1 /* $OpenBSD: vmd.h,v 1.101 2020/09/23 19:18:18 martijn Exp $ */ 2 3 /* 4 * Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/socket.h> 22 23 #include <machine/vmmvar.h> 24 25 #include <net/if.h> 26 #include <netinet/in.h> 27 #include <netinet/if_ether.h> 28 #include <netinet6/in6_var.h> 29 30 #include <limits.h> 31 #include <stdio.h> 32 #include <pthread.h> 33 34 #include "proc.h" 35 36 #ifndef VMD_H 37 #define VMD_H 38 39 #define SET(_v, _m) ((_v) |= (_m)) 40 #define CLR(_v, _m) ((_v) &= ~(_m)) 41 #define ISSET(_v, _m) ((_v) & (_m)) 42 #define NELEM(a) (sizeof(a) / sizeof((a)[0])) 43 44 #define VMD_USER "_vmd" 45 #define VMD_CONF "/etc/vm.conf" 46 #define SOCKET_NAME "/var/run/vmd.sock" 47 #define VMM_NODE "/dev/vmm" 48 #define VM_DEFAULT_BIOS "/etc/firmware/vmm-bios" 49 #define VM_DEFAULT_KERNEL "/bsd" 50 #define VM_DEFAULT_DEVICE "hd0a" 51 #define VM_BOOT_CONF "/etc/boot.conf" 52 #define VM_NAME_MAX 64 53 #define VM_MAX_BASE_PER_DISK 4 54 #define VM_TTYNAME_MAX 16 55 #define MAX_TAP 256 56 #define NR_BACKLOG 5 57 #define VMD_SWITCH_TYPE "bridge" 58 #define VM_DEFAULT_MEMORY 512 59 60 #define VMD_DEFAULT_STAGGERED_START_DELAY 30 61 62 /* Rate-limit fast reboots */ 63 #define VM_START_RATE_SEC 6 /* min. seconds since last reboot */ 64 #define VM_START_RATE_LIMIT 3 /* max. number of fast reboots */ 65 66 /* default user instance limits */ 67 #define VM_DEFAULT_USER_MAXCPU 4 68 #define VM_DEFAULT_USER_MAXMEM 2048 69 #define VM_DEFAULT_USER_MAXIFS 8 70 71 /* vmd -> vmctl error codes */ 72 #define VMD_BIOS_MISSING 1001 73 #define VMD_DISK_MISSING 1002 74 /* 1003 is obsolete VMD_DISK_INVALID */ 75 #define VMD_VM_STOP_INVALID 1004 76 #define VMD_CDROM_MISSING 1005 77 #define VMD_CDROM_INVALID 1006 78 #define VMD_PARENT_INVALID 1007 79 80 /* Image file signatures */ 81 #define VM_MAGIC_QCOW "QFI\xfb" 82 83 /* 100.64.0.0/10 from rfc6598 (IPv4 Prefix for Shared Address Space) */ 84 #define VMD_DHCP_PREFIX "100.64.0.0/10" 85 86 /* Unique local address for IPv6 */ 87 #define VMD_ULA_PREFIX "fd00::/8" 88 89 enum imsg_type { 90 IMSG_VMDOP_START_VM_REQUEST = IMSG_PROC_MAX, 91 IMSG_VMDOP_START_VM_CDROM, 92 IMSG_VMDOP_START_VM_DISK, 93 IMSG_VMDOP_START_VM_IF, 94 IMSG_VMDOP_START_VM_END, 95 IMSG_VMDOP_START_VM_RESPONSE, 96 IMSG_VMDOP_PAUSE_VM, 97 IMSG_VMDOP_PAUSE_VM_RESPONSE, 98 IMSG_VMDOP_UNPAUSE_VM, 99 IMSG_VMDOP_UNPAUSE_VM_RESPONSE, 100 IMSG_VMDOP_SEND_VM_REQUEST, 101 IMSG_VMDOP_SEND_VM_RESPONSE, 102 IMSG_VMDOP_RECEIVE_VM_REQUEST, 103 IMSG_VMDOP_RECEIVE_VM_RESPONSE, 104 IMSG_VMDOP_RECEIVE_VM_END, 105 IMSG_VMDOP_WAIT_VM_REQUEST, 106 IMSG_VMDOP_TERMINATE_VM_REQUEST, 107 IMSG_VMDOP_TERMINATE_VM_RESPONSE, 108 IMSG_VMDOP_TERMINATE_VM_EVENT, 109 IMSG_VMDOP_GET_INFO_VM_REQUEST, 110 IMSG_VMDOP_GET_INFO_VM_DATA, 111 