#include <stdbool.h>
#include <glib.h>
#include <getopt.h>
+#include <glib/gstdio.h>
#ifndef _WIN32
#include <syslog.h>
#include <sys/wait.h>
#include "qapi/qmp/qerror.h"
#include "qapi/qmp/dispatch.h"
#include "qga/channel.h"
+#include "qemu/bswap.h"
#ifdef _WIN32
#include "qga/service-win32.h"
+#include "qga/vss-win32.h"
#include <windows.h>
#endif
+#ifdef __linux__
+#include <linux/fs.h>
+#ifdef FIFREEZE
+#define CONFIG_FSFREEZE
+#endif
+#endif
#ifndef _WIN32
#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
+#define QGA_STATE_RELATIVE_DIR "run"
#else
#define QGA_VIRTIO_PATH_DEFAULT "\\\\.\\Global\\org.qemu.guest_agent.0"
+#define QGA_STATE_RELATIVE_DIR "qemu-ga"
+#endif
+#ifdef CONFIG_FSFREEZE
+#define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR "/fsfreeze-hook"
#endif
-#define QGA_STATEDIR_DEFAULT CONFIG_QEMU_LOCALSTATEDIR "/run"
-#define QGA_PIDFILE_DEFAULT QGA_STATEDIR_DEFAULT "/qemu-ga.pid"
#define QGA_SENTINEL_BYTE 0xFF
+static struct {
+ const char *state_dir;
+ const char *pidfile;
+} dfl_pathnames;
+
+typedef struct GAPersistentState {
+#define QGA_PSTATE_DEFAULT_FD_COUNTER 1000
+ int64_t fd_counter;
+} GAPersistentState;
+
struct GAState {
JSONMessageParser parser;
GMainLoop *main_loop;
const char *log_filepath;
const char *pid_filepath;
} deferred_options;
+#ifdef CONFIG_FSFREEZE
+ const char *fsfreeze_hook;
+#endif
+ const gchar *pstate_filepath;
+ GAPersistentState pstate;
};
struct GAState *ga_state;
"guest-ping",
"guest-info",
"guest-sync",
+ "guest-sync-delimited",
"guest-fsfreeze-status",
"guest-fsfreeze-thaw",
NULL
VOID WINAPI service_main(DWORD argc, TCHAR *argv[]);
#endif
+static void
+init_dfl_pathnames(void)
+{
+ g_assert(dfl_pathnames.state_dir == NULL);
+ g_assert(dfl_pathnames.pidfile == NULL);
+ dfl_pathnames.state_dir = qemu_get_local_state_pathname(
+ QGA_STATE_RELATIVE_DIR);
+ dfl_pathnames.pidfile = qemu_get_local_state_pathname(
+ QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S "qemu-ga.pid");
+}
+
static void quit_handler(int sig)
{
/* if we're frozen, don't exit unless we're absolutely forced to,
" %s)\n"
" -l, --logfile set logfile path, logs to stderr by default\n"
" -f, --pidfile specify pidfile (default is %s)\n"
+#ifdef CONFIG_FSFREEZE
+" -F, --fsfreeze-hook\n"
+" enable fsfreeze hook. Accepts an optional argument that\n"
+" specifies script to run on freeze/thaw. Script will be\n"
+" called with 'freeze'/'thaw' arguments accordingly.\n"
+" (default is %s)\n"
+" If using -F with an argument, do not follow -F with a\n"
+" space.\n"
+" (for example: -F/var/run/fsfreezehook.sh)\n"
+#endif
" -t, --statedir specify dir to store state information (absolute paths\n"
" only, default is %s)\n"
" -v, --verbose log extra debugging information\n"
" -h, --help display this help and exit\n"
"\n"
- , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_PIDFILE_DEFAULT,
- QGA_STATEDIR_DEFAULT);
+ , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, dfl_pathnames.pidfile,
+#ifdef CONFIG_FSFREEZE
+ QGA_FSFREEZE_HOOK_DEFAULT,
+#endif
+ dfl_pathnames.state_dir);
}
static const char *ga_log_level_str(GLogLevelFlags level)
s->delimit_response = true;
}
+static FILE *ga_open_logfile(const char *logfile)
+{
+ FILE *f;
+
+ f = fopen(logfile, "a");
+ if (!f) {
+ return NULL;
+ }
+
+ qemu_set_cloexec(fileno(f));
+ return f;
+}
+
#ifndef _WIN32
static bool ga_open_pidfile(const char *pidfile)
{
int pidfd;
char pidstr[32];
