1 /*
2 * Copyright (C) 2011
3 * Author Roger Pau Monne <roger.pau@entel.upc.edu>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU Lesser General Public License as published
7 * by the Free Software Foundation; version 2.1 only. with the special
8 * exception on linking described in file LICENSE.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU Lesser General Public License for more details.
14 */
15
16 #include "libxl_osdeps.h" /* must come before any other headers */
17
18 #include <sys/resource.h>
19 #include "libxl_internal.h"
20
21
22 /* Workarounds for Linux-specific lacks can go here: */
23
24 #ifndef CLONE_NEWIPC /* Available as of Linux 2.6.19 / glibc 2.8 */
25 # define CLONE_NEWIPC 0x08000000
26 #endif
27
28
libxl__try_phy_backend(mode_t st_mode)29 int libxl__try_phy_backend(mode_t st_mode)
30 {
31 if (S_ISBLK(st_mode) || S_ISREG(st_mode)) {
32 return 1;
33 }
34
35 return 0;
36 }
37
libxl__devid_to_localdev(libxl__gc * gc,int devid)38 char *libxl__devid_to_localdev(libxl__gc *gc, int devid)
39 {
40 return libxl__devid_to_vdev(gc, devid);
41 }
42
43 /* Hotplug scripts helpers */
44
get_hotplug_env(libxl__gc * gc,char * script,libxl__device * dev)45 static char **get_hotplug_env(libxl__gc *gc,
46 char *script, libxl__device *dev)
47 {
48 const char *type = libxl__device_kind_to_string(dev->backend_kind);
49 char *be_path = libxl__device_backend_path(gc, dev);
50 char **env;
51 int nr = 0;
52
53 const int arraysize = 15;
54 GCNEW_ARRAY(env, arraysize);
55 env[nr++] = "script";
56 env[nr++] = script;
57 env[nr++] = "XENBUS_TYPE";
58 env[nr++] = (char *) type;
59 env[nr++] = "XENBUS_PATH";
60 env[nr++] = GCSPRINTF("backend/%s/%u/%d", type, dev->domid, dev->devid);
61 env[nr++] = "XENBUS_BASE_PATH";
62 env[nr++] = "backend";
63 if (dev->backend_kind == LIBXL__DEVICE_KIND_VIF) {
64 libxl_nic_type nictype;
65 char *gatewaydev;
66
67 gatewaydev = libxl__xs_read(gc, XBT_NULL,
68 GCSPRINTF("%s/%s", be_path, "gatewaydev"));
69 env[nr++] = "netdev";
70 env[nr++] = gatewaydev ? : "";
71
72 if (libxl__nic_type(gc, dev, &nictype)) {
73 LOGD(ERROR, dev->domid, "unable to get nictype");
74 return NULL;
75 }
76 switch (nictype) {
77 case LIBXL_NIC_TYPE_VIF_IOEMU:
78 env[nr++] = "INTERFACE";
79 env[nr++] = (char *) libxl__device_nic_devname(gc, dev->domid,
80 dev->devid,
81 LIBXL_NIC_TYPE_VIF_IOEMU);
82 /*
83 * We need to fall through because for PV_IOEMU nic types we need
84 * to execute both the vif and the tap hotplug script, and we
85 * don't know which one we are executing in this call, so provide
86 * both env variables.
