ||
170 | |||
171 | /* The original tty settings to restore on exit. */ | ||
172 | static struct termios orig_term; | ||
173 | |||
174 | /* | ||
175 | * We have to be careful with barriers: our devices are all run in separate | ||
176 | * threads and so we need to make sure that changes visible to the Guest happen | ||
177 | * in precise order. | ||
178 | */ | ||
179 | #define wmb() __asm__ __volatile__("" : : : "memory") | ||
180 | #define mb() __asm__ __volatile__("" : : : "memory") | ||
181 | |||
182 | /* | ||
183 | * Convert an iovec element to the given type. | ||
184 | * | ||
185 | * This is a fairly ugly trick: we need to know the size of the type and | ||
186 | * alignment requirement to check the pointer is kosher. It's also nice to | ||
187 | * have the name of the type in case we report failure. | ||
188 | * | ||
189 | * Typing those three things all the time is cumbersome and error prone, so we | ||
190 | * have a macro which sets them all up and passes to the real function. | ||
191 | */ | ||
192 | #define convert(iov, type) \ | ||
193 | ((type *)_convert((iov), sizeof(type), __alignof__(type), #type)) | ||
194 | |||
195 | static void *_convert(struct iovec *iov, size_t size, size_t align, | ||
196 | const char *name) | ||
197 | { | ||
198 | if (iov->iov_len != size) | ||
199 | errx(1, "Bad iovec size %zu for %s", iov->iov_len, name); | ||
200 | if ((unsigned long)iov->iov_base % align != 0) | ||
201 | errx(1, "Bad alignment %p for %s", iov->iov_base, name); | ||
202 | return iov->iov_base; | ||
203 | } | ||
204 | |||
205 | /* Wrapper for the last available index. Makes it easier to change. */ | ||
206 | #define lg_last_avail(vq) ((vq)->last_avail_idx) | ||
207 | |||
208 | /* | ||
209 | * The virtio configuration space is defined to be little-endian. x86 is | ||
210 | * little-endian too, but it's nice to be explicit so we have these helpers. | ||
211 | */ | ||
212 | #define cpu_to_le16(v16) (v16) | ||
213 | #define cpu_to_le32(v32) (v32) | ||
214 | #define cpu_to_le64(v64) (v64) | ||
215 | #define le16_to_cpu(v16) (v16) | ||
216 | #define le32_to_cpu(v32) (v32) | ||
217 | #define le64_to_cpu(v64) (v64) | ||
218 | |||
219 | /* Is this iovec empty? */ | ||
220 | static bool iov_empty(const struct iovec iov[], unsigned int num_iov) | ||
221 | { | ||
222 | unsigned int i; | ||
223 | |||
224 | for (i = 0; i < num_iov; i++) | ||
225 | if (iov[i].iov_len) | ||
226 | return false; | ||
227 | return true; | ||
228 | } | ||
229 | |||
230 | /* Take len bytes from the front of this iovec. */ | ||
231 | static void iov_consume(struct iovec iov[], unsigned num_iov, unsigned len) | ||
232 | { | ||
233 | unsigned int i; | ||
234 | |||
235 | for (i = 0; i < num_iov; i++) { | ||
236 | unsigned int used; | ||
237 | |||
238 | used = iov[i].iov_len < len ? iov[i].iov_len : len; | ||
239 | iov[i].iov_base += used; | ||
240 | iov[i].iov_len -= used; | ||
241 | len -= used; | ||
242 | } | ||
243 | assert(len == 0); | ||
244 | } | ||
245 | |||
246 | /* The device virtqueue descriptors are followed by feature bitmasks. */ | ||
247 | static u8 *get_feature_bits(struct device *dev) | ||
248 | { | ||
249 | return (u8 *)(dev->desc + 1) | ||
250 | + dev->num_vq * sizeof(struct lguest_vqconfig); | ||
251 | } | ||
252 | |||
253 | /*L:100 | ||
254 | * The Launcher code itself takes us out into userspace, that scary place where | ||
255 | * pointers run wild and free! Unfortunately, like most userspace programs, | ||
256 | * it's quite boring (which is why everyone likes to hack on the kernel!). | ||
257 | * Perhaps if you make up an Lguest Drinking Game at this point, it will get | ||
258 | * you through this section. Or, maybe not. | ||
259 | * | ||
260 | * The Launcher sets up a big chunk of memory to be the Guest's "physical" | ||
261 | * memory and stores it in "guest_base". In other words, Guest physical == | ||
262 | * Launcher virtual with an offset. | ||
263 | * | ||
264 | * This can be tough to get your head around, but usually it just means that we | ||
265 | * use these trivial conversion functions when the Guest gives us its | ||
266 | * "physical" addresses: | ||
267 | */ | ||
268 | static void *from_guest_phys(unsigned long addr) | ||
269 | { | ||
270 | return guest_base + addr; | ||
271 | } | ||
272 | |||
273 | static unsigned long to_guest_phys(const void *addr) | ||
274 | { | ||
275 | return (addr - guest_base); | ||
276 | } | ||
277 | |||
278 | /*L:130 | ||
279 | * Loading the Kernel. | ||
280 | * | ||
281 | * We start with couple of simple helper routines. open_or_die() avoids | ||
282 | * error-checking code cluttering the callers: | ||
283 | */ | ||
284 | static int open_or_die(const char *name, int flags) | ||
285 | { | ||
286 | int fd = open(name, flags); | ||
287 | if (fd < 0) | ||
288 | err(1, "Failed to open %s", name); | ||
289 | return fd; | ||
290 | } | ||
291 | |||
292 | /* map_zeroed_pages() takes a number of pages. */ | ||
293 | static void *map_zeroed_pages(unsigned int num) | ||
294 | { | ||
295 | int fd = open_or_die("/dev/zero", O_RDONLY); | ||
296 | void *addr; | ||
297 | |||
298 | /* | ||
299 | * We use a private mapping (ie. if we write to the page, it will be | ||
300 | * copied). We allocate an extra two pages PROT_NONE to act as guard | ||
301 | * pages against read/write attempts that exceed allocated space. | ||
302 | */ | ||
303 | addr = mmap(NULL, getpagesize() * (num+2), | ||
304 | PROT_NONE, MAP_PRIVATE, fd, 0); | ||
305 | |||
306 | if (addr == MAP_FAILED) | ||
307 | err(1, "Mmapping %u pages of /dev/zero", num); | ||
308 | |||
309 | if (mprotect(addr + getpagesize(), getpagesize() * num, | ||
310 | PROT_READ|PROT_WRITE) == -1) | ||
311 | err(1, "mprotect rw %u pages failed", num); | ||
312 | |||
313 | /* | ||
314 | * One neat mmap feature is that you can close the fd, and it | ||
315 | * stays mapped. | ||
316 | */ | ||
317 | close(fd); | ||
318 | |||
319 | /* Return address after PROT_NONE page */ | ||
320 | return addr + getpagesize(); | ||
321 | } | ||
322 | |||
323 | /* Get some more pages for a device. */ | ||
324 | static void *get_pages(unsigned int num) | ||
325 | { | ||
326 | void *addr = from_guest_phys(guest_limit); | ||
327 | |||
328 | guest_limit += num * getpagesize(); | ||
329 | if (guest_limit > guest_max) | ||
330 | errx(1, "Not enough memory for devices"); | ||
331 | return addr; | ||
332 | } | ||
333 | |||
334 | /* | ||
335 | * This routine is used to load the kernel or initrd. It tries mmap, but if | ||
336 | * that fails (Plan 9's kernel file isn't nicely aligned on page boundaries), | ||
337 | * it falls back to reading the memory in. | ||
338 | */ | ||
339 | static void map_at(int fd, void *addr, unsigned long offset, unsigned long len) | ||
340 | { | ||
341 | ssize_t r; | ||
342 | |||
343 | /* | ||
344 | * We map writable even though for some segments are marked read-only. | ||
345 | * The kernel really wants to be writable: it patches its own | ||
346 | * instructions. | ||
347 | * | ||
348 | * MAP_PRIVATE means that the page won't be copied until a write is | ||
349 | * done to it. This allows us to share untouched memory between | ||
350 | * Guests. | ||
351 | */ | ||
352 | if (mmap(addr, len, PROT_READ|PROT_WRITE, | ||
353 | MAP_FIXED|MAP_PRIVATE, fd, offset) != MAP_FAILED) | ||
354 | return; | ||
355 | |||
356 | /* pread does a seek and a read in one shot: saves a few lines. */ | ||
357 | r = pread(fd, addr, len, offset); | ||
358 | if (r != len) | ||
359 | err(1, "Reading offset %lu len %lu gave %zi", offset, len, r); | ||
360 | } | ||
361 | |||
362 | /* | ||
363 | * This routine takes an open vmlinux image, which is in ELF, and maps it into | ||
364 | * the Guest memory. ELF = Embedded Linking Format, which is the format used | ||
365 | * by all modern binaries on Linux including the kernel. | ||
366 | * | ||
367 | * The ELF headers give *two* addresses: a physical address, and a virtual | ||
368 | * address. We use the physical address; the Guest will map itself to the | ||
369 | * virtual address. | ||
370 | * | ||
371 | * We return the starting address. | ||
372 | */ | ||
373 | static unsigned long map_elf(int elf_fd, const Elf32_Ehdr *ehdr) | ||
374 | { | ||
375 | Elf32_Phdr phdr[ehdr->e_phnum]; | ||
376 | unsigned int i; | ||
377 | |||
378 | /* | ||
379 | * Sanity checks on the main ELF header: an x86 executable with a | ||
380 | * reasonable number of correctly-sized program headers. | ||
381 | */ | ||
382 | if (ehdr->e_type != ET_EXEC | ||
383 | || ehdr->e_machine != EM_386 | ||
384 | || ehdr->e_phentsize != sizeof(Elf32_Phdr) | ||
385 | || ehdr->e_phnum < 1 || ehdr->e_phnum > 65536U/sizeof(Elf32_Phdr)) | ||
386 | errx(1, "Malformed elf header"); | ||
387 | |||
388 | /* | ||
389 | * An ELF executable contains an ELF header and a number of "program" | ||
390 | * headers which indicate which parts ("segments") of the program to | ||
391 | * load where. | ||
392 | */ | ||
393 | |||
394 | /* We read in all the program headers at once: */ | ||
395 | if (lseek(elf_fd, ehdr->e_phoff, SEEK_SET) < 0) | ||
396 | err(1, "Seeking to program headers"); | ||
397 | if (read(elf_fd, phdr, sizeof(phdr)) != sizeof(phdr)) | ||
398 | err(1, "Reading program headers"); | ||
399 | |||
400 | /* | ||
401 | * Try all the headers: there are usually only three. A read-only one, | ||
402 | * a read-write one, and a "note" section which we don't load. | ||
403 | */ | ||
404 | for (i = 0; i < ehdr->e_phnum; i++) { | ||
405 | /* If this isn't a loadable segment, we ignore it */ | ||
406 | if (phdr[i].p_type != PT_LOAD) | ||
407 | continue; | ||
408 | |||
409 | verbose("Section %i: size %i addr %p\n", | ||
410 | i, phdr[i].p_memsz, (void *)phdr[i].p_paddr); | ||
411 | |||
412 | /* We map this section of the file at its physical address. */ | ||
413 | map_at(elf_fd, from_guest_phys(phdr[i].p_paddr), | ||
414 | phdr[i].p_offset, phdr[i].p_filesz); | ||
415 | } | ||
416 | |||