- pidfd = open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+ pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) {
g_critical("Cannot lock pid file, %s", strerror(errno));
if (pidfd != -1) {
return false;
}
- if (ftruncate(pidfd, 0) || lseek(pidfd, 0, SEEK_SET)) {
+ if (ftruncate(pidfd, 0)) {
g_critical("Failed to truncate pid file");
goto fail;
}
goto fail;
}
+ /* keep pidfile open & locked forever */
return true;
fail:
unlink(pidfile);
+ close(pidfd);
return false;
}
#else /* _WIN32 */
* in a frozen state at start up, do it now
*/
if (s->deferred_options.log_filepath) {
- s->log_file = fopen(s->deferred_options.log_filepath, "a");
+ s->log_file = ga_open_logfile(s->deferred_options.log_filepath);
if (!s->log_file) {
s->log_file = stderr;
}
}
}
+#ifdef CONFIG_FSFREEZE
+const char *ga_fsfreeze_hook(GAState *s)
+{
+ return s->fsfreeze_hook;
+}
+#endif
+
static void become_daemon(const char *pidfile)
{
#ifndef _WIN32
}
}
- umask(0);
+ umask(S_IRWXG | S_IRWXO);
sid = setsid();
if (sid < 0) {
goto fail;
if (!s->virtio) {
return false;
}
+ /* fall through */
case G_IO_STATUS_AGAIN:
/* virtio causes us to spin here when no process is attached to
* host-side chardev. sleep a bit to mitigate this
}
#endif
+static void set_persistent_state_defaults(GAPersistentState *pstate)
+{
+ g_assert(pstate);
+ pstate->fd_counter = QGA_PSTATE_DEFAULT_FD_COUNTER;
+}
+
+static void persistent_state_from_keyfile(GAPersistentState *pstate,
+ GKeyFile *keyfile)
+{
+ g_assert(pstate);
+ g_assert(keyfile);
+ /* if any fields are missing, either because the file was tampered with
+ * by agents of chaos, or because the field wasn't present at the time the
+ * file was created, the best we can ever do is start over with the default
+ * values. so load them now, and ignore any errors in accessing key-value
+ * pairs
+ */
+ set_persistent_state_defaults(pstate);
+
+ if (g_key_file_has_key(keyfile, "global", "fd_counter", NULL)) {
+ pstate->fd_counter =
+ g_key_file_get_integer(keyfile, "global", "fd_counter", NULL);
+ }
+}
+
+static void persistent_state_to_keyfile(const GAPersistentState *pstate,
+ GKeyFile *keyfile)
+{
+ g_assert(pstate);
+ g_assert(keyfile);
+
+ g_key_file_set_integer(keyfile, "global", "fd_counter", pstate->fd_counter);
+}
+
+static gboolean write_persistent_state(const GAPersistentState *pstate,
+ const gchar *path)
+{
+ GKeyFile *keyfile = g_key_file_new();
+ GError *gerr = NULL;
+ gboolean ret = true;
+ gchar *data = NULL;
+ gsize data_len;
+
+ g_assert(pstate);
+
+ persistent_state_to_keyfile(pstate, keyfile);
+ data = g_key_file_to_data(keyfile, &data_len, &gerr);
+ if (gerr) {
+ g_critical("failed to convert persistent state to string: %s",
+ gerr->message);
+ ret = false;
+ goto out;
+ }
+
+ g_file_set_contents(path, data, data_len, &gerr);
+ if (gerr) {
+ g_critical("failed to write persistent state to %s: %s",
+ path, gerr->message);
+ ret = false;
+ goto out;
+ }
+
+out:
+ if (gerr) {
+ g_error_free(gerr);
+ }
+ if (keyfile) {
+ g_key_file_free(keyfile);
+ }
+ g_free(data);
+ return ret;
+}
+
+static gboolean read_persistent_state(GAPersistentState *pstate,
+ const gchar *path, gboolean frozen)
+{
+ GKeyFile *keyfile = NULL;
+ GError *gerr = NULL;
+ struct stat st;
+ gboolean ret = true;
+
+ g_assert(pstate);
+
+ if (stat(path, &st) == -1) {
+ /* it's okay if state file doesn't exist, but any other error
+ * indicates a permissions issue or some other misconfiguration
+ * that we likely won't be able to recover from.
