186b645e7SJes Sorensen /* 286b645e7SJes Sorensen * os-posix.c 386b645e7SJes Sorensen * 486b645e7SJes Sorensen * Copyright (c) 2003-2008 Fabrice Bellard 586b645e7SJes Sorensen * Copyright (c) 2010 Red Hat, Inc. 686b645e7SJes Sorensen * 786b645e7SJes Sorensen * Permission is hereby granted, free of charge, to any person obtaining a copy 886b645e7SJes Sorensen * of this software and associated documentation files (the "Software"), to deal 986b645e7SJes Sorensen * in the Software without restriction, including without limitation the rights 1086b645e7SJes Sorensen * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 1186b645e7SJes Sorensen * copies of the Software, and to permit persons to whom the Software is 1286b645e7SJes Sorensen * furnished to do so, subject to the following conditions: 1386b645e7SJes Sorensen * 1486b645e7SJes Sorensen * The above copyright notice and this permission notice shall be included in 1586b645e7SJes Sorensen * all copies or substantial portions of the Software. 1686b645e7SJes Sorensen * 1786b645e7SJes Sorensen * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 1886b645e7SJes Sorensen * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 1986b645e7SJes Sorensen * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 2086b645e7SJes Sorensen * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 2186b645e7SJes Sorensen * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 2286b645e7SJes Sorensen * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 2386b645e7SJes Sorensen * THE SOFTWARE. 2486b645e7SJes Sorensen */ 2586b645e7SJes Sorensen 26d38ea87aSPeter Maydell #include "qemu/osdep.h" 278d963e6aSJes Sorensen #include <sys/wait.h> 288847cfe8SJes Sorensen #include <pwd.h> 29cc4662f9SStefan Hajnoczi #include <grp.h> 306170540bSJes Sorensen #include <libgen.h> 3186b645e7SJes Sorensen 3286b645e7SJes Sorensen /* Needed early for CONFIG_BSD etc. */ 339c17d615SPaolo Bonzini #include "sysemu/sysemu.h" 3459a5264bSJes Sorensen #include "net/slirp.h" 3559a5264bSJes Sorensen #include "qemu-options.h" 36f853ac66SThomas Huth #include "qemu/error-report.h" 3796c33a45SDimitris Aragiorgis #include "qemu/log.h" 38f348b6d1SVeronia Bahaa #include "qemu/cutils.h" 3986b645e7SJes Sorensen 40ce798cf2SJes Sorensen #ifdef CONFIG_LINUX 41ce798cf2SJes Sorensen #include <sys/prctl.h> 42949d31e6SJes Sorensen #endif 43949d31e6SJes Sorensen 442c42f1e8SIan Jackson /* 452c42f1e8SIan Jackson * Must set all three of these at once. 462c42f1e8SIan Jackson * Legal combinations are unset by name by uid 472c42f1e8SIan Jackson */ 482c42f1e8SIan Jackson static struct passwd *user_pwd; /* NULL non-NULL NULL */ 492c42f1e8SIan Jackson static uid_t user_uid = (uid_t)-1; /* -1 -1 >=0 */ 502c42f1e8SIan Jackson static gid_t user_gid = (gid_t)-1; /* -1 -1 >=0 */ 512c42f1e8SIan Jackson 520766379dSJes Sorensen static const char *chroot_dir; 53eb505be1SJes Sorensen static int