Cleanup fcntl(3) usage and fd lifetimes in vmd(8).

Remove extraneous fcntl(3) usage for setting fd features that can
be set at time of open(2), pipe2(2), or socketpair(2). Also cleans
up pty creatio

Cleanup fcntl(3) usage and fd lifetimes in vmd(8).

Remove extraneous fcntl(3) usage for setting fd features that can
be set at time of open(2), pipe2(2), or socketpair(2). Also cleans
up pty creation switching to using functions from libutil instead
of direct ioctl(2) calls.

ok mlarkin@, original diff ok claudio@ as well.

show more ...

Use imsg_get_fd() in vmd.

vmd uses a lot of fd passing and does it sometimes via extra abstraction
so this just tries to convert the code without any optimisations.

ok dv@

vmd(8): improve error messages when out of tap devices.

The logging and the (lack of) errno don't describe the actual reason
a vm fails to start when there are not enough tap(4) special files
in /de

vmd(8): improve error messages when out of tap devices.

The logging and the (lack of) errno don't describe the actual reason
a vm fails to start when there are not enough tap(4) special files
in /dev. Improve the log message to specify the tap file in question
and set ENOENT so vmctl(8) gets something other than an undefined
errno value to report.

ok bluhm@

show more ...

vmd(8): pull validation into local prefix parser.

Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logi

vmd(8): pull validation into local prefix parser.

Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.

This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.

The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).

ok mlarkin@

show more ...

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
hav

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.

This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.

ok mlarkin@

show more ...

vmm(4)/vmd(8): pull struct members out of vmm ioctl create struct.

The object sent to vmm(4) contained file paths and details the
kernel does not need for cpu virtualization as device emulation is
i

vmm(4)/vmd(8): pull struct members out of vmm ioctl create struct.

The object sent to vmm(4) contained file paths and details the
kernel does not need for cpu virtualization as device emulation is
in userland. Effectively, "pull up" the struct members from the
vm_create_params struct to the parent vmop_create_params struct.

This allows us to clean up some of vmd(8) and simplify things for
switching to having vmctl(8) open the "kernel" file (SeaBIOS, bsd.rd,
etc.) to allow users to boot recovery ramdisk kernels.

ok mlarkin@

show more ...

vmd(8): migrate vmd_vm.vm_ttyname to char array.

Other structs use a fixed length array already. This allows a vmd_vm
object to be transmitted over an ipc channel, too.

Additionally, solves a segfa

vmd(8): migrate vmd_vm.vm_ttyname to char array.

Other structs use a fixed length array already. This allows a vmd_vm
object to be transmitted over an ipc channel, too.

Additionally, solves a segfault caused by a strlcpy(3) in an error
path.

ok mlarkin@

show more ...

Explicitly initialize vmd_vm pointer with NULL before calling vm_register.
Found by codechecker.
ok dv@

Move some header definitions from vmm(4) to vmd(8).

Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.

ok mlarkin@

vmd(8): remove unfinished user accounting.

User accounting and enforcement was never finished. tedu the thing
until someone wants to pick it up and finish it.

Originally found by Matthew Martin.

o

vmd(8): remove unfinished user accounting.

User accounting and enforcement was never finished. tedu the thing
until someone wants to pick it up and finish it.

Originally found by Matthew Martin.

ok mlarkin@, kn@. input from tb@.

show more ...

vmd: fix rebooting a received vm

Rebooting a received vm resulted in vmd(8) exiting as a result of
flawed state tracking in the parent process.

When stopping a vm, clear the VM_RECEIVE_STATE flag.

vmd: fix rebooting a received vm

Rebooting a received vm resulted in vmd(8) exiting as a result of
flawed state tracking in the parent process.

When stopping a vm, clear the VM_RECEIVE_STATE flag. When starting
a vm, make sure the parent process collapses any existing memory
ranges after the vm is sent to the vmm process (responsible for
launching the vm).

ok mlarkin@

show more ...

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

vmd(8): remove invalid errno values from config_setvm

Refactor config_setvm to directly return error code on failure
instead of returning -1 and setting errno. It was setting unsupported
values not

vmd(8): remove invalid errno values from config_setvm

Refactor config_setvm to directly return error code on failure
instead of returning -1 and setting errno. It was setting unsupported
values not defined in <errno.h>.

OK mlarkin@

show more ...

vmd(8): omit a possibly uninitialized var in a log_warnx

Don't print 'base' since it might not be initialized in all code paths.

From James Cook

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instea

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

show more ...

Remove booting from kernels in raw/qcow2 images

Diff and (slightly tweaked) text below from
Dave Voutila < dave at sisu dot io >, thanks!

--
Since 6.7 switched to FFS2 as the default filesystem for

Remove booting from kernels in raw/qcow2 images

Diff and (slightly tweaked) text below from
Dave Voutila < dave at sisu dot io >, thanks!

--
Since 6.7 switched to FFS2 as the default filesystem for new installs,
the ability for vmd(8) to load a kernel and boot.conf from a disk image
directly (without SeaBIOS) has been broken.

A diff from tb to add FFS2 support never mdae it into the tree.

On 5th Jan 2021, new ramdisks for amd64 have started shipping gzipped,
breaking the ability to load the bsd.rd directly as a kernel image for a vmd
guest without first uncompressing the image.

Using BIOS works, the FFS2 change happend ten months ago and few if any have
complained about the breakage. vmctl(8) is still vague about supporting it
per its man page and one still has to pass the disk image twice as a "-b"
and "-d" argument to boot an OpenBSD guest *without* BIOS.

Josh Rickmar reported the gzip issue on bugs@ and provided patches to add
support for compressed ramdisks and kernel images. The easiest way to do so
is to drop support for FFS images since they require a call to fmemopen(3)
while all the other logic uses fopen(3)/fdopen(3) calls and a file
descriptor. It is much easier to get thsoe patches merged if they don't
have to account for extracting files from disk images.
--

No objections anyone
"Removing it makes sense" reyk (who wrote the FFS module)
OK mlarkin

show more ...

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

track the state of the vm (running, paused, etc) using a single bitfield instead of
a handful of separate variables. this will makes it easier for vmd to report
and check on the individual vm states

track the state of the vm (running, paused, etc) using a single bitfield instead of
a handful of separate variables. this will makes it easier for vmd to report
and check on the individual vm states

no functional change intended

ok ccardenas@ mlarkin@

show more ...

Keep a list of known vms, and reuse the VM IDs.

This means that when using '-L', the IP addresses of the VMs are stable.

ok reyk@

Improve error handling and logging in qcow2

This turns most warn + returns that should never happen into hard failures,
and improves the user directed error messages.

ok @mlarkin, @reyk

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

I broke base images with my previous commit by missing a line.

The disk path wasn't updated so vmd tried to open the derived disk
image for each base over and over again.

OK ori@ mlarkin@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and conve

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

show more ...

Prevent VM reboot loops by rate-limiting the interval a VM can reboot.

This looping has been experienced by people who run VMs with a broken
kernel or boot loader that trigger a very fast reboot loo

Prevent VM reboot loops by rate-limiting the interval a VM can reboot.

This looping has been experienced by people who run VMs with a broken
kernel or boot loader that trigger a very fast reboot loop (triple
fault) of a VM that ends up using a lot of CPU and resources on the
host. Some fixes in vmm(4) and vmd(8) helped to avoid such conditions
but it can still occur if something is wrong in the guest VM itself.

If the VM restarts after less than VM_START_RATE_SEC (6) seconds, we
increment the limit counter. After VM_START_RATE_LIMIT (3) of suchs
fast reboots the VM is stopped.

There are only very few people who intentionally want to reboot-loop a
VM very quickly (many times within a second); mostly for fuzzing.
They will have to recompile and adjust the stated #defines in the code
as we don't have a config option to disable it.

OK mlarkin@

show more ...

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived fr

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

show more ...