IMSG_VMDOP_GET_INFO_VM_END_DATA, 112 IMSG_VMDOP_LOAD, 113 IMSG_VMDOP_RELOAD, 114 IMSG_VMDOP_PRIV_IFDESCR, 115 IMSG_VMDOP_PRIV_IFADD, 116 IMSG_VMDOP_PRIV_IFEXISTS, 117 IMSG_VMDOP_PRIV_IFUP, 118 IMSG_VMDOP_PRIV_IFDOWN, 119 IMSG_VMDOP_PRIV_IFGROUP, 120 IMSG_VMDOP_PRIV_IFADDR, 121 IMSG_VMDOP_PRIV_IFADDR6, 122 IMSG_VMDOP_PRIV_IFRDOMAIN, 123 IMSG_VMDOP_VM_SHUTDOWN, 124 IMSG_VMDOP_VM_REBOOT, 125 IMSG_VMDOP_CONFIG, 126 IMSG_VMDOP_DONE 127 }; 128 129 struct vmop_result { 130 int vmr_result; 131 uint32_t vmr_id; 132 pid_t vmr_pid; 133 char vmr_ttyname[VM_TTYNAME_MAX]; 134 }; 135 136 struct vmop_info_result { 137 struct vm_info_result vir_info; 138 char vir_ttyname[VM_TTYNAME_MAX]; 139 uid_t vir_uid; 140 int64_t vir_gid; 141 unsigned int vir_state; 142 }; 143 144 struct vmop_id { 145 uint32_t vid_id; 146 char vid_name[VMM_MAX_NAME_LEN]; 147 uid_t vid_uid; 148 unsigned int vid_flags; 149 #define VMOP_FORCE 0x01 150 #define VMOP_WAIT 0x02 151 }; 152 153 struct vmop_ifreq { 154 uint32_t vfr_id; 155 char vfr_name[IF_NAMESIZE]; 156 char vfr_value[VM_NAME_MAX]; 157 struct sockaddr_storage vfr_addr; 158 struct sockaddr_storage vfr_mask; 159 }; 160 161 struct vmop_owner { 162 uid_t uid; 163 int64_t gid; 164 }; 165 166 struct vmop_create_params { 167 struct vm_create_params vmc_params; 168 unsigned int vmc_flags; 169 #define VMOP_CREATE_CPU 0x01 170 #define VMOP_CREATE_KERNEL 0x02 171 #define VMOP_CREATE_MEMORY 0x04 172 #define VMOP_CREATE_NETWORK 0x08 173 #define VMOP_CREATE_DISK 0x10 174 #define VMOP_CREATE_CDROM 0x20 175 #define VMOP_CREATE_INSTANCE 0x40 176 177 /* same flags; check for access to these resources */ 178 unsigned int vmc_checkaccess; 179 180 /* userland-only part of the create params */ 181 unsigned int vmc_bootdevice; 182 #define VMBOOTDEV_AUTO 0 183 #define VMBOOTDEV_DISK 1 184 #define VMBOOTDEV_CDROM 2 185 #define VMBOOTDEV_NET 3 186 unsigned int vmc_ifflags[VMM_MAX_NICS_PER_VM]; 187 #define VMIFF_UP 0x01 188 #define VMIFF_LOCKED 0x02 189 #define VMIFF_LOCAL 0x04 190 #define VMIFF_RDOMAIN 0x08 191 #define VMIFF_OPTMASK (VMIFF_LOCKED|VMIFF_LOCAL|VMIFF_RDOMAIN) 192 193 unsigned int vmc_disktypes[VMM_MAX_DISKS_PER_VM]; 194 unsigned int vmc_diskbases[VMM_MAX_DISKS_PER_VM]; 195 #define VMDF_RAW 0x01 196 #define VMDF_QCOW2 0x02 197 198 char vmc_ifnames[VMM_MAX_NICS_PER_VM][IF_NAMESIZE]; 199 char vmc_ifswitch[VMM_MAX_NICS_PER_VM][VM_NAME_MAX]; 200 char vmc_ifgroup[VMM_MAX_NICS_PER_VM][IF_NAMESIZE]; 201 unsigned int vmc_ifrdomain[VMM_MAX_NICS_PER_VM]; 202 struct vmop_owner vmc_owner; 203 204 /* instance template params */ 205 char vmc_instance[VMM_MAX_NAME_LEN]; 206 struct vmop_owner vmc_insowner; 207 unsigned int vmc_insflags; 208 }; 209 210 struct vm_dump_header_cpuid { 211 unsigned long code, leaf; 212 unsigned int