daemonize; 540be5e436SMichael Tokarev static int daemon_pipe; 558847cfe8SJes Sorensen 56fe98ac14SJes Sorensen void os_setup_early_signal_handling(void) 5786b645e7SJes Sorensen { 5886b645e7SJes Sorensen struct sigaction act; 5986b645e7SJes Sorensen sigfillset(&act.sa_mask); 6086b645e7SJes Sorensen act.sa_flags = 0; 6186b645e7SJes Sorensen act.sa_handler = SIG_IGN; 6286b645e7SJes Sorensen sigaction(SIGPIPE, &act, NULL); 6386b645e7SJes Sorensen } 648d963e6aSJes Sorensen 65f64622c4SGleb Natapov static void termsig_handler(int signal, siginfo_t *info, void *c) 668d963e6aSJes Sorensen { 67f64622c4SGleb Natapov qemu_system_killed(info->si_signo, info->si_pid); 688d963e6aSJes Sorensen } 698d963e6aSJes Sorensen 708d963e6aSJes Sorensen void os_setup_signal_handling(void) 718d963e6aSJes Sorensen { 728d963e6aSJes Sorensen struct sigaction act; 738d963e6aSJes Sorensen 748d963e6aSJes Sorensen memset(&act, 0, sizeof(act)); 75f64622c4SGleb Natapov act.sa_sigaction = termsig_handler; 76f64622c4SGleb Natapov act.sa_flags = SA_SIGINFO; 778d963e6aSJes Sorensen sigaction(SIGINT, &act, NULL); 788d963e6aSJes Sorensen sigaction(SIGHUP, &act, NULL); 798d963e6aSJes Sorensen sigaction(SIGTERM, &act, NULL); 808d963e6aSJes Sorensen } 816170540bSJes Sorensen 826170540bSJes Sorensen /* Find a likely location for support files using the location of the binary. 836170540bSJes Sorensen For installed binaries this will be "$bindir/../share/qemu". When 846170540bSJes Sorensen running from the build tree this will be "$bindir/../pc-bios". */ 856170540bSJes Sorensen #define SHARE_SUFFIX "/share/qemu" 866170540bSJes Sorensen #define BUILD_SUFFIX "/pc-bios" 8710f5bff6SFam Zheng char *os_find_datadir(void) 886170540bSJes Sorensen { 8910f5bff6SFam Zheng char *dir, *exec_dir; 906170540bSJes Sorensen char *res; 916170540bSJes Sorensen size_t max_len; 926170540bSJes Sorensen 9310f5bff6SFam Zheng exec_dir = qemu_get_exec_dir(); 9410f5bff6SFam Zheng if (exec_dir == NULL) { 956170540bSJes Sorensen return NULL; 966170540bSJes Sorensen } 9755ad781cSWei Jiangang dir = g_path_get_dirname(exec_dir); 986170540bSJes Sorensen 996170540bSJes Sorensen max_len = strlen(dir) + 1006170540bSJes Sorensen MAX(strlen(SHARE_SUFFIX), strlen(BUILD_SUFFIX)) + 1; 1017267c094SAnthony Liguori res = g_malloc0(max_len); 1026170540bSJes Sorensen snprintf(res, max_len, "%s%s", dir, SHARE_SUFFIX); 1036170540bSJes Sorensen if (access(res, R_OK)) { 1046170540bSJes Sorensen snprintf(res, max_len, "%s%s", dir, BUILD_SUFFIX); 1056170540bSJes Sorensen if (access(res, R_OK)) { 1067267c094SAnthony Liguori g_free(res); 1076170540bSJes Sorensen res = NULL; 1086170540bSJes Sorensen } 1096170540bSJes Sorensen } 1106170540bSJes Sorensen 11155ad781cSWei Jiangang g_free(dir); 11210f5bff6SFam Zheng g_free(exec_dir); 1136170540bSJes Sorensen return res; 1146170540bSJes Sorensen } 1156170540bSJes Sorensen #undef SHARE_SUFFIX 1166170540bSJes Sorensen #undef BUILD_SUFFIX 11759a5264bSJes Sorensen 118ce798cf2SJes Sorensen void os_set_proc_name(const char *s) 119ce798cf2SJes Sorensen { 120ce798cf2SJes Sorensen #if defined(PR_SET_NAME) 121ce798cf2SJes Sorensen char name[16]; 122ce798cf2SJes Sorensen if (!s) 123ce798cf2SJes Sorensen return; 1243eadc68eSJim Meyering pstrcpy(name, sizeof(name), s); 125ce798cf2SJes Sorensen /* Could rewrite argv[0] too, but that's a bit more complicated. 126ce798cf2SJes Sorensen This simple way is enough for `top'. */ 127ce798cf2SJes Sorensen if (prctl(PR_SET_NAME, name)) { 128*a7aaec14SIan Jackson error_report("unable to change process name: %s", strerror(errno)); 129ce798cf2SJes Sorensen exit(1); 130ce798cf2SJes Sorensen } 131ce798cf2SJes Sorensen #else 13222cd4f48SIan Jackson error_report("Change of process name not supported by your OS"); 133ce798cf2SJes Sorensen exit(1); 134ce798cf2SJes Sorensen #endif 135ce798cf2SJes Sorensen } 136ce798cf2SJes Sorensen 1372c42f1e8SIan Jackson 1382c42f1e8SIan Jackson static bool os_parse_runas_uid_gid(const char *optarg) 1392c42f1e8SIan Jackson { 1402c42f1e8SIan Jackson unsigned long lv; 1412c42f1e8SIan Jackson const char *ep; 1422c42f1e8SIan Jackson uid_t got_uid; 1432c42f1e8SIan Jackson gid_t got_gid; 1442c42f1e8SIan Jackson int rc; 1452c42f1e8SIan Jackson 1462c42f1e8SIan Jackson rc = qemu_strtoul(optarg, &ep, 0, &lv); 1472c42f1e8SIan Jackson got_uid = lv; /* overflow here is ID in C99 */ 1482c42f1e8SIan Jackson if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) { 1492c42f1e8SIan Jackson return false; 1502c42f1e8SIan Jackson } 1512c42f1e8SIan Jackson 1522c42f1e8SIan Jackson rc = qemu_strtoul(ep + 1, 0, 0, &lv); 1532c42f1e8SIan Jackson got_gid = lv; /* overflow here is ID in C99 */ 1542c42f1e8SIan Jackson if (rc || got_gid != lv || got_gid == (gid_t)-1) { 1552c42f1e8SIan Jackson return false; 1562c42f1e8SIan Jackson } 1572c42f1e8SIan Jackson 1582c42f1e8SIan Jackson user_pwd = NULL; 1592c42f1e8SIan Jackson user_uid = got_uid; 1602c42f1e8SIan Jackson user_gid = got_gid; 1612c42f1e8SIan Jackson return true; 1622c42f1e8SIan Jackson } 1632c42f1e8SIan Jackson 16459a5264bSJes Sorensen /* 16559a5264bSJes Sorensen * Parse OS specific command line options. 16659a5264bSJes Sorensen * return 0 if option handled, -1 otherwise 16759a5264bSJes Sorensen */ 16859a5264bSJes Sorensen void os_parse_cmd_args(int index, const char *optarg) 16959a5264bSJes Sorensen { 17059a5264bSJes Sorensen switch (index) { 17159a5264bSJes Sorensen #ifdef CONFIG_SLIRP 17259a5264bSJes Sorensen case QEMU_OPTION_smb: 173f853ac66SThomas Huth error_report("The -smb option is deprecated. " 174f853ac66SThomas Huth "Please use '-netdev user,smb=...' instead."); 17559a5264bSJes Sorensen if (net_slirp_smb(optarg) < 0) 17659a5264bSJes Sorensen exit(1); 17759a5264bSJes Sorensen break; 17859a5264bSJes Sorensen #endif 1798847cfe8SJes Sorensen case QEMU_OPTION_runas: 1808847cfe8SJes Sorensen user_pwd = getpwnam(optarg); 1812c42f1e8SIan Jackson if (user_pwd) { 1822c42f1e8SIan Jackson user_uid = -1; 1832c42f1e8SIan Jackson user_gid = -1; 1842c42f1e8SIan Jackson } else if (!os_parse_runas_uid_gid(optarg)) { 1852c42f1e8SIan Jackson error_report("User \"%s\" doesn't exist" 1862c42f1e8SIan Jackson " (and is not <uid>:<gid>)", 1872c42f1e8SIan Jackson optarg); 1888847cfe8SJes Sorensen exit(1); 1898847cfe8SJes Sorensen } 1908847cfe8SJes Sorensen break; 1910766379dSJes Sorensen case QEMU_OPTION_chroot: 1920766379dSJes Sorensen chroot_dir = optarg; 1930766379dSJes Sorensen break; 194eb505be1SJes Sorensen case QEMU_OPTION_daemonize: 195eb505be1SJes Sorensen daemonize = 1; 196eb505be1SJes Sorensen break; 19770678b82SAnthony Liguori #if defined(CONFIG_LINUX) 19870678b82SAnthony Liguori case QEMU_OPTION_enablefips: 19970678b82SAnthony Liguori fips_set_state(true); 20070678b82SAnthony Liguori break; 20170678b82SAnthony Liguori #endif 20259a5264bSJes Sorensen } 20359a5264bSJes Sorensen } 2048847cfe8SJes Sorensen 205e06eb601SJes Sorensen static void change_process_uid(void) 2068847cfe8SJes Sorensen { 2072c42f1e8SIan Jackson assert((user_uid == (uid_t)-1) || user_pwd == NULL); 2082c42f1e8SIan Jackson assert((user_uid == (uid_t)-1) == 2092c42f1e8SIan Jackson (user_gid == (gid_t)-1)); 2102c42f1e8SIan Jackson 2112c42f1e8SIan Jackson if (user_pwd || user_uid != (uid_t)-1) { 2122c42f1e8SIan Jackson gid_t intended_gid = user_pwd ? user_pwd->pw_gid : user_gid; 2132c42f1e8SIan Jackson uid_t intended_uid = user_pwd ? user_pwd->pw_uid : user_uid; 2142c42f1e8SIan Jackson if (setgid(intended_gid) < 0) { 2152c42f1e8SIan Jackson error_report("Failed to setgid(%d)", intended_gid); 2168847cfe8SJes Sorensen exit(1); 2178847cfe8SJes Sorensen } 2182c42f1e8SIan Jackson if (user_pwd) { 219cc4662f9SStefan Hajnoczi if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { 220f0a2171bSIan Jackson error_report("Failed to initgroups(\"%s\", %d)", 221cc4662f9SStefan Hajnoczi user_pwd->pw_name, user_pwd->pw_gid); 222cc4662f9SStefan Hajnoczi exit(1); 223cc4662f9SStefan Hajnoczi } 2242c42f1e8SIan Jackson } else { 2252c42f1e8SIan Jackson if (setgroups(1, &user_gid) < 0) { 2262c42f1e8SIan Jackson error_report("Failed to setgroups(1, [%d])", 2272c42f1e8SIan Jackson user_gid); 2282c42f1e8SIan Jackson exit(1); 2292c42f1e8SIan Jackson } 2302c42f1e8SIan Jackson } 2312c42f1e8SIan Jackson if (setuid(intended_uid) < 0) { 2322c42f1e8SIan Jackson error_report("Failed to setuid(%d)", intended_uid); 2338847cfe8SJes Sorensen exit(1); 2348847cfe8SJes Sorensen } 2358847cfe8SJes Sorensen if (setuid(0) != -1) { 236f0a2171bSIan Jackson error_report("Dropping privileges failed"); 2378847cfe8SJes Sorensen exit(1); 2388847cfe8SJes Sorensen } 2398847cfe8SJes Sorensen } 2408847cfe8SJes Sorensen } 2410766379dSJes Sorensen 242e06eb601SJes Sorensen static void change_root(void) 2430766379dSJes Sorensen { 