1 /* 2 * QEMU Guest Agent 3 * 4 * Copyright IBM Corp. 2011 5 * 6 * Authors: 7 * Adam Litke <aglitke@linux.vnet.ibm.com> 8 * Michael Roth <mdroth@linux.vnet.ibm.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 #include "qemu/osdep.h" 14 #include <glib.h> 15 #include <getopt.h> 16 #include <glib/gstdio.h> 17 #ifndef _WIN32 18 #include <syslog.h> 19 #include <sys/wait.h> 20 #endif 21 #include "qapi/qmp/json-streamer.h" 22 #include "qapi/qmp/json-parser.h" 23 #include "qapi/qmp/qint.h" 24 #include "qapi/qmp/qjson.h" 25 #include "qga/guest-agent-core.h" 26 #include "qemu/module.h" 27 #include "qapi/qmp/qerror.h" 28 #include "qapi/qmp/dispatch.h" 29 #include "qga/channel.h" 30 #include "qemu/bswap.h" 31 #include "qemu/help_option.h" 32 #ifdef _WIN32 33 #include "qga/service-win32.h" 34 #include "qga/vss-win32.h" 35 #endif 36 #ifdef __linux__ 37 #include <linux/fs.h> 38 #ifdef FIFREEZE 39 #define CONFIG_FSFREEZE 40 #endif 41 #endif 42 43 #ifndef _WIN32 44 #define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0" 45 #define QGA_STATE_RELATIVE_DIR "run" 46 #define QGA_SERIAL_PATH_DEFAULT "/dev/ttyS0" 47 #else 48 #define QGA_VIRTIO_PATH_DEFAULT "\\\\.\\Global\\org.qemu.guest_agent.0" 49 #define QGA_STATE_RELATIVE_DIR "qemu-ga" 50 #define QGA_SERIAL_PATH_DEFAULT "COM1" 51 #endif 52 #ifdef CONFIG_FSFREEZE 53 #define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR "/fsfreeze-hook" 54 #endif 55 #define QGA_SENTINEL_BYTE 0xFF 56 #define QGA_CONF_DEFAULT CONFIG_QEMU_CONFDIR G_DIR_SEPARATOR_S "qemu-ga.conf" 57 58 static struct { 59 const char *state_dir; 60 const char *pidfile; 61 } dfl_pathnames; 62 63 typedef struct GAPersistentState { 64 #define QGA_PSTATE_DEFAULT_FD_COUNTER 1000 65 int64_t fd_counter; 66 } GAPersistentState; 67 68 struct GAState { 69 JSONMessageParser parser; 70 GMainLoop *main_loop; 71 GAChannel *channel; 72 bool virtio; /* fastpath to check for virtio to deal with poll() quirks */ 73 GACommandState *command_state; 74 GLogLevelFlags log_level; 75 FILE *log_file; 76 bool logging_enabled; 77 #ifdef _WIN32 78 GAService service; 79 #endif 80 bool delimit_response; 81 bool frozen; 82 GList *blacklist; 83 char *state_filepath_isfrozen; 84 struct { 85 const char *log_filepath; 86 const char *pid_filepath; 87 } deferred_options; 88 #ifdef CONFIG_FSFREEZE 89 const char *fsfreeze_hook; 90 #endif 91 gchar *pstate_filepath; 92 GAPersistentState pstate; 93 }; 94 95 struct GAState *ga_state; 96 97 /* commands that are safe to issue while filesystems are frozen */ 98 static const char *ga_freeze_whitelist[] = { 99 "guest-ping", 100 "guest-info", 101 "guest-sync", 102 "guest-sync-delimited", 103 "guest-fsfreeze-status", 104 "guest-fsfreeze-thaw", 105 NULL 106 }; 107 108 #ifdef _WIN32 109 DWORD WINAPI service_ctrl_handler(DWORD ctrl, DWORD type, LPVOID data, 110 LPVOID ctx); 111 VOID WINAPI service_main(DWORD argc, TCHAR *argv[]); 112 #endif 113 114 static void 115 init_dfl_pathnames(void) 116 { 117 g_assert(dfl_pathnames.state_dir == NULL); 118 g_assert(dfl_pathnames.pidfile == NULL); 119 dfl_pathnames.state_dir = qemu_get_local_state_pathname( 120 QGA_STATE_RