#include <stdbool.h>
#include <glib.h>
#include <getopt.h>
+#include <glib/gstdio.h>
#ifndef _WIN32
#include <syslog.h>
#include <sys/wait.h>
#include "qapi/qmp/qerror.h"
#include "qapi/qmp/dispatch.h"
#include "qga/channel.h"
+#include "qemu/bswap.h"
#ifdef _WIN32
#include "qga/service-win32.h"
-#include <windows.h>
+#include "qga/vss-win32.h"
#endif
#ifdef __linux__
#include <linux/fs.h>
#ifndef _WIN32
#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
+#define QGA_STATE_RELATIVE_DIR "run"
+#define QGA_SERIAL_PATH_DEFAULT "/dev/ttyS0"
#else
#define QGA_VIRTIO_PATH_DEFAULT "\\\\.\\Global\\org.qemu.guest_agent.0"
+#define QGA_STATE_RELATIVE_DIR "qemu-ga"
+#define QGA_SERIAL_PATH_DEFAULT "COM1"
#endif
-#define QGA_STATEDIR_DEFAULT CONFIG_QEMU_LOCALSTATEDIR "/run"
-#define QGA_PIDFILE_DEFAULT QGA_STATEDIR_DEFAULT "/qemu-ga.pid"
#ifdef CONFIG_FSFREEZE
#define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR "/fsfreeze-hook"
#endif
#define QGA_SENTINEL_BYTE 0xFF
+static struct {
+ const char *state_dir;
+ const char *pidfile;
+} dfl_pathnames;
+
+typedef struct GAPersistentState {
+#define QGA_PSTATE_DEFAULT_FD_COUNTER 1000
+ int64_t fd_counter;
+} GAPersistentState;
+
struct GAState {
JSONMessageParser parser;
GMainLoop *main_loop;
#ifdef CONFIG_FSFREEZE
const char *fsfreeze_hook;
#endif
+ const gchar *pstate_filepath;
+ GAPersistentState pstate;
};
struct GAState *ga_state;
"guest-ping",
"guest-info",
"guest-sync",
+ "guest-sync-delimited",
"guest-fsfreeze-status",
"guest-fsfreeze-thaw",
NULL
VOID WINAPI service_main(DWORD argc, TCHAR *argv[]);
#endif
+static void
+init_dfl_pathnames(void)
+{
+ g_assert(dfl_pathnames.state_dir == NULL);
+ g_assert(dfl_pathnames.pidfile == NULL);
+ dfl_pathnames.state_dir = qemu_get_local_state_pathname(
+ QGA_STATE_RELATIVE_DIR);
+ dfl_pathnames.pidfile = qemu_get_local_state_pathname(
+ QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S "qemu-ga.pid");
+}
+
static void quit_handler(int sig)
{
/* if we're frozen, don't exit unless we're absolutely forced to,
" -m, --method transport method: one of unix-listen, virtio-serial, or\n"
" isa-serial (virtio-serial is the default)\n"
" -p, --path device/socket path (the default for virtio-serial is:\n"
+" %s,\n"
+" the default for isa-serial is:\n"
" %s)\n"
" -l, --logfile set logfile path, logs to stderr by default\n"
" -f, --pidfile specify pidfile (default is %s)\n"
" -h, --help display this help and exit\n"
"\n"
- , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_PIDFILE_DEFAULT,
+ , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_SERIAL_PATH_DEFAULT,
+ dfl_pathnames.pidfile,
#ifdef CONFIG_FSFREEZE
QGA_FSFREEZE_HOOK_DEFAULT,
#endif
- QGA_STATEDIR_DEFAULT);
+ dfl_pathnames.state_dir);
}
static const char *ga_log_level_str(GLogLevelFlags level)
s->delimit_response = true;
}
+static FILE *ga_open_logfile(const char *logfile)
+{
+ FILE *f;
+
+ f = fopen(logfile, "a");
+ if (!f) {
+ return NULL;
+ }
+
+ qemu_set_cloexec(fileno(f));
+ return f;
+}
+
#ifndef _WIN32
static bool ga_open_pidfile(const char *pidfile)
{
int pidfd;
char pidstr[32];
- pidfd = open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+ pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) {
g_critical("Cannot lock pid file, %s", strerror(errno));
if (pidfd != -1) {
return false;
}
- if (ftruncate(pidfd, 0) || lseek(pidfd, 0, SEEK_SET)) {
+ if (ftruncate(pidfd, 0)) {
g_critical("Failed to truncate pid file");
goto fail;
}
goto fail;
}
+ /* keep pidfile open & locked forever */
return true;
fail:
unlink(pidfile);
+ close(pidfd);
return false;
}
#else /* _WIN32 */
}
/* disable commands that aren't safe for fsfreeze */
-static void ga_disable_non_whitelisted(void)
-{
- char **list_head, **list;
- bool whitelisted;
- int i;
-
- list_head = list = qmp_get_command_list();
- while (*list != NULL) {
- whitelisted = false;
- i = 0;
