Clean NewVM func

2023-09-02 11:10:14 +01:00 · 2023-09-02 11:10:14 +01:00 · cd5b6dc48d
commit cd5b6dc48d
parent 122d5b1089
6 changed files with 360 additions and 184 deletions
--- a/osspecifics/osspecifics.go
+++ b/osspecifics/osspecifics.go
@ -29,6 +29,8 @@ func TerminateProcess(pid int) error {
 // that there are no double-mounts.
 func CheckDeviceSeemsMounted(devPathPrefix string) (bool, error) {
 	// Quite a bit hacky implementation, but it's to be used as a failsafe band-aid anyway.
+	devPathPrefix = filepath.Clean(devPathPrefix)
+
 	absDevPathPrefix, err := filepath.Abs(devPathPrefix)
 	if err != nil {
 		return false, errors.Wrap(err, "get abs path")
--- a/qemucli/args.go
+++ b/qemucli/args.go
@ -11,10 +11,10 @@ import (
 type ArgAcceptedValue string

 const (
-	ArgAcceptedValueUint   ArgAcceptedValue = "uint"
-	ArgAcceptedValueString ArgAcceptedValue = "string"
-	ArgAcceptedValueMap    ArgAcceptedValue = "map"
-	ArgAcceptedValueNone   ArgAcceptedValue = "none"
+	ArgAcceptedValueUint     ArgAcceptedValue = "uint"
+	ArgAcceptedValueString   ArgAcceptedValue = "string"
+	ArgAcceptedValueKeyValue ArgAcceptedValue = "kv"
+	ArgAcceptedValueNone     ArgAcceptedValue = "none"
 )

 var safeArgs = map[string]ArgAcceptedValue{
@ -22,12 +22,14 @@ var safeArgs = map[string]ArgAcceptedValue{
 	"boot":    ArgAcceptedValueString,
 	"m":       ArgAcceptedValueUint,
 	"smp":     ArgAcceptedValueUint,
-	"device":  ArgAcceptedValueMap,
-	"netdev":  ArgAcceptedValueMap,
+	"device":  ArgAcceptedValueKeyValue,
+	"netdev":  ArgAcceptedValueKeyValue,
 	"serial":  ArgAcceptedValueString,
 	"cdrom":   ArgAcceptedValueString,
 	"machine": ArgAcceptedValueString,
 	"cpu":     ArgAcceptedValueString,
+	"display": ArgAcceptedValueString,
+	"drive":   ArgAcceptedValueKeyValue,
 }

 type Arg interface {
@ -47,7 +49,7 @@ func EncodeArgs(args []Arg) ([]string, error) {

 		cmdArgs = append(cmdArgs, flag)
 		if value != nil {
-			cmdArgs = append(cmdArgs, shellescape.Quote(*value))
+			cmdArgs = append(cmdArgs, *value)
 		}
 	}

@ -78,5 +80,7 @@ func EncodeArg(a Arg) (string, *string, error) {
 		return "", nil, fmt.Errorf("empty string value while declaring non-empty value (type %v)", reflect.TypeOf(a))
 	}

-	return "-" + argKey, &argValueStr, nil
+	argVal := shellescape.Quote(argValueStr)
+
+	return "-" + argKey, &argVal, nil
 }
--- a/qemucli/kv_arg.go
+++ b/qemucli/kv_arg.go
@ -7,13 +7,18 @@ import (
 	"github.com/pkg/errors"
 )

-type MapArg struct {
-	key    string
-	values map[string]string
+type KeyValueArgItem struct {
+	Key   string
+	Value string
 }

-func MustNewMapArg(key string, values map[string]string) *MapArg {
-	a, err := NewMapArg(key, values)
+type KeyValueArg struct {
+	key   string
+	items []KeyValueArgItem
+}
+
+func MustNewKeyValueArg(key string, items []KeyValueArgItem) *KeyValueArg {
+	a, err := NewKeyValueArg(key, items)
 	if err != nil {
 		panic(err)
 	}
@ -21,10 +26,13 @@ func MustNewMapArg(key string, values map[string]string) *MapArg {
 	return a
 }

-func NewMapArg(key string, values map[string]string) (*MapArg, error) {
-	a := &MapArg{
-		key:    key,
-		values: make(map[string]string),
+func NewKeyValueArg(key string, items []KeyValueArgItem) (*KeyValueArg, error) {
+	a := &KeyValueArg{
+		key: key,
+		// We're creating a copy here because we do not
+		// want to reference to any external source
+		// that can be modified after we've done checks.
+		items: make([]KeyValueArgItem, len(items)),
 	}

 	// Preflight arg key/type check.
@ -33,60 +41,71 @@ func NewMapArg(key string, values map[string]string) (*MapArg, error) {
 		return nil, errors.Wrap(err, "validate arg key")
 	}

-	for k, v := range values {
-		// The reason why we're making copies here and creating
-		// a whole other copy of the entire map is because maps
-		// are pointers, and we do not want to reference anything
-		// that we will not be able to validate except at this
-		// stage of MapArg creation.
-		k := k
-		v := v
+	for i, item := range items {
+		// We're making a copy here because we don't want to
+		// leave the possibility to modify the value remotely
+		// after the checks are done. Slices are pointers, and
+		// no copies are made when passing a slice is passed
+		// through to a function.
+		item := item

-		if len(k) == 0 {
-			return nil, fmt.Errorf("empty map key not allowed")
+		if len(item.Key) == 0 {
+			return nil, fmt.Errorf("empty key not allowed")
 		}

-		if len(v) == 1 {
+		if len(item.Value) == 0 {
 			// Values *can* be empty, though. We do not allow them for consistency.
-			return nil, fmt.Errorf("empty map value for key '%v' is not allowed", k)
+			return nil, fmt.Errorf("empty value for key '%v' is not allowed", item.Key)
 		}

-		err := validateArgStrValue(k)
+		err := validateArgStrValue(item.Key)
 		if err != nil {
-			return nil, errors.Wrapf(err, "validate map key '%v'", k)
+			return nil, errors.Wrapf(err, "validate key '%v'", item.Key)
 		}

-		err = validateArgStrValue(v)
+		err = validateArgStrValue(item.Value)
 		if err != nil {
-			return nil, errors.Wrapf(err, "validate map value '%v'", v)
+			return nil, errors.Wrapf(err, "validate map value '%v'", item.Value)
 		}

-		a.values[k] = v
+		a.items[i] = item
 	}

 	return a, nil
 }

-func (a *MapArg) StringKey() string {
+func (a *KeyValueArg) StringKey() string {
 	return a.key
 }

-func (a *MapArg) StringValue() string {
+func (a *KeyValueArg) StringValue() string {
 	sb := new(strings.Builder)
-	for k, v := range a.values {
+	for i, item := range a.items {
 		// We're not validating anything here because
 		// we expect that the keys/values were validated
 		// at the creation of the MapArg.

-		sb.WriteString(k)
-		if len(v) > 0 {
-			sb.WriteString("=" + v)
+		if item.Key == "" {
+			// But if for whatever reason it happens that
+			// a key is blank, we skip the entire item because
+			// otherwise it's bad syntax.
+			continue
+		}
+
+		if i != 0 {
+			sb.WriteString(",")
+		}
+
+		sb.WriteString(item.Key)
+		if len(item.Value) > 0 {
+			// Item values can theoretically be empty.
+			sb.WriteString("=" + item.Value)
 		}
 	}

 	return sb.String()
 }

-func (a *MapArg) ValueType() ArgAcceptedValue {
-	return ArgAcceptedValueMap
+func (a *KeyValueArg) ValueType() ArgAcceptedValue {
+	return ArgAcceptedValueKeyValue
 }
--- a/qemucli/validation.go
+++ b/qemucli/validation.go
@ -23,5 +23,11 @@ func validateArgStrValue(s string) error {
 		return fmt.Errorf("commas are not allowed")
 	}

+	if strings.Contains(s, "\\") {
+		// Backslashes are theoretically allowed, but they rarely work as intended.
+		// For Windows paths, forward slashes should be used.
+		return fmt.Errorf("backslashes are not allowed")
+	}
+
 	return nil
 }
--- a/vm/cfg.go
+++ b/vm/cfg.go
@ -1,14 +1,42 @@
 package vm

 import (
+	"encoding/hex"
 	"fmt"
 	"log/slog"
+	"net"
+	"os"
 	"path/filepath"
 	"runtime"
+	"strings"
+	"time"

+	"github.com/AlexSSD7/linsk/nettap"
+	"github.com/AlexSSD7/linsk/osspecifics"
 	"github.com/AlexSSD7/linsk/qemucli"
+	"github.com/AlexSSD7/linsk/utils"
+	"github.com/pkg/errors"
 )

+func getUniqueQEMUNetID() string {
+	return "net" + utils.IntToStr(time.Now().UnixNano())
+}
+
+func getUniqueQEMUDriveID() string {
+	return "drive" + utils.IntToStr(time.Now().UnixNano())
+}
+
+func cleanQEMUPath(s string) string {
+	path := filepath.Clean(s)
+	if runtime.GOOS == "windows" {
+		// QEMU doesn't work well with Windows backslashes, so we're replacing them to forward slashes
+		// that work perfectly fine.
+		path = strings.ReplaceAll(s, "\\", "/")
+	}
+
+	return path
+}
+
 func configureBaseVMCmd(logger *slog.Logger, cfg VMConfig) (string, []qemucli.Arg, error) {
 	baseCmd := "qemu-system"

@ -19,7 +47,7 @@ func configureBaseVMCmd(logger *slog.Logger, cfg VMConfig) (string, []qemucli.Ar
 	args := []qemucli.Arg{
 		qemucli.MustNewStringArg("serial", "stdio"),
 		qemucli.MustNewUintArg("m", cfg.MemoryAlloc),
-		qemucli.MustNewUintArg("m", runtime.NumCPU()),
+		qemucli.MustNewUintArg("smp", runtime.NumCPU()),
 	}

 	var accel string
@ -46,7 +74,10 @@ func configureBaseVMCmd(logger *slog.Logger, cfg VMConfig) (string, []qemucli.Ar

 		// "highmem=off" is required for M1.
 		args = append(args,
-			qemucli.MustNewMapArg("machine", map[string]string{"type": "virt", "highmem": "off"}),
+			qemucli.MustNewKeyValueArg("machine", []qemucli.KeyValueArgItem{
+				{Key: "type", Value: "virt"},
+				{Key: "highmem", Value: "off"},
+			}),
 			qemucli.MustNewStringArg("cpu", "host"),
 		)

@ -58,8 +89,235 @@ func configureBaseVMCmd(logger *slog.Logger, cfg VMConfig) (string, []qemucli.Ar
 	args = append(args, qemucli.MustNewStringArg("accel", accel))

 	if cfg.BIOSPath != "" {
-		args = append(args, qemucli.MustNewStringArg("bios", filepath.Clean(cfg.BIOSPath)))
+		biosPath := cleanQEMUPath(cfg.BIOSPath)
+		biosArg, err := qemucli.NewStringArg("bios", biosPath)
+		if err != nil {
+			return "", nil, errors.Wrapf(err, "create bios arg (path '%v')", biosPath)
+		}
+
+		args = append(args, biosArg)
+	}
+
+	if !cfg.ShowDisplay {
+		args = append(args, qemucli.MustNewStringArg("display", "none"))
+	}
+
+	// TODO: There is no video configured by default on arm64, rendering --vm-debug useless.
+
+	if cfg.CdromImagePath != "" {
+		cdromPath := cleanQEMUPath(cfg.CdromImagePath)
+		cdromArg, err := qemucli.NewStringArg("cdrom", cdromPath)
+		if err != nil {
+			return "", nil, errors.Wrapf(err, "create cdrom arg (path '%v')", cdromPath)
+		}
+
+		args = append(args, cdromArg, qemucli.MustNewStringArg("boot", "d"))
 	}

 	return baseCmd, args, nil
 }
+
+func configureVMCmdUserNetwork(ports []PortForwardingRule, unrestricted bool) ([]qemucli.Arg, error) {
+	netID := getUniqueQEMUNetID()
+
+	userNetdevValues := []qemucli.KeyValueArgItem{
+		{Key: "type", Value: "user"},
+		{Key: "id", Value: netID},
+	}
+
+	if !unrestricted {
+		userNetdevValues = append(userNetdevValues, qemucli.KeyValueArgItem{Key: "restrict", Value: "on"})
+	}
+
+	for _, pf := range ports {
+		hostIPStr := ""
+		if pf.HostIP != nil {
+			hostIPStr = pf.HostIP.String()
+		}
+
+		userNetdevValues = append(userNetdevValues, qemucli.KeyValueArgItem{
+			Key:   "hostfwd",
+			Value: "tcp:" + hostIPStr + ":" + utils.UintToStr(pf.HostPort) + "-:" + utils.UintToStr(pf.VMPort),
+		})
+	}
+
+	netdevArg, err := qemucli.NewKeyValueArg("netdev", userNetdevValues)
+	if err != nil {
+		return nil, errors.Wrap(err, "create netdev key-value arg")
+	}
+
+	deviceArg, err := qemucli.NewKeyValueArg("device", []qemucli.KeyValueArgItem{{Key: "driver", Value: "virtio-net"}, {Key: "netdev", Value: netID}})
+	if err != nil {
+		return nil, errors.Wrap(err, "create device key-value arg")
+	}
+
+	args := []qemucli.Arg{
+		netdevArg,
+		deviceArg,
+	}
+
+	return args, nil
+}
+
+func configureVMCmdTapNetwork(tapName string) ([]qemucli.Arg, error) {
+	err := nettap.ValidateTapName(tapName)
+	if err != nil {
+		return nil, errors.Wrapf(err, "validate network tap name '%v'", tapName)
+	}
+
+	netID := getUniqueQEMUNetID()
+
+	netdevArg, err := qemucli.NewKeyValueArg("netdev", []qemucli.KeyValueArgItem{{Key: "type", Value: "tap"}, {Key: "id", Value: netID}, {Key: "ifname", Value: tapName}, {Key: "script", Value: "no"}, {Key: "downscript", Value: "no"}})
+	if err != nil {
+		return nil, errors.Wrap(err, "create netdev key-value arg")
+	}
+
+	deviceArg, err := qemucli.NewKeyValueArg("device", []qemucli.KeyValueArgItem{{Key: "driver", Value: "virtio-net"}, {Key: "netdev", Value: netID}})
+	if err != nil {
+		return nil, errors.Wrap(err, "create device key-value arg")
+	}
+
+	return []qemucli.Arg{netdevArg, deviceArg}, nil
+}
+
+func configureVMCmdNetworking(logger *slog.Logger, cfg VMConfig, sshPort uint16) ([]qemucli.Arg, error) {
+	// SSH port config.
+	ports := []PortForwardingRule{{
+		HostIP:   net.ParseIP("127.0.0.1"),
+		HostPort: sshPort,
+		VMPort:   22,
+	}}
+
+	ports = append(ports, cfg.ExtraPortForwardingRules...)
+
+	if cfg.UnrestrictedNetworking {
+		slog.Warn("Using unrestricted VM networking")
+	}
+
+	args, err := configureVMCmdUserNetwork(ports, cfg.UnrestrictedNetworking)
+	if err != nil {
+		return nil, errors.Wrap(err, "configure vm cmd user network")
+	}
+
+	for i, tap := range cfg.Taps {
+		tapNetArgs, err := configureVMCmdTapNetwork(tap.Name)
+		if err != nil {
+			return nil, errors.Wrapf(err, "configure tap network #%v", i)
+		}
+
+		args = append(args, tapNetArgs...)
+	}
+
+	return args, nil
+}
+
+func configureVMCmdDrives(cfg VMConfig) ([]qemucli.Arg, error) {
+	var args []qemucli.Arg
+
+	for i, drive := range cfg.Drives {
+		_, err := os.Stat(filepath.Clean(drive.Path))
+		if err != nil {
+			return nil, errors.Wrapf(err, "stat drive #%v path", i)
+		}
+
+		driveID := getUniqueQEMUDriveID()
+		drivePath := cleanQEMUPath(drive.Path)
+
+		driveKVItems := []qemucli.KeyValueArgItem{
+			{Key: "file", Value: drivePath},
+			{Key: "format", Value: "qcow2"},
+			{Key: "if", Value: "none"},
+			{Key: "id", Value: driveID},
+		}
+
+		if drive.SnapshotMode {
+			driveKVItems = append(driveKVItems, qemucli.KeyValueArgItem{
+				Key:   "snapshot",
+				Value: "on",
+			})
+		}
+
+		deviceKVItems := []qemucli.KeyValueArgItem{
+			{Key: "driver", Value: "virtio-blk-pci"},
+			{Key: "drive", Value: driveID},
+		}
+
+		if cfg.CdromImagePath == "" {
+			deviceKVItems = append(deviceKVItems, qemucli.KeyValueArgItem{
+				Key:   "bootindex",
+				Value: utils.IntToStr(i),
+			})
+		}
+
+		driveArg, err := qemucli.NewKeyValueArg("drive", driveKVItems)
+		if err != nil {
+			return nil, errors.Wrapf(err, "create drive key-value arg (path '%v')", drivePath)
+		}
+
+		deviceArg, err := qemucli.NewKeyValueArg("device", deviceKVItems)
+		if err != nil {
+			return nil, errors.Wrapf(err, "create device key-value arg (path '%v')", drivePath)
+		}
+
+		args = append(args, driveArg, deviceArg)
+	}
+
+	return args, nil
+}
+
+func configureVMCmdUSBPassthrough(cfg VMConfig) []qemucli.Arg {
+	var args []qemucli.Arg
+
+	if len(cfg.PassthroughConfig.USB) != 0 {
+		args = append(args, qemucli.MustNewKeyValueArg("device", []qemucli.KeyValueArgItem{{Key: "driver", Value: "nec-usb-xhci"}}))
+
+		for _, dev := range cfg.PassthroughConfig.USB {
+			args = append(args, qemucli.MustNewKeyValueArg("device", []qemucli.KeyValueArgItem{
+				{Key: "driver", Value: "usb-host"},
+				{Key: "vendorid", Value: "0x" + hex.EncodeToString(utils.Uint16ToBytesBE(dev.VendorID))},
+				{Key: "productid", Value: "0x" + hex.EncodeToString(utils.Uint16ToBytesBE(dev.ProductID))},
+			}))
+		}
+	}
+
+	return args
+}
+
+func configureVMCmdBlockDevicePassthrough(logger *slog.Logger, cfg VMConfig) ([]qemucli.Arg, error) {
+	var args []qemucli.Arg
+
+	if len(cfg.PassthroughConfig.Block) != 0 {
+		logger.Warn("Using raw block device passthrough. Please note that it's YOUR responsibility to ensure that no device is mounted in your OS and the VM at the same time. Otherwise, you run serious risks. No further warnings will be issued.")
+	}
+
+	for _, dev := range cfg.PassthroughConfig.Block {
+		// It's always a user's responsibility to ensure that no drives are mounted
+		// in both host and guest system. This should serve as the last resort.
+		{
+			seemsMounted, err := osspecifics.CheckDeviceSeemsMounted(dev.Path)
+			if err != nil {
+				return nil, errors.Wrapf(err, "check whether device seems to be mounted (path '%v')", dev.Path)
+			}
+
+			if seemsMounted {
+				return nil, fmt.Errorf("device '%v' seems to be already mounted in the host system", dev.Path)
+			}
+		}
+
+		devPath := cleanQEMUPath(dev.Path)
+
+		driveArg, err := qemucli.NewKeyValueArg("drive", []qemucli.KeyValueArgItem{
+			{Key: "file", Value: devPath},
+			{Key: "format", Value: "raw"},
+			{Key: "if", Value: "virtio"},
+			{Key: "cache", Value: "none"},
+		})
+		if err != nil {
+			return nil, errors.Wrapf(err, "create drive key-value arg (path '%v')", devPath)
+		}
+
+		args = append(args, driveArg)
+	}
+
+	return args, nil
+}
--- a/vm/vm.go
+++ b/vm/vm.go
@ -4,25 +4,19 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	"encoding/hex"
 	"fmt"
 	"io"
-	"os"
 	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
 	"sync"
 	"sync/atomic"
 	"time"

