chiark / gitweb /
detect-virt: Fix Xen domU discovery
[elogind.git] / src / shared / virt.c
index fc62c72..20a8d7c 100644 (file)
 
 #include "util.h"
 #include "virt.h"
+#include "fileio.h"
 
-/* Returns a short identifier for the various VM implementations */
-int detect_vm(const char **id) {
-
-#if defined(__i386__) || defined(__x86_64__)
+static int detect_vm_cpuid(const char **_id) {
 
         /* Both CPUID and DMI are x86 specific interfaces... */
-
-        static const char *const dmi_vendors[] = {
-                "/sys/class/dmi/id/sys_vendor",
-                "/sys/class/dmi/id/board_vendor",
-                "/sys/class/dmi/id/bios_vendor"
-        };
-
-        static const char dmi_vendor_table[] =
-                "QEMU\0"                  "qemu\0"
-                /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
-                "VMware\0"                "vmware\0"
-                "VMW\0"                   "vmware\0"
-                "Microsoft Corporation\0" "microsoft\0"
-                "innotek GmbH\0"          "oracle\0"
-                "Xen\0"                   "xen\0"
-                "Bochs\0"                 "bochs\0";
+#if defined(__i386__) || defined(__x86_64__)
 
         static const char cpuid_vendor_table[] =
                 "XenVMMXenVMM\0"          "xen\0"
@@ -61,13 +44,11 @@ int detect_vm(const char **id) {
         union {
                 uint32_t sig32[3];
                 char text[13];
-        } sig;
-        unsigned i;
+        } sig = {};
         const char *j, *k;
         bool hypervisor;
 
         /* http://lwn.net/Articles/301888/ */
-        zero(sig);
 
 #if defined (__i386__)
 #define REG_a "eax"
@@ -108,20 +89,46 @@ int detect_vm(const char **id) {
 
                 NULSTR_FOREACH_PAIR(j, k, cpuid_vendor_table)
                         if (streq(sig.text, j)) {
-
-                                if (id)
-                                        *id = k;
-
+                                *_id = k;
                                 return 1;
                         }
+
+                *_id = "other";
+                return 0;
         }
+#endif
+
+        return 0;
+}
+
+static int detect_vm_dmi(const char **_id) {
+
+        /* Both CPUID and DMI are x86 specific interfaces... */
+#if defined(__i386__) || defined(__x86_64__)
+
+        static const char *const dmi_vendors[] = {
+                "/sys/class/dmi/id/sys_vendor",
+                "/sys/class/dmi/id/board_vendor",
+                "/sys/class/dmi/id/bios_vendor"
+        };
+
+        static const char dmi_vendor_table[] =
+                "QEMU\0"                  "qemu\0"
+                /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
+                "VMware\0"                "vmware\0"
+                "VMW\0"                   "vmware\0"
+                "innotek GmbH\0"          "oracle\0"
+                "Xen\0"                   "xen\0"
+                "Bochs\0"                 "bochs\0";
+        unsigned i;
 
         for (i = 0; i < ELEMENTSOF(dmi_vendors); i++) {
-                char *s;
+                _cleanup_free_ char *s = NULL;
+                const char *j, *k;
                 int r;
-                const char *found = NULL;
 
-                if ((r = read_one_line_file(dmi_vendors[i], &s)) < 0) {
+                r = read_one_line_file(dmi_vendors[i], &s);
+                if (r < 0) {
                         if (r != -ENOENT)
                                 return r;
 
@@ -129,131 +136,193 @@ int detect_vm(const char **id) {
                 }
 
                 NULSTR_FOREACH_PAIR(j, k, dmi_vendor_table)
-                        if (startswith(s, j))
-                                found = k;
-                free(s);
+                        if (startswith(s, j)) {
+                                *_id = k;
+                                return 1;
+                        }
+        }
+#endif
 
-                if (found) {
-                        if (id)
-                                *id = found;
+        return 0;
+}
 
-                        return 1;
-                }
-        }
+/* Returns a short identifier for the various VM implementations */
+int detect_vm(const char **id) {
+        _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL;
+        static thread_local int cached_found = -1;
+        static thread_local const char *cached_id = NULL;
+        const char *_id = NULL;
+        int r;
+
+        if (_likely_(cached_found >= 0)) {
 
-        if (hypervisor) {
                 if (id)
-                        *id = "other";
+                        *id = cached_id;
 
-                return 1;
+                return cached_found;
         }
 
-#endif
-        return 0;
-}
+        /* Try xen capabilities file first, if not found try high-level hypervisor sysfs file:
+         *
+         * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */
+        r = read_one_line_file("/proc/xen/capabilities", &domcap);
+        if (r >= 0) {
+                char *cap, *i = domcap;
 
-int detect_container(const char **id) {
-        char *e = NULL;
-        int r;
+                while ((cap = strsep(&i, ",")))
+                        if (streq(cap, "control_d"))
+                                break;
 
-        /* Unfortunately many of these operations require root access
-         * in one way or another */
+                if (!cap)  {
+                        _id = "xen";
+                        r = 1;
+                }
 
-        r = running_in_chroot();
-        if (r < 0)
-                return r;
-        if (r > 0) {
+                goto finish;
 
-                if (id)
-                        *id = "chroot";
+        } else if (r == -ENOENT) {
+                _cleanup_free_ char *hvtype = NULL;
 