- while (ga_freeze_whitelist[i] != NULL) {
- if (strcmp(*list, ga_freeze_whitelist[i]) == 0) {
- whitelisted = true;
- }
- i++;
- }
- if (!whitelisted) {
- g_debug("disabling command: %s", *list);
- qmp_disable_command(*list);
+static void ga_disable_non_whitelisted(QmpCommand *cmd, void *opaque)
+{
+ bool whitelisted = false;
+ int i = 0;
+ const char *name = qmp_command_name(cmd);
+
+ while (ga_freeze_whitelist[i] != NULL) {
+ if (strcmp(name, ga_freeze_whitelist[i]) == 0) {
+ whitelisted = true;
}
- g_free(*list);
- list++;
+ i++;
+ }
+ if (!whitelisted) {
+ g_debug("disabling command: %s", name);
+ qmp_disable_command(name);
}
- g_free(list_head);
}
/* [re-]enable all commands, except those explicitly blacklisted by user */
-static void ga_enable_non_blacklisted(GList *blacklist)
+static void ga_enable_non_blacklisted(QmpCommand *cmd, void *opaque)
{
- char **list_head, **list;
+ GList *blacklist = opaque;
+ const char *name = qmp_command_name(cmd);
- list_head = list = qmp_get_command_list();
- while (*list != NULL) {
- if (g_list_find_custom(blacklist, *list, ga_strcmp) == NULL &&
- !qmp_command_is_enabled(*list)) {
- g_debug("enabling command: %s", *list);
- qmp_enable_command(*list);
- }
- g_free(*list);
- list++;
+ if (g_list_find_custom(blacklist, name, ga_strcmp) == NULL &&
+ !qmp_command_is_enabled(cmd)) {
+ g_debug("enabling command: %s", name);
+ qmp_enable_command(name);
}
- g_free(list_head);
}
static bool ga_create_file(const char *path)
return;
}
/* disable all non-whitelisted (for frozen state) commands */
- ga_disable_non_whitelisted();
+ qmp_for_each_command(ga_disable_non_whitelisted, NULL);
g_warning("disabling logging due to filesystem freeze");
ga_disable_logging(s);
s->frozen = true;
* in a frozen state at start up, do it now
*/
if (s->deferred_options.log_filepath) {
- s->log_file = fopen(s->deferred_options.log_filepath, "a");
+ s->log_file = ga_open_logfile(s->deferred_options.log_filepath);
if (!s->log_file) {
s->log_file = stderr;
}
}
/* enable all disabled, non-blacklisted commands */
- ga_enable_non_blacklisted(s->blacklist);
+ qmp_for_each_command(ga_enable_non_blacklisted, s->blacklist);
s->frozen = false;
if (!ga_delete_file(s->state_filepath_isfrozen)) {
g_warning("unable to delete %s, fsfreeze may not function properly",
}
}
- umask(0);
+ umask(S_IRWXG | S_IRWXO);
sid = setsid();
if (sid < 0) {
goto fail;
error_free(err);
}
ret = send_response(s, QOBJECT(qdict));
- if (ret) {
- g_warning("error sending error response: %s", strerror(ret));
+ if (ret < 0) {
+ g_warning("error sending error response: %s", strerror(-ret));
}
}
if (!s->virtio) {
return false;
}
+ /* fall through */
case G_IO_STATUS_AGAIN:
/* virtio causes us to spin here when no process is attached to
* host-side chardev. sleep a bit to mitigate this
}
if (path == NULL) {
- if (strcmp(method, "virtio-serial") != 0) {
+ if (strcmp(method, "virtio-serial") == 0 ) {
+ /* try the default path for the virtio-serial port */
+ path = QGA_VIRTIO_PATH_DEFAULT;
+ } else if (strcmp(method, "isa-serial") == 0){
+ /* try the default path for the serial port - COM1 */
+ path = QGA_SERIAL_PATH_DEFAULT;
+ } else {
g_critical("must specify a path for this channel");
return false;
}
- /* try the default path for the virtio-serial port */
- path = QGA_VIRTIO_PATH_DEFAULT;
}
if (strcmp(method, "virtio-serial") == 0) {
}
#endif
+static void set_persistent_state_defaults(GAPersistentState *pstate)
+{
+ g_assert(pstate);
+ pstate->fd_counter = QGA_PSTATE_DEFAULT_FD_COUNTER;
+}
+
+static void persistent_state_from_keyfile(GAPersistentState *pstate,
+ GKeyFile *keyfile)
+{
+ g_assert(pstate);
+ g_assert(keyfile);
+ /* if any fields are missing, either because the file was tampered with
+ * by agents of chaos, or because the field wasn't present at the time the
+ * file was created, the best we can ever do is start over with the default
+ * values. so load them now, and ignore any errors in accessing key-value
+ * pairs
+ */
+ set_persistent_state_defaults(pstate);
+
+ if (g_key_file_has_key(keyfile, "global", "fd_counter", NULL)) {
+ pstate->fd_counter =
+ g_key_file_get_integer(keyfile, "global", "fd_counter", NULL);
+ }
+}
+
+static void persistent_state_to_keyfile(const GAPersistentState *pstate,
+ GKeyFile *keyfile)
+{
+ g_assert(pstate);
+ g_assert(keyfile);
+
+ g_key_file_set_integer(keyfile, "global", "fd_counter", pstate->fd_counter);
+}
+
+static gboolean write_persistent_state(const GAPersistentState *pstate,
+ const gchar *path)
+{
+ GKeyFile *keyfile = g_key_file_new();
+ GError *gerr = NULL;
+ gboolean ret = true;
+ gchar *data = NULL;
+ gsize data_len;
+
+ g_assert(pstate);
+
+ persistent_state_to_keyfile(pstate, keyfile);
+ data = g_key_file_to_data(keyfile, &data_len, &gerr);
+ if (gerr) {
+ g_critical("failed to convert persistent state to string: %s",
+ gerr->message);
+ ret = false;
+ goto out;
+ }
+
+ g_file_set_contents(path, data, data_len, &gerr);
+ if (gerr) {
+ g_critical("failed to write persistent state to %s: %s",
+ path, gerr->message);
+ ret = false;
+ goto out;
+ }
+
+out:
+ if (gerr) {
+ g_error_free(gerr);
+ }
+ if (keyfile) {
+ g_key_file_free(keyfile);
+ }
+ g_free(data);
+ return ret;
+}
+
+static gboolean read_persistent_state(GAPersistentState *pstate,
+ const gchar *path, gboolean frozen)
+{
+ GKeyFile *keyfile = NULL;
+ GError *gerr = NULL;
+ struct stat st;
+ gboolean ret = true;
+
+ g_assert(pstate);
+
+ if (stat(path, &st) == -1) {
+ /* it's okay if state file doesn't exist, but any other error
+ * indicates a permissions issue or some other misconfiguration
+ * that we likely won't be able to recover from.
+ */
+ if (errno != ENOENT) {
+ g_critical("unable to access state file at path %s: %s",
+ path, strerror(errno));
+ ret = false;
+ goto out;
+ }
+
+ /* file doesn't exist. initialize state to default values and
+ * attempt to save now. (we could wait till later when we have
+ * modified state we need to commit, but if there's a problem,
+ * such as a missing parent directory, we want to catch it now)
+ *
+ * there is a potential scenario where someone either managed to
+ * update the agent from a version that didn't use a key store
+ * while qemu-ga thought the filesystem was frozen, or
+ * deleted the key store prior to issuing a fsfreeze, prior
+ * to restarting the agent. in this case we go ahead and defer
+ * initial creation till we actually have modified state to
+ * write, otherwise fail to recover from freeze.
+ */
+ set_persistent_state_defaults(pstate);
+ if (!frozen) {
+ ret = write_persistent_state(pstate, path);
+ if (!ret) {
+ g_critical("unable to create state file at path %s", path);
+ ret = false;
+ goto out;
+ }
+ }
+ ret = true;
+ goto out;
+ }
+
+ keyfile = g_key_file_new();
+ g_key_file_load_from_file(keyfile, path, 0, &gerr);
+ if (gerr) {
+ g_critical("error loading persistent state from path: %s, %s",
+ path, gerr->message);
+ ret = false;
+ goto out;
+ }
+
+ persistent_state_from_keyfile(pstate, keyfile);
+
+out:
+ if (keyfile) {
+ g_key_file_free(keyfile);
+ }
+ if (gerr) {
+ g_error_free(gerr);
+ }
+
+ return ret;
+}
+
+int64_t ga_get_fd_handle(GAState *s, Error **errp)
+{
+ int64_t handle;
+
+ g_assert(s->pstate_filepath);
+ /* we blacklist commands and avoid operations that potentially require
+ * writing to disk when we're in a frozen state. this includes opening
+ * new files, so we should never get here in that situation
+ */
+ g_assert(!ga_is_frozen(s));
+
+ handle = s->pstate.fd_counter++;
+
+ /* This should never happen on a reasonable timeframe, as guest-file-open
+ * would have to be issued 2^63 times */
+ if (s->pstate.fd_counter == INT64_MAX) {
+ abort();
+ }
+
+ if (!write_persistent_state(&s->pstate, s->pstate_filepath)) {
+ error_setg(errp, "failed to commit persistent state to disk");