 	"log/slog"

-	"github.com/AlexSSD7/linsk/nettap"
 	"github.com/AlexSSD7/linsk/osspecifics"
+	"github.com/AlexSSD7/linsk/qemucli"
 	"github.com/AlexSSD7/linsk/sshutil"
 	"github.com/AlexSSD7/linsk/utils"
-	"github.com/alessio/shellescape"
 	"github.com/bramvdbogaerde/go-scp"
 	"github.com/phayes/freeport"
 	"github.com/pkg/errors"
@ -94,152 +88,40 @@ type VMConfig struct {
 }

 func NewVM(logger *slog.Logger, cfg VMConfig) (*VM, error) {
-	cdromImagePath := filepath.Clean(cfg.CdromImagePath)
-	_, err := os.Stat(cdromImagePath)
-	if err != nil {
-		return nil, errors.Wrap(err, "stat cdrom image path")
-	}
-
 	sshPort, err := freeport.GetFreePort()
 	if err != nil {
 		return nil, errors.Wrap(err, "get free port for ssh server")
 	}

-	cmdArgs := []string{"-serial", "stdio", "-m", fmt.Sprint(cfg.MemoryAlloc), "-smp", fmt.Sprint(runtime.NumCPU())}
-
-	if cfg.BIOSPath != "" {
-		cmdArgs = append(cmdArgs, "-bios", filepath.Clean(cfg.BIOSPath))
+	baseCmd, cmdArgs, err := configureBaseVMCmd(logger, cfg)
+	if err != nil {
+		return nil, errors.Wrap(err, "configure base vm cmd")
 	}

-	baseCmd := "qemu-system"
-
-	var accel string
-	switch runtime.GOOS {
-	case "windows":
-		// TODO: To document: For Windows, we need to install QEMU using an installer and add it to PATH.
-		// Then, we should enable Windows Hypervisor Platform in "Turn Windows features on or off".
-		// IMPORTANT: We should also install libusbK drivers for USB devices we want to pass through.
-		// This can be easily done with a program called Zadiag by Akeo.
-		accel = "whpx,kernel-irqchip=off"
-	case "darwin":
-		accel = "hvf"
-	default:
-		accel = "kvm"
+	netCmdArgs, err := configureVMCmdNetworking(logger, cfg, uint16(sshPort))
+	if err != nil {
+		return nil, errors.Wrap(err, "configure vm cmd networking")
 	}

-	switch runtime.GOARCH {
-	case "amd64":
-		baseCmd += "-x86_64"
-	case "arm64":
-		if cfg.BIOSPath == "" {
-			logger.Warn("BIOS image path is not specified while attempting to run an aarch64 (arm64) VM. The VM will not boot.")
-		}
+	cmdArgs = append(cmdArgs, netCmdArgs...)

-		// ",highmem=off" is required for M1.
-		cmdArgs = append(cmdArgs, "-M", "virt,highmem=off", "-cpu", "host")
-		baseCmd += "-aarch64"
-	default:
-		return nil, fmt.Errorf("arch '%v' is not supported", runtime.GOARCH)
+	driveCmdArgs, err := configureVMCmdDrives(cfg)
+	if err != nil {
+		return nil, errors.Wrap(err, "configure vm cmd drives")
 	}

-	cmdArgs = append(cmdArgs, "-accel", accel)
+	cmdArgs = append(cmdArgs, driveCmdArgs...)

-	if runtime.GOOS == "windows" {
-		baseCmd += ".exe"
+	usbCmdArgs := configureVMCmdUSBPassthrough(cfg)
+
+	cmdArgs = append(cmdArgs, usbCmdArgs...)
+
+	blockDevArgs, err := configureVMCmdBlockDevicePassthrough(logger, cfg)
+	if err != nil {
+		return nil, errors.Wrap(err, "configure vm cmd block device passthrough")
 	}

-	netdevOpts := "user,id=net0,hostfwd=tcp:127.0.0.1:" + fmt.Sprint(sshPort) + "-:22"
-
-	if !cfg.UnrestrictedNetworking {
-		netdevOpts += ",restrict=on"
-	} else {
-		logger.Warn("Running with unrestricted networking")
-	}
-
-	for _, pf := range cfg.ExtraPortForwardingRules {
-		hostIPStr := ""
-		if pf.HostIP != nil {
-			hostIPStr = pf.HostIP.String()
-		}
-
-		netdevOpts += ",hostfwd=tcp:" + hostIPStr + ":" + fmt.Sprint(pf.HostPort) + "-:" + fmt.Sprint(pf.VMPort)
-	}
-
-	cmdArgs = append(cmdArgs, "-device", "e1000,netdev=net0", "-netdev", netdevOpts)
-
-	for i, tap := range cfg.Taps {
-		err := nettap.ValidateTapName(tap.Name)
-		if err != nil {
-			return nil, errors.Wrapf(err, "validate network tap #%v name", i)
-		}
-
-		netdevName := "net" + fmt.Sprint(1+i)
-
-		cmdArgs = append(cmdArgs, "-device", "e1000,netdev="+netdevName, "-netdev", "tap,id="+netdevName+",ifname="+shellescape.Quote(tap.Name)+",script=no,downscript=no")
-	}
-
-	if !cfg.ShowDisplay {
-		cmdArgs = append(cmdArgs, "-display", "none")
-	} else if runtime.GOARCH == "arm64" {
-		// No video is configured by default in ARM. This will enable it.
-		// TODO: This doesn't really work on arm64. It just shows a blank viewer.
-		cmdArgs = append(cmdArgs, "-device", "virtio-gpu-device")
-	}
-
-	for i, extraDrive := range cfg.Drives {
-		_, err = os.Stat(extraDrive.Path)
-		if err != nil {
-			return nil, errors.Wrapf(err, "stat extra drive #%v path", i)
-		}
-
-		driveArgs := "file=" + shellescape.Quote(strings.ReplaceAll(extraDrive.Path, "\\", "/")) + ",format=qcow2,if=none,id=disk" + fmt.Sprint(i)
-		if extraDrive.SnapshotMode {
-			driveArgs += ",snapshot=on"
-		}
-
-		devArgs := "virtio-blk-pci,drive=disk" + fmt.Sprint(i)
-
-		if cfg.CdromImagePath == "" {
-			devArgs += ",bootindex=" + fmt.Sprint(i)
-		}
-
-		cmdArgs = append(cmdArgs, "-drive", driveArgs, "-device", devArgs)
-	}
-
-	if len(cfg.PassthroughConfig.USB) != 0 {
-		cmdArgs = append(cmdArgs, "-device", "nec-usb-xhci")
-
-		for _, dev := range cfg.PassthroughConfig.USB {
-			cmdArgs = append(cmdArgs, "-device", "usb-host,vendorid=0x"+hex.EncodeToString(utils.Uint16ToBytesBE(dev.VendorID))+",productid=0x"+hex.EncodeToString(utils.Uint16ToBytesBE(dev.ProductID)))
-		}
-	}
-
-	if len(cfg.PassthroughConfig.Block) != 0 {
-		logger.Warn("Using raw block device passthrough. Please note that it's YOUR responsibility to ensure that no device is mounted in your OS and the VM at the same time. Otherwise, you run serious risks. No further warnings will be issued.")
-	}
-
-	for _, dev := range cfg.PassthroughConfig.Block {
-		// It's always a user's responsibility to ensure that no drives are mounted
-		// in both host and guest system. This should serve as the last resort.
-		{
-			seemsMounted, err := osspecifics.CheckDeviceSeemsMounted(dev.Path)
-			if err != nil {
-				return nil, errors.Wrapf(err, "check whether device seems to be mounted (path '%v')", dev.Path)
-			}
-
-			if seemsMounted {
-				return nil, fmt.Errorf("device '%v' seems to be already mounted in the host system", dev.Path)
-			}
-		}
-
-		cmdArgs = append(cmdArgs, "-drive", "file="+shellescape.Quote(strings.ReplaceAll(dev.Path, "\\", "/"))+",format=raw,if=virtio,cache=none")
-	}
-
-	// We're not using clean `cdromImagePath` here because it is set to "."
-	// when the original string is empty.
-	if cfg.CdromImagePath != "" {
-		cmdArgs = append(cmdArgs, "-boot", "d", "-cdrom", cdromImagePath)
-	}
+	cmdArgs = append(cmdArgs, blockDevArgs...)

 	if cfg.InstallBaseUtilities && !cfg.UnrestrictedNetworking {
 		return nil, fmt.Errorf("installation of base utilities is impossible with unrestricted networking disabled")
@ -261,12 +143,17 @@ func NewVM(logger *slog.Logger, cfg VMConfig) (*VM, error) {
 		return nil, fmt.Errorf("vm ssh setup timeout cannot be lower than os up timeout")
 	}

+	encodedCmdArgs, err := qemucli.EncodeArgs(cmdArgs)
+	if err != nil {
+		return nil, errors.Wrap(err, "encode qemu cli args")
+	}
+
 	// No errors beyond this point.

 	sysRead, userWrite := io.Pipe()
 	userRead, sysWrite := io.Pipe()

-	cmd := exec.Command(baseCmd, cmdArgs...)
+	cmd := exec.Command(baseCmd, encodedCmdArgs...)

 	cmd.Stdin = sysRead
 	cmd.Stdout = sysWrite