remove prototypes with no matching function

vmctl(8): Add 'vmctl status -r'

The -r option can be used to limit the output of 'vmctl status' to only
running VMs. This is useful for machines that have a large number of
stopped VMs, as the running ones are printed at the top by default and
previously required scrolling back to see the list of running VMs, and/or
using 'grep RUNNING'.

There is no change for users not using -r.

ok dv

vmctl: fix incorrect scaling when converting disk images.

ctl_convert still had old logic assuming disk sizes were in MiB and
not bytes, causing an attempt to create a new disk using the '-i'
argument to generate impossibly large output disk images (e.g. 1 MiB
ends up 1 TiB).

Reported by and diff from Jesper Wallin.

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.

This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.

ok mlarkin@

vmctl(8): no longer needs vmmvar.h

Finally! We can remove kernel headers from vmctl.

ok mlarkin@

fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

vmctl create accepts exactly one argument

Make "vmctl create -s3G 1.img 2.img" fail instead of just creating 1.img
and ignoring 2.img.

OK dv cheloha

Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Garbage collect loop index i which is no longer used after usage tweak.

make usage less chatty; ok mlarkin

vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

Remove superflouus mmcpy()

Reported by Preben Guldberg. ok mlarkin@

Simplify argument parsing of vmctl stop

The previous argument parsing logic had at least three bugs:
a copy-paste error led to an off-by-one and a printf "%s" NULL,
as reported by Preben Guldberg. A previous commit led to a dead
else branch and a use of uninitialized. This can all be avoided
by reworking the logic so as to be readable.

Prompted by a diff from Preben

ok dv

vmctl(8): fix vmctl send exit code

vmctl send always returned exit code 1

Patch by Benjamin Baier
ok kn@

Run cu(1) in restricted mode

Users must not not be able to transfer files from the local hypervisor
filesystem to VMs/LDOMs, especially since the "vmctl/ldomctl console ..."
might be run as root.

Disable all relevant escape sequences and cause cu to run under "stdio tty"
pledge by using -r.

OK deraadt mlarkin

Use local variable isntead of function parameter

The parse_size() wrapper around scan_scaled(3) writes its intermediate
result to the function argument which is always passed as literal zero.

This seems odd, the function parameter has no meaning but merely serves
as storage, so let's use a proper function scoped variable instead.

OK pd

Require at least one interface with -i

Either a positive count is given or -i is omitted entirely; vm.conf(5) does
not allow interface configuration that results in zero interfaces either.

Raise the minimium count value to one and tell more about invalid counts
with the usual strtonum(3) idiom.

OK reyk

vmctl(8): fix wrong output when using 'vmctl stop'

Fix a wrong output when using 'vmctl stop' without any further arguments.

Patch from Caspar Schutijser, thanks!

ok deraadt

zap an extra space in usage();
from alessandro gallo

Change vmctl(8) syntax: command options before the disk/name/id argument.

vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").

This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".

Requested by many

OK mlarkin@ kn@ solene@

An existing VM may be started by referencing its ID

Document `vmctl start id ...' again but be clear about the difference
between starting new and existing VMs by name and ID respectively. This
completes what I started with vmctl.8 revision 1.61.

Feedback and OK jmc

Fix previous extra arguments commit

I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.

Noticed by ajacoutot the hard way.

OK ajacoutot jca

Print usage on extra create, start and stop arguments

OK mlarkin

sync usage(); also, stop enclosing arg names in quotes, since it was
applied inconsistently, and applied consistently would make it
look like spaghetti;

ok mlarkin

Extend vmctl start -B argument to work for disk, cdrom and net.
Currently SeaBIOS will respect disk and cdrom and our kernel will
understand net.
OK ccardenas@, reyk@, mlarkin@

Add a new argument -B device to vmctl start. It allows to set the boot device.
At the moment only 'net' is supported and all other values are silently ignored.
This allows to kick of an OpenBSD autoinstall by using:
vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
OK ccardenas@

Add 'vmctl wait <VM>' a command that waits until the specified VM is
stopped/terminates. Useful in scripts when waiting until a vm has finished
its work.
Ok ccardenas@, reyk@

Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c

This way they are in the appropriate place and code can be shared with vmd.

Ok ori@ mlarkin@ ccardenas@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

Setting getopt optreset to 1 needs an additional reset of optind to 1.

OK millert@

Try to derive the qcow2 file format from an image file automatically.

This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl
and vmd will read the magic bytes at the beginning of a file to guess if
it is a raw or a qcow image file.

The "vmctl create" command has been changed by removing the -f qcow2 option
and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img".
In a slightly ununixy but intended way, the create command now also
considers the file extension for the format as "vmctl create foo.qcow2"
creates a qcow2 disk and not a raw image file.

Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)

Add vmctl stop -a [-fw] option to stop or terminate all running VMs.

This is also be used to simplify the vmd rc stop script.

OK mlarkin@ ccardenas@

Add initial set of unveil's to vmctl.

Was in snaps for a while.

Ok mlarkin@ and reyk@

Add ability to create qcow2 disk.

vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.

Many thanks to Ori Bernstein.

Add initial qcow2 image support.

Users are able to declare disk images as 'raw' or 'qcow2' using either
vmctl and vm.conf. The default disk image format is 'raw' if not specified.

Examples of using disk format:

vmctl start bsd -Lc -r cd64.iso -d qcow2:current.qc2
or
vmctl start bsd -Lc -r cd64.iso -d raw:current.raw
is equivalent to
vmctl start bsd -Lc -r cd64.iso -d current.raw

in vm.conf
vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.qc2" format "qcow2"
interface { switch "external" }
}

or

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw" format "raw"
interface { switch "external" }
}

is equivlanet to

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw"
interface { switch "external" }
}

Tested by many.

Big Thanks to Ori Bernstein.

The vmctl start -I option was changed to -t.

I committed the manpage but accidentally forgot the main.c part.

OK ccardenas@

Allow to use configured/running VMs as templates for other VM instances.

This introduces new grammar and the -t optional in vmctl start.

(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)

OK ccardenas@ mlarkin@ jmc@

Add -w option to vmctl stop to wait for completion of VM termination.

Use it in /etc/rc.d/vmd accordingly.

OK sthen@

Add -f option to vmctl stop to forcefully kill a VM.

This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.

OK ccardenas@ mlarkin@ benno@ kn@

add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

Add initial CD-ROM support to VMD via vioscsi.

* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.

ok mlarkin@, jca@

Prefer memset() over bzero()

ok deraadt@ mlarkin@

merge parse_vmid() and parse_vmname()

ok mlarkin@ pd@

Add vmctl send and vmctl receive

ok reyk@ and mlarkin@

vmd/vmctl: Add ability to pause / unpause vms

With help from Ashwin Agrawal

ok reyk@ mlarkin@

vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

Report command failure back to vmctl reload, reset, load, log verbose.

OK mlarkin@

Report error for vmctl commands that need root privileges.

specifically: vmctl (load|reload|reset|log)

Reported by Christian Barthel

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Do not expose vmm(4) VM IDs to the user, use vmd(8)'s IDs instead.

Each VM has two IDs: one from the kernel (vmm) and a different one
from userland (vmd). The vmm ID is not consistent and incremented on
every boot during runtimg of the host system. The vmd ID remains the
same during the lifetime of a configured VM, even after reboots.
Configured VMs will even get and keep their IDs when the configuration
is loaded. This is more what users expect.

Pointed out and tested by otto@

OK deraadt@

Boot using BIOS from /etc/firmware/vmm-bios by default.

Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.

As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.

OK mlarkin@

Rename start_vm_complete to vm_start_complete for consistency.

unbreak vmctl build by renaming a function that now conflicts with
something from vmd.h . Temporary fix until the original committer can
fix it the way he desires.

Add "owner" option to set a user/group ownership for pre-configured VMs

This allows matching users to start or stop VMs that they "own" and to
access the console accordingly.

OK mlarkin@

Add imsg communication channel between vmd and invividual VMs.
For now, this is only used to forward "log verbose|brief" requests,
but it will be used for better things later.

OK mlarkin@

Add the vmctl start -n option to specify add a network interface to
the specified virtual switch from the command line.

OK mlarkin@

Fix functionality and semantics of vmctl load/reload/reset.

OK rzalamena@

move some argument checking from vmmaction() to start_vm()

from a diff posted to tech@ by Fabien Siron, thanks.

make vmctl 'create' usage description match the man page

Last parameter to execl[e]() functions *must* be cast to a pointer.
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.

Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.

Prompted by and probably ok deraadt@ millert@ kettenis@

Definitely ok mestre@ ratchov@

The division "res->size /= 1024 / 1024" is a no-op: 1024 / 1024 is
evaluated first, resulting in res->size /= 1. Remove the division and
the following check, as it can never fail; it is a left-over from
previous code that didn't check the size in the caller.

From Martin Natano
OK mlarkin@

don't use the second argument of pledge(2) as the whitelist is not stabilized
for now.

ok reyk@

The vmctl "id" argument can now be a number of or a vm name, eg.
vmctl stop 3
vmctl stop "openbsd.vm"

Remove unused argument in parse_vmid()

Allow to specify relative pathnames on the command line (eg. -k ./bsd).

style(9) says that is OK to not include sys/cdefs.h directly, as it
comes from sys/types.h (include-what-you-use doesn't know this policy).

Pointed out by Jan Schreiber

vmctl console - id is not optional

Add "vmctl console" to connect to a specified VM console by id.

Requested by mlarkin@

use argument names consistently.

ok reyk@

Another imsg_read user I did miss in my EAGAIN rampage.

vmctl has no need to change the socket that talks to vmd.
discussed with reyk

Add -c option to "vmctl start" to automatically connect to the VM
console after startup. This calls 'cu -l $TTY -s 9600' internally -
a "safe mode" for cu is proposed by tedu@.

Requested by mlarkin@
OK tedu@ on the execl/cu chunk

Re-add the "load" and "reload" commands to vmctl: Instead of parsing
the configuration in vmctl directly, it now sends a (re)load request
to vmd. The reload also resets the existing configuration status -
this doesn't do much difference yet but a future change will compare
if a specified VM is already running. "load" will allow to add
configuration, while "reload" resets the state before loading.

Replace vmmctl with vmctl. Also remove parse.y from the "new" vmctl.

As discussed with mlarkin@ and deraadt@

vmctl(8): Add 'vmctl status -r'

The -r option can be used to limit the output of 'vmctl status' to only
running VMs. This is useful for machines that have a large number of
stopped VMs, as the running ones are printed at the top by default and
previously required scrolling back to see the list of running VMs, and/or
using 'grep RUNNING'.

There is no change for users not using -r.

ok dv

vmctl: fix incorrect scaling when converting disk images.

ctl_convert still had old logic assuming disk sizes were in MiB and
not bytes, causing an attempt to create a new disk using the '-i'
argument to generate impossibly large output disk images (e.g. 1 MiB
ends up 1 TiB).

Reported by and diff from Jesper Wallin.

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.

This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.

ok mlarkin@

vmctl(8): no longer needs vmmvar.h

Finally! We can remove kernel headers from vmctl.

ok mlarkin@

fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

vmctl create accepts exactly one argument

Make "vmctl create -s3G 1.img 2.img" fail instead of just creating 1.img
and ignoring 2.img.

OK dv cheloha

Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Garbage collect loop index i which is no longer used after usage tweak.

make usage less chatty; ok mlarkin

vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

Remove superflouus mmcpy()

Reported by Preben Guldberg. ok mlarkin@

Simplify argument parsing of vmctl stop

The previous argument parsing logic had at least three bugs:
a copy-paste error led to an off-by-one and a printf "%s" NULL,
as reported by Preben Guldberg. A previous commit led to a dead
else branch and a use of uninitialized. This can all be avoided
by reworking the logic so as to be readable.

Prompted by a diff from Preben

ok dv

vmctl(8): fix vmctl send exit code

vmctl send always returned exit code 1

Patch by Benjamin Baier
ok kn@

Run cu(1) in restricted mode

Users must not not be able to transfer files from the local hypervisor
filesystem to VMs/LDOMs, especially since the "vmctl/ldomctl console ..."
might be run as root.

Disable all relevant escape sequences and cause cu to run under "stdio tty"
pledge by using -r.

OK deraadt mlarkin

Use local variable isntead of function parameter

The parse_size() wrapper around scan_scaled(3) writes its intermediate
result to the function argument which is always passed as literal zero.

This seems odd, the function parameter has no meaning but merely serves
as storage, so let's use a proper function scoped variable instead.

OK pd

Require at least one interface with -i

Either a positive count is given or -i is omitted entirely; vm.conf(5) does
not allow interface configuration that results in zero interfaces either.

Raise the minimium count value to one and tell more about invalid counts
with the usual strtonum(3) idiom.