+ return -1;
+ }
+
+ return handle;
+}
+
+static void ga_print_cmd(QmpCommand *cmd, void *opaque)
+{
+ printf("%s\n", qmp_command_name(cmd));
+}
+
int main(int argc, char **argv)
{
const char *sopt = "hVvdm:p:l:f:F::b:s:t:";
const char *method = NULL, *path = NULL;
const char *log_filepath = NULL;
- const char *pid_filepath = QGA_PIDFILE_DEFAULT;
+ const char *pid_filepath;
#ifdef CONFIG_FSFREEZE
const char *fsfreeze_hook = NULL;
#endif
- const char *state_dir = QGA_STATEDIR_DEFAULT;
+ const char *state_dir;
#ifdef _WIN32
const char *service = NULL;
#endif
module_call_init(MODULE_INIT_QAPI);
+ init_dfl_pathnames();
+ pid_filepath = dfl_pathnames.pidfile;
+ state_dir = dfl_pathnames.state_dir;
+
while ((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) {
switch (ch) {
case 'm':
daemonize = 1;
break;
case 'b': {
- char **list_head, **list;
if (is_help_option(optarg)) {
- list_head = list = qmp_get_command_list();
- while (*list != NULL) {
- printf("%s\n", *list);
- g_free(*list);
- list++;
- }
- g_free(list_head);
+ qmp_for_each_command(ga_print_cmd, NULL);
return 0;
}
for (j = 0, i = 0, len = strlen(optarg); i < len; i++) {
case 's':
service = optarg;
if (strcmp(service, "install") == 0) {
- return ga_install_service(path, log_filepath);
+ const char *fixed_state_dir;
+
+ /* If the user passed the "-t" option, we save that state dir
+ * in the service. Otherwise we let the service fetch the state
+ * dir from the environment when it starts.
+ */
+ fixed_state_dir = (state_dir == dfl_pathnames.state_dir) ?
+ NULL :
+ state_dir;
+ if (ga_install_vss_provider()) {
+ return EXIT_FAILURE;
+ }
+ if (ga_install_service(path, log_filepath, fixed_state_dir)) {
+ return EXIT_FAILURE;
+ }
+ return 0;
} else if (strcmp(service, "uninstall") == 0) {
+ ga_uninstall_vss_provider();
return ga_uninstall_service();
} else {
printf("Unknown service command.\n");
}
}
+#ifdef _WIN32
+ /* On win32 the state directory is application specific (be it the default
+ * or a user override). We got past the command line parsing; let's create
+ * the directory (with any intermediate directories). If we run into an
+ * error later on, we won't try to clean up the directory, it is considered
+ * persistent.
+ */
+ if (g_mkdir_with_parents(state_dir, S_IRWXU) == -1) {
+ g_critical("unable to create (an ancestor of) the state directory"
+ " '%s': %s", state_dir, strerror(errno));
+ return EXIT_FAILURE;
+ }
+#endif
+
s = g_malloc0(sizeof(GAState));
s->log_level = log_level;
s->log_file = stderr;
ga_enable_logging(s);
s->state_filepath_isfrozen = g_strdup_printf("%s/qga.state.isfrozen",
state_dir);
+ s->pstate_filepath = g_strdup_printf("%s/qga.state", state_dir);
s->frozen = false;
+
#ifndef _WIN32
/* check if a previous instance of qemu-ga exited with filesystems' state
* marked as frozen. this could be a stale value (a non-qemu-ga process
if (ga_is_frozen(s)) {
if (daemonize) {
- /* delay opening/locking of pidfile till filesystem are unfrozen */
+ /* delay opening/locking of pidfile till filesystems are unfrozen */
s->deferred_options.pid_filepath = pid_filepath;
become_daemon(NULL);
}
s->deferred_options.log_filepath = log_filepath;
}
ga_disable_logging(s);
- ga_disable_non_whitelisted();
+ qmp_for_each_command(ga_disable_non_whitelisted, NULL);
} else {
if (daemonize) {
become_daemon(pid_filepath);
}
if (log_filepath) {
- FILE *log_file = fopen(log_filepath, "a");
+ FILE *log_file = ga_open_logfile(log_filepath);
if (!log_file) {
g_critical("unable to open specified log file: %s",
strerror(errno));
}
}
+ /* load persistent state from disk */
+ if (!read_persistent_state(&s->pstate,
+ s->pstate_filepath,
+ ga_is_frozen(s))) {
+ g_critical("failed to load persistent state");
+ goto out_bad;
+ }
+
+ blacklist = ga_command_blacklist_init(blacklist);
if (blacklist) {
s->blacklist = blacklist;
do {
projects / qemu.git / blobdiff