a, b, c, d; 213 }; 214 215 #define VM_DUMP_HEADER_CPUID_COUNT 5 216 217 struct vm_dump_header { 218 uint8_t vmh_signature[12]; 219 #define VM_DUMP_SIGNATURE VMM_HV_SIGNATURE 220 uint8_t vmh_pad[3]; 221 uint8_t vmh_version; 222 #define VM_DUMP_VERSION 7 223 struct vm_dump_header_cpuid 224 vmh_cpuids[VM_DUMP_HEADER_CPUID_COUNT]; 225 } __packed; 226 227 struct vmboot_params { 228 off_t vbp_partoff; 229 char vbp_device[PATH_MAX]; 230 char vbp_image[PATH_MAX]; 231 uint32_t vbp_bootdev; 232 uint32_t vbp_howto; 233 unsigned int vbp_type; 234 void *vbp_arg; 235 char *vbp_buf; 236 }; 237 238 struct vmd_if { 239 char *vif_name; 240 char *vif_switch; 241 char *vif_group; 242 int vif_fd; 243 unsigned int vif_rdomain; 244 unsigned int vif_flags; 245 TAILQ_ENTRY(vmd_if) vif_entry; 246 }; 247 248 struct vmd_switch { 249 uint32_t sw_id; 250 char *sw_name; 251 char sw_ifname[IF_NAMESIZE]; 252 char *sw_group; 253 unsigned int sw_rdomain; 254 unsigned int sw_flags; 255 int sw_running; 256 TAILQ_ENTRY(vmd_switch) sw_entry; 257 }; 258 TAILQ_HEAD(switchlist, vmd_switch); 259 260 struct vmd_vm { 261 struct vmop_create_params vm_params; 262 pid_t vm_pid; 263 uint32_t vm_vmid; 264 int vm_kernel; 265 int vm_cdrom; 266 int vm_disks[VMM_MAX_DISKS_PER_VM][VM_MAX_BASE_PER_DISK]; 267 struct vmd_if vm_ifs[VMM_MAX_NICS_PER_VM]; 268 char *vm_ttyname; 269 int vm_tty; 270 uint32_t vm_peerid; 271 /* When set, VM was defined in a config file */ 272 int vm_from_config; 273 struct imsgev vm_iev; 274 uid_t vm_uid; 275 int vm_receive_fd; 276 struct vmd_user *vm_user; 277 unsigned int vm_state; 278 /* When set, VM is running now (PROC_PARENT only) */ 279 #define VM_STATE_RUNNING 0x01 280 /* When set, VM is not started by default (PROC_PARENT only) */ 281 #define VM_STATE_DISABLED 0x02 282 /* When set, VM is marked to be shut down */ 283 #define VM_STATE_SHUTDOWN 0x04 284 #define VM_STATE_RECEIVED 0x08 285 #define VM_STATE_PAUSED 0x10 286 #define VM_STATE_WAITING 0x20 287 288 /* For rate-limiting */ 289 struct timeval vm_start_tv; 290 int vm_start_limit; 291 292 TAILQ_ENTRY(vmd_vm) vm_entry; 293 }; 294 TAILQ_HEAD(vmlist, vmd_vm); 295 296 struct vmd_user { 297 struct vmop_owner usr_id; 298 uint64_t usr_maxcpu; 299 uint64_t usr_maxmem; 300 uint64_t usr_maxifs; 301 int usr_refcnt; 302 303 TAILQ_ENTRY(vmd_user) usr_entry; 304 }; 305 TAILQ_HEAD(userlist, vmd_user); 306 307 struct name2id { 308 char name[VMM_MAX_NAME_LEN]; 309 int uid; 310 int32_t id; 311 TAILQ_ENTRY(name2id) entry; 312 }; 313 TAILQ_HEAD(name2idlist, name2id); 314 315 struct address { 316 struct sockaddr_storage ss; 317 int prefixlen; 318 TAILQ_ENTRY(address) entry; 319 }; 320 TAILQ_HEAD(addresslist, address); 321 322 struct vmd_config { 323 unsigned int cfg_flags; 324 #define VMD_CFG_INET6 