OK reyk

vmctl(8): fix wrong output when using 'vmctl stop'

Fix a wrong output when using 'vmctl stop' without any further arguments.

Patch from Caspar Schutijser, thanks!

ok deraadt

zap an extra space in usage();
from alessandro gallo

Change vmctl(8) syntax: command options before the disk/name/id argument.

vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").

This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".

Requested by many

OK mlarkin@ kn@ solene@

An existing VM may be started by referencing its ID

Document `vmctl start id ...' again but be clear about the difference
between starting new and existing VMs by name and ID respectively. This
completes what I started with vmctl.8 revision 1.61.

Feedback and OK jmc

Fix previous extra arguments commit

I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.

Noticed by ajacoutot the hard way.

OK ajacoutot jca

Print usage on extra create, start and stop arguments

OK mlarkin

sync usage(); also, stop enclosing arg names in quotes, since it was
applied inconsistently, and applied consistently would make it
look like spaghetti;

ok mlarkin

Extend vmctl start -B argument to work for disk, cdrom and net.
Currently SeaBIOS will respect disk and cdrom and our kernel will
understand net.
OK ccardenas@, reyk@, mlarkin@

Add a new argument -B device to vmctl start. It allows to set the boot device.
At the moment only 'net' is supported and all other values are silently ignored.
This allows to kick of an OpenBSD autoinstall by using:
vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
OK ccardenas@

Add 'vmctl wait <VM>' a command that waits until the specified VM is
stopped/terminates. Useful in scripts when waiting until a vm has finished
its work.
Ok ccardenas@, reyk@

Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c

This way they are in the appropriate place and code can be shared with vmd.

Ok ori@ mlarkin@ ccardenas@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

Setting getopt optreset to 1 needs an additional reset of optind to 1.

OK millert@

Try to derive the qcow2 file format from an image file automatically.

This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl
and vmd will read the magic bytes at the beginning of a file to guess if
it is a raw or a qcow image file.

The "vmctl create" command has been changed by removing the -f qcow2 option
and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img".
In a slightly ununixy but intended way, the create command now also
considers the file extension for the format as "vmctl create foo.qcow2"
creates a qcow2 disk and not a raw image file.

Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)

Add vmctl stop -a [-fw] option to stop or terminate all running VMs.

This is also be used to simplify the vmd rc stop script.

OK mlarkin@ ccardenas@

Add initial set of unveil's to vmctl.

Was in snaps for a while.

Ok mlarkin@ and reyk@

Add ability to create qcow2 disk.

vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.

Many thanks to Ori Bernstein.

Add initial qcow2 image support.

Users are able to declare disk images as 'raw' or 'qcow2' using either
vmctl and vm.conf. The default disk image format is 'raw' if not specified.

Examples of using disk format:

vmctl start bsd -Lc -r cd64.iso -d qcow2:current.qc2
or
vmctl start bsd -Lc -r cd64.iso -d raw:current.raw
is equivalent to
vmctl start bsd -Lc -r cd64.iso -d current.raw

in vm.conf
vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.qc2" format "qcow2"
interface { switch "external" }
}

or

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw" format "raw"
interface { switch "external" }
}

is equivlanet to

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw"
interface { switch "external" }
}

Tested by many.

Big Thanks to Ori Bernstein.

The vmctl start -I option was changed to -t.

I committed the manpage but accidentally forgot the main.c part.

OK ccardenas@

Allow to use configured/running VMs as templates for other VM instances.

This introduces new grammar and the -t optional in vmctl start.

(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)

OK ccardenas@ mlarkin@ jmc@

Add -w option to vmctl stop to wait for completion of VM termination.

Use it in /etc/rc.d/vmd accordingly.

OK sthen@

Add -f option to vmctl stop to forcefully kill a VM.

This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.

OK ccardenas@ mlarkin@ benno@ kn@

add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

Add initial CD-ROM support to VMD via vioscsi.

* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.

ok mlarkin@, jca@

Prefer memset() over bzero()

ok deraadt@ mlarkin@

merge parse_vmid() and parse_vmname()

ok mlarkin@ pd@

Add vmctl send and vmctl receive

ok reyk@ and mlarkin@

vmd/vmctl: Add ability to pause / unpause vms

With help from Ashwin Agrawal

ok reyk@ mlarkin@

vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

Report command failure back to vmctl reload, reset, load, log verbose.

OK mlarkin@

Report error for vmctl commands that need root privileges.

specifically: vmctl (load|reload|reset|log)

Reported by Christian Barthel

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Do not expose vmm(4) VM IDs to the user, use vmd(8)'s IDs instead.

Each VM has two IDs: one from the kernel (vmm) and a different one
from userland (vmd). The vmm ID is not consistent and incremented on
every boot during runtimg of the host system. The vmd ID remains the
same during the lifetime of a configured VM, even after reboots.
Configured VMs will even get and keep their IDs when the configuration
is loaded. This is more what users expect.

Pointed out and tested by otto@

OK deraadt@

Boot using BIOS from /etc/firmware/vmm-bios by default.

Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.

As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.

OK mlarkin@

Rename start_vm_complete to vm_start_complete for consistency.

unbreak vmctl build by renaming a function that now conflicts with
something from vmd.h . Temporary fix until the original committer can
fix it the way he desires.

Add "owner" option to set a user/group ownership for pre-configured VMs

This allows matching users to start or stop VMs that they "own" and to
access the console accordingly.

OK mlarkin@

Add imsg communication channel between vmd and invividual VMs.
For now, this is only used to forward "log verbose|brief" requests,
but it will be used for better things later.

OK mlarkin@

Add the vmctl start -n option to specify add a network interface to
the specified virtual switch from the command line.

OK mlarkin@

Fix functionality and semantics of vmctl load/reload/reset.

OK rzalamena@

move some argument checking from vmmaction() to start_vm()

from a diff posted to tech@ by Fabien Siron, thanks.

make vmctl 'create' usage description match the man page

Last parameter to execl[e]() functions *must* be cast to a pointer.
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.

Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.

Prompted by and probably ok deraadt@ millert@ kettenis@

Definitely ok mestre@ ratchov@

The division "res->size /= 1024 / 1024" is a no-op: 1024 / 1024 is
evaluated first, resulting in res->size /= 1. Remove the division and
the following check, as it can never fail; it is a left-over from
previous code that didn't check the size in the caller.

