RE: boot loaders for domain != 0

RE: boot loaders for domain != 0

[Ian Pratt]

 
> > I think you could get most of this functionality by allowing the
> > location of the kernel to be specified as a file within one of the
> > guests virtual disks (assuming dom0 knows how to mount the root file
> > system).
> 
> Except that you really want to be able to update from within the guest
> what kernel is used instead of having to specify it in dom0.  
> That then
> makes the guest almost completely independent on questions of what
> software runs inside it.

You'll still need a config file in domain 0 that says what the 'boot
disk' for the domain is and what virtual ethernet interfaces it gets
etc.
 
> > We could also access a config file within the guest's 
> virtual disk that
> > could be used to override a subset of the config parameters (e.g.
> > command line, kernel image name etc).
> 
> Parsing a grub.conf is easy enough that you're probably just 
> as well off
> reading it from dom0 and parsing it to determine what the 
> right thing to
> boot is.  You can even do it without mounting by using something like
> libext2fs.  Going really all out would then make it so that when you
> first started a guest domain, you'd be presented with a menu to pick
> what you want (based on the boot loader config), just like you would
> with a normal machine.  

Yep, grub.conf wouldn't be a bad config format to use, though it's
obviously not as flexible as ourcurrent config file that enable varibles
etc.

Using libext2fs would be nice from a security POV (it's probably not too
hard to crash Linux getting it to mount a suitably crafted filesystem
structure), but it doesn't help if the client is using XFS or Reiserfs
etc (though I'm not sure Grub supports these anyhow). Perhaps insisting
on an ext3 /boot is OK.

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

RE: boot loaders for domain != 0

[Jeremy Katz]

On Thu, 2005-02-03 at 17:28 +0000, Ian Pratt wrote:
> > > We could also access a config file within the guest's 
> > virtual disk that
> > > could be used to override a subset of the config parameters (e.g.
> > > command line, kernel image name etc).
> > 
> > Parsing a grub.conf is easy enough that you're probably just 
> > as well off
> > reading it from dom0 and parsing it to determine what the 
> > right thing to
> > boot is.  You can even do it without mounting by using something like
> > libext2fs.  Going really all out would then make it so that when you
> > first started a guest domain, you'd be presented with a menu to pick
> > what you want (based on the boot loader config), just like you would
> > with a normal machine.  
> 
> Yep, grub.conf wouldn't be a bad config format to use, though it's
> obviously not as flexible as ourcurrent config file that enable varibles
> etc.
> 
> Using libext2fs would be nice from a security POV (it's probably not too
> hard to crash Linux getting it to mount a suitably crafted filesystem
> structure), but it doesn't help if the client is using XFS or Reiserfs
> etc (though I'm not sure Grub supports these anyhow). Perhaps insisting
> on an ext3 /boot is OK.

grub will support them, and there are libraries for most of the other
filesystems too.  Doing things such that other filesystems can be
plugged in would be reasonable, but for a first pass, ext[23] /boot is
probably reasonable.  

Jeremy



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: boot loaders for domain != 0

[Anthony Liguori]

Ian Pratt wrote:

>Using libext2fs would be nice from a security POV (it's probably not too
>hard to crash Linux getting it to mount a suitably crafted filesystem
>structure), but it doesn't help if the client is using XFS or Reiserfs
>etc (though I'm not sure Grub supports these anyhow). Perhaps insisting
>on an ext3 /boot is OK.
>
>Ian
>  
>
I contemplated doing this for not just grub but also for ISOLinux so 
that you could boot off of a CDROM.  A really intelligent loader would 
determine which Kernel the system is trying to load (i.e. 2.6.10 vs. 
2.4.23) and load an appropriate Xen kernel.

I looked into it a bit and it wouldn't be terribly hard to support boot 
splash screens either.  Like Jeremy, this is on my TODO list but I 
figured I look into this after getting a new set of management tools 
(since this is mostly management-level stuff).

For what it's worth, I think doing a quick mount, read, and then umount 
is the easiest approach since it extends well to doing things like 
peeking at an ISO's contents by mounting an ISO image.  Using libraries 
would probably introduce some nasty dependencies without really gaining 
much...

Regards,

-- 
Anthony Liguori
anthony@codemonkey.ws



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: boot loaders for domain != 0

[Jan Kundrát]

Ian Pratt wrote:
> Using libext2fs would be nice from a security POV (it's probably not too
> hard to crash Linux getting it to mount a suitably crafted filesystem
> structure), but it doesn't help if the client is using XFS or Reiserfs
> etc (though I'm not sure Grub supports these anyhow). Perhaps insisting
> on an ext3 /boot is OK.

grub supports reiserfs if you use it with "notail" mount option (at 
least Gentoo Handbook says that).

-jkt

-- 
cd /local/pub && more beer > /dev/mouth


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

[PATCH] Xen Grub-style boot loader

[Anthony Liguori]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

Ok, here's something I hacked up this afternoon to try and get the ball 
moving on this.

It's a simple grub style ncurses application.  This is my ncurses app so 
it's probably even easier than what I did.  It parses a grub.conf file 
and let's a user pick an entry.

Right now it just prints out what the user selected.  I'm not sure how 
it should integrate into the existing tools.  Thoughts?  Integrating it 
shouldn't be pretty easy.

Note: It looks quite ugly in gnome-terminal.  I'm sure there's a way to 
handle the different term types better in curses.  It looks just fine 
though on a real terminal though.

Regards,

Anthony Liguori
Email: aliguori@us.ibm.com

Signed-off-by: Anthony Liguori

[-- Attachment #2: xenoloader.diff --]
[-- Type: text/x-patch, Size: 8421 bytes --]

diff -urN xenoloader-empty/Makefile xenoloader/Makefile
--- xenoloader-empty/Makefile	1969-12-31 18:00:00.000000000 -0600
+++ xenoloader/Makefile	2005-02-03 14:47:08.000000000 -0600
@@ -0,0 +1,31 @@
+###############################################################################
+##
+##   Makefile
+##
+##   Copyright (C) International Business Machines  Corp., 2005
+##   Author(s): Anthony Liguori (aliguori@us.ibm.com)
+##
+##   Xen Psuedo-Boot Loader
+##
+##   This library is free software; you can redistribute it and/or modify
+##   it under the terms of the GNU Lesser General Public License as published
+##   by the Free Software Foundation; either version 2.1 of the License, or
+##   (at your option) any later version.
+##
+##   This library is distributed in the hope that it will be useful,
+##   but WITHOUT ANY WARRANTY; without even the implied warranty of
+##   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+##   the GNU Lesser General Public License for more details.
+##
+##   You should have received a copy of the GNU Lesser General Public License
+##   along with this library; if not, write to the Free Software
+##   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+##
+###############################################################################
+
+CFLAGS=-Wall -g
+
+all: main.o
+	$(CC) $(CFLAGS) -o xenoloader main.o -lcurses
+
+clean:; $(RM) main.o xenoloader
diff -urN xenoloader-empty/main.c xenoloader/main.c
--- xenoloader-empty/main.c	1969-12-31 18:00:00.000000000 -0600
+++ xenoloader/main.c	2005-02-03 14:56:00.000000000 -0600
@@ -0,0 +1,278 @@
+/*\
+ *   xenoloader/main.c
+ *
+ *   Copyright (C) International Business Machines  Corp., 2005
+ *   Author(s): Anthony Liguori (aliguori@us.ibm.com)
+ *
+ *   Xen Psuedo-Boot Loader
+ *
+ *   This library is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU Lesser General Public License as published
+ *   by the Free Software Foundation; either version 2.1 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This library is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ *   the GNU Lesser General Public License for more details.
+ *
+ *   You should have received a copy of the GNU Lesser General Public License
+ *   along with this library; if not, write to the Free Software
+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+\*/
+
+#include <curses.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <malloc.h>
+
+/* simple structure representing a single grub
+   command.  argv[0] is the name of the command.
+   Use CMD_REST to concatinate multiple arguments
+   while preserving original spacing */
+struct grub_cmd {
+  int argc;
+  char **argv;
+  char *line;
+};
+
+/* the x,y offset of the first entry to select */
+#define X_OFFSET 3
+#define Y_OFFSET 6
+
+/* gets the concatination of the rest of the line
+   starting at argv[i] */
+#define CMD_REST(cmd, i) ((cmd).line + ((cmd).argv[(i)] - (cmd).argv[0]))
+
+/* reads a grub configuration file and returns a null-terminated array of
+   grub commands */
+struct grub_cmd *read_grub_conf(const char *file)
+{
+  FILE *f = fopen(file, "r");
+  char buffer[4096];
+  struct grub_cmd *cmds = 0;
+  size_t capacity = 0;
+  size_t size = 0;
+
+  if (!f) return NULL;
+
+  while(fgets(buffer, sizeof(buffer), f)) {
+    char *ptr = buffer;
+    int words = 0;
+    int in_word = 0;
+
+    /* skip spaces */
+    while (isspace(*ptr)) ptr++;
+
+    /* skip comments and blank lines */
+    if (*ptr == '#' || !*ptr) continue;
+
+    /* make sure we have enough room for this command and the null terminator */