2440766379dSJes Sorensen if (chroot_dir) { 2450766379dSJes Sorensen if (chroot(chroot_dir) < 0) { 24622cd4f48SIan Jackson error_report("chroot failed"); 2470766379dSJes Sorensen exit(1); 2480766379dSJes Sorensen } 2490766379dSJes Sorensen if (chdir("/")) { 250*a7aaec14SIan Jackson error_report("not able to chdir to /: %s", strerror(errno)); 2510766379dSJes Sorensen exit(1); 2520766379dSJes Sorensen } 2530766379dSJes Sorensen } 2540766379dSJes Sorensen 2550766379dSJes Sorensen } 256eb505be1SJes Sorensen 257eb505be1SJes Sorensen void os_daemonize(void) 258eb505be1SJes Sorensen { 259eb505be1SJes Sorensen if (daemonize) { 260eb505be1SJes Sorensen pid_t pid; 2610be5e436SMichael Tokarev int fds[2]; 262eb505be1SJes Sorensen 26363ce8e15SGonglei if (pipe(fds) == -1) { 264eb505be1SJes Sorensen exit(1); 26563ce8e15SGonglei } 266eb505be1SJes Sorensen 267eb505be1SJes Sorensen pid = fork(); 268eb505be1SJes Sorensen if (pid > 0) { 269eb505be1SJes Sorensen uint8_t status; 270eb505be1SJes Sorensen ssize_t len; 271eb505be1SJes Sorensen 272eb505be1SJes Sorensen close(fds[1]); 273eb505be1SJes Sorensen 274ccea25f1SMichael Tokarev do { 275eb505be1SJes Sorensen len = read(fds[0], &status, 1); 276ccea25f1SMichael Tokarev } while (len < 0 && errno == EINTR); 277fee78fd6SMichael Tokarev 278fee78fd6SMichael Tokarev /* only exit successfully if our child actually wrote 279fee78fd6SMichael Tokarev * a one-byte zero to our pipe, upon successful init */ 280fee78fd6SMichael Tokarev exit(len == 1 && status == 0 ? 0 : 1); 281fee78fd6SMichael Tokarev 28263ce8e15SGonglei } else if (pid < 0) { 283eb505be1SJes Sorensen exit(1); 28463ce8e15SGonglei } 285eb505be1SJes Sorensen 286eb505be1SJes Sorensen close(fds[0]); 2870be5e436SMichael Tokarev daemon_pipe = fds[1]; 2880be5e436SMichael Tokarev qemu_set_cloexec(daemon_pipe); 289eb505be1SJes Sorensen 290eb505be1SJes Sorensen setsid(); 291eb505be1SJes Sorensen 292eb505be1SJes Sorensen pid = fork(); 29363ce8e15SGonglei if (pid > 0) { 294eb505be1SJes Sorensen exit(0); 29563ce8e15SGonglei } else if (pid < 0) { 296eb505be1SJes Sorensen exit(1); 29763ce8e15SGonglei } 298eb505be1SJes Sorensen umask(027); 299eb505be1SJes Sorensen 300eb505be1SJes Sorensen signal(SIGTSTP, SIG_IGN); 301eb505be1SJes Sorensen signal(SIGTTOU, SIG_IGN); 302eb505be1SJes Sorensen signal(SIGTTIN, SIG_IGN); 303eb505be1SJes Sorensen } 304eb505be1SJes Sorensen } 305eb505be1SJes Sorensen 306eb505be1SJes Sorensen void os_setup_post(void) 307eb505be1SJes Sorensen { 308eb505be1SJes Sorensen int fd = 0; 309eb505be1SJes Sorensen 310eb505be1SJes Sorensen if (daemonize) { 311eb505be1SJes Sorensen if (chdir("/")) { 312*a7aaec14SIan Jackson error_report("not able to chdir to /: %s", strerror(errno)); 313eb505be1SJes Sorensen exit(1); 314eb505be1SJes Sorensen } 315eb505be1SJes Sorensen TFR(fd = qemu_open("/dev/null", O_RDWR)); 31663ce8e15SGonglei if (fd == -1) { 317eb505be1SJes Sorensen exit(1); 