+ */
+ if (errno != ENOENT) {
+ g_critical("unable to access state file at path %s: %s",
+ path, strerror(errno));
+ ret = false;
+ goto out;
+ }
+
+ /* file doesn't exist. initialize state to default values and
+ * attempt to save now. (we could wait till later when we have
+ * modified state we need to commit, but if there's a problem,
+ * such as a missing parent directory, we want to catch it now)
+ *
+ * there is a potential scenario where someone either managed to
+ * update the agent from a version that didn't use a key store
+ * while qemu-ga thought the filesystem was frozen, or
+ * deleted the key store prior to issuing a fsfreeze, prior
+ * to restarting the agent. in this case we go ahead and defer
+ * initial creation till we actually have modified state to
+ * write, otherwise fail to recover from freeze.
+ */
+ set_persistent_state_defaults(pstate);
+ if (!frozen) {
+ ret = write_persistent_state(pstate, path);
+ if (!ret) {
+ g_critical("unable to create state file at path %s", path);
+ ret = false;
+ goto out;
+ }
+ }
+ ret = true;
+ goto out;
+ }
+
+ keyfile = g_key_file_new();
+ g_key_file_load_from_file(keyfile, path, 0, &gerr);
+ if (gerr) {
+ g_critical("error loading persistent state from path: %s, %s",
+ path, gerr->message);
+ ret = false;
+ goto out;
+ }
+
+ persistent_state_from_keyfile(pstate, keyfile);
+
+out:
+ if (keyfile) {
+ g_key_file_free(keyfile);
+ }
+ if (gerr) {
+ g_error_free(gerr);
+ }
+
+ return ret;
+}
+
+int64_t ga_get_fd_handle(GAState *s, Error **errp)
+{
+ int64_t handle;
+
+ g_assert(s->pstate_filepath);
+ /* we blacklist commands and avoid operations that potentially require
+ * writing to disk when we're in a frozen state. this includes opening
+ * new files, so we should never get here in that situation
+ */
+ g_assert(!ga_is_frozen(s));
+
+ handle = s->pstate.fd_counter++;
+
+ /* This should never happen on a reasonable timeframe, as guest-file-open
+ * would have to be issued 2^63 times */
+ if (s->pstate.fd_counter == INT64_MAX) {
+ abort();
+ }
+
+ if (!write_persistent_state(&s->pstate, s->pstate_filepath)) {
+ error_setg(errp, "failed to commit persistent state to disk");
+ }
+
+ return handle;
+}
+
int main(int argc, char **argv)
{
- const char *sopt = "hVvdm:p:l:f:b:s:t:";
+ const char *sopt = "hVvdm:p:l:f:F::b:s:t:";
const char *method = NULL, *path = NULL;
const char *log_filepath = NULL;
- const char *pid_filepath = QGA_PIDFILE_DEFAULT;
- const char *state_dir = QGA_STATEDIR_DEFAULT;
+ const char *pid_filepath;
+#ifdef CONFIG_FSFREEZE
+ const char *fsfreeze_hook = NULL;
+#endif
+ const char *state_dir;
#ifdef _WIN32
const char *service = NULL;
#endif
{ "version", 0, NULL, 'V' },
{ "logfile", 1, NULL, 'l' },
{ "pidfile", 1, NULL, 'f' },
+#ifdef CONFIG_FSFREEZE
+ { "fsfreeze-hook", 2, NULL, 'F' },
+#endif
{ "verbose", 0, NULL, 'v' },
