![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / vmd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.24 / (download) - annotate - [select for diffs], Tue Feb 20 21:40:37 2024 UTC (3 months, 2 weeks ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.23: +4 -1 lines
Diff to previous 1.23 (colored)
Utilize separate threads for RX and TX in vmd(8)'s vionet. This commit adds multithreading to allow both virtqueues to be processed in parallel along with additional synchronization primitives to protect device configuration state. Allowing RX and TX to operate independently reduces overall network latency for guests and helps alleviate the TX side dominating cpu time. Tested with help from phessler@, kn@, and mlarkin@. ok mlarkin@.
Revision 1.23 / (download) - annotate - [select for diffs], Tue Sep 26 01:53:54 2023 UTC (8 months, 1 week ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
vmd(8): disambiguate log messages per vm and device. The logging output from vmd(8) often specifies the function performing the logging, but leaves which vm or vm device to guesswork and reading tea leaves. Change the logging formatting to prefix with information about the specific vm and potentially the device subprocess. Most of this logging is behind the "verbose" mode, but for warnings this will clarify which vm or device logged the warning. The format of vm/<name>/<device><index> is chosen to be concise and less ugly than other approaches. This adjusts the process naming for devices to match, dropping the use of brackets. In the process of this change, updating log settings dynamically via vmctl(8) is fixed by properly broadcasting that information to the device subprocesses. The "vmm" process also now updates its own state properly, so settings survive vm reboots. ok mlarkin@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Oct 31 14:02:11 2022 UTC (19 months, 1 week ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.21: +1 -2 lines
Diff to previous 1.21 (colored)
vmd(8): remove unfinished user accounting. User accounting and enforcement was never finished. tedu the thing until someone wants to pick it up and finish it. Originally found by Matthew Martin. ok mlarkin@, kn@. input from tb@.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Sep 13 10:28:19 2022 UTC (20 months, 3 weeks ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
Add (partial) support for agentx in vmd. Metrics can be found under mib-2.236 and VM-MIB (RFC7666). Stress tested by and happy noises from Mischa Peters OK dv@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jun 16 16:55:02 2021 UTC (2 years, 11 months ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
cleanup vmd(8) includes and header files Lots of organic growth other the years lead to unnecessary includes (proc.h everywhere) and odd dependencies between header files. This cleans things up a bit to help with upcoming cleanup around dhcp code. No functional change. "go for it" mlarkin@
Revision 1.19 / (download) - annotate - [select for diffs], Tue Apr 20 21:11:56 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)
Move TAILQ initialization to files where they are used. These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units. ok bluhm@, tb@
Revision 1.18 / (download) - annotate - [select for diffs], Sun Apr 11 18:53:23 2021 UTC (3 years, 1 month ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.17: +1 -6 lines
Diff to previous 1.17 (colored)
Remove dead code for unused IMSG_CTL_NOTIFY messages. Some vestigial code left over from when priv-sep was implemented. ok mlarkin@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jan 27 07:21:54 2021 UTC (3 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
these programs (with common ancestry) had a -fno-common problem related to privsep_procid. ok mortimer
Revision 1.16 / (download) - annotate - [select for diffs], Mon Sep 10 10:36:01 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
During the fork+exec implementation, daemon(3) was moved after proc_init(). As a consequence vmd(8) child processes did not detach from the terminal anymore. Dup /dev/null to the stdio file descriptors in the children. OK mlarkin@ reyk@
Revision 1.15 / (download) - annotate - [select for diffs], Sun Aug 5 08:20:54 2018 UTC (5 years, 10 months ago) by mestre
Branch: MAIN
Changes since 1.14: +1 -7 lines
Diff to previous 1.14 (colored)
Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more files. OK florian@
Revision 1.14 / (download) - annotate - [select for diffs], Sun Jul 15 14:36:54 2018 UTC (5 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)
Track resources and enforce cpu/memory/interface limits for non-root users. The limits are currently hard-coded and undocumented (4 CPUs/VMs, 2G memory, 8 interfaces) but will be configurable in an upcoming diff. These limits are tracked in total usage; for example, a user will be able to run up to 4 VMs with 512M of memory or a single VM with 2G. OK ccardenas@ mlarkin@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 26 10:00:08 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.12: +4 -1 lines