318eb505be1SJes Sorensen } 31963ce8e15SGonglei } 320eb505be1SJes Sorensen 321e06eb601SJes Sorensen change_root(); 322e06eb601SJes Sorensen change_process_uid(); 323eb505be1SJes Sorensen 324eb505be1SJes Sorensen if (daemonize) { 32525cec2b8SMichael Tokarev uint8_t status = 0; 32625cec2b8SMichael Tokarev ssize_t len; 32725cec2b8SMichael Tokarev 328eb505be1SJes Sorensen dup2(fd, 0); 329eb505be1SJes Sorensen dup2(fd, 1); 33096c33a45SDimitris Aragiorgis /* In case -D is given do not redirect stderr to /dev/null */ 33196c33a45SDimitris Aragiorgis if (!qemu_logfile) { 332eb505be1SJes Sorensen dup2(fd, 2); 33396c33a45SDimitris Aragiorgis } 334eb505be1SJes Sorensen 335eb505be1SJes Sorensen close(fd); 33625cec2b8SMichael Tokarev 33725cec2b8SMichael Tokarev do { 33825cec2b8SMichael Tokarev len = write(daemon_pipe, &status, 1); 33925cec2b8SMichael Tokarev } while (len < 0 && errno == EINTR); 34025cec2b8SMichael Tokarev if (len != 1) { 34125cec2b8SMichael Tokarev exit(1); 34225cec2b8SMichael Tokarev } 343eb505be1SJes Sorensen } 344eb505be1SJes Sorensen } 345eb505be1SJes Sorensen 3469156d763SJes Sorensen void os_set_line_buffering(void) 3479156d763SJes Sorensen { 3489156d763SJes Sorensen setvbuf(stdout, NULL, _IOLBF, 0); 3499156d763SJes Sorensen } 350949d31e6SJes Sorensen 351bc4a957cSJes Sorensen int qemu_create_pidfile(const char *filename) 352bc4a957cSJes Sorensen { 353bc4a957cSJes Sorensen char buffer[128]; 354bc4a957cSJes Sorensen int len; 355bc4a957cSJes Sorensen int fd; 356bc4a957cSJes Sorensen 357bc4a957cSJes Sorensen fd = qemu_open(filename, O_RDWR | O_CREAT, 0600); 358bc4a957cSJes Sorensen if (fd == -1) { 359bc4a957cSJes Sorensen return -1; 360bc4a957cSJes Sorensen } 361bc4a957cSJes Sorensen if (lockf(fd, F_TLOCK, 0) == -1) { 3621bbd1592SMarkus Armbruster close(fd); 363bc4a957cSJes Sorensen return -1; 364bc4a957cSJes Sorensen } 365953ffe0fSAndreas Färber len = snprintf(buffer, sizeof(buffer), FMT_pid "\n", getpid()); 366bc4a957cSJes Sorensen if (write(fd, buffer, len) != len) { 3671bbd1592SMarkus Armbruster close(fd); 368bc4a957cSJes Sorensen return -1; 369bc4a957cSJes Sorensen } 370bc4a957cSJes Sorensen 37193dd748bSLaszlo Ersek /* keep pidfile open & locked forever */ 372bc4a957cSJes Sorensen return 0; 373bc4a957cSJes Sorensen } 374995ee2bfSHitoshi Mitake 375995ee2bfSHitoshi Mitake bool is_daemonized(void) 376995ee2bfSHitoshi Mitake { 377995ee2bfSHitoshi Mitake return daemonize; 378995ee2bfSHitoshi Mitake } 379888a6bc6SSatoru Moriya 380888a6bc6SSatoru Moriya int os_mlock(void) 381888a6bc6SSatoru Moriya { 382888a6bc6SSatoru Moriya int ret = 0; 383888a6bc6SSatoru Moriya 384888a6bc6SSatoru Moriya ret = mlockall(MCL_CURRENT | MCL_FUTURE); 385888a6bc6SSatoru Moriya if (ret < 0) { 386*a7aaec14SIan Jackson error_report("mlockall: %s", strerror(errno)); 387888a6bc6SSatoru Moriya } 388888a6bc6SSatoru Moriya 389888a6bc6SSatoru Moriya return ret; 390888a6bc6SSatoru Moriya } 391