+    if ((size + 2) > capacity) {
+      capacity += 100;
+      cmds = realloc(cmds, capacity * sizeof(cmds[0]));
+    }
+
+    cmds[size].line = strdup(ptr);
+
+    /* count number of words */
+    for (ptr = cmds[size].line; *ptr; ptr++) {
+      if (isspace(*ptr)) {
+	in_word = 0;
+      } else if (!in_word) {
+	words++;
+	in_word = 1;
+      }
+      if (*ptr == '\r' || *ptr == '\n') *ptr = 0;
+    }
+
+    /* allocate argc/argv */
+    cmds[size].argc = words;
+    cmds[size].argv = malloc(sizeof(char*) * words);
+
+    /* duplicate a string to tokenize */
+    cmds[size].argv[0] = strdup(cmds[size].line);
+    words = 1;
+    in_word = 1;
+
+    /* tokenize */
+    for (ptr = cmds[size].argv[0]; *ptr; ptr++) {
+      if (isspace(*ptr)) {
+	if (in_word) *ptr = 0;
+	in_word = 0;
+      } else if (!in_word) {
+	cmds[size].argv[words] = ptr;
+	words++;
+	in_word = 1;
+      }
+    }
+
+    size++;
+  }
+
+  fclose(f);
+
+  /* NULL terminate */
+  cmds[size].argc = 0;
+  cmds[size].argv = 0;
+  cmds[size].line = 0;
+
+  return cmds;
+}
+
+/* quick routine that draws a box using ASCII art.  There's
+   probably a better way to do this with curses */
+static void make_box(int x, int y, int width, int height)
+{
+  int i;
+
+  mvaddch(y, x, 0xda);
+  for (i = x + 1; i < x + width; i++) {
+    mvaddch(y, i, 0xc4);
+  }
+  mvaddch(y, x+width, 0xbf);
+
+  for (i = y + 1; i < y + height; i++) {
+    mvaddch(i, x, 0xb3);
+    mvaddch(i, x+width, 0xb3);
+  }
+
+  mvaddch(y+height, x, 0xc0);
+  for (i = x + 1; i < x + width; i++) {
+    mvaddch(y+height, i, 0xc4);
+  }
+  mvaddch(y+height, x+width, 0xd9);
+}
+
+/* signal handler */
+static void finish(int sig)
+{
+  endwin();
+  exit(0);
+}
+
+int main(int argc, char **argv)
+{
+  int ch;
+  int pos = 0;
+  struct grub_cmd *cmds;
+  int selected = -1;
+  int i;
+  int n = 0;
+
+  if (argc != 2) {
+    printf("Usage: %s CONFIG\n", argv[0]);
+    exit(1);
+  }
+
+  /* Read the grub file */
+  cmds = read_grub_conf(argv[1]);
+  if (!cmds) {
+    fprintf(stderr, "Error reading `%s': %m\n", argv[1]);
+    exit(1);
+  }
+
+  /* Set up curses and signal handlers */
+  signal(SIGINT, finish);
+  initscr();
+  keypad(stdscr, TRUE);
+  intrflush(stdscr, FALSE);
+  nonl();
+  cbreak();
+  noecho();
+
+  /* Display banner */
+  mvaddstr(2, 2, "XenoLoader v0.0.1");
+
+  /* Display box with choices */
+  make_box(1, Y_OFFSET - 2, 74, 10);
+  for (i = 0; cmds[i].line; i++) {
+    if (!strcmp(cmds[i].argv[0], "title")) {
+      mvaddstr(Y_OFFSET + n, X_OFFSET + 2, CMD_REST(cmds[i], 1));
+      n++;
+    }
+  }
+
+  /* Display usage text */
+  mvaddstr(18, 2, "Use the up and down keys to select which entry is highlighted.");
+  mvaddstr(19, 2, "Press enter to boot the selected OS.");
+
+  /* Select the first choice */
+  mvaddstr(Y_OFFSET + pos, X_OFFSET, " ");
+
+  /* Input loop */
+  while (selected == -1 && (ch = getch()) != EOF) {
+    int new_pos = pos;
+    switch (ch) {
+    case KEY_UP:
+      new_pos--;
+      break;
+    case KEY_DOWN:
+      new_pos++;
+      break;
+    case '\n':
+    case '\r':
+      selected = pos;
+      break;
+    }
+    
+    new_pos += n;
+    new_pos %= n;
+    
+    if (new_pos != pos) {
+      mvaddstr(Y_OFFSET + new_pos, X_OFFSET, " ");
+      pos = new_pos;
+    }
+  }
+
+  /* Close the curses session */
+  endwin();
+
+  /* This is all horribly inefficient but quick to write */
+
+  /* Find the index of the selected title */
+  n = 0;
+  for (i = 0; cmds[i].line; i++) {
+    if (!strcmp(cmds[i].argv[0], "title")) {
+      if (n == selected) {
+	break;
+      }
+      n++;
+    }
+  }
+
+  if (!cmds[i].line) {
+    printf("No kernel selected\n");
+  } else {
+    const char *title = CMD_REST(cmds[i], 1);
+    const char *kernel = "";
+    const char *cli = "";
+    const char *root = "";
+
+    /* Read the options after the selected title until
+       the next title looking for the ones we care about
+    */
+    for (i++; cmds[i].line; i++) {
+      if (!strcmp(cmds[i].argv[0], "title")) {
+	break;
+      } else if (!strcmp(cmds[i].argv[0], "kernel")) {
+	kernel = cmds[i].argv[1];
+	if (cmds[i].argc > 2) {
+	  cli = CMD_REST(cmds[i], 2);
+	}
+      } else if (!strcmp(cmds[i].argv[0], "root")) {
+	root = CMD_REST(cmds[i], 1);
+      }
+    }
+
+    /* We've got our info.. now what do we do with it */
+    printf("Selected kernel `%s'\n", title);
+    printf("Root is `%s'\n", root);
+    printf("Kernel image is `%s'\n", kernel);
+    printf("Kernel command line is `%s'\n", cli);
+  }
+
+  return 0;
+}