{ "method", 1, NULL, 'm' },
{ "path", 1, NULL, 'p' },
module_call_init(MODULE_INIT_QAPI);
+ init_dfl_pathnames();
+ pid_filepath = dfl_pathnames.pidfile;
+ state_dir = dfl_pathnames.state_dir;
+
while ((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) {
switch (ch) {
case 'm':
case 'f':
pid_filepath = optarg;
break;
+#ifdef CONFIG_FSFREEZE
+ case 'F':
+ fsfreeze_hook = optarg ? optarg : QGA_FSFREEZE_HOOK_DEFAULT;
+ break;
+#endif
case 't':
state_dir = optarg;
break;
case 's':
service = optarg;
if (strcmp(service, "install") == 0) {
- return ga_install_service(path, log_filepath);
+ const char *fixed_state_dir;
+
+ /* If the user passed the "-t" option, we save that state dir
+ * in the service. Otherwise we let the service fetch the state
+ * dir from the environment when it starts.
+ */
+ fixed_state_dir = (state_dir == dfl_pathnames.state_dir) ?
+ NULL :
+ state_dir;
+ if (ga_install_vss_provider()) {
+ return EXIT_FAILURE;
+ }
+ if (ga_install_service(path, log_filepath, fixed_state_dir)) {
+ return EXIT_FAILURE;
+ }
+ return 0;
} else if (strcmp(service, "uninstall") == 0) {
+ ga_uninstall_vss_provider();
return ga_uninstall_service();
} else {
printf("Unknown service command.\n");
}
}
+#ifdef _WIN32
+ /* On win32 the state directory is application specific (be it the default
+ * or a user override). We got past the command line parsing; let's create
+ * the directory (with any intermediate directories). If we run into an
+ * error later on, we won't try to clean up the directory, it is considered
+ * persistent.
+ */
+ if (g_mkdir_with_parents(state_dir, S_IRWXU) == -1) {
+ g_critical("unable to create (an ancestor of) the state directory"
+ " '%s': %s", state_dir, strerror(errno));
+ return EXIT_FAILURE;
+ }
+#endif
+
s = g_malloc0(sizeof(GAState));
s->log_level = log_level;
s->log_file = stderr;
+#ifdef CONFIG_FSFREEZE
+ s->fsfreeze_hook = fsfreeze_hook;
+#endif
g_log_set_default_handler(ga_log, s);
g_log_set_fatal_mask(NULL, G_LOG_LEVEL_ERROR);
ga_enable_logging(s);
s->state_filepath_isfrozen = g_strdup_printf("%s/qga.state.isfrozen",
state_dir);
+ s->pstate_filepath = g_strdup_printf("%s/qga.state", state_dir);
s->frozen = false;
+
#ifndef _WIN32
/* check if a previous instance of qemu-ga exited with filesystems' state
* marked as frozen. this could be a stale value (a non-qemu-ga process
become_daemon(pid_filepath);
}
if (log_filepath) {
- FILE *log_file = fopen(log_filepath, "a");
+ FILE *log_file = ga_open_logfile(log_filepath);
if (!log_file) {
g_critical("unable to open specified log file: %s",
strerror(errno));
}
}
+ /* load persistent state from disk */
+ if (!read_persistent_state(&s->pstate,
+ s->pstate_filepath,
+ ga_is_frozen(s))) {
+ g_critical("failed to load persistent state");
+ goto out_bad;
+ }
+
if (blacklist) {
s->blacklist = blacklist;
do {
projects / qemu.git / blobdiff