417 | /* The entry point is given in the ELF header. */ | ||
418 | return ehdr->e_entry; | ||
419 | } | ||
420 | |||
421 | /*L:150 | ||
422 | * A bzImage, unlike an ELF file, is not meant to be loaded. You're supposed | ||
423 | * to jump into it and it will unpack itself. We used to have to perform some | ||
424 | * hairy magic because the unpacking code scared me. | ||
425 | * | ||
426 | * Fortunately, Jeremy Fitzhardinge convinced me it wasn't that hard and wrote | ||
427 | * a small patch to jump over the tricky bits in the Guest, so now we just read | ||
428 | * the funky header so we know where in the file to load, and away we go! | ||
429 | */ | ||
430 | static unsigned long load_bzimage(int fd) | ||
431 | { | ||
432 | struct boot_params boot; | ||
433 | int r; | ||
434 | /* Modern bzImages get loaded at 1M. */ | ||
435 | void *p = from_guest_phys(0x100000); | ||
436 | |||
437 | /* | ||
438 | * Go back to the start of the file and read the header. It should be | ||
439 | * a Linux boot header (see Documentation/x86/boot.txt) | ||
440 | */ | ||
441 | lseek(fd, 0, SEEK_SET); | ||
442 | read(fd, &boot, sizeof(boot)); | ||
443 | |||
444 | /* Inside the setup_hdr, we expect the magic "HdrS" */ | ||
445 | if (memcmp(&boot.hdr.header, "HdrS", 4) != 0) | ||
446 | errx(1, "This doesn't look like a bzImage to me"); | ||
447 | |||
448 | /* Skip over the extra sectors of the header. */ | ||
449 | lseek(fd, (boot.hdr.setup_sects+1) * 512, SEEK_SET); | ||
450 | |||
451 | /* Now read everything into memory. in nice big chunks. */ | ||
452 | while ((r = read(fd, p, 65536)) > 0) | ||
453 | p += r; | ||
454 | |||
455 | /* Finally, code32_start tells us where to enter the kernel. */ | ||
456 | return boot.hdr.code32_start; | ||
457 | } | ||
458 | |||
459 | /*L:140 | ||
460 | * Loading the kernel is easy when it's a "vmlinux", but most kernels | ||
461 | * come wrapped up in the self-decompressing "bzImage" format. With a little | ||
462 | * work, we can load those, too. | ||
463 | */ | ||
464 | static unsigned long load_kernel(int fd) | ||
465 | { | ||
466 | Elf32_Ehdr hdr; | ||
467 | |||
468 | /* Read in the first few bytes. */ | ||
469 | if (read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) | ||
470 | err(1, "Reading kernel"); | ||
471 | |||
472 | /* If it's an ELF file, it starts with "\177ELF" */ | ||
473 | if (memcmp(hdr.e_ident, ELFMAG, SELFMAG) == 0) | ||
474 | return map_elf(fd, &hdr); | ||
475 | |||
476 | /* Otherwise we assume it's a bzImage, and try to load it. */ | ||
477 | return load_bzimage(fd); | ||
478 | } | ||
479 | |||
480 | /* | ||
481 | * This is a trivial little helper to align pages. Andi Kleen hated it because | ||
482 | * it calls getpagesize() twice: "it's dumb code." | ||
483 | * | ||
484 | * Kernel guys get really het up about optimization, even when it's not | ||
485 | * necessary. I leave this code as a reaction against that. | ||
486 | */ | ||
487 | static inline unsigned long page_align(unsigned long addr) | ||
488 | { | ||
489 | /* Add upwards and truncate downwards. */ | ||
490 | return ((addr + getpagesize()-1) & ~(getpagesize()-1)); | ||
491 | } | ||
492 | |||
493 | /*L:180 | ||
494 | * An "initial ram disk" is a disk image loaded into memory along with the | ||
495 | * kernel which the kernel can use to boot from without needing any drivers. | ||
496 | * Most distributions now use this as standard: the initrd contains the code to | ||
497 | * load the appropriate driver modules for the current machine. | ||
498 | * | ||
499 | * Importantly, James Morris works for RedHat, and Fedora uses initrds for its | ||
500 | * kernels. He sent me this (and tells me when I break it). | ||
501 | */ | ||
502 | static unsigned long load_initrd(const char *name, unsigned long mem) | ||
503 | { | ||
504 | int ifd; | ||
505 | struct stat st; | ||
506 | unsigned long len; | ||
507 | |||
508 | ifd = open_or_die(name, O_RDONLY); | ||
509 | /* fstat() is needed to get the file size. */ | ||
510 | if (fstat(ifd, &st) < 0) | ||
511 | err(1, "fstat() on initrd '%s'", name); | ||
512 | |||
513 | /* | ||
514 | * We map the initrd at the top of memory, but mmap wants it to be | ||
515 | * page-aligned, so we round the size up for that. | ||
516 | */ | ||
517 | len = page_align(st.st_size); | ||
518 | map_at(ifd, from_guest_phys(mem - len), 0, st.st_size); | ||
519 | /* | ||
520 | * Once a file is mapped, you can close the file descriptor. It's a | ||
521 | * little odd, but quite useful. | ||
522 | */ | ||
523 | close(ifd); | ||
524 | verbose("mapped initrd %s size=%lu @ %p\n", name, len, (void*)mem-len); | ||
525 | |||
526 | /* We return the initrd size. */ | ||
527 | return len; | ||
528 | } | ||
529 | /*:*/ | ||
530 | |||
531 | /* | ||
532 | * Simple routine to roll all the commandline arguments together with spaces | ||
533 | * between them. | ||
534 | */ | ||
535 | static void concat(char *dst, char *args[]) | ||
536 | { | ||
537 | unsigned int i, len = 0; | ||
538 | |||
539 | for (i = 0; args[i]; i++) { | ||
540 | if (i) { | ||
541 | strcat(dst+len, " "); | ||
542 | len++; | ||
543 | } | ||
544 | strcpy(dst+len, args[i]); | ||
545 | len += strlen(args[i]); | ||
546 | } | ||
547 | /* In case it's empty. */ | ||
548 | dst[len] = '\0'; | ||
549 | } | ||
550 | |||
551 | /*L:185 | ||
552 | * This is where we actually tell the kernel to initialize the Guest. We | ||
553 | * saw the arguments it expects when we looked at initialize() in lguest_user.c: | ||
554 | * the base of Guest "physical" memory, the top physical page to allow and the | ||
555 | * entry point for the Guest. | ||
556 | */ | ||
557 | static void tell_kernel(unsigned long start) | ||
558 | { | ||
559 | unsigned long args[] = { LHREQ_INITIALIZE, | ||
560 | (unsigned long)guest_base, | ||
561 | guest_limit / getpagesize(), start }; | ||
562 | verbose("Guest: %p - %p (%#lx)\n", | ||
563 | guest_base, guest_base + guest_limit, guest_limit); | ||
564 | lguest_fd = open_or_die("/dev/lguest", O_RDWR); | ||
565 | if (write(lguest_fd, args, sizeof(args)) < 0) | ||
566 | err(1, "Writing to /dev/lguest"); | ||
567 | } | ||
568 | /*:*/ | ||
569 | |||
570 | /*L:200 | ||
571 | * Device Handling. | ||
572 | * | ||
573 | * When the Guest gives us a buffer, it sends an array of addresses and sizes. | ||
574 | * We need to make sure it's not trying to reach into the Launcher itself, so | ||
575 | * we have a convenient routine which checks it and exits with an error message | ||
576 | * if something funny is going on: | ||
577 | */ | ||
578 | static void *_check_pointer(unsigned long addr, unsigned int size, | ||
579 | unsigned int line) | ||
580 | { | ||
581 | /* | ||
582 | * Check if the requested address and size exceeds the allocated memory, | ||
583 | * or addr + size wraps around. | ||
584 | */ | ||
585 | if ((addr + size) > guest_limit || (addr + size) < addr) | ||
586 | errx(1, "%s:%i: Invalid address %#lx", __FILE__, line, addr); | ||
587 | /* | ||
588 | * We return a pointer for the caller's convenience, now we know it's | ||
589 | * safe to use. | ||
590 | */ | ||
591 | return from_guest_phys(addr); | ||
592 | } | ||
593 | /* A macro which transparently hands the line number to the real function. */ | ||
594 | #define check_pointer(addr,size) _check_pointer(addr, size, __LINE__) | ||
595 | |||
596 | /* | ||
597 | * Each buffer in the virtqueues is actually a chain of descriptors. This | ||
598 | * function returns the next descriptor in the chain, or vq->vring.num if we're | ||
599 | * at the end. | ||
600 | */ | ||
601 | static unsigned next_desc(struct vring_desc *desc, | ||
602 | unsigned int i, unsigned int max) | ||
603 | { | ||
604 | unsigned int next; | ||
605 | |||
606 | /* If this descriptor says it doesn't chain, we're done. */ | ||
607 | if (!(desc[i].flags & VRING_DESC_F_NEXT)) | ||
608 | return max; | ||
609 | |||
610 | /* Check they're not leading us off end of descriptors. */ | ||
611 | next = desc[i].next; | ||
612 | /* Make sure compiler knows to grab that: we don't want it changing! */ | ||
613 | wmb(); | ||
614 | |||
615 | if (next >= max) | ||
616 | errx(1, "Desc next is %u", next); | ||
617 | |||
618 | return next; | ||
619 | } | ||
620 | |||
621 | /* | ||
622 | * This actually sends the interrupt for this virtqueue, if we've used a | ||
623 | * buffer. | ||
624 | */ | ||
625 | static void trigger_irq(struct virtqueue *vq) | ||
626 | { | ||
627 | unsigned long buf[] = { LHREQ_IRQ, vq->config.irq }; | ||
628 | |||
629 | /* Don't inform them if nothing used. */ | ||
630 | if (!vq->pending_used) | ||
631 | return; | ||
632 | vq->pending_used = 0; | ||
633 | |||
634 | /* If they don't want an interrupt, don't send one... */ | ||
635 | if (vq->vring.avail->flags & VRING_AVAIL_F_NO_INTERRUPT) { | ||
636 | return; | ||
637 | } | ||
638 | |||
639 | /* Send the Guest an interrupt tell them we used something up. */ | ||
640 | if (write(lguest_fd, buf, sizeof(buf)) != 0) | ||
641 | err(1, "Triggering irq %i", vq->config.irq); | ||
642 | } | ||
643 | |||
644 | /* | ||
645 | * This looks in the virtqueue for the first available buffer, and converts | ||
646 | * it to an iovec for convenient access. Since descriptors consist of some | ||
647 | * number of output then some number of input descriptors, it's actually two | ||
648 | * iovecs, but we pack them into one and note how many of each there were. | ||
649 | * | ||
650 | * This function waits if necessary, and returns the descriptor number found. | ||
651 | */ | ||
652 | static unsigned wait_for_vq_desc(struct virtqueue *vq, | ||
653 | struct iovec iov[], | ||
654 | unsigned int *out_num, unsigned int *in_num) | ||
655 | { | ||
656 | unsigned int i, head, max; | ||
657 | struct vring_desc *desc; | ||
658 | u16 last_avail = lg_last_avail(vq); | ||
659 | |||
660 | /* There's nothing available? */ | ||
661 | while (last_avail == vq->vring.avail->idx) { | ||
662 | u64 event; | ||
663 | |||
664 | /* | ||