-                return 1;
-        }
+                r = read_one_line_file("/sys/hypervisor/type", &hvtype);
+                if (r >= 0) {
+                        if (streq(hvtype, "xen")) {
+                                _id = "xen";
+                                r = 1;
+                                goto finish;
+                        }
+                } else if (r != -ENOENT)
+                        return r;
+        } else
+                return r;
 
-        /* /proc/vz exists in container and outside of the container,
-         * /proc/bc only outside of the container. */
-        if (access("/proc/vz", F_OK) >= 0 &&
-            access("/proc/bc", F_OK) < 0) {
+        /* this will set _id to "other" and return 0 for unknown hypervisors */
+        r = detect_vm_cpuid(&_id);
+        if (r != 0)
+                goto finish;
 
-                if (id)
-                        *id = "openvz";
+        r = detect_vm_dmi(&_id);
+        if (r != 0)
+                goto finish;
 
-                return 1;
+        if (_id) {
+                /* "other" */
+                r = 1;
+                goto finish;
         }
 
-        r = getenv_for_pid(1, "container", &e);
-        if (r <= 0)
+        /* Detect User-Mode Linux by reading /proc/cpuinfo */
+        r = read_full_file("/proc/cpuinfo", &cpuinfo_contents, NULL);
+        if (r < 0)
                 return r;
-
-        /* We only recognize a selected few here, since we want to
-         * enforce a redacted namespace */
-        if (streq(e, "lxc")) {
-                if (id)
-                        *id = "lxc";
-        } else if (streq(e, "lxc-libvirt")) {
-                if (id)
-                        *id = "lxc-libvirt";
-        } else if (streq(e, "systemd-nspawn")) {
-                if (id)
-                        *id = "systemd-nspawn";
-        } else {
-                if (id)
-                        *id = "other";
+        if (strstr(cpuinfo_contents, "\nvendor_id\t: User Mode Linux\n")) {
+                _id = "uml";
+                r = 1;
+                goto finish;
         }
 
-        free(e);
+        r = 0;
+
+finish:
+        cached_found = r;
+
+        cached_id = _id;
+        if (id)
+                *id = _id;
 
         return r;
 }
 
-/* Returns a short identifier for the various VM/container implementations */
-Virtualization detect_virtualization(const char **id) {
+int detect_container(const char **id) {
 
-        static __thread Virtualization cached_virt = _VIRTUALIZATION_INVALID;
-        static __thread const char *cached_id = NULL;
+        static thread_local int cached_found = -1;
+        static thread_local const char *cached_id = NULL;
 
-        const char *_id;
+        _cleanup_free_ char *m = NULL;
+        const char *_id = NULL, *e = NULL;
         int r;
-        Virtualization v;
 
-        if (_likely_(cached_virt >= 0)) {
+        if (_likely_(cached_found >= 0)) {
 
-                if (id && cached_virt > 0)
+                if (id)
                         *id = cached_id;
 
-                return cached_virt;
+                return cached_found;
         }
 
-        r = detect_container(&_id);
-        if (r < 0) {
-                v = r;
-                goto finish;
-        } else if (r > 0) {
-                v = VIRTUALIZATION_CONTAINER;
+        /* /proc/vz exists in container and outside of the container,
+         * /proc/bc only outside of the container. */
+        if (access("/proc/vz", F_OK) >= 0 &&
+            access("/proc/bc", F_OK) < 0) {
+                _id = "openvz";
+                r = 1;
                 goto finish;
         }
 
-        r = detect_vm(&_id);
-        if (r < 0) {
-                v = r;
-                goto finish;
-        } else if (r > 0) {
-                v = VIRTUALIZATION_VM;
-                goto finish;
+        if (getpid() == 1) {
+                /* If we are PID 1 we can just check our own
+                 * environment variable */
+
+                e = getenv("container");
+                if (isempty(e)) {
+                        r = 0;
+                        goto finish;
+                }
+        } else {
+
+                /* Otherwise, PID 1 dropped this information into a
+                 * file in /run. This is better than accessing
+                 * /proc/1/environ, since we don't need CAP_SYS_PTRACE
+                 * for that. */
+
+                r = read_one_line_file("/run/systemd/container", &m);
+                if (r == -ENOENT) {
+                        r = 0;
+                        goto finish;
+                }
+                if (r < 0)
+                        return r;
+
+                e = m;
         }
 
-        v = VIRTUALIZATION_NONE;
+        /* We only recognize a selected few here, since we want to
+         * enforce a redacted namespace */
+        if (streq(e, "lxc"))
+                _id ="lxc";
+        else if (streq(e, "lxc-libvirt"))
+                _id = "lxc-libvirt";
+        else if (streq(e, "systemd-nspawn"))
+                _id = "systemd-nspawn";
+        else
+                _id = "other";
+
+        r = 1;
 
 finish:
-        if (v > 0) {
-                cached_id = _id;
+        cached_found = r;
 
-                if (id)
-                        *id = _id;
-        }
+        cached_id = _id;
+        if (id)
+                *id = _id;
+
+        return r;
+}
 
-        if (v >= 0)
-                cached_virt = v;
+/* Returns a short identifier for the various VM/container implementations */
+int detect_virtualization(const char **id) {
+        int r;
+
+        r = detect_container(id);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return VIRTUALIZATION_CONTAINER;
+
+        r = detect_vm(id);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return VIRTUALIZATION_VM;
 
-        return v;
+        return VIRTUALIZATION_NONE;
 }