| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.
This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.
OK mlarkin@
|
| |
|
|
|
| |
to privsep_procid.
ok mortimer
|
| |
|
|
| |
requested by deraadt@
|
| |
|
|
|
| |
This is based around VM-MIB from RFC7666,but does not export the full
spec. People more knowledgeable of vmd are encouraged to expand on this.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This addresses 'thundering herd' problem when a lot of
vms are configured in vm.conf. A lot of vms booting in parallel can
overload the host and also mess up tsc calibration in openbsd guests as
it uses PIT which doesn't fire reliably if the host is overloaded.
We default to starting vms with parallelism of ncpuonline and a delay 30 seconds
between batches. This is configurable in vm.conf.
ok mlarkin@ (also addressed comments from cheloha@)
|
| |
|
|
| |
Found by Hiltjo Posthuma, thanks!
|
| |
|
|
|
|
|
| |
start. Favoring 'invalid template' over 'permission denied' should give
the user a better hint on what went wrong.
ok kn@ mlarkin@
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
|
|
|
|
| |
to crash vmd and take all other vms with it. this required a little
shuffling to get the error value reported back to the caller to
handle the error properly.
ok mlarkin@
|
| |
|
|
|
|
|
| |
the vcpu (which is why it got removed), it now actually reports the correct state
(running, stopped, disabled, paused, etc)
ok ccardenas@ mlarkin@
|
| |
|
|
|
|
| |
set it to VMM_HV_SIGNATURE and check for it upon restoring a vm image
ok mlarkin@ pd@
|
| |
|
|
|
|
|
|
|
| |
a handful of separate variables. this will makes it easier for vmd to report
and check on the individual vm states
no functional change intended
ok ccardenas@ mlarkin@
|
| |
|
|
|
|
| |
knows the vm is paused, but vmd does not.
ok mlarkin@ pd@
|
| |
|
|
|
| |
behaviour of vmd to stop / exit at guest reboot.
OK ccardenas@
|
| |
|
|
|
|
|
| |
vmctl peerid that should be informed when the VM is stopped (like when the
guest does a shutdown). Uses the same logic as using the VMOP_WAIT flag on
IMSG_VMDOP_TERMINATE_VM_REQUEST.
Ok ccardenas@, reyk@
|
| |
|
|
|
|
| |
This means that when using '-L', the IP addresses of the VMs are stable.
ok reyk@
|
| |
|
|
| |
ok & test ccardenas@, additional review from kn@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This looping has been experienced by people who run VMs with a broken
kernel or boot loader that trigger a very fast reboot loop (triple
fault) of a VM that ends up using a lot of CPU and resources on the
host. Some fixes in vmm(4) and vmd(8) helped to avoid such conditions
but it can still occur if something is wrong in the guest VM itself.
If the VM restarts after less than VM_START_RATE_SEC (6) seconds, we
increment the limit counter. After VM_START_RATE_LIMIT (3) of suchs
fast reboots the VM is stopped.
There are only very few people who intentionally want to reboot-loop a
VM very quickly (many times within a second); mostly for fuzzing.
They will have to recompile and adjust the stated #defines in the code
as we don't have a config option to disable it.
OK mlarkin@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This works is from Ori Bernstein, committing on his behalf:
Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.
A limitation of this format is that modifying the base image will
corrupt the derived image.
This change also adds support for creating disk derived disk images to
vmctl. To use it:
vmctl create derived.qcow2 -s 16G -b base.qcow2
From Ori Bernstein
OK mlarkin@ reyk@
|
| |
|
|
|
|
|
| |
Fix a bug where a vm was removed in vmd.c after vmctl send even if sending
failed.
spotted by solene@
ok mlarkin@
|
| |
|
|
|
|
| |
Reported by Greg Steuck
OK mlarkin@
|
| |
|
|
|
| |
properly initialized with -1. Also avoid closing -1.
OK mlarkin@
|
| |
|
|
|
|
|
| |
proc_init(). As a consequence vmd(8) child processes did not detach
from the terminal anymore. Dup /dev/null to the stdio file descriptors
in the children.
OK mlarkin@ reyk@
|
| |
|
|
|
|
|
|
|
| |
The limits are currently hard-coded and undocumented (4 CPUs/VMs, 2G
memory, 8 interfaces) but will be configurable in an upcoming diff.
These limits are tracked in total usage; for example, a user will be
able to run up to 4 VMs with 512M of memory or a single VM with 2G.
OK ccardenas@ mlarkin@
|
| |
|
|
|
|
| |
This prevents time of TOCTOU attacks for instances.
OK mlarkin@
|
| |
|
|
|
|
|
|
|
|
| |
This allows users to create VM instances and change desired options,
for example a user can be allowed to run a VM with all the
pre-configured options but specify an own disk image.
(mlarkin@ was fine with iterating over it)
OK ccardenas@
|
| |
|
|
|
|
|
|
|
| |
This introduces new grammar and the -t optional in vmctl start.
(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)
OK ccardenas@ mlarkin@ jmc@
|
| | |
|
| |
|
|
|
|
| |
Use it in /etc/rc.d/vmd accordingly.
OK sthen@
|
| | |
|
| |
|
|
|
|
|
|
| |
This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.
OK ccardenas@ mlarkin@ benno@ kn@
|
| | |
|
| |
|
|
| |
Replace all occurences of dprintf with DPRINTF (defined in proc.h).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Turn tracing messages into DPRINTF (only compiled with DEBUG).
- Pass __func__ to vm_stop and vm_remove: this way we can track who
called the function in the async context. It replaces the manual
log_debug in front of each vm_stop/vm_remove. This debug logging
trick can be removed in the future once we are more confident about
it.
OK ccardenas@ mlarkin@
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows to open vmctl control or console access to other users
that are not in group wheel. Access for non-root users still defaults
to read-only actions unless you change the owner (user/group) of each
individual VM.
Requested by Mischa Peters
OK mlarkin@
|
| | |
|
| |
|
|
|
| |
Patch from Mohamed Aslan. Thanks!
ok kn@
|
| |
|
|
|
|
|
| |
(such as errors relating to not having VMX/etc). Change the log_init
to log to syslog so at least we have some chance of seeing these errors.
requested and ok beck@
|
| | |
|
| |
|
|
|
|
|
| |
loaded. This makes sure that the local prefix specied in the config is
always used.
OK ccardenas@
|
| |
|
|
| |
Also changes an error message in vmctl to reflect same.
|
| |
|
|
|
|
|
|
|
|
|
| |
check if vm id is valid before sending to vmm for pausing. The 'lock' is caused
by vmm sending back ENOENT for a non existent vm but vmd drops the message
because it doesn't recogize the vmid vmm is talking about. This is an artifact
of the 'policy' don't trust any imsg from a sibling priv sep process and do
your own checking.
reported by Abel Abraham Camarillo Ojeda
ok mlarkin@ and ccardenas@
|
| |
|
|
| |
still be useful with only cdrom storage. ok ccardenas@
|
| |
|
|
|
|
|
|
|
| |
It is now possible to send BREAK commands to vmd(8) independently of
the serial terminal emulator.
Happy virtual ddb(4) hacking!
No objection from mlarkin@, ok nicm@, ccardenas@, deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.
ok mlarkin@, jca@
|
| |
|
|
| |
OK pd@, benno@
|
| |
|
|
|
|
| |
exit with an EALREADY vs EPERM.
ok mlarkin@
|
| |
|
|
|
|
|
|
|
| |
etc) from underlying switch interface instead of handling this on its
own.
Diff from carlos cardenas, Thanks!
ok reyk@
|
| | |
|
| | |
|
dv
deraadt
martijn
pd
mlarkin
anton
jasper
claudio
ori
reyk
bluhm
sthen
mpi
ccardenas
abieber