665 | * Since we're about to sleep, now is a good time to tell the | ||
666 | * Guest about what we've used up to now. | ||
667 | */ | ||
668 | trigger_irq(vq); | ||
669 | |||
670 | /* OK, now we need to know about added descriptors. */ | ||
671 | vq->vring.used->flags &= ~VRING_USED_F_NO_NOTIFY; | ||
672 | |||
673 | /* | ||
674 | * They could have slipped one in as we were doing that: make | ||
675 | * sure it's written, then check again. | ||
676 | */ | ||
677 | mb(); | ||
678 | if (last_avail != vq->vring.avail->idx) { | ||
679 | vq->vring.used->flags |= VRING_USED_F_NO_NOTIFY; | ||
680 | break; | ||
681 | } | ||
682 | |||
683 | /* Nothing new? Wait for eventfd to tell us they refilled. */ | ||
684 | if (read(vq->eventfd, &event, sizeof(event)) != sizeof(event)) | ||
685 | errx(1, "Event read failed?"); | ||
686 | |||
687 | /* We don't need to be notified again. */ | ||
688 | vq->vring.used->flags |= VRING_USED_F_NO_NOTIFY; | ||
689 | } | ||
690 | |||
691 | /* Check it isn't doing very strange things with descriptor numbers. */ | ||
692 | if ((u16)(vq->vring.avail->idx - last_avail) > vq->vring.num) | ||
693 | errx(1, "Guest moved used index from %u to %u", | ||
694 | last_avail, vq->vring.avail->idx); | ||
695 | |||
696 | /* | ||
697 | * Grab the next descriptor number they're advertising, and increment | ||
698 | * the index we've seen. | ||
699 | */ | ||
700 | head = vq->vring.avail->ring[last_avail % vq->vring.num]; | ||
701 | lg_last_avail(vq)++; | ||
702 | |||
703 | /* If their number is silly, that's a fatal mistake. */ | ||
704 | if (head >= vq->vring.num) | ||
705 | errx(1, "Guest says index %u is available", head); | ||
706 | |||
707 | /* When we start there are none of either input nor output. */ | ||
708 | *out_num = *in_num = 0; | ||
709 | |||
710 | max = vq->vring.num; | ||
711 | desc = vq->vring.desc; | ||
712 | i = head; | ||
713 | |||
714 | /* | ||
715 | * If this is an indirect entry, then this buffer contains a descriptor | ||
716 | * table which we handle as if it's any normal descriptor chain. | ||
717 | */ | ||
718 | if (desc[i].flags & VRING_DESC_F_INDIRECT) { | ||
719 | if (desc[i].len % sizeof(struct vring_desc)) | ||
720 | errx(1, "Invalid size for indirect buffer table"); | ||
721 | |||
722 | max = desc[i].len / sizeof(struct vring_desc); | ||
723 | desc = check_pointer(desc[i].addr, desc[i].len); | ||
724 | i = 0; | ||
725 | } | ||
726 | |||
727 | do { | ||
728 | /* Grab the first descriptor, and check it's OK. */ | ||
729 | iov[*out_num + *in_num].iov_len = desc[i].len; | ||
730 | iov[*out_num + *in_num].iov_base | ||
731 | = check_pointer(desc[i].addr, desc[i].len); | ||
732 | /* If this is an input descriptor, increment that count. */ | ||
733 | if (desc[i].flags & VRING_DESC_F_WRITE) | ||
734 | (*in_num)++; | ||
735 | else { | ||
736 | /* | ||
737 | * If it's an output descriptor, they're all supposed | ||
738 | * to come before any input descriptors. | ||
739 | */ | ||
740 | if (*in_num) | ||
741 | errx(1, "Descriptor has out after in"); | ||
742 | (*out_num)++; | ||
743 | } | ||
744 | |||
745 | /* If we've got too many, that implies a descriptor loop. */ | ||
746 | if (*out_num + *in_num > max) | ||
747 | errx(1, "Looped descriptor"); | ||
748 | } while ((i = next_desc(desc, i, max)) != max); | ||
749 | |||
750 | return head; | ||
751 | } | ||
752 | |||
753 | /* | ||
754 | * After we've used one of their buffers, we tell the Guest about it. Sometime | ||
755 | * later we'll want to send them an interrupt using trigger_irq(); note that | ||
756 | * wait_for_vq_desc() does that for us if it has to wait. | ||
757 | */ | ||
758 | static void add_used(struct virtqueue *vq, unsigned int head, int len) | ||
759 | { | ||
760 | struct vring_used_elem *used; | ||
761 | |||
762 | /* | ||
763 | * The virtqueue contains a ring of used buffers. Get a pointer to the | ||
764 | * next entry in that used ring. | ||
765 | */ | ||
766 | used = &vq->vring.used->ring[vq->vring.used->idx % vq->vring.num]; | ||
767 | used->id = head; | ||
768 | used->len = len; | ||
769 | /* Make sure buffer is written before we update index. */ | ||
770 | wmb(); | ||
771 | vq->vring.used->idx++; | ||
772 | vq->pending_used++; | ||
773 | } | ||
774 | |||
775 | /* And here's the combo meal deal. Supersize me! */ | ||
776 | static void add_used_and_trigger(struct virtqueue *vq, unsigned head, int len) | ||
777 | { | ||
778 | add_used(vq, head, len); | ||
779 | trigger_irq(vq); | ||
780 | } | ||
781 | |||
782 | /* | ||
783 | * The Console | ||
784 | * | ||
785 | * We associate some data with the console for our exit hack. | ||
786 | */ | ||
787 | struct console_abort { | ||
788 | /* How many times have they hit ^C? */ | ||
789 | int count; | ||
790 | /* When did they start? */ | ||
791 | struct timeval start; | ||
792 | }; | ||
793 | |||
794 | /* This is the routine which handles console input (ie. stdin). */ | ||
795 | static void console_input(struct virtqueue *vq) | ||
796 | { | ||
797 | int len; | ||
798 | unsigned int head, in_num, out_num; | ||
799 | struct console_abort *abort = vq->dev->priv; | ||
800 | struct iovec iov[vq->vring.num]; | ||
801 | |||
802 | /* Make sure there's a descriptor available. */ | ||
803 | head = wait_for_vq_desc(vq, iov, &out_num, &in_num); | ||
804 | if (out_num) | ||
805 | errx(1, "Output buffers in console in queue?"); | ||
806 | |||
807 | /* Read into it. This is where we usually wait. */ | ||
808 | len = readv(STDIN_FILENO, iov, in_num); | ||
809 | if (len <= 0) { | ||
810 | /* Ran out of input? */ | ||
811 | warnx("Failed to get console input, ignoring console."); | ||
812 | /* | ||
813 | * For simplicity, dying threads kill the whole Launcher. So | ||
814 | * just nap here. | ||
815 | */ | ||
816 | for (;;) | ||
817 | pause(); | ||
818 | } | ||
819 | |||
820 | /* Tell the Guest we used a buffer. */ | ||
821 | add_used_and_trigger(vq, head, len); | ||
822 | |||
823 | /* | ||
824 | * Three ^C within one second? Exit. | ||
825 | * | ||
826 | * This is such a hack, but works surprisingly well. Each ^C has to | ||
827 | * be in a buffer by itself, so they can't be too fast. But we check | ||
828 | * that we get three within about a second, so they can't be too | ||
829 | * slow. | ||
830 | */ | ||
831 | if (len != 1 || ((char *)iov[0].iov_base)[0] != 3) { | ||
832 | abort->count = 0; | ||
833 | return; | ||
834 | } | ||
835 | |||
836 | abort->count++; | ||
837 | if (abort->count == 1) | ||
838 | gettimeofday(&abort->start, NULL); | ||
839 | else if (abort->count == 3) { | ||
840 | struct timeval now; | ||
841 | gettimeofday(&now, NULL); | ||
842 | /* Kill all Launcher processes with SIGINT, like normal ^C */ | ||
843 | if (now.tv_sec <= abort->start.tv_sec+1) | ||
844 | kill(0, SIGINT); | ||
845 | abort->count = 0; | ||
846 | } | ||
847 | } | ||
848 | |||
849 | /* This is the routine which handles console output (ie. stdout). */ | ||
850 | static void console_output(struct virtqueue *vq) | ||
851 | { | ||
852 | unsigned int head, out, in; | ||
853 | struct iovec iov[vq->vring.num]; | ||
854 | |||
855 | /* We usually wait in here, for the Guest to give us something. */ | ||
856 | head = wait_for_vq_desc(vq, iov, &out, &in); | ||
857 | if (in) | ||
858 | errx(1, "Input buffers in console output queue?"); | ||
859 | |||
860 | /* writev can return a partial write, so we loop here. */ | ||
861 | while (!iov_empty(iov, out)) { | ||
862 | int len = writev(STDOUT_FILENO, iov, out); | ||
863 | if (len <= 0) { | ||
864 | warn("Write to stdout gave %i (%d)", len, errno); | ||
865 | break; | ||
866 | } | ||
867 | iov_consume(iov, out, len); | ||
868 | } | ||
869 | |||
870 | /* | ||
871 | * We're finished with that buffer: if we're going to sleep, | ||
872 | * wait_for_vq_desc() will prod the Guest with an interrupt. | ||
873 | */ | ||
874 | add_used(vq, head, 0); | ||
875 | } | ||
876 | |||
877 | /* | ||
878 | * The Network | ||
879 | * | ||
880 | * Handling output for network is also simple: we get all the output buffers | ||
881 | * and write them to /dev/net/tun. | ||
882 | */ | ||
883 | struct net_info { | ||
884 | int tunfd; | ||
885 | }; | ||
886 | |||
887 | static void net_output(struct virtqueue *vq) | ||
888 | { | ||
889 | struct net_info *net_info = vq->dev->priv; | ||
890 | unsigned int head, out, in; | ||
891 | struct iovec iov[vq->vring.num]; | ||
892 | |||
893 | /* We usually wait in here for the Guest to give us a packet. */ | ||
894 | head = wait_for_vq_desc(vq, iov, &out, &in); | ||
895 | if (in) | ||
896 | errx(1, "Input buffers in net output queue?"); | ||
897 | /* | ||
898 | * Send the whole thing through to /dev/net/tun. It expects the exact | ||
899 | * same format: what a coincidence! | ||
900 | */ | ||
901 | if (writev(net_info->tunfd, iov, out) < 0) | ||
902 | warnx("Write to tun failed (%d)?", errno); | ||
903 | |||
904 | /* | ||
905 | * Done with that one; wait_for_vq_desc() will send the interrupt if | ||
906 | * all packets are processed. | ||
907 | */ | ||
908 | add_used(vq, head, 0); | ||
909 | } | ||
910 | |||
911 | /* | ||
912 | * Handling network input is a bit trickier, because I've tried to optimize it. | ||
913 | * | ||
914 | * First we have a helper routine which tells is if from this file descriptor | ||
915 | * (ie. the /dev/net/tun device) will block: | ||
916 | */ | ||
917 | static bool will_block(int fd) | ||
918 | { | ||
919 | fd_set fdset; | ||
920 | struct timeval zero = { 0, 0 }; | ||
921 | FD_ZERO(&fdset); | ||
922 | FD_SET(fd, &fdset); | ||
923 | return select(fd+1, &fdset, NULL, NULL, &zero) != 1; | ||
924 | } | ||
925 | |||
926 | /* | ||
927 | * This handles packets coming in from the tun device to our Guest. Like all | ||
928 | * service routines, it gets called again as soon as it returns, so you don't | ||
929 | * see a while(1) loop here. | ||
930 | */ | ||
931 | static void net_input(struct virtqueue *vq) | ||
932 | { | ||
933 | int len; | ||
934 | unsigned int head, out, in; | ||
935 | struct iovec iov[vq->vring.num]; | ||
936 | struct net_info *net_info = vq->dev->priv; | ||
937 | |||
938 | /* | ||
939 | * Get a descriptor to write an incoming packet into. This will also | ||
940 | * send an interrupt if they're out of descriptors. | ||
941 | */ | ||
942 | head = wait_for_vq_desc(vq, iov, &out, &in); | ||
943 | if (out) | ||
944 | errx(1, "Output buffers in net input queue?"); | ||
945 | |||
946 | /* | ||
947 | * If it looks like we'll block reading from the tun device, send them | ||
948 | * an interrupt. | ||
949 | */ | ||
950 | if (vq->pending_used && will_block(net_info->tunfd)) | ||
951 | trigger_irq(vq); | ||
952 | |||
953 | /* | ||
954 | * Read in the packet. This is where we normally wait (when there's no | ||
955 | * incoming network traffic). | ||
956 | */ | ||
957 | len = readv(net_info->tunfd, iov, in); | ||
958 | if (len <= 0) | ||
959 | warn("Failed to read from tun (%d).", errno); | ||
960 | |||
961 | /* | ||
962 | * Mark that packet buffer as used, but don't interrupt here. We want | ||
963 | * to wait until we've done as much work as we can. | ||
964 | */ | ||
965 | add_used(vq, head, len); | ||
966 | } | ||
967 | /*:*/ | ||
968 | |||
969 | /* This is the helper to create threads: run the service routine in a loop. */ | ||
970 | static int do_thread(void *_vq) | ||
971 | { | ||
972 | struct virtqueue *vq = _vq; | ||
973 | |||
974 | for (;;) | ||
975 | vq->service(vq); | ||
976 | return 0; | ||
977 | } | ||
978 | |||
979 | /* | ||
980 | * When a child dies, we kill our entire process group with SIGTERM. This | ||
981 | * also has the side effect that the shell restores the console for us! | ||
982 | */ | ||
983 | static void kill_launcher(int signal) | ||
984 | { | ||
985 | kill(0, SIGTERM); | ||
986 | } | ||
987 | |||
988 | static void reset_device(struct device *dev) | ||
989 | { | ||
990 | struct virtqueue *vq; | ||
991 | |||
992 | verbose("Resetting device %s\n", dev->name); | ||
993 | |||
994 | /* Clear any features they've acked. */ | ||
995 | memset(get_feature_bits(dev) + dev->feature_len, 0, dev->feature_len); | ||
996 | |||
997 | /* We're going to be explicitly killing threads, so ignore them. */ | ||
998 | signal(SIGCHLD, SIG_IGN); | ||
999 | |||
1000 | /* Zero out the virtqueues, get rid of their threads */ | ||
1001 | for (vq = dev->vq; vq; vq = vq->next) { | ||
1002 | if (vq->thread != (pid_t)-1) { | ||
1003 | kill(vq->thread, SIGTERM); | ||
1004 | waitpid(vq->thread, NULL, 0); | ||
1005 | vq->thread = (pid_t)-1; | ||
1006 | } | ||
1007 | memset(vq->vring.desc, 0, | ||
1008 | vring_size(vq->config.num, LGUEST_VRING_ALIGN)); | ||
1009 | lg_last_avail(vq) = 0; | ||
1010 | } | ||
1011 | dev->running = false; | ||
1012 | |||
1013 | /* Now we care if threads die. */ | ||
1014 | signal(SIGCHLD, (void *)kill_launcher); | ||
1015 | } | ||
1016 | |||
1017 | /*L:216 | ||
1018 | * This actually creates the thread which services the virtqueue for a device. | ||
1019 | */ | ||
1020 | static void create_thread(struct virtqueue *vq) | ||
1021 | { | ||
1022 | /* | ||
1023 | * Create stack for thread. Since the stack grows upwards, we point | ||
1024 | * the stack pointer to the end of this region. | ||
1025 | */ | ||
1026 | char *stack = malloc(32768); | ||
1027 | unsigned long args[] = { LHREQ_EVENTFD, | ||
1028 | vq->config.pfn*getpagesize(), 0 }; | ||
1029 | |||
1030 | /* Create a zero-initialized eventfd. */ | ||
1031 | vq->eventfd = eventfd(0, 0); | ||
1032 | if (vq->eventfd < 0) | ||
1033 | err(1, "Creating eventfd"); | ||
1034 | args[2] = vq->eventfd; | ||
1035 | |||
1036 | /* | ||
1037 | * Attach an eventfd to this virtqueue: it will go off when the Guest | ||
1038 | * does an LHCALL_NOTIFY for this vq. | ||
1039 | */ | ||
1040 | if (write(lguest_fd, &args, sizeof(args)) != 0) | ||
1041 | err(1, "Attaching eventfd"); | ||
1042 | |||
1043 | /* | ||
1044 | * CLONE_VM: because it has to access the Guest memory, and SIGCHLD so | ||
1045 | * we get a signal if it dies. | ||
1046 | */ | ||
1047 | vq->thread = clone(do_thread, stack + 32768, CLONE_VM | SIGCHLD, vq); | ||
1048 | if (vq->thread == (pid_t)-1) | ||
1049 | err(1, "Creating clone"); | ||
1050 | |||
1051 | /* We close our local copy now the child has it. */ | ||
1052 | close(vq->eventfd); | ||
1053 | } | ||
1054 | |||
1055 | static void start_device(struct device *dev) | ||
1056 | { | ||
1057 | unsigned int i; | ||
1058 | struct virtqueue *vq; | ||
1059 | |||
1060 | verbose("Device %s OK: offered", dev->name); | ||
1061 | for (i = 0; i < dev->feature_len; i++) | ||
1062 | verbose(" %02x", get_feature_bits(dev)[i]); | ||
1063 | verbose(", accepted"); | ||
1064 | for (i = 0; i < dev->feature_len; i++) | ||
1065 | verbose(" %02x", get_feature_bits(dev) | ||
1066 | [dev->feature_len+i]); | ||
1067 | |||
1068 | for (vq = dev->vq; vq; vq = vq->next) { | ||
1069 | if (vq->service) | ||
1070 | create_thread(vq); | ||
1071 | } | ||
1072 | dev->running = true; | ||
1073 | } | ||
1074 | |||
1075 | static void cleanup_devices(void) | ||
1076 | { | ||
1077 | struct device *dev; | ||
1078 | |||
1079 | for (dev = devices.dev; dev; dev = dev->next) | ||
1080 | reset_device(dev); | ||
1081 | |||
1082 | /* If we saved off the original terminal settings, restore them now. */ | ||
1083 | if (orig_term.c_lflag & (ISIG|ICANON|ECHO)) | ||
1084 | tcsetattr(STDIN_FILENO, TCSANOW, &orig_term); | ||
1085 | } | ||
1086 | |||
1087 | /* When the Guest tells us they updated the status field, we handle it. */ | ||
1088 | static void update_device_status(struct device *dev) | ||
1089 | { | ||
1090 | /* A zero status is a reset, otherwise it's a set of flags. */ | ||
1091 | if (dev->desc->status == 0) | ||
1092 | reset_device(dev); | ||
1093 | else if (dev->desc->status & VIRTIO_CONFIG_S_FAILED) { | ||
1094 | warnx("Device %s configuration FAILED", dev->name); | ||
1095 | if (dev->running) | ||
1096 | reset_device(dev); | ||
1097 | } else { | ||
1098 | if (dev->running) | ||
1099 | err(1, "Device %s features finalized twice", dev->name); | ||
1100 | start_device(dev); | ||
1101 | } | ||
1102 | } | ||
1103 | |||
1104 | /*L:215 | ||
1105 | * This is the generic routine we call when the Guest uses LHCALL_NOTIFY. In | ||
1106 | * particular, it's used to notify us of device status changes during boot. | ||
1107 | */ | ||
1108 | static void handle_output(unsigned long addr) | ||
1109 | { | ||
1110 | struct device *i; | ||
1111 | |||
1112 | /* Check each device. */ | ||
1113 | for (i = devices.dev; i; i = i->next) { | ||
1114 | struct virtqueue *vq; | ||
1115 | |||
1116 | /* | ||
1117 | * Notifications to device descriptors mean they updated the | ||
1118 | * device status. | ||
1119 | */ | ||
1120 | if (from_guest_phys(addr) == i->desc) { | ||
1121 | update_device_status(i); | ||
1122 | return; | ||
1123 | } | ||
1124 | |||
1125 | /* Devices should not be used before features are finalized. */ | ||
1126 | for (vq = i->vq; vq; vq = vq->next) { | ||
1127 | if (addr != vq->config.pfn*getpagesize()) | ||
1128 | continue; | ||
1129 | errx(1, "Notification on %s before setup!", i->name); | ||
1130 | } | ||
1131 | } | ||
1132 | |||
1133 | /* | ||
1134 | * Early console write is done using notify on a nul-terminated string | ||
1135 | * in Guest memory. It's also great for hacking debugging messages | ||
1136 | * into a Guest. | ||
1137 | */ | ||
1138 | if (addr >= guest_limit) | ||
1139 | errx(1, "Bad NOTIFY %#lx", addr); | ||
1140 | |||
1141 | write(STDOUT_FILENO, from_guest_phys(addr), | ||
1142 | strnlen(from_guest_phys(addr), guest_limit - addr)); | ||
1143 | } | ||
1144 | |||
1145 | /*L:190 | ||
1146 | * Device Setup | ||
1147 | * | ||
1148 | * All devices need a descriptor so the Guest knows it exists, and a "struct | ||
1149 | * device" so the Launcher can keep track of it. We have common helper | ||
1150 | * routines to allocate and manage them. | ||
1151 | */ | ||
1152 | |||
1153 | /* | ||
1154 | * The layout of the device page is a "struct lguest_device_desc" followed by a | ||
1155 | * number of virtqueue descriptors, then two sets of feature bits, then an | ||
1156 | * array of configuration bytes. This routine returns the configuration | ||
1157 | * pointer. | ||
1158 | */ | ||
1159 | static u8 *device_config(const struct device *dev) | ||
1160 | { | ||
1161 | return (void *)(dev->desc + 1) | ||
1162 | + dev->num_vq * sizeof(struct lguest_vqconfig) | ||
1163 | + dev->feature_len * 2; | ||
1164 | } | ||
1165 | |||
1166 | /* | ||
1167 | * This routine allocates a new "struct lguest_device_desc" from descriptor | ||
1168 | * table page just above the Guest's normal memory. It returns a pointer to | ||
1169 | * that descriptor. | ||
1170 | */ | ||
1171 | static struct lguest_device_desc *new_dev_desc(u16 type) | ||
1172 | { | ||
1173 | struct lguest_device_desc d = { .type = type }; | ||
1174 | void *p; | ||
1175 | |||
1176 | /* Figure out where the next device config is, based on the last one. */ | ||
1177 | if (devices.lastdev) | ||
1178 | p = device_config(devices.lastdev) | ||
1179 | + devices.lastdev->desc->config_len; | ||
1180 | else | ||
1181 | p = devices.descpage; | ||
1182 | |||
1183 | /* We only have one page for all the descriptors. */ | ||
1184 | if (p + sizeof(d) > (void *)devices.descpage + getpagesize()) | ||
1185 | errx(1, "Too many devices"); | ||
1186 | |||
1187 | /* p might not be aligned, so we memcpy in. */ | ||
1188 | return memcpy(p, &d, sizeof(d)); | ||
1189 | } | ||
1190 | |||
1191 | /* | ||
1192 | * Each device descriptor is followed by the description of its virtqueues. We | ||
1193 | * specify how many descriptors the virtqueue is to have. | ||
1194 | */ | ||
1195 | static void add_virtqueue(struct device *dev, unsigned int num_descs, | ||
1196 | void (*service)(struct virtqueue *)) | ||
1197 | { | ||
1198 | unsigned int pages; | ||
1199 | struct virtqueue **i, *vq = malloc(sizeof(*vq)); | ||
1200 | void *p; | ||
1201 | |||
1202 | /* First we need some memory for this virtqueue. */ | ||
1203 | pages = (vring_size(num_descs, LGUEST_VRING_ALIGN) + getpagesize() - 1) | ||
1204 | / getpagesize(); | ||
1205 | p = get_pages(pages); | ||
1206 | |||
1207 | /* Initialize the virtqueue */ | ||
1208 | vq->next = NULL; | ||
1209 | vq->last_avail_idx = 0; | ||
1210 | vq->dev = dev; | ||
1211 | |||
1212 | /* | ||
1213 | * This is the routine the service thread will run, and its Process ID | ||
1214 | * once it's running. | ||
1215 | */ | ||
1216 | vq->service = service; | ||
1217 | vq->thread = (pid_t)-1; | ||
1218 | |||
1219 | /* Initialize the configuration. */ | ||
1220 | vq->config.num = num_descs; | ||
1221 | vq->config.irq = devices.next_irq++; | ||
1222 | vq->config.pfn = to_guest_phys(p) / getpagesize(); | ||
1223 | |||
1224 | /* Initialize the vring. */ | ||
1225 | vring_init(&vq->vring, num_descs, p, LGUEST_VRING_ALIGN); | ||
1226 | |||
1227 | /* | ||
1228 | * Append virtqueue to this device's descriptor. We use | ||
1229 | * device_config() to get the end of the device's current virtqueues; | ||
1230 | * we check that we haven't added any config or feature information | ||
1231 | * yet, otherwise we'd be overwriting them. | ||
1232 | */ | ||
1233 | assert(dev->desc->config_len == 0 && dev->desc->feature_len == 0); | ||
1234 | memcpy(device_config(dev), &vq->config, sizeof(vq->config)); | ||
1235 | dev->num_vq++; | ||
1236 | dev->desc->num_vq++; | ||
1237 | |||
1238 | verbose("Virtqueue page %#lx\n", to_guest_phys(p)); | ||
1239 | |||
1240 | /* | ||
1241 | * Add to tail of list, so dev->vq is first vq, dev->vq->next is | ||
1242 | * second. | ||
1243 | */ | ||
1244 | for (i = &dev->vq; *i; i = &(*i)->next); | ||
1245 | *i = vq; | ||
1246 | } | ||
1247 | |||
1248 | /* | ||
1249 | * The first half of the feature bitmask is for us to advertise features. The | ||
1250 | * second half is for the Guest to accept features. | ||
1251 | */ | ||
1252 | static void add_feature(struct device *dev, unsigned bit) | ||
1253 | { | ||
1254 | u8 *features = get_feature_bits(dev); | ||
1255 | |||
1256 | /* We can't extend the feature bits once we've added config bytes */ | ||
1257 | if (dev->desc->feature_len <= bit / CHAR_BIT) { | ||
1258 | assert(dev->desc->config_len == 0); | ||
1259 | dev->feature_len = dev->desc->feature_len = (bit/CHAR_BIT) + 1; | ||
1260 | } | ||
1261 | |||
1262 | features[bit / CHAR_BIT] |= (1 << (bit % CHAR_BIT)); | ||
1263 | } | ||
1264 | |||
1265 | /* | ||
1266 | * This routine sets the configuration fields for an existing device's | ||
1267 | * descriptor. It only works for the last device, but that's OK because that's | ||
1268 | * how we use it. | ||
1269 | */ | ||
1270 | static void set_config(struct device *dev, unsigned len, const void *conf) | ||
1271 | { | ||
1272 | /* Check we haven't overflowed our single page. */ | ||
1273 | if (device_config(dev) + len > devices.descpage + getpagesize()) | ||
1274 | errx(1, "Too many devices"); | ||
1275 | |||
1276 | /* Copy in the config information, and store the length. */ | ||
1277 | memcpy(device_config(dev), conf, len); | ||
1278 | dev->desc->config_len = len; | ||
1279 | |||
1280 | /* Size must fit in config_len field (8 bits)! */ | ||
1281 | assert(dev->desc->config_len == len); | ||
1282 | } | ||
1283 | |||
1284 | /* | ||
1285 | * This routine does all the creation and setup of a new device, including | ||
1286 | * calling new_dev_desc() to allocate the descriptor and device memory. We | ||
1287 | * don't actually start the service threads until later. | ||
1288 | * | ||
1289 | * See what I mean about userspace being boring? | ||
1290 | */ | ||
1291 | static struct device *new_device(const char *name, u16 type) | ||
1292 | { | ||
1293 | struct device *dev = malloc(sizeof(*dev)); | ||
1294 | |||
1295 | /* Now we populate the fields one at a time. */ | ||
1296 | dev->desc = new_dev_desc(type); | ||
1297 | dev->name = name; | ||
1298 | dev->vq = NULL; | ||
1299 | dev->feature_len = 0; | ||
1300 | dev->num_vq = 0; | ||
1301 | dev->running = false; | ||
1302 | |||
1303 | /* | ||
1304 | * Append to device list. Prepending to a single-linked list is | ||
1305 | * easier, but the user expects the devices to be arranged on the bus | ||
1306 | * in command-line order. The first network device on the command line | ||
1307 | * is eth0, the first block device /dev/vda, etc. | ||
1308 | */ | ||
1309 | if (devices.lastdev) | ||
1310 | devices.lastdev->next = dev; | ||
1311 | else | ||
1312 | devices.dev = dev; | ||
1313 | devices.lastdev = dev; | ||
1314 | |||
1315 | return dev; | ||
1316 | } | ||
1317 | |||
1318 | /* | ||
1319 | * Our first setup routine is the console. It's a fairly simple device, but | ||
1320 | * UNIX tty handling makes it uglier than it could be. | ||
1321 | */ | ||
1322 | static void setup_console(void) | ||
1323 | { | ||
1324 | struct device *dev; | ||
1325 | |||
1326 | /* If we can save the initial standard input settings... */ | ||
1327 | if (tcgetattr(STDIN_FILENO, &orig_term) == 0) { | ||
1328 | struct termios term = orig_term; | ||
1329 | /* | ||
1330 | * Then we turn off echo, line buffering and ^C etc: We want a | ||
1331 | * raw input stream to the Guest. | ||
1332 | */ | ||
1333 | term.c_lflag &= ~(ISIG|ICANON|ECHO); | ||
1334 | tcsetattr(STDIN_FILENO, TCSANOW, &term); | ||
1335 | } | ||
1336 | |||
1337 | dev = new_device("console", VIRTIO_ID_CONSOLE); | ||
1338 | |||
1339 | /* We store the console state in dev->priv, and initialize it. */ | ||
1340 | dev->priv = malloc(sizeof(struct console_abort)); | ||
1341 | ((struct console_abort *)dev->priv)->count = 0; | ||
1342 | |||
1343 | /* | ||
1344 | * The console needs two virtqueues: the input then the output. When | ||
1345 | * they put something the input queue, we make sure we're listening to | ||
1346 | * stdin. When they put something in the output queue, we write it to | ||
1347 | * stdout. | ||
1348 | */ | ||
1349 | add_virtqueue(dev, VIRTQUEUE_NUM, console_input); | ||
1350 | add_virtqueue(dev, VIRTQUEUE_NUM, console_output); | ||
1351 | |||
1352 | verbose("device %u: console\n", ++devices.device_num); | ||
1353 | } | ||
1354 | /*:*/ | ||
1355 | |||
1356 | /*M:010 | ||
1357 | * Inter-guest networking is an interesting area. Simplest is to have a | ||
1358 | * --sharenet=<name> option which opens or creates a named pipe. This can be | ||
1359 | * used to send packets to another guest in a 1:1 manner. | ||
1360 | * | ||
1361 | * More sophisticated is to use one of the tools developed for project like UML | ||
1362 | * to do networking. | ||
1363 | * | ||
1364 | * Faster is to do virtio bonding in kernel. Doing this 1:1 would be | ||
1365 | * completely generic ("here's my vring, attach to your vring") and would work | ||
1366 | * for any traffic. Of course, namespace and permissions issues need to be | ||
1367 | * dealt with. A more sophisticated "multi-channel" virtio_net.c could hide | ||
1368 | * multiple inter-guest channels behind one interface, although it would | ||
1369 | * require some manner of hotplugging new virtio channels. | ||
1370 | * | ||
1371 | * Finally, we could use a virtio network switch in the kernel, ie. vhost. | ||
1372 | :*/ | ||
1373 | |||
1374 | static u32 str2ip(const char *ipaddr) | ||
1375 | { | ||
1376 | unsigned int b[4]; | ||
1377 | |||
1378 | if (sscanf(ipaddr, "%u.%u.%u.%u", &b[0], &b[1], &b[2], &b[3]) != 4) | ||
1379 | errx(1, "Failed to parse IP address '%s'", ipaddr); | ||
1380 | return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; | ||
1381 | } | ||
1382 | |||
1383 | static void str2mac(const char *macaddr, unsigned char mac[6]) | ||
1384 | { | ||
1385 | unsigned int m[6]; | ||
1386 | if (sscanf(macaddr, "%02x:%02x:%02x:%02x:%02x:%02x", | ||
1387 | &m[0], &m[1], &m[2], &m[3], &m[4], &m[5]) != 6) | ||
1388 | errx(1, "Failed to parse mac address '%s'", macaddr); | ||
1389 | mac[0] = m[0]; | ||
1390 | mac[1] = m[1]; | ||
1391 | mac[2] = m[2]; | ||
1392 | mac[3] = m[3]; | ||
1393 | mac[4] = m[4]; | ||
1394 | mac[5] = m[5]; | ||
1395 | } | ||
1396 | |||
1397 | /* | ||
1398 | * This code is "adapted" from libbridge: it attaches the Host end of the | ||
1399 | * network device to the bridge device specified by the command line. | ||
1400 | * | ||
1401 | * This is yet another James Morris contribution (I'm an IP-level guy, so I | ||
1402 | * dislike bridging), and I just try not to break it. | ||
1403 | */ | ||
1404 | static void add_to_bridge(int fd, const char *if_name, const char *br_name) | ||
1405 | { | ||
1406 | int ifidx; | ||
1407 | struct ifreq ifr; | ||
1408 | |||
1409 | if (!*br_name) | ||
1410 | errx(1, "must specify bridge name"); | ||
1411 | |||
1412 | ifidx = if_nametoindex(if_name); | ||
1413 | if (!ifidx) | ||
1414 | errx(1, "interface %s does not exist!", if_name); | ||
1415 | |||
1416 | strncpy(ifr.ifr_name, br_name, IFNAMSIZ); | ||
1417 | ifr.ifr_name[IFNAMSIZ-1] = '\0'; | ||
1418 | ifr.ifr_ifindex = ifidx; | ||
1419 | if (ioctl(fd, SIOCBRADDIF, &ifr) < 0) | ||
1420 | err(1, "can't add %s to bridge %s", if_name, br_name); | ||
1421 | } | ||
1422 | |||
1423 | /* | ||
1424 | * This sets up the Host end of the network device with an IP address, brings | ||
1425 | * it up so packets will flow, the copies the MAC address into the hwaddr | ||
1426 | * pointer. | ||
1427 | */ | ||
1428 | static void configure_device(int fd, const char *tapif, u32 ipaddr) | ||
1429 | { | ||
1430 | struct ifreq ifr; | ||
1431 | struct sockaddr_in sin; | ||
1432 | |||
1433 | memset(&ifr, 0, sizeof(ifr)); | ||
1434 | strcpy(ifr.ifr_name, tapif); | ||
1435 | |||
1436 | /* Don't read these incantations. Just cut & paste them like I did! */ | ||
1437 | sin.sin_family = AF_INET; | ||
1438 | sin.sin_addr.s_addr = htonl(ipaddr); | ||
1439 | memcpy(&ifr.ifr_addr, &sin, sizeof(sin)); | ||
1440 | if (ioctl(fd, SIOCSIFADDR, &ifr) != 0) | ||
1441 | err(1, "Setting %s interface address", tapif); | ||
1442 | ifr.ifr_flags = IFF_UP; | ||
1443 | if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) | ||
1444 | err(1, "Bringing interface %s up", tapif); | ||
1445 | } | ||
1446 | |||
1447 | static int get_tun_device(char tapif[IFNAMSIZ]) | ||
1448 | { | ||
1449 | struct ifreq ifr; | ||
1450 | int netfd; | ||
1451 | |||
1452 | /* Start with this zeroed. Messy but sure. */ | ||
1453 | memset(&ifr, 0, sizeof(ifr)); | ||
1454 | |||
1455 | /* | ||
1456 | * We open the /dev/net/tun device and tell it we want a tap device. A | ||
1457 | * tap device is like a tun device, only somehow different. To tell | ||
1458 | * the truth, I completely blundered my way through this code, but it | ||
1459 | * works now! | ||
1460 | */ | ||
1461 | netfd = open_or_die("/dev/net/tun", O_RDWR); | ||
1462 | ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_VNET_HDR; | ||
1463 | strcpy(ifr.ifr_name, "tap%d"); | ||
1464 | if (ioctl(netfd, TUNSETIFF, &ifr) != 0) | ||
1465 | err(1, "configuring /dev/net/tun"); | ||
1466 | |||
1467 | if (ioctl(netfd, TUNSETOFFLOAD, | ||
1468 | TUN_F_CSUM|TUN_F_TSO4|TUN_F_TSO6|TUN_F_TSO_ECN) != 0) | ||
1469 | err(1, "Could not set features for tun device"); | ||
1470 | |||
1471 | /* | ||
1472 | * We don't need checksums calculated for packets coming in this | ||
1473 | * device: trust us! | ||
1474 | */ | ||
1475 | ioctl(netfd, TUNSETNOCSUM, 1); | ||
1476 | |||
1477 | memcpy(tapif, ifr.ifr_name, IFNAMSIZ); | ||
1478 | return netfd; | ||
1479 | } | ||
1480 | |||
1481 | /*L:195 | ||
1482 | * Our network is a Host<->Guest network. This can either use bridging or | ||
1483 | * routing, but the principle is the same: it uses the "tun" device to inject | ||
1484 | * packets into the Host as if they came in from a normal network card. We | ||
1485 | * just shunt packets between the Guest and the tun device. | ||
1486 | */ | ||
1487 | static void setup_tun_net(char *arg) | ||
1488 | { | ||
1489 | struct device *dev; | ||
1490 | struct net_info *net_info = malloc(sizeof(*net_info)); | ||
1491 | int ipfd; | ||
1492 | u32 ip = INADDR_ANY; | ||
1493 | bool bridging = false; | ||
1494 | char tapif[IFNAMSIZ], *p; | ||
1495 | struct virtio_net_config conf; | ||
1496 | |||
1497 | net_info->tunfd = get_tun_device(tapif); | ||
1498 | |||
1499 | /* First we create a new network device. */ | ||
1500 | dev = new_device("net", VIRTIO_ID_NET); | ||
1501 | dev->priv = net_info; | ||
1502 | |||
1503 | /* Network devices need a recv and a send queue, just like console. */ | ||
1504 | add_virtqueue(dev, VIRTQUEUE_NUM, net_input); | ||
1505 | add_virtqueue(dev, VIRTQUEUE_NUM, net_output); | ||
1506 | |||
1507 | /* | ||
1508 | * We need a socket to perform the magic network ioctls to bring up the | ||
1509 | * tap interface, connect to the bridge etc. Any socket will do! | ||
1510 | */ | ||
1511 | ipfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); | ||
1512 | if (ipfd < 0) | ||
1513 | err(1, "opening IP socket"); | ||
1514 | |||
1515 | /* If the command line was --tunnet=bridge:<name> do bridging. */ | ||
1516 | if (!strncmp(BRIDGE_PFX, arg, strlen(BRIDGE_PFX))) { | ||
1517 | arg += strlen(BRIDGE_PFX); | ||
1518 | bridging = true; | ||
1519 | } | ||
1520 | |||
1521 | /* A mac address may follow the bridge name or IP address */ | ||
1522 | p = strchr(arg, ':'); | ||
1523 | if (p) { | ||
1524 | str2mac(p+1, conf.mac); | ||
1525 | add_feature(dev, VIRTIO_NET_F_MAC); | ||
1526 | *p = '\0'; | ||
1527 | } | ||
1528 | |||
1529 | /* arg is now either an IP address or a bridge name */ | ||
1530 | if (bridging) | ||
1531 | add_to_bridge(ipfd, tapif, arg); | ||
1532 | else | ||
1533 | ip = str2ip(arg); | ||
1534 | |||
1535 | /* Set up the tun device. */ | ||
1536 | configure_device(ipfd, tapif, ip); | ||
1537 | |||
1538 | /* Expect Guest to handle everything except UFO */ | ||
1539 | add_feature(dev, VIRTIO_NET_F_CSUM); | ||
1540 | add_feature(dev, VIRTIO_NET_F_GUEST_CSUM); | ||
1541 | add_feature(dev, VIRTIO_NET_F_GUEST_TSO4); | ||
1542 | add_feature(dev, VIRTIO_NET_F_GUEST_TSO6); | ||
1543 | add_feature(dev, VIRTIO_NET_F_GUEST_ECN); | ||
1544 | add_feature(dev, VIRTIO_NET_F_HOST_TSO4); | ||
1545 | add_feature(dev, VIRTIO_NET_F_HOST_TSO6); | ||
1546 | add_feature(dev, VIRTIO_NET_F_HOST_ECN); | ||
1547 | /* We handle indirect ring entries */ | ||
1548 | add_feature(dev, VIRTIO_RING_F_INDIRECT_DESC); | ||
1549 | set_config(dev, sizeof(conf), &conf); | ||
1550 | |||
1551 | /* We don't need the socket any more; setup is done. */ | ||
1552 | close(ipfd); | ||
1553 | |||
1554 | devices.device_num++; | ||
1555 | |||
1556 | if (bridging) | ||
1557 | verbose("device %u: tun %s attached to bridge: %s\n", | ||
1558 | devices.device_num, tapif, arg); | ||
1559 | else | ||
1560 | verbose("device %u: tun %s: %s\n", | ||
1561 | devices.device_num, tapif, arg); | ||
1562 | } | ||
1563 | /*:*/ | ||
1564 | |||
1565 | /* This hangs off device->priv. */ | ||
1566 | struct vblk_info { | ||
1567 | /* The size of the file. */ | ||
1568 | off64_t len; | ||
1569 | |||
1570 | /* The file descriptor for the file. */ | ||
1571 | int fd; | ||
1572 | |||
1573 | }; | ||
1574 | |||
1575 | /*L:210 | ||
1576 | * The Disk | ||
1577 | * | ||
1578 | * The disk only has one virtqueue, so it only has one thread. It is really | ||
1579 | * simple: the Guest asks for a block number and we read or write that position | ||
1580 | * in the file. | ||
1581 | * | ||
1582 | * Before we serviced each virtqueue in a separate thread, that was unacceptably | ||
1583 | * slow: the Guest waits until the read is finished before running anything | ||
1584 | * else, even if it could have been doing useful work. | ||
1585 | * | ||
1586 | * We could have used async I/O, except it's reputed to suck so hard that | ||
1587 | * characters actually go missing from your code when you try to use it. | ||
1588 | */ | ||
1589 | static void blk_request(struct virtqueue *vq) | ||
1590 | { | ||
1591 | struct vblk_info *vblk = vq->dev->priv; | ||
1592 | unsigned int head, out_num, in_num, wlen; | ||
1593 | int ret; | ||
1594 | u8 *in; | ||
1595 | struct virtio_blk_outhdr *out; | ||
1596 | struct iovec iov[vq->vring.num]; | ||
1597 | off64_t off; | ||
1598 | |||
1599 | /* | ||
1600 | * Get the next request, where we normally wait. It triggers the | ||
1601 | * interrupt to acknowledge previously serviced requests (if any). | ||
1602 | */ | ||
1603 | head = wait_for_vq_desc(vq, iov, &out_num, &in_num); | ||
1604 | |||
1605 | /* | ||
1606 | * Every block request should contain at least one output buffer | ||
1607 | * (detailing the location on disk and the type of request) and one | ||
1608 | * input buffer (to hold the result). | ||
1609 | */ | ||
1610 | if (out_num == 0 || in_num == 0) | ||
1611 | errx(1, "Bad virtblk cmd %u out=%u in=%u", | ||
1612 | head, out_num, in_num); | ||
1613 | |||
1614 | out = convert(&iov[0], struct virtio_blk_outhdr); | ||
1615 | in = convert(&iov[out_num+in_num-1], u8); | ||
1616 | /* | ||
1617 | * For historical reasons, block operations are expressed in 512 byte | ||
1618 | * "sectors". | ||
1619 | */ | ||
1620 | off = out->sector * 512; | ||
1621 | |||
1622 | /* | ||
1623 | * In general the virtio block driver is allowed to try SCSI commands. | ||
1624 | * It'd be nice if we supported eject, for example, but we don't. | ||
1625 | */ | ||
1626 | if (out->type & VIRTIO_BLK_T_SCSI_CMD) { | ||
1627 | fprintf(stderr, "Scsi commands unsupported\n"); | ||
1628 | *in = VIRTIO_BLK_S_UNSUPP; | ||
1629 | wlen = sizeof(*in); | ||
1630 | } else if (out->type & VIRTIO_BLK_T_OUT) { | ||
1631 | /* | ||
1632 | * Write | ||
1633 | * | ||
1634 | * Move to the right location in the block file. This can fail | ||
1635 | * if they try to write past end. | ||
1636 | */ | ||
1637 | if (lseek64(vblk->fd, off, SEEK_SET) != off) | ||
1638 | err(1, "Bad seek to sector %llu", out->sector); | ||
1639 | |||
1640 | ret = writev(vblk->fd, iov+1, out_num-1); | ||
1641 | verbose("WRITE to sector %llu: %i\n", out->sector, ret); | ||
1642 | |||
1643 | /* | ||
1644 | * Grr... Now we know how long the descriptor they sent was, we | ||
1645 | * make sure they didn't try to write over the end of the block | ||
1646 | * file (possibly extending it). | ||
1647 | */ | ||
1648 | if (ret > 0 && off + ret > vblk->len) { | ||
1649 | /* Trim it back to the correct length */ | ||
1650 | ftruncate64(vblk->fd, vblk->len); | ||
1651 | /* Die, bad Guest, die. */ | ||
1652 | errx(1, "Write past end %llu+%u", off, ret); | ||
1653 | } | ||
1654 | |||
1655 | wlen = sizeof(*in); | ||
1656 | *in = (ret >= 0 ? VIRTIO_BLK_S_OK : VIRTIO_BLK_S_IOERR); | ||
1657 | } else if (out->type & VIRTIO_BLK_T_FLUSH) { | ||
1658 | /* Flush */ | ||
1659 | ret = fdatasync(vblk->fd); | ||
1660 | verbose("FLUSH fdatasync: %i\n", ret); | ||
1661 | wlen = sizeof(*in); | ||
1662 | *in = (ret >= 0 ? VIRTIO_BLK_S_OK : VIRTIO_BLK_S_IOERR); | ||
1663 | } else { | ||
1664 | /* | ||
1665 | * Read | ||
1666 | * | ||
1667 | * Move to the right location in the block file. This can fail | ||
1668 | * if they try to read past end. | ||
1669 | */ | ||
1670 | if (lseek64(vblk->fd, off, SEEK_SET) != off) | ||
1671 | err(1, "Bad seek to sector %llu", out->sector); | ||
1672 | |||
1673 | ret = readv(vblk->fd, iov+1, in_num-1); | ||
1674 | verbose("READ from sector %llu: %i\n", out->sector, ret); | ||
1675 | if (ret >= 0) { | ||
1676 | wlen = sizeof(*in) + ret; | ||
1677 | *in = VIRTIO_BLK_S_OK; | ||
1678 | } else { | ||
1679 | wlen = sizeof(*in); | ||
1680 | *in = VIRTIO_BLK_S_IOERR; | ||
1681 | } | ||
1682 | } | ||
1683 | |||
1684 | /* Finished that request. */ | ||
1685 | add_used(vq, head, wlen); | ||
1686 | } | ||
1687 | |||
1688 | /*L:198 This actually sets up a virtual block device. */ | ||
1689 | static void setup_block_file(const char *filename) | ||
1690 | { | ||
1691 | struct device *dev; | ||
1692 | struct vblk_info *vblk; | ||
1693 | struct virtio_blk_config conf; | ||
1694 | |||