From Martin Natano
OK mlarkin@

don't use the second argument of pledge(2) as the whitelist is not stabilized
for now.

ok reyk@

The vmctl "id" argument can now be a number of or a vm name, eg.
vmctl stop 3
vmctl stop "openbsd.vm"

Remove unused argument in parse_vmid()

Allow to specify relative pathnames on the command line (eg. -k ./bsd).

style(9) says that is OK to not include sys/cdefs.h directly, as it
comes from sys/types.h (include-what-you-use doesn't know this policy).

Pointed out by Jan Schreiber

vmctl console - id is not optional

Add "vmctl console" to connect to a specified VM console by id.

Requested by mlarkin@

use argument names consistently.

ok reyk@

Another imsg_read user I did miss in my EAGAIN rampage.

vmctl has no need to change the socket that talks to vmd.
discussed with reyk

Add -c option to "vmctl start" to automatically connect to the VM
console after startup. This calls 'cu -l $TTY -s 9600' internally -
a "safe mode" for cu is proposed by tedu@.

Requested by mlarkin@
OK tedu@ on the execl/cu chunk

Re-add the "load" and "reload" commands to vmctl: Instead of parsing
the configuration in vmctl directly, it now sends a (re)load request
to vmd. The reload also resets the existing configuration status -
this doesn't do much difference yet but a future change will compare
if a specified VM is already running. "load" will allow to add
configuration, while "reload" resets the state before loading.

Replace vmmctl with vmctl. Also remove parse.y from the "new" vmctl.

As discussed with mlarkin@ and deraadt@

vmctl: fix incorrect scaling when converting disk images.

ctl_convert still had old logic assuming disk sizes were in MiB and
not bytes, causing an attempt to create a new disk using the '-i'
argument to generate impossibly large output disk images (e.g. 1 MiB
ends up 1 TiB).

Reported by and diff from Jesper Wallin.

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.

This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.

ok mlarkin@

vmctl(8): no longer needs vmmvar.h

Finally! We can remove kernel headers from vmctl.

ok mlarkin@

fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

vmctl create accepts exactly one argument

Make "vmctl create -s3G 1.img 2.img" fail instead of just creating 1.img
and ignoring 2.img.

OK dv cheloha

Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Garbage collect loop index i which is no longer used after usage tweak.

make usage less chatty; ok mlarkin

vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

Remove superflouus mmcpy()

Reported by Preben Guldberg. ok mlarkin@

Simplify argument parsing of vmctl stop

The previous argument parsing logic had at least three bugs:
a copy-paste error led to an off-by-one and a printf "%s" NULL,
as reported by Preben Guldberg. A previous commit led to a dead
else branch and a use of uninitialized. This can all be avoided
by reworking the logic so as to be readable.

Prompted by a diff from Preben

ok dv

vmctl(8): fix vmctl send exit code

vmctl send always returned exit code 1

Patch by Benjamin Baier
ok kn@

Run cu(1) in restricted mode

Users must not not be able to transfer files from the local hypervisor
filesystem to VMs/LDOMs, especially since the "vmctl/ldomctl console ..."
might be run as root.

Disable all relevant escape sequences and cause cu to run under "stdio tty"
pledge by using -r.

OK deraadt mlarkin

Use local variable isntead of function parameter

The parse_size() wrapper around scan_scaled(3) writes its intermediate
result to the function argument which is always passed as literal zero.

This seems odd, the function parameter has no meaning but merely serves
as storage, so let's use a proper function scoped variable instead.

OK pd

Require at least one interface with -i

Either a positive count is given or -i is omitted entirely; vm.conf(5) does
not allow interface configuration that results in zero interfaces either.

Raise the minimium count value to one and tell more about invalid counts
with the usual strtonum(3) idiom.

OK reyk

vmctl(8): fix wrong output when using 'vmctl stop'

Fix a wrong output when using 'vmctl stop' without any further arguments.

Patch from Caspar Schutijser, thanks!

ok deraadt

zap an extra space in usage();
from alessandro gallo

Change vmctl(8) syntax: command options before the disk/name/id argument.

vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").

This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".

Requested by many

OK mlarkin@ kn@ solene@

An existing VM may be started by referencing its ID

Document `vmctl start id ...' again but be clear about the difference
between starting new and existing VMs by name and ID respectively. This
completes what I started with vmctl.8 revision 1.61.

Feedback and OK jmc

Fix previous extra arguments commit

I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.

Noticed by ajacoutot the hard way.

OK ajacoutot jca

Print usage on extra create, start and stop arguments

OK mlarkin

sync usage(); also, stop enclosing arg names in quotes, since it was
applied inconsistently, and applied consistently would make it
look like spaghetti;

ok mlarkin

Extend vmctl start -B argument to work for disk, cdrom and net.
Currently SeaBIOS will respect disk and cdrom and our kernel will
understand net.
OK ccardenas@, reyk@, mlarkin@

Add a new argument -B device to vmctl start. It allows to set the boot device.
At the moment only 'net' is supported and all other values are silently ignored.
This allows to kick of an OpenBSD autoinstall by using:
vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
OK ccardenas@

Add 'vmctl wait <VM>' a command that waits until the specified VM is
stopped/terminates. Useful in scripts when waiting until a vm has finished
its work.
Ok ccardenas@, reyk@

Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c

This way they are in the appropriate place and code can be shared with vmd.

Ok ori@ mlarkin@ ccardenas@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

Setting getopt optreset to 1 needs an additional reset of optind to 1.

OK millert@

Try to derive the qcow2 file format from an image file automatically.

This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl
and vmd will read the magic bytes at the beginning of a file to guess if
it is a raw or a qcow image file.

The "vmctl create" command has been changed by removing the -f qcow2 option
and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img".
In a slightly ununixy but intended way, the create command now also
considers the file extension for the format as "vmctl create foo.qcow2"
creates a qcow2 disk and not a raw image file.

Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)

Add vmctl stop -a [-fw] option to stop or terminate all running VMs.

This is also be used to simplify the vmd rc stop script.

OK mlarkin@ ccardenas@

Add initial set of unveil's to vmctl.

Was in snaps for a while.

Ok mlarkin@ and reyk@

Add ability to create qcow2 disk.

vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.

Many thanks to Ori Bernstein.

Add initial qcow2 image support.

Users are able to declare disk images as 'raw' or 'qcow2' using either
vmctl and vm.conf. The default disk image format is 'raw' if not specified.

Examples of using disk format:

vmctl start bsd -Lc -r cd64.iso -d qcow2:current.qc2
or
vmctl start bsd -Lc -r cd64.iso -d raw:current.raw
is equivalent to
vmctl start bsd -Lc -r cd64.iso -d current.raw

in vm.conf
vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.qc2" format "qcow2"
interface { switch "external" }
}

or

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw" format "raw"
interface { switch "external" }
}

is equivlanet to

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw"
interface { switch "external" }
}

Tested by many.

Big Thanks to Ori Bernstein.

The vmctl start -I option was changed to -t.

I committed the manpage but accidentally forgot the main.c part.

OK ccardenas@

Allow to use configured/running VMs as templates for other VM instances.

This introduces new grammar and the -t optional in vmctl start.

(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)

OK ccardenas@ mlarkin@ jmc@

Add -w option to vmctl stop to wait for completion of VM termination.

Use it in /etc/rc.d/vmd accordingly.

OK sthen@

Add -f option to vmctl stop to forcefully kill a VM.

This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.

OK ccardenas@ mlarkin@ benno@ kn@

add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

Add initial CD-ROM support to VMD via vioscsi.

* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.

ok mlarkin@, jca@

Prefer memset() over bzero()

ok deraadt@ mlarkin@

merge parse_vmid() and parse_vmname()

ok mlarkin@ pd@

Add vmctl send and vmctl receive

ok reyk@ and mlarkin@

vmd/vmctl: Add ability to pause / unpause vms

With help from Ashwin Agrawal

ok reyk@ mlarkin@

vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

Report command failure back to vmctl reload, reset, load, log verbose.

OK mlarkin@

Report error for vmctl commands that need root privileges.

specifically: vmctl (load|reload|reset|log)

Reported by Christian Barthel

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Do not expose vmm(4) VM IDs to the user, use vmd(8)'s IDs instead.

Each VM has two IDs: one from the kernel (vmm) and a different one
from userland (vmd). The vmm ID is not consistent and incremented on
every boot during runtimg of the host system. The vmd ID remains the
same during the lifetime of a configured VM, even after reboots.
Configured VMs will even get and keep their IDs when the configuration
is loaded. This is more what users expect.

Pointed out and tested by otto@

OK deraadt@

Boot using BIOS from /etc/firmware/vmm-bios by default.

Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.

As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.

OK mlarkin@

Rename start_vm_complete to vm_start_complete for consistency.

unbreak vmctl build by renaming a function that now conflicts with
something from vmd.h . Temporary fix until the original committer can
fix it the way he desires.

Add "owner" option to set a user/group ownership for pre-configured VMs

This allows matching users to start or stop VMs that they "own" and to
access the console accordingly.

OK mlarkin@

Add imsg communication channel between vmd and invividual VMs.
For now, this is only used to forward "log verbose|brief" requests,
but it will be used for better things later.

OK mlarkin@

Add the vmctl start -n option to specify add a network interface to
the specified virtual switch from the command line.

OK mlarkin@

Fix functionality and semantics of vmctl load/reload/reset.

OK rzalamena@

move some argument checking from vmmaction() to start_vm()

from a diff posted to tech@ by Fabien Siron, thanks.

make vmctl 'create' usage description match the man page

Last parameter to execl[e]() functions *must* be cast to a pointer.
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.

Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.

Prompted by and probably ok deraadt@ millert@ kettenis@

Definitely ok mestre@ ratchov@

The division "res->size /= 1024 / 1024" is a no-op: 1024 / 1024 is
evaluated first, resulting in res->size /= 1. Remove the division and
the following check, as it can never fail; it is a left-over from
previous code that didn't check the size in the caller.

From Martin Natano
OK mlarkin@

don't use the second argument of pledge(2) as the whitelist is not stabilized
for now.

ok reyk@

The vmctl "id" argument can now be a number of or a vm name, eg.
vmctl stop 3
vmctl stop "openbsd.vm"

Remove unused argument in parse_vmid()

Allow to specify relative pathnames on the command line (eg. -k ./bsd).

style(9) says that is OK to not include sys/cdefs.h directly, as it
comes from sys/types.h (include-what-you-use doesn't know this policy).

Pointed out by Jan Schreiber

vmctl console - id is not optional

Add "vmctl console" to connect to a specified VM console by id.

Requested by mlarkin@

use argument names consistently.

ok reyk@

Another imsg_read user I did miss in my EAGAIN rampage.

vmctl has no need to change the socket that talks to vmd.
discussed with reyk

Add -c option to "vmctl start" to automatically connect to the VM
console after startup. This calls 'cu -l $TTY -s 9600' internally -
a "safe mode" for cu is proposed by tedu@.

Requested by mlarkin@
OK tedu@ on the execl/cu chunk

Re-add the "load" and "reload" commands to vmctl: Instead of parsing
the configuration in vmctl directly, it now sends a (re)load request
to vmd. The reload also resets the existing configuration status -
this doesn't do much difference yet but a future change will compare
if a specified VM is already running. "load" will allow to add
configuration, while "reload" resets the state before loading.

Replace vmmctl with vmctl. Also remove parse.y from the "new" vmctl.

As discussed with mlarkin@ and deraadt@

vmd(8)/vmctl(8): allow vm owners to override boot kernel.

vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.

This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.

ok mlarkin@

vmctl(8): no longer needs vmmvar.h

Finally! We can remove kernel headers from vmctl.

ok mlarkin@

fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

vmctl create accepts exactly one argument

Make "vmctl create -s3G 1.img 2.img" fail instead of just creating 1.img
and ignoring 2.img.

OK dv cheloha

Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Garbage collect loop index i which is no longer used after usage tweak.

make usage less chatty; ok mlarkin

vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

Remove superflouus mmcpy()

Reported by Preben Guldberg. ok mlarkin@

Simplify argument parsing of vmctl stop

The previous argument parsing logic had at least three bugs:
a copy-paste error led to an off-by-one and a printf "%s" NULL,
as reported by Preben Guldberg. A previous commit led to a dead
else branch and a use of uninitialized. This can all be avoided
by reworking the logic so as to be readable.

Prompted by a diff from Preben

ok dv

vmctl(8): fix vmctl send exit code

vmctl send always returned exit code 1

Patch by Benjamin Baier
ok kn@

Run cu(1) in restricted mode

Users must not not be able to transfer files from the local hypervisor
filesystem to VMs/LDOMs, especially since the "vmctl/ldomctl console ..."
might be run as root.

Disable all relevant escape sequences and cause cu to run under "stdio tty"
pledge by using -r.

OK deraadt mlarkin

Use local variable isntead of function parameter

The parse_size() wrapper around scan_scaled(3) writes its intermediate
result to the function argument which is always passed as literal zero.