87 */
88 case LIBXL_NIC_TYPE_VIF:
89 env[nr++] = "vif";
90 env[nr++] = (char *) libxl__device_nic_devname(gc, dev->domid,
91 dev->devid,
92 LIBXL_NIC_TYPE_VIF);
93 break;
94 default:
95 return NULL;
96 }
97 }
98
99 env[nr++] = NULL;
100 assert(nr <= arraysize);
101
102 return env;
103 }
104
105 /* Hotplug scripts caller functions */
106
libxl__hotplug_nic(libxl__gc * gc,libxl__device * dev,char *** args,char *** env,libxl__device_action action,int num_exec)107 static int libxl__hotplug_nic(libxl__gc *gc, libxl__device *dev,
108 char ***args, char ***env,
109 libxl__device_action action, int num_exec)
110 {
111 char *be_path = libxl__device_backend_path(gc, dev);
112 char *script;
113 int nr = 0, rc = 0;
114 libxl_nic_type nictype;
115
116 script = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/%s", be_path,
117 "script"));
118 if (!script) {
119 LOGED(ERROR, dev->domid,
120 "unable to read script from %s", be_path);
121 rc = ERROR_FAIL;
122 goto out;
123 }
124
125 rc = libxl__nic_type(gc, dev, &nictype);
126 if (rc) {
127 LOGD(ERROR, dev->domid, "error when fetching nic type");
128 rc = ERROR_FAIL;
129 goto out;
130 }
131 if (nictype == LIBXL_NIC_TYPE_VIF && num_exec != 0) {
132 rc = 0;
133 goto out;
134 }
135
136 *env = get_hotplug_env(gc, script, dev);
137 if (!*env) {
138 rc = ERROR_FAIL;
139 goto out;
140 }
141
142 const int arraysize = 4;
143 GCNEW_ARRAY(*args, arraysize);
144 (*args)[nr++] = script;
145
146 if (nictype == LIBXL_NIC_TYPE_VIF_IOEMU && num_exec) {
147 (*args)[nr++] = (char *) libxl__device_action_to_string(action);
148 (*args)[nr++] = "type_if=tap";
149 (*args)[nr++] = NULL;
150 } else {
151 (*args)[nr++] = action == LIBXL__DEVICE_ACTION_ADD ? "online" :
152 "offline";
153 (*args)[nr++] = "type_if=vif";
154 (*args)[nr++] = NULL;
155 }
156 assert(nr == arraysize);
157 rc = 1;
158
159 out:
160 return rc;
161 }
162
libxl__hotplug_disk(libxl__gc * gc,libxl__device * dev,char *** args,char *** env,libxl__device_action action)163 static int libxl__hotplug_disk(libxl__gc *gc, libxl__device *dev,
164 char ***args, char ***env,
165 libxl__device_action action)
166 {
167 char *be_path = libxl__device_backend_path(gc, dev);
168 char *script;
169 int nr = 0, rc = 0;
170
171 script = libxl__xs_read(gc, XBT_NULL,
172 GCSPRINTF("%s/%s", be_path, "script"));
173 if (!script) {
174 LOGEVD(ERROR, errno, dev->domid,
175 "unable to read script from %s", be_path);
176 rc = ERROR_FAIL;
177 goto error;
178 }
179
180 *env = get_hotplug_env(gc, script, dev);
181 if (!*env) {
182 LOGD(ERROR, dev->domid, "Failed to get hotplug environment");
183 rc = ERROR_FAIL;
184 goto error;
185 }
186
187 const int arraysize = 3;
188 GCNEW_ARRAY(*args, arraysize);
189 (*args)[nr++] = script;
190 (*args)[nr++] = (char *) libxl__device_action_to_string(action);
191 (*args)[nr++] = NULL;
192 assert(nr == arraysize);
193
194 LOGD(DEBUG, dev->domid, "Args and environment ready");
195 rc = 1;
196
197 error:
198 return rc;
199 }
200
libxl__get_hotplug_script_info(libxl__gc * gc,libxl__device * dev,char *** args,char *** env,libxl__device_action action,int num_exec)201 int libxl__get_hotplug_script_info(libxl__gc *gc, libxl__device *dev,
202 char ***args, char ***env,
203 libxl__device_action action,
204 int num_exec)
205 {
206 int rc;
207
208 switch (dev->backend_kind) {
209 case LIBXL__DEVICE_KIND_VBD:
210 case LIBXL__DEVICE_KIND_VBD3:
211 if (num_exec != 0) {
212 LOGD(DEBUG, dev->domid,
213 "num_exec %d, not running hotplug scripts", num_exec);
214 rc = 0;
215 goto out;
216 }
217 rc = libxl__hotplug_disk(gc, dev, args, env, action);
218 break;
219 case LIBXL__DEVICE_KIND_VIF:
220 /*
221 * If domain has a stubdom we don't have to execute hotplug scripts
222 * for emulated interfaces
223 */
224 if ((num_exec > 1) ||
225 (libxl_get_stubdom_id(CTX, dev->domid) && num_exec)) {
226 LOGD(DEBUG, dev->domid,
227 "num_exec %d, not running hotplug scripts", num_exec);
228 rc = 0;
229 goto out;
230 }
231 rc = libxl__hotplug_nic(gc, dev, args, env, action, num_exec);
232 break;
233 default:
234 /* No need to execute any hotplug scripts */
235 LOGD(DEBUG, dev->domid, "backend_kind %s, no need to execute scripts",
236 libxl__device_kind_to_string(dev->backend_kind));
237 rc = 0;
238 break;
239 }
240
241 out:
242 return rc;
243 }
244
libxl__pci_numdevs(libxl__gc * gc)245 int libxl__pci_numdevs(libxl__gc *gc)
246 {
247 DIR *dir;
248 struct dirent *entry;
249 int num_devs = 0;
250
251 dir = opendir("/sys/bus/pci/devices");
252 if (!dir) {
253 LOGE(ERROR, "Cannot open /sys/bus/pci/devices");
254 return ERROR_FAIL;
255 }
256
257 while ((entry = readdir(dir))) {
258 if (entry->d_name[0] == '.')
259 continue;
260 num_devs++;
261 }
262 closedir(dir);
263
264 return num_devs;
265 }
266
libxl__pci_topology_init(libxl__gc * gc,physdev_pci_device_t * devs,int num_devs)267 int libxl__pci_topology_init(libxl__gc *gc,
268 physdev_pci_device_t *devs,
269 int num_devs)
270 {
271
272 DIR *dir;
273 struct dirent *entry;
274 int i, err = 0;
275
276 dir = opendir("/sys/bus/pci/devices");
277 if (!dir) {
278 LOGE(ERROR, "Cannot open /sys/bus/pci/devices");
279 return ERROR_FAIL;
280 }
281
282 i = 0;
283 while ((entry = readdir(dir))) {
284 unsigned int dom, bus, dev, func;
285
286 if (entry->d_name[0] == '.')
287 continue;
288
289 if (i == num_devs) {
290 LOG(ERROR, "Too many devices");
291 err = ERROR_FAIL;
292 errno = ENOSPC;
293 goto out;
294 }
295
296 if (sscanf(entry->d_name, "%x:%x:%x.%d", &dom, &bus, &dev, &func) < 4) {
297 LOGE(ERROR, "Error processing /sys/bus/pci/devices");
298 err = ERROR_FAIL;
299 goto out;
300 }
301
302 devs[i].seg = dom;
303 devs[i].bus = bus;
304 devs[i].devfn = ((dev & 0x1f) << 3) | (func & 7);
305
306 i++;
307 }
308
309 out:
310 closedir(dir);
311
312 return err;
313 }
314
315 static struct {
316 int resource;
317 rlim_t limit;
318 } rlimits[] = {
319 #define RLIMIT_ENTRY(r, l) \
320 { .resource = r, .limit = l }
321 /* Big enough for log files, not big enough for a DoS */
322 RLIMIT_ENTRY(RLIMIT_FSIZE, 256*1024),
323
324 /* Shouldn't need any of these */
325 RLIMIT_ENTRY(RLIMIT_CORE, 0),
326 RLIMIT_ENTRY(RLIMIT_MSGQUEUE, 0),
327 RLIMIT_ENTRY(RLIMIT_LOCKS, 0),
328 RLIMIT_ENTRY(RLIMIT_MEMLOCK, 0),
329
330 /* End-of-list marker */
331 RLIMIT_ENTRY(RLIMIT_NLIMITS, 0),
332 #undef RLIMIT_ENTRY
333 };
334
libxl__local_dm_preexec_restrict(libxl__gc * gc)335 int libxl__local_dm_preexec_restrict(libxl__gc *gc)
336 {
337 int r;
338 unsigned i;
339
340 /* Unshare mount and IPC namespaces. These are unused by QEMU. */
341 r = unshare(CLONE_NEWNS | CLONE_NEWIPC);
342 if (r) {
343 LOGE(ERROR, "libxl: unshare Mount and IPC namespace failed");
344 return ERROR_FAIL;
345 }
346
347 /* Set various "easy" rlimits */
348 for (i = 0; rlimits[i].resource != RLIMIT_NLIMITS; i++) {
349 struct rlimit rlim;
350
351 rlim.rlim_cur = rlim.rlim_max = rlimits[i].limit;
352
353 r = setrlimit(rlimits[i].resource, &rlim);
354 if (r < 0) {
355 LOGE(ERROR, "Setting rlimit %d to %llu failed\n",
356 rlimits[i].resource,
357 (unsigned long long)rlimits[i].limit);
358 return ERROR_FAIL;
359 }
360 }
361
362 return 0;
363 }
364
365 /*
366 * Local variables:
367 * mode: C
368 * c-basic-offset: 4
369 * indent-tabs-mode: nil
370 * End:
371 */
372