1695 | /* Creat the device. */ | ||
1696 | dev = new_device("block", VIRTIO_ID_BLOCK); | ||
1697 | |||
1698 | /* The device has one virtqueue, where the Guest places requests. */ | ||
1699 | add_virtqueue(dev, VIRTQUEUE_NUM, blk_request); | ||
1700 | |||
1701 | /* Allocate the room for our own bookkeeping */ | ||
1702 | vblk = dev->priv = malloc(sizeof(*vblk)); | ||
1703 | |||
1704 | /* First we open the file and store the length. */ | ||
1705 | vblk->fd = open_or_die(filename, O_RDWR|O_LARGEFILE); | ||
1706 | vblk->len = lseek64(vblk->fd, 0, SEEK_END); | ||
1707 | |||
1708 | /* We support FLUSH. */ | ||
1709 | add_feature(dev, VIRTIO_BLK_F_FLUSH); | ||
1710 | |||
1711 | /* Tell Guest how many sectors this device has. */ | ||
1712 | conf.capacity = cpu_to_le64(vblk->len / 512); | ||
1713 | |||
1714 | /* | ||
1715 | * Tell Guest not to put in too many descriptors at once: two are used | ||
1716 | * for the in and out elements. | ||
1717 | */ | ||
1718 | add_feature(dev, VIRTIO_BLK_F_SEG_MAX); | ||
1719 | conf.seg_max = cpu_to_le32(VIRTQUEUE_NUM - 2); | ||
1720 | |||
1721 | /* Don't try to put whole struct: we have 8 bit limit. */ | ||
1722 | set_config(dev, offsetof(struct virtio_blk_config, geometry), &conf); | ||
1723 | |||
1724 | verbose("device %u: virtblock %llu sectors\n", | ||
1725 | ++devices.device_num, le64_to_cpu(conf.capacity)); | ||
1726 | } | ||
1727 | |||
1728 | /*L:211 | ||
1729 | * Our random number generator device reads from /dev/random into the Guest's | ||
1730 | * input buffers. The usual case is that the Guest doesn't want random numbers | ||
1731 | * and so has no buffers although /dev/random is still readable, whereas | ||
1732 | * console is the reverse. | ||
1733 | * | ||
1734 | * The same logic applies, however. | ||
1735 | */ | ||
1736 | struct rng_info { | ||
1737 | int rfd; | ||
1738 | }; | ||
1739 | |||
1740 | static void rng_input(struct virtqueue *vq) | ||
1741 | { | ||
1742 | int len; | ||
1743 | unsigned int head, in_num, out_num, totlen = 0; | ||
1744 | struct rng_info *rng_info = vq->dev->priv; | ||
1745 | struct iovec iov[vq->vring.num]; | ||
1746 | |||
1747 | /* First we need a buffer from the Guests's virtqueue. */ | ||
1748 | head = wait_for_vq_desc(vq, iov, &out_num, &in_num); | ||
1749 | if (out_num) | ||
1750 | errx(1, "Output buffers in rng?"); | ||
1751 | |||
1752 | /* | ||
1753 | * Just like the console write, we loop to cover the whole iovec. | ||
1754 | * In this case, short reads actually happen quite a bit. | ||
1755 | */ | ||
1756 | while (!iov_empty(iov, in_num)) { | ||
1757 | len = readv(rng_info->rfd, iov, in_num); | ||
1758 | if (len <= 0) | ||
1759 | err(1, "Read from /dev/random gave %i", len); | ||
1760 | iov_consume(iov, in_num, len); | ||
1761 | totlen += len; | ||
1762 | } | ||
1763 | |||
1764 | /* Tell the Guest about the new input. */ | ||
1765 | add_used(vq, head, totlen); | ||
1766 | } | ||
1767 | |||
1768 | /*L:199 | ||
1769 | * This creates a "hardware" random number device for the Guest. | ||
1770 | */ | ||
1771 | static void setup_rng(void) | ||
1772 | { | ||
1773 | struct device *dev; | ||
1774 | struct rng_info *rng_info = malloc(sizeof(*rng_info)); | ||
1775 | |||
1776 | /* Our device's privat info simply contains the /dev/random fd. */ | ||
1777 | rng_info->rfd = open_or_die("/dev/random", O_RDONLY); | ||
1778 | |||
1779 | /* Create the new device. */ | ||
1780 | dev = new_device("rng", VIRTIO_ID_RNG); | ||
1781 | dev->priv = rng_info; | ||
1782 | |||
1783 | /* The device has one virtqueue, where the Guest places inbufs. */ | ||
1784 | add_virtqueue(dev, VIRTQUEUE_NUM, rng_input); | ||
1785 | |||
1786 | verbose("device %u: rng\n", devices.device_num++); | ||
1787 | } | ||
1788 | /* That's the end of device setup. */ | ||
1789 | |||
1790 | /*L:230 Reboot is pretty easy: clean up and exec() the Launcher afresh. */ | ||
1791 | static void __attribute__((noreturn)) restart_guest(void) | ||
1792 | { | ||
1793 | unsigned int i; | ||
1794 | |||
1795 | /* | ||
1796 | * Since we don't track all open fds, we simply close everything beyond | ||
1797 | * stderr. | ||
1798 | */ | ||
1799 | for (i = 3; i < FD_SETSIZE; i++) | ||
1800 | close(i); | ||
1801 | |||
1802 | /* Reset all the devices (kills all threads). */ | ||
1803 | cleanup_devices(); | ||
1804 | |||
1805 | execv(main_args[0], main_args); | ||
1806 | err(1, "Could not exec %s", main_args[0]); | ||
1807 | } | ||
1808 | |||
1809 | /*L:220 | ||
1810 | * Finally we reach the core of the Launcher which runs the Guest, serves | ||
1811 | * its input and output, and finally, lays it to rest. | ||
1812 | */ | ||
1813 | static void __attribute__((noreturn)) run_guest(void) | ||
1814 | { | ||
1815 | for (;;) { | ||
1816 | unsigned long notify_addr; | ||
1817 | int readval; | ||
1818 | |||
1819 | /* We read from the /dev/lguest device to run the Guest. */ | ||
1820 | readval = pread(lguest_fd, ¬ify_addr, | ||
1821 | sizeof(notify_addr), cpu_id); | ||
1822 | |||
1823 | /* One unsigned long means the Guest did HCALL_NOTIFY */ | ||
1824 | if (readval == sizeof(notify_addr)) { | ||
1825 | verbose("Notify on address %#lx\n", notify_addr); | ||
1826 | handle_output(notify_addr); | ||
1827 | /* ENOENT means the Guest died. Reading tells us why. */ | ||
1828 | } else if (errno == ENOENT) { | ||
1829 | char reason[1024] = { 0 }; | ||
1830 | pread(lguest_fd, reason, sizeof(reason)-1, cpu_id); | ||
1831 | errx(1, "%s", reason); | ||
1832 | /* ERESTART means that we need to reboot the guest */ | ||
1833 | } else if (errno == ERESTART) { | ||
1834 | restart_guest(); | ||
1835 | /* Anything else means a bug or incompatible change. */ | ||
1836 | } else | ||
1837 | err(1, "Running guest failed"); | ||
1838 | } | ||
1839 | } | ||
1840 | /*L:240 | ||
1841 | * This is the end of the Launcher. The good news: we are over halfway | ||
1842 | * through! The bad news: the most fiendish part of the code still lies ahead | ||
1843 | * of us. | ||
1844 | * | ||
1845 | * Are you ready? Take a deep breath and join me in the core of the Host, in | ||
1846 | * "make Host". | ||
1847 | :*/ | ||
1848 | |||
1849 | static struct option opts[] = { | ||
1850 | { "verbose", 0, NULL, 'v' }, | ||
1851 | { "tunnet", 1, NULL, 't' }, | ||
1852 | { "block", 1, NULL, 'b' }, | ||
1853 | { "rng", 0, NULL, 'r' }, | ||
1854 | { "initrd", 1, NULL, 'i' }, | ||
1855 | { "username", 1, NULL, 'u' }, | ||
1856 | { "chroot", 1, NULL, 'c' }, | ||
1857 | { NULL }, | ||
1858 | }; | ||
1859 | static void usage(void) | ||
1860 | { | ||
1861 | errx(1, "Usage: lguest [--verbose] " | ||
1862 | "[--tunnet=(<ipaddr>:<macaddr>|bridge:<bridgename>:<macaddr>)\n" | ||
1863 | "|--block=<filename>|--initrd=<filename>]...\n" | ||
1864 | "<mem-in-mb> vmlinux [args...]"); | ||
1865 | } | ||
1866 | |||
1867 | /*L:105 The main routine is where the real work begins: */ | ||
1868 | int main(int argc, char *argv[]) | ||
1869 | { | ||
1870 | /* Memory, code startpoint and size of the (optional) initrd. */ | ||
1871 | unsigned long mem = 0, start, initrd_size = 0; | ||
1872 | /* Two temporaries. */ | ||
1873 | int i, c; | ||
1874 | /* The boot information for the Guest. */ | ||
1875 | struct boot_params *boot; | ||
1876 | /* If they specify an initrd file to load. */ | ||
1877 | const char *initrd_name = NULL; | ||
1878 | |||
1879 | /* Password structure for initgroups/setres[gu]id */ | ||
1880 | struct passwd *user_details = NULL; | ||
1881 | |||
1882 | /* Directory to chroot to */ | ||
1883 | char *chroot_path = NULL; | ||
1884 | |||
1885 | /* Save the args: we "reboot" by execing ourselves again. */ | ||
1886 | main_args = argv; | ||
1887 | |||
1888 | /* | ||
1889 | * First we initialize the device list. We keep a pointer to the last | ||
1890 | * device, and the next interrupt number to use for devices (1: | ||
1891 | * remember that 0 is used by the timer). | ||
1892 | */ | ||
1893 | devices.lastdev = NULL; | ||
1894 | devices.next_irq = 1; | ||
1895 | |||
1896 | /* We're CPU 0. In fact, that's the only CPU possible right now. */ | ||
1897 | cpu_id = 0; | ||
1898 | |||
1899 | /* | ||
1900 | * We need to know how much memory so we can set up the device | ||
1901 | * descriptor and memory pages for the devices as we parse the command | ||
1902 | * line. So we quickly look through the arguments to find the amount | ||
1903 | * of memory now. | ||
1904 | */ | ||
1905 | for (i = 1; i < argc; i++) { | ||
1906 | if (argv[i][0] != '-') { | ||
1907 | mem = atoi(argv[i]) * 1024 * 1024; | ||
1908 | /* | ||
1909 | * We start by mapping anonymous pages over all of | ||
1910 | * guest-physical memory range. This fills it with 0, | ||
1911 | * and ensures that the Guest won't be killed when it | ||
1912 | * tries to access it. | ||
1913 | */ | ||
1914 | guest_base = map_zeroed_pages(mem / getpagesize() | ||
1915 | + DEVICE_PAGES); | ||
1916 | guest_limit = mem; | ||
1917 | guest_max = mem + DEVICE_PAGES*getpagesize(); | ||
1918 | devices.descpage = get_pages(1); | ||
1919 | break; | ||
1920 | } | ||
1921 | } | ||
1922 | |||
1923 | /* The options are fairly straight-forward */ | ||
1924 | while ((c = getopt_long(argc, argv, "v", opts, NULL)) != EOF) { | ||
1925 | switch (c) { | ||
1926 | case 'v': | ||
1927 | verbose = true; | ||
1928 | break; | ||
1929 | case 't': | ||
1930 | setup_tun_net(optarg); | ||
1931 | break; | ||
1932 | case 'b': | ||
1933 | setup_block_file(optarg); | ||
1934 | break; | ||
1935 | case 'r': | ||
1936 | setup_rng(); | ||
1937 | break; | ||
1938 | case 'i': | ||
1939 | initrd_name = optarg; | ||
1940 | break; | ||
1941 | case 'u': | ||
1942 | user_details = getpwnam(optarg); | ||
1943 | if (!user_details) | ||
1944 | err(1, "getpwnam failed, incorrect username?"); | ||
1945 | break; | ||
1946 | case 'c': | ||
1947 | chroot_path = optarg; | ||
1948 | break; | ||
1949 | default: | ||
1950 | warnx("Unknown argument %s", argv[optind]); | ||
1951 | usage(); | ||
1952 | } | ||
1953 | } | ||
1954 | /* | ||