0x01 325 #define VMD_CFG_AUTOINET6 0x02 326 #define VMD_CFG_STAGGERED_START 0x04 327 328 struct timeval delay; 329 int parallelism; 330 struct address cfg_localprefix; 331 struct address cfg_localprefix6; 332 }; 333 334 struct vmd { 335 struct privsep vmd_ps; 336 const char *vmd_conffile; 337 338 /* global configuration that is sent to the children */ 339 struct vmd_config vmd_cfg; 340 341 int vmd_debug; 342 int vmd_verbose; 343 int vmd_noaction; 344 345 uint32_t vmd_nvm; 346 struct vmlist *vmd_vms; 347 struct name2idlist *vmd_known; 348 uint32_t vmd_nswitches; 349 struct switchlist *vmd_switches; 350 struct userlist *vmd_users; 351 352 int vmd_fd; 353 int vmd_fd6; 354 int vmd_ptmfd; 355 }; 356 357 struct vm_dev_pipe { 358 int read; 359 int write; 360 struct event read_ev; 361 }; 362 363 enum pipe_msg_type { 364 I8253_RESET_CHAN_0 = 0, 365 I8253_RESET_CHAN_1 = 1, 366 I8253_RESET_CHAN_2 = 2, 367 NS8250_ZERO_READ, 368 NS8250_RATELIMIT, 369 MC146818_RESCHEDULE_PER 370 }; 371 372 static inline struct sockaddr_in * 373 ss2sin(struct sockaddr_storage *ss) 374 { 375 return ((struct sockaddr_in *)ss); 376 } 377 378 static inline struct sockaddr_in6 * 379 ss2sin6(struct sockaddr_storage *ss) 380 { 381 return ((struct sockaddr_in6 *)ss); 382 } 383 384 struct packet_ctx { 385 uint8_t pc_htype; 386 uint8_t pc_hlen; 387 uint8_t pc_smac[ETHER_ADDR_LEN]; 388 uint8_t pc_dmac[ETHER_ADDR_LEN]; 389 390 struct sockaddr_storage pc_src; 391 struct sockaddr_storage pc_dst; 392 }; 393 394 /* packet.c */ 395 ssize_t assemble_hw_header(unsigned char *, size_t, size_t, 396 struct packet_ctx *, unsigned int); 397 ssize_t assemble_udp_ip_header(unsigned char *, size_t, size_t, 398 struct packet_ctx *pc, unsigned char *, size_t); 399 ssize_t decode_hw_header(unsigned char *, size_t, size_t, struct packet_ctx *, 400 unsigned int); 401 ssize_t decode_udp_ip_header(unsigned char *, size_t, size_t, 402 struct packet_ctx *); 403 404 /* vmd.c */ 405 int vmd_reload(unsigned int, const char *); 406 struct vmd_vm *vm_getbyid(uint32_t); 407 struct vmd_vm *vm_getbyvmid(uint32_t); 408 uint32_t vm_id2vmid(uint32_t, struct vmd_vm *); 409 uint32_t vm_vmid2id(uint32_t, struct vmd_vm *); 410 struct vmd_vm *vm_getbyname(const char *); 411 struct vmd_vm *vm_getbypid(pid_t); 412 void vm_stop(struct vmd_vm *, int, const char *); 413 void vm_remove(struct vmd_vm *, const char *); 414 int vm_register(struct privsep *, struct vmop_create_params *, 415 struct vmd_vm **, uint32_t, uid_t); 416 int vm_checkperm(struct vmd_vm *, struct vmop_owner *, uid_t); 417 int vm_checkaccess(int, unsigned int, uid_t, int); 418 int vm_opentty(struct vmd_vm *); 419 void vm_closetty(struct vmd_vm *); 420 void switch_remove(struct vmd_switch *); 421 struct vmd_switch *switch_getbyname(const