This seems odd, the function parameter has no meaning but merely serves
as storage, so let's use a proper function scoped variable instead.

OK pd

Require at least one interface with -i

Either a positive count is given or -i is omitted entirely; vm.conf(5) does
not allow interface configuration that results in zero interfaces either.

Raise the minimium count value to one and tell more about invalid counts
with the usual strtonum(3) idiom.

OK reyk

vmctl(8): fix wrong output when using 'vmctl stop'

Fix a wrong output when using 'vmctl stop' without any further arguments.

Patch from Caspar Schutijser, thanks!

ok deraadt

zap an extra space in usage();
from alessandro gallo

Change vmctl(8) syntax: command options before the disk/name/id argument.

vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").

This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".

Requested by many

OK mlarkin@ kn@ solene@

An existing VM may be started by referencing its ID

Document `vmctl start id ...' again but be clear about the difference
between starting new and existing VMs by name and ID respectively. This
completes what I started with vmctl.8 revision 1.61.

Feedback and OK jmc

Fix previous extra arguments commit

I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.

Noticed by ajacoutot the hard way.

OK ajacoutot jca

Print usage on extra create, start and stop arguments

OK mlarkin

sync usage(); also, stop enclosing arg names in quotes, since it was
applied inconsistently, and applied consistently would make it
look like spaghetti;

ok mlarkin

Extend vmctl start -B argument to work for disk, cdrom and net.
Currently SeaBIOS will respect disk and cdrom and our kernel will
understand net.
OK ccardenas@, reyk@, mlarkin@

Add a new argument -B device to vmctl start. It allows to set the boot device.
At the moment only 'net' is supported and all other values are silently ignored.
This allows to kick of an OpenBSD autoinstall by using:
vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
OK ccardenas@

Add 'vmctl wait <VM>' a command that waits until the specified VM is
stopped/terminates. Useful in scripts when waiting until a vm has finished
its work.
Ok ccardenas@, reyk@

Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c

This way they are in the appropriate place and code can be shared with vmd.

Ok ori@ mlarkin@ ccardenas@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

Setting getopt optreset to 1 needs an additional reset of optind to 1.

OK millert@

Try to derive the qcow2 file format from an image file automatically.

This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl
and vmd will read the magic bytes at the beginning of a file to guess if
it is a raw or a qcow image file.

The "vmctl create" command has been changed by removing the -f qcow2 option
and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img".
In a slightly ununixy but intended way, the create command now also
considers the file extension for the format as "vmctl create foo.qcow2"
creates a qcow2 disk and not a raw image file.

Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)

Add vmctl stop -a [-fw] option to stop or terminate all running VMs.

This is also be used to simplify the vmd rc stop script.

OK mlarkin@ ccardenas@

Add initial set of unveil's to vmctl.

Was in snaps for a while.

Ok mlarkin@ and reyk@

Add ability to create qcow2 disk.

vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.

Many thanks to Ori Bernstein.

Add initial qcow2 image support.

Users are able to declare disk images as 'raw' or 'qcow2' using either
vmctl and vm.conf. The default disk image format is 'raw' if not specified.

Examples of using disk format:

vmctl start bsd -Lc -r cd64.iso -d qcow2:current.qc2
or
vmctl start bsd -Lc -r cd64.iso -d raw:current.raw
is equivalent to
vmctl start bsd -Lc -r cd64.iso -d current.raw

in vm.conf
vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.qc2" format "qcow2"
interface { switch "external" }
}

or

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw" format "raw"
interface { switch "external" }
}

is equivlanet to

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw"
interface { switch "external" }
}

Tested by many.

Big Thanks to Ori Bernstein.

The vmctl start -I option was changed to -t.

I committed the manpage but accidentally forgot the main.c part.

OK ccardenas@

Allow to use configured/running VMs as templates for other VM instances.

This introduces new grammar and the -t optional in vmctl start.

(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)

OK ccardenas@ mlarkin@ jmc@

Add -w option to vmctl stop to wait for completion of VM termination.

Use it in /etc/rc.d/vmd accordingly.

OK sthen@

Add -f option to vmctl stop to forcefully kill a VM.

This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.

OK ccardenas@ mlarkin@ benno@ kn@

add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

Add initial CD-ROM support to VMD via vioscsi.

* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.

ok mlarkin@, jca@

Prefer memset() over bzero()

ok deraadt@ mlarkin@

merge parse_vmid() and parse_vmname()

ok mlarkin@ pd@

Add vmctl send and vmctl receive

ok reyk@ and mlarkin@

vmd/vmctl: Add ability to pause / unpause vms

With help from Ashwin Agrawal

ok reyk@ mlarkin@

vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

Report command failure back to vmctl reload, reset, load, log verbose.

OK mlarkin@

Report error for vmctl commands that need root privileges.

specifically: vmctl (load|reload|reset|log)

Reported by Christian Barthel

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Do not expose vmm(4) VM IDs to the user, use vmd(8)'s IDs instead.

Each VM has two IDs: one from the kernel (vmm) and a different one
from userland (vmd). The vmm ID is not consistent and incremented on
every boot during runtimg of the host system. The vmd ID remains the
same during the lifetime of a configured VM, even after reboots.
Configured VMs will even get and keep their IDs when the configuration
is loaded. This is more what users expect.

Pointed out and tested by otto@

OK deraadt@

Boot using BIOS from /etc/firmware/vmm-bios by default.

Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.

As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.

OK mlarkin@

Rename start_vm_complete to vm_start_complete for consistency.

unbreak vmctl build by renaming a function that now conflicts with
something from vmd.h . Temporary fix until the original committer can
fix it the way he desires.

Add "owner" option to set a user/group ownership for pre-configured VMs

This allows matching users to start or stop VMs that they "own" and to
access the console accordingly.

OK mlarkin@

Add imsg communication channel between vmd and invividual VMs.
For now, this is only used to forward "log verbose|brief" requests,
but it will be used for better things later.

OK mlarkin@

Add the vmctl start -n option to specify add a network interface to
the specified virtual switch from the command line.

OK mlarkin@

Fix functionality and semantics of vmctl load/reload/reset.

OK rzalamena@

move some argument checking from vmmaction() to start_vm()

from a diff posted to tech@ by Fabien Siron, thanks.

make vmctl 'create' usage description match the man page

Last parameter to execl[e]() functions *must* be cast to a pointer.
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.

Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.

Prompted by and probably ok deraadt@ millert@ kettenis@

Definitely ok mestre@ ratchov@

The division "res->size /= 1024 / 1024" is a no-op: 1024 / 1024 is
evaluated first, resulting in res->size /= 1. Remove the division and
the following check, as it can never fail; it is a left-over from
previous code that didn't check the size in the caller.

From Martin Natano
OK mlarkin@

don't use the second argument of pledge(2) as the whitelist is not stabilized
for now.

ok reyk@

The vmctl "id" argument can now be a number of or a vm name, eg.
vmctl stop 3
vmctl stop "openbsd.vm"

Remove unused argument in parse_vmid()

Allow to specify relative pathnames on the command line (eg. -k ./bsd).

style(9) says that is OK to not include sys/cdefs.h directly, as it
comes from sys/types.h (include-what-you-use doesn't know this policy).

Pointed out by Jan Schreiber

vmctl console - id is not optional

Add "vmctl console" to connect to a specified VM console by id.

Requested by mlarkin@

use argument names consistently.

ok reyk@

Another imsg_read user I did miss in my EAGAIN rampage.

vmctl has no need to change the socket that talks to vmd.
discussed with reyk

Add -c option to "vmctl start" to automatically connect to the VM
console after startup. This calls 'cu -l $TTY -s 9600' internally -
a "safe mode" for cu is proposed by tedu@.

Requested by mlarkin@
OK tedu@ on the execl/cu chunk

Re-add the "load" and "reload" commands to vmctl: Instead of parsing
the configuration in vmctl directly, it now sends a (re)load request
to vmd. The reload also resets the existing configuration status -
this doesn't do much difference yet but a future change will compare
if a specified VM is already running. "load" will allow to add
configuration, while "reload" resets the state before loading.

Replace vmmctl with vmctl. Also remove parse.y from the "new" vmctl.

As discussed with mlarkin@ and deraadt@

vmctl(8): no longer needs vmmvar.h

Finally! We can remove kernel headers from vmctl.

ok mlarkin@

fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

vmctl create accepts exactly one argument

Make "vmctl create -s3G 1.img 2.img" fail instead of just creating 1.img
and ignoring 2.img.

OK dv cheloha

Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Garbage collect loop index i which is no longer used after usage tweak.

make usage less chatty; ok mlarkin

vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

Remove superflouus mmcpy()

Reported by Preben Guldberg. ok mlarkin@

Simplify argument parsing of vmctl stop

The previous argument parsing logic had at least three bugs:
a copy-paste error led to an off-by-one and a printf "%s" NULL,
as reported by Preben Guldberg. A previous commit led to a dead
else branch and a use of uninitialized. This can all be avoided
by reworking the logic so as to be readable.

Prompted by a diff from Preben

ok dv

vmctl(8): fix vmctl send exit code

vmctl send always returned exit code 1

Patch by Benjamin Baier
ok kn@

Run cu(1) in restricted mode

Users must not not be able to transfer files from the local hypervisor
filesystem to VMs/LDOMs, especially since the "vmctl/ldomctl console ..."
might be run as root.

Disable all relevant escape sequences and cause cu to run under "stdio tty"
pledge by using -r.

OK deraadt mlarkin

Use local variable isntead of function parameter

The parse_size() wrapper around scan_scaled(3) writes its intermediate
result to the function argument which is always passed as literal zero.

This seems odd, the function parameter has no meaning but merely serves
as storage, so let's use a proper function scoped variable instead.

OK pd

Require at least one interface with -i

Either a positive count is given or -i is omitted entirely; vm.conf(5) does
not allow interface configuration that results in zero interfaces either.

Raise the minimium count value to one and tell more about invalid counts
with the usual strtonum(3) idiom.

OK reyk

vmctl(8): fix wrong output when using 'vmctl stop'

Fix a wrong output when using 'vmctl stop' without any further arguments.

Patch from Caspar Schutijser, thanks!

ok deraadt

zap an extra space in usage();
from alessandro gallo

Change vmctl(8) syntax: command options before the disk/name/id argument.

vmctl had a CLI-style syntax (bgpctl-style) for a short time but I
changed it back to a more suitable getopt syntax. I replaced the CLI
tokens to getopts flags but didn't consider swapping the order of
command options and arguments to be more UNIX-like again ("vmctl
create disk.img size 10G" simply became "vmctl create disk.img -s 10G").

This changes "create", "start", and "stop" commands to the commonly
expected syntax like "vmctl create -s 10G disk.img".

Requested by many

OK mlarkin@ kn@ solene@

An existing VM may be started by referencing its ID

Document `vmctl start id ...' again but be clear about the difference
between starting new and existing VMs by name and ID respectively. This
completes what I started with vmctl.8 revision 1.61.

Feedback and OK jmc

Fix previous extra arguments commit

I blatantly missed the argc/argv adjustments after getopt(3), resulting in
valid commands like `vmctl create a -s 1G' to fail.

Noticed by ajacoutot the hard way.

OK ajacoutot jca

Print usage on extra create, start and stop arguments

OK mlarkin

sync usage(); also, stop enclosing arg names in quotes, since it was
applied inconsistently, and applied consistently would make it
look like spaghetti;

ok mlarkin

Extend vmctl start -B argument to work for disk, cdrom and net.
Currently SeaBIOS will respect disk and cdrom and our kernel will
understand net.
OK ccardenas@, reyk@, mlarkin@

Add a new argument -B device to vmctl start. It allows to set the boot device.
At the moment only 'net' is supported and all other values are silently ignored.
This allows to kick of an OpenBSD autoinstall by using:
vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img
OK ccardenas@

Add 'vmctl wait <VM>' a command that waits until the specified VM is
stopped/terminates. Useful in scripts when waiting until a vm has finished
its work.
Ok ccardenas@, reyk@

Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c

This way they are in the appropriate place and code can be shared with vmd.

Ok ori@ mlarkin@ ccardenas@

Add support to create and convert disk images from existing images

The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img)
lets you create a new image from an input file and convert it if it is a
different format. This allows to convert qcow2 images from raw images,
raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize
the disk.

This re-uses Ori's vioqcow2.c from vmd by reaching into it and
compiling it in. The API has been adjust to be used from both vmctl
and vmd accordingly.

OK mlarkin@

Add support for qcow2 base images (external snapshots).

This works is from Ori Bernstein, committing on his behalf:

Add support to vmd for external snapshots. That is, snapshots that are
derived from a base image. Data lookups start in the derived image,
and if the derived image does not contain some data, the search
proceeds ot the base image. Multiple derived images may exist off of
a single base image.

A limitation of this format is that modifying the base image will
corrupt the derived image.

This change also adds support for creating disk derived disk images to
vmctl. To use it:

vmctl create derived.qcow2 -s 16G -b base.qcow2

From Ori Bernstein
OK mlarkin@ reyk@

Setting getopt optreset to 1 needs an additional reset of optind to 1.

OK millert@

Try to derive the qcow2 file format from an image file automatically.

This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl
and vmd will read the magic bytes at the beginning of a file to guess if
it is a raw or a qcow image file.

The "vmctl create" command has been changed by removing the -f qcow2 option
and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img".
In a slightly ununixy but intended way, the create command now also
considers the file extension for the format as "vmctl create foo.qcow2"
creates a qcow2 disk and not a raw image file.

Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)

Add vmctl stop -a [-fw] option to stop or terminate all running VMs.

This is also be used to simplify the vmd rc stop script.

OK mlarkin@ ccardenas@

Add initial set of unveil's to vmctl.

Was in snaps for a while.

Ok mlarkin@ and reyk@

Add ability to create qcow2 disk.

vmctl create now takes an optional disk format parameter: raw or qcow2.
If format is omitted, raw is used.

Many thanks to Ori Bernstein.

Add initial qcow2 image support.

Users are able to declare disk images as 'raw' or 'qcow2' using either
vmctl and vm.conf. The default disk image format is 'raw' if not specified.

Examples of using disk format:

vmctl start bsd -Lc -r cd64.iso -d qcow2:current.qc2
or
vmctl start bsd -Lc -r cd64.iso -d raw:current.raw
is equivalent to
vmctl start bsd -Lc -r cd64.iso -d current.raw

in vm.conf
vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.qc2" format "qcow2"
interface { switch "external" }
}

or

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw" format "raw"
interface { switch "external" }
}

is equivlanet to

vm "current" {
disable
memory 2G
disk "/home/user/vmm/current.raw"
interface { switch "external" }
}

Tested by many.

Big Thanks to Ori Bernstein.

The vmctl start -I option was changed to -t.

I committed the manpage but accidentally forgot the main.c part.

OK ccardenas@

Allow to use configured/running VMs as templates for other VM instances.

This introduces new grammar and the -t optional in vmctl start.

(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)

OK ccardenas@ mlarkin@ jmc@

Add -w option to vmctl stop to wait for completion of VM termination.

Use it in /etc/rc.d/vmd accordingly.

OK sthen@

Add -f option to vmctl stop to forcefully kill a VM.

This also fixes a bug in vmm_sighdlr where it might have missed
forwarding the TERMINATE_EVENT to the vmd parent after a VM child
died, leading to an abandoned VM in the vmd parent process.

OK ccardenas@ mlarkin@ benno@ kn@

add an alias for vmctl show, matches finger memory and the rest of the
*ctl programs

OK mlarkin@ benno@ deraadt@

Add initial CD-ROM support to VMD via vioscsi.

* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8)
* Support various sized ISOs (Limitation of 4G ISOs on Linux guests)
* Known working guests: OpenBSD (primary), Alpine Linux (primary),
CentOS 6 (secondary), Ubuntu 17.10 (secondary).
NOTE: Secondary indicates some issue(s) preventing full/reliable
functionality outside the scope of the vioscsi work.
* If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's
default BIOS) will boot from CD-ROM.

ok mlarkin@, jca@

Prefer memset() over bzero()

ok deraadt@ mlarkin@

merge parse_vmid() and parse_vmname()

ok mlarkin@ pd@

Add vmctl send and vmctl receive

ok reyk@ and mlarkin@

vmd/vmctl: Add ability to pause / unpause vms

With help from Ashwin Agrawal

ok reyk@ mlarkin@

vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

Report command failure back to vmctl reload, reset, load, log verbose.

OK mlarkin@

Report error for vmctl commands that need root privileges.

specifically: vmctl (load|reload|reset|log)

Reported by Christian Barthel

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Do not expose vmm(4) VM IDs to the user, use vmd(8)'s IDs instead.

Each VM has two IDs: one from the kernel (vmm) and a different one
from userland (vmd). The vmm ID is not consistent and incremented on
every boot during runtimg of the host system. The vmd ID remains the
same during the lifetime of a configured VM, even after reboots.
Configured VMs will even get and keep their IDs when the configuration
is loaded. This is more what users expect.

Pointed out and tested by otto@

OK deraadt@

Boot using BIOS from /etc/firmware/vmm-bios by default.

Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.

As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.

OK mlarkin@

Rename start_vm_complete to vm_start_complete for consistency.

unbreak vmctl build by renaming a function that now conflicts with
something from vmd.h . Temporary fix until the original committer can
fix it the way he desires.

Add "owner" option to set a user/group ownership for pre-configured VMs

This allows matching users to start or stop VMs that they "own" and to
access the console accordingly.

OK mlarkin@

Add imsg communication channel between vmd and invividual VMs.
For now, this is only used to forward "log verbose|brief" requests,
but it will be used for better things later.

OK mlarkin@

Add the vmctl start -n option to specify add a network interface to
the specified virtual switch from the command line.

OK mlarkin@

Fix functionality and semantics of vmctl load/reload/reset.

OK rzalamena@

move some argument checking from vmmaction() to start_vm()

from a diff posted to tech@ by Fabien Siron, thanks.

make vmctl 'create' usage description match the man page

Last parameter to execl[e]() functions *must* be cast to a pointer.
Just NULL is not good practise as NULL is theoretically allowed to
be an integer rather than a pointer.

Use (char *)NULL consistently instead of scattering a few (char *)0
and (void *)NULL into the mix.

Prompted by and probably ok deraadt@ millert@ kettenis@

Definitely ok mestre@ ratchov@

The division "res->size /= 1024 / 1024" is a no-op: 1024 / 1024 is
evaluated first, resulting in res->size /= 1. Remove the division and
the following check, as it can never fail; it is a left-over from
previous code that didn't check the size in the caller.

From Martin Natano
OK mlarkin@

don't use the second argument of pledge(2) as the whitelist is not stabilized
for now.

ok reyk@

The vmctl "id" argument can now be a number of or a vm name, eg.
vmctl stop 3
vmctl stop "openbsd.vm"

Remove unused argument in parse_vmid()

Allow to specify relative pathnames on the command line (eg. -k ./bsd).

style(9) says that is OK to not include sys/cdefs.h directly, as it
comes from sys/types.h (include-what-you-use doesn't know this policy).

Pointed out by Jan Schreiber

vmctl console - id is not optional