1955 | * After the other arguments we expect memory and kernel image name, | ||
1956 | * followed by command line arguments for the kernel. | ||
1957 | */ | ||
1958 | if (optind + 2 > argc) | ||
1959 | usage(); | ||
1960 | |||
1961 | verbose("Guest base is at %p\n", guest_base); | ||
1962 | |||
1963 | /* We always have a console device */ | ||
1964 | setup_console(); | ||
1965 | |||
1966 | /* Now we load the kernel */ | ||
1967 | start = load_kernel(open_or_die(argv[optind+1], O_RDONLY)); | ||
1968 | |||
1969 | /* Boot information is stashed at physical address 0 */ | ||
1970 | boot = from_guest_phys(0); | ||
1971 | |||
1972 | /* Map the initrd image if requested (at top of physical memory) */ | ||
1973 | if (initrd_name) { | ||
1974 | initrd_size = load_initrd(initrd_name, mem); | ||
1975 | /* | ||
1976 | * These are the location in the Linux boot header where the | ||
1977 | * start and size of the initrd are expected to be found. | ||
1978 | */ | ||
1979 | boot->hdr.ramdisk_image = mem - initrd_size; | ||
1980 | boot->hdr.ramdisk_size = initrd_size; | ||
1981 | /* The bootloader type 0xFF means "unknown"; that's OK. */ | ||
1982 | boot->hdr.type_of_loader = 0xFF; | ||
1983 | } | ||
1984 | |||
1985 | /* | ||
1986 | * The Linux boot header contains an "E820" memory map: ours is a | ||
1987 | * simple, single region. | ||
1988 | */ | ||
1989 | boot->e820_entries = 1; | ||
1990 | boot->e820_map[0] = ((struct e820entry) { 0, mem, E820_RAM }); | ||
1991 | /* | ||
1992 | * The boot header contains a command line pointer: we put the command | ||
1993 | * line after the boot header. | ||
1994 | */ | ||
1995 | boot->hdr.cmd_line_ptr = to_guest_phys(boot + 1); | ||
1996 | /* We use a simple helper to copy the arguments separated by spaces. */ | ||
1997 | concat((char *)(boot + 1), argv+optind+2); | ||
1998 | |||
1999 | /* Set kernel alignment to 16M (CONFIG_PHYSICAL_ALIGN) */ | ||
2000 | boot->hdr.kernel_alignment = 0x1000000; | ||
2001 | |||
2002 | /* Boot protocol version: 2.07 supports the fields for lguest. */ | ||
2003 | boot->hdr.version = 0x207; | ||
2004 | |||
2005 | /* The hardware_subarch value of "1" tells the Guest it's an lguest. */ | ||
2006 | boot->hdr.hardware_subarch = 1; | ||
2007 | |||
2008 | /* Tell the entry path not to try to reload segment registers. */ | ||
2009 | boot->hdr.loadflags |= KEEP_SEGMENTS; | ||
2010 | |||
2011 | /* We tell the kernel to initialize the Guest. */ | ||
2012 | tell_kernel(start); | ||
2013 | |||
2014 | /* Ensure that we terminate if a device-servicing child dies. */ | ||
2015 | signal(SIGCHLD, kill_launcher); | ||
2016 | |||
2017 | /* If we exit via err(), this kills all the threads, restores tty. */ | ||
2018 | atexit(cleanup_devices); | ||
2019 | |||
2020 | /* If requested, chroot to a directory */ | ||
2021 | if (chroot_path) { | ||
2022 | if (chroot(chroot_path) != 0) | ||
2023 | err(1, "chroot(\"%s\") failed", chroot_path); | ||
2024 | |||
2025 | if (chdir("/") != 0) | ||
2026 | err(1, "chdir(\"/\") failed"); | ||
2027 | |||
2028 | verbose("chroot done\n"); | ||
2029 | } | ||
2030 | |||
2031 | /* If requested, drop privileges */ | ||
2032 | if (user_details) { | ||
2033 | uid_t u; | ||
2034 | gid_t g; | ||
2035 | |||
2036 | u = user_details->pw_uid; | ||
2037 | g = user_details->pw_gid; | ||
2038 | |||
2039 | if (initgroups(user_details->pw_name, g) != 0) | ||
2040 | err(1, "initgroups failed"); | ||
2041 | |||
2042 | if (setresgid(g, g, g) != 0) | ||
2043 | err(1, "setresgid failed"); | ||
2044 | |||
2045 | if (setresuid(u, u, u) != 0) | ||
2046 | err(1, "setresuid failed"); | ||
2047 | |||
2048 | verbose("Dropping privileges completed\n"); | ||
2049 | } | ||
2050 | |||
2051 | /* Finally, run the Guest. This doesn't return. */ | ||
2052 | run_guest(); | ||
2053 | } | ||
2054 | /*:*/ | ||
2055 | |||
2056 | /*M:999 | ||
2057 | * Mastery is done: you now know everything I do. | ||
2058 | * | ||
2059 | * But surely you have seen code, features and bugs in your wanderings which | ||
2060 | * you now yearn to attack? That is the real game, and I look forward to you | ||
2061 | * patching and forking lguest into the Your-Name-Here-visor. | ||
2062 | * | ||
2063 | * Farewell, and good coding! | ||
2064 | * Rusty Russell. | ||
2065 | */ | ||
diff --git a/tools/lguest/lguest.txt b/tools/lguest/lguest.txt new file mode 100644 index 000000000000..bff0c554485d --- /dev/null +++ b/tools/lguest/lguest.txt | |||
@@ -0,0 +1,129 @@ | |||
1 | __ | ||
2 | (___()'`; Rusty's Remarkably Unreliable Guide to Lguest | ||
3 | /, /` - or, A Young Coder's Illustrated Hypervisor | ||
4 | \\"--\\ http://lguest.ozlabs.org | ||
5 | |||
6 | Lguest is designed to be a minimal 32-bit x86 hypervisor for the Linux kernel, | ||
7 | for Linux developers and users to experiment with virtualization with the | ||
8 | minimum of complexity. Nonetheless, it should have sufficient features to | ||
9 | make it useful for specific tasks, and, of course, you are encouraged to fork | ||
10 | and enhance it (see drivers/lguest/README). | ||
11 | |||
12 | Features: | ||
13 | |||
14 | - Kernel module which runs in a normal kernel. | ||
15 | - Simple I/O model for communication. | ||
16 | - Simple program to create new guests. | ||
17 | - Logo contains cute puppies: http://lguest.ozlabs.org | ||
18 | |||
19 | Developer features: | ||
20 | |||
21 | - Fun to hack on. | ||
22 | - No ABI: being tied to a specific kernel anyway, you can change anything. | ||
23 | - Many opportunities for improvement or feature implementation. | ||
24 | |||
25 | Running Lguest: | ||
26 | |||
27 | - The easiest way to run lguest is to use same kernel as guest and host. | ||
28 | You can configure them differently, but usually it's easiest not to. | ||
29 | |||
30 | You will need to configure your kernel with the following options: | ||
31 | |||
32 | "General setup": | ||
33 | "Prompt for development and/or incomplete code/drivers" = Y | ||
34 | (CONFIG_EXPERIMENTAL=y) | ||
35 | |||
36 | "Processor type and features": | ||
37 | "Paravirtualized guest support" = Y | ||
38 | "Lguest guest support" = Y | ||
39 | "High Memory Support" = off/4GB | ||
40 | "Alignment value to which kernel should be aligned" = 0x100000 | ||
41 | (CONFIG_PARAVIRT=y, CONFIG_LGUEST_GUEST=y, CONFIG_HIGHMEM64G=n and | ||
42 | CONFIG_PHYSICAL_ALIGN=0x100000) | ||
43 | |||
44 | "Device Drivers": | ||
45 | "Block devices" | ||
46 | "Virtio block driver (EXPERIMENTAL)" = M/Y | ||
47 | "Network device support" | ||
48 | "Universal TUN/TAP device driver support" = M/Y | ||
49 | "Virtio network driver (EXPERIMENTAL)" = M/Y | ||
50 | (CONFIG_VIRTIO_BLK=m, CONFIG_VIRTIO_NET=m and CONFIG_TUN=m) | ||
51 | |||
52 | "Virtualization" | ||
53 | "Linux hypervisor example code" = M/Y | ||
54 | (CONFIG_LGUEST=m) | ||
55 | |||
56 | - A tool called "lguest" is available in this directory: type "make" | ||
57 | to build it. If you didn't build your kernel in-tree, use "make | ||
58 | O=<builddir>". | ||
59 | |||
60 | - Create or find a root disk image. There are several useful ones | ||
61 | around, such as the xm-test tiny root image at | ||
62 | http://xm-test.xensource.com/ramdisks/initrd-1.1-i386.img | ||
63 | |||
64 | For more serious work, I usually use a distribution ISO image and | ||
65 | install it under qemu, then make multiple copies: | ||
66 | |||
67 | dd if=/dev/zero of=rootfile bs=1M count=2048 | ||
68 | qemu -cdrom image.iso -hda rootfile -net user -net nic -boot d | ||
69 | |||
70 | Make sure that you install a getty on /dev/hvc0 if you want to log in on the | ||
71 | console! | ||
72 | |||
73 | - "modprobe lg" if you built it as a module. | ||
74 | |||
75 | - Run an lguest as root: | ||
76 | |||
77 | Documentation/virtual/lguest/lguest 64 vmlinux --tunnet=192.168.19.1 \ | ||
78 | --block=rootfile root=/dev/vda | ||
79 | |||
80 | Explanation: | ||
81 | 64: the amount of memory to use, in MB. | ||
82 | |||
83 | vmlinux: the kernel image found in the top of your build directory. You | ||
84 | can also use a standard bzImage. | ||
85 | |||
86 | --tunnet=192.168.19.1: configures a "tap" device for networking with this | ||
87 | IP address. | ||
88 | |||
89 | --block=rootfile: a file or block device which becomes /dev/vda | ||
90 | inside the guest. | ||
91 | |||
92 | root=/dev/vda: this (and anything else on the command line) are | ||
93 | kernel boot parameters. | ||
94 | |||
95 | - Configuring networking. I usually have the host masquerade, using | ||
96 | "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" and "echo 1 > | ||
97 | /proc/sys/net/ipv4/ip_forward". In this example, I would configure | ||
98 | eth0 inside the guest at 192.168.19.2. | ||
99 | |||
100 | Another method is to bridge the tap device to an external interface | ||
101 | using --tunnet=bridge:<bridgename>, and perhaps run dhcp on the guest | ||
102 | to obtain an IP address. The bridge needs to be configured first: | ||
103 | this option simply adds the tap interface to it. | ||
104 | |||
105 | A simple example on my system: | ||
106 | |||
107 | ifconfig eth0 0.0.0.0 | ||
108 | brctl addbr lg0 | ||
109 | ifconfig lg0 up | ||
110 | brctl addif lg0 eth0 | ||
111 | dhclient lg0 | ||
112 | |||
113 | Then use --tunnet=bridge:lg0 when launching the guest. | ||
114 | |||
115 | See: | ||
116 | |||
117 | http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge | ||
118 | |||
119 | for general information on how to get bridging to work. | ||
120 | |||
121 | - Random number generation. Using the --rng option will provide a | ||
122 | /dev/hwrng in the guest that will read from the host's /dev/random. | ||
123 | Use this option in conjunction with rng-tools (see ../hw_random.txt) | ||
124 | to provide entropy to the guest kernel's /dev/random. | ||
125 | |||
126 | There is a helpful mailing list at http://ozlabs.org/mailman/listinfo/lguest | ||
127 | |||
128 | Good luck! | ||
129 | Rusty Russell rusty@rustcorp.com.au. | ||