Diff to previous 1.12 (colored)
Add "socket owner" to allow changing the owner of the vmd control socket. This allows to open vmctl control or console access to other users that are not in group wheel. Access for non-root users still defaults to read-only actions unless you change the owner (user/group) of each individual VM. Requested by Mischa Peters OK mlarkin@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Mar 27 00:28:04 2017 UTC (7 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
die whitespace die die die
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 9 14:49:22 2017 UTC (7 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)
Stop accessing verbose and debug variables from log.c directly. This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 16 15:32:42 2016 UTC (7 years, 6 months ago) by rzalamena
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)
Sync switchd(8) and vmd(8) with the latest proc.c changes. This sync basically imports the imsg_flush() fix from reyk@ in httpd(8). ok reyk@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 5 17:30:13 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.8: +5 -4 lines
Diff to previous 1.8 (colored)
Add support for enhanced networking configuration and virtual switches. See vm.conf(5) for more details. OK mlarkin@
Revision 1.8 / (download) - annotate - [select for diffs], Tue Oct 4 17:17:30 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.7: +4 -2 lines
Diff to previous 1.7 (colored)
Add a new "priv" process that is responsible for ioctls and restricted operations that aren't allowed under pledge. This is a companion to the "vmd" process that runs as root but with pledge. With the "priv" process, each new tap(4) interface now gets a description to indicate the vm, eg. "vm1-if0-myvm". For network configuration will be done by vmd/priv later. OK mlarkin@
Revision 1.7 / (download) - annotate - [select for diffs], Thu Sep 29 22:42:04 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.6: +24 -10 lines
Diff to previous 1.6 (colored)
Implement fork+exec for vmd, using the same framework from httpd etc. No objections from mlarkin@ sunil@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Dec 3 13:08:44 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
Use PEERCRED to obtain the user id of the vmmctl user. This is used to restrict write operations (start/stop/terminate/load) to root for now, but allow others to obtain the status. A more sophisticated model will follow later, but this change prevents non-root users, even if in the wheel group, to start vms and thus to open any files read-writable as disks.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Dec 3 08:42:11 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.4: +9 -9 lines
Diff to previous 1.4 (colored)
spacing
Revision 1.4 / (download) - annotate - [select for diffs], Wed Dec 2 22:19:11 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.3: +9 -1 lines
Diff to previous 1.3 (colored)
Split the fully privileged parent into two processes "parent" and "vmm" with reduced privileges: - the "parent" opens fds (disks, ifs, etc.) but runs as root but pledged as "stdio rpath wpath proc tty sendfd". - the "vmm" process handles the creation and supervision of vm processes, and the primary communication with the vmm(4) subsystem. It runs as _vmd in the chroot but does not use pledge, as the vmm ioctls are not allowed by any pledge model yet. With this change, vmd starts to track the configuration state of VMs in vmd and will allow other things later (like terminating a vm by name, moving the configuration parser to vmd, ...). More incremental changes will follow.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Dec 2 13:43:36 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.2: +5 -1 lines
Diff to previous 1.2 (colored)
Sync with relayd, fix previous use of proc_compose*_imsg()
Revision 1.2 / (download) - annotate - [select for diffs], Wed Dec 2 09:39:41 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)
Add back the "peerid" to the proc_compose*() functions: in relayd, I initially left it out because I didn't have a need for it. But it is actually quite useful to carry a reference to the imsg data context across processes.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 2 09:14:25 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Start tweaking vmd's privsep and daemon model by splitting the main process into multiple parts and adopting the "proc.c"-style from other daemons. This allows to further reduce the privileges, to give better pledge(2), and to add some upcoming changes. "please do" mlarkin@, deraadt@