char *); 422 struct vmd_user *user_get(uid_t); 423 void user_put(struct vmd_user *); 424 void user_inc(struct vm_create_params *, struct vmd_user *, int); 425 int user_checklimit(struct vmd_user *, struct vm_create_params *); 426 char *get_string(uint8_t *, size_t); 427 uint32_t prefixlen2mask(uint8_t); 428 void prefixlen2mask6(u_int8_t, struct in6_addr *); 429 void getmonotime(struct timeval *); 430 431 /* priv.c */ 432 void priv(struct privsep *, struct privsep_proc *); 433 int priv_getiftype(char *, char *, unsigned int *); 434 int priv_findname(const char *, const char **); 435 int priv_validgroup(const char *); 436 int vm_priv_ifconfig(struct privsep *, struct vmd_vm *); 437 int vm_priv_brconfig(struct privsep *, struct vmd_switch *); 438 uint32_t vm_priv_addr(struct vmd_config *, uint32_t, int, int); 439 int vm_priv_addr6(struct vmd_config *, uint32_t, int, int, 440 struct in6_addr *); 441 442 /* vmm.c */ 443 struct iovec; 444 445 void vmm(struct privsep *, struct privsep_proc *); 446 void vmm_shutdown(void); 447 void *vaddr_mem(paddr_t, size_t); 448 int write_mem(paddr_t, const void *buf, size_t); 449 int read_mem(paddr_t, void *buf, size_t); 450 int iovec_mem(paddr_t, size_t, struct iovec *, int); 451 int opentap(char *); 452 int fd_hasdata(int); 453 void mutex_lock(pthread_mutex_t *); 454 void mutex_unlock(pthread_mutex_t *); 455 int vmm_pipe(struct vmd_vm *, int, void (*)(int, short, void *)); 456 457 /* vm.c */ 458 int start_vm(struct vmd_vm *, int); 459 __dead void vm_shutdown(unsigned int); 460 void vm_pipe_init(struct vm_dev_pipe *, void (*)(int, short, void *)); 461 void vm_pipe_send(struct vm_dev_pipe *, enum pipe_msg_type); 462 enum pipe_msg_type vm_pipe_recv(struct vm_dev_pipe *); 463 464 /* control.c */ 465 int config_init(struct vmd *); 466 void config_purge(struct vmd *, unsigned int); 467 int config_setconfig(struct vmd *); 468 int config_getconfig(struct vmd *, struct imsg *); 469 int config_setreset(struct vmd *, unsigned int); 470 int config_getreset(struct vmd *, struct imsg *); 471 int config_setvm(struct privsep *, struct vmd_vm *, uint32_t, uid_t); 472 int config_getvm(struct privsep *, struct imsg *); 473 int config_getdisk(struct privsep *, struct imsg *); 474 int config_getif(struct privsep *, struct imsg *); 475 int config_getcdrom(struct privsep *, struct imsg *); 476 477 /* vmboot.c */ 478 FILE *vmboot_open(int, int *, int, unsigned int, struct vmboot_params *); 479 void vmboot_close(FILE *, struct vmboot_params *); 480 481 /* parse.y */ 482 int parse_config(const char *); 483 int cmdline_symset(char *); 484 int host(const char *, struct address *); 485 486 /* virtio.c */ 487 int virtio_get_base(int, char *, size_t, int, const char *); 488 489 #endif /* VMD_H */ 490