Re: [PATCH] Xen Grub-style boot loader

[Anthony Liguori]

Anthony Liguori wrote:

> It's a simple grub style ncurses application.  This is my ncurses app 
> so it's probably even easier than what I did.  It parses a grub.conf 
> file and let's a user pick an entry.
>
> Right now it just prints out what the user selected.  I'm not sure how 
> it should integrate into the existing tools.  Thoughts?  Integrating 
> it shouldn't be pretty easy.

I'm sorry, my typing seems a bit off today.  It should read, "This is my 
first ncurses app" and "Integrating it should be pretty easy".  I didn't 
want anyone to think that it would be difficult to integrate :-)

Regards,
Anthony Liguori


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

RE: [PATCH] Xen Grub-style boot loader

[Ian Pratt]

> It's a simple grub style ncurses application.  This is my 
> ncurses app so 
> it's probably even easier than what I did.  It parses a 
> grub.conf file 
> and let's a user pick an entry.

I think to be useful this would need to run within the guest domain such that the grub menu appeared over the guest console connection. We'd have to use something akin to a real bootloader (but 32bit) to pull in the image and jump at it. Using linux with a suitable initrd and kexec might be a good soloution.

I'm not sure that the interactive selection of kernels is the #1 requirement here -- I think its more about being able to read the kernel from the domain's file system, and to be able to control the command line options. 

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

Re: [PATCH] Xen Grub-style boot loader

[Anthony Liguori]

Ian Pratt wrote:

>I think to be useful this would need to run within the guest domain such that the grub menu appeared over the guest console connection. We'd have to use something akin to a real bootloader (but 32bit) to pull in the image and jump at it. Using linux with a suitable initrd and kexec might be a good soloution.
>  
>
Making the console appear over the guest connection isn't hard while 
still having the boot loader be a dom0 process.  It's particularly easy 
if you make the console visible as a tty.  In the current Xend 
architecture, you would just dup the socket as the std(in|out) of the 
process and exec the boot loader before starting the domain.

I think the only real advantage to having it be a part of domain-U is 
that you avoid the problem with mounting a file system.  The more I 
think about it though the more of a security concerns worry me.  Long 
term, I think a domU loader is a better solution.  However, I think 
there's a large class of users where a dom0 boot loader would be just fine.

>I'm not sure that the interactive selection of kernels is the #1 requirement here -- I think its more about being able to read the kernel from the domain's file system, and to be able to control the command line options. 
>  
>
It's definitely not the #1 requirement but it's certainly useful.  You 
don't really need a boot loader to read the kernel from the domain's 
file system or to give the user the ability to control the command line.

Would you being willing to accept a boot loader that ran as a dom0 
process and exported it's screen through the console?  Even if it was 
only a temporary solution until a better boot loader was written?  I ask 
because I can probably code up the rest (I already can read the 
grub.conf off of a specified device) by tonight or tomorrow.

I think it would take more time than I could invest to do the dom0 
approach any time soon.  Unless of course someone else is willing to do 
it in which case I agree that the dom0 approach is superior :-)

Regards,
Anthony Liguori

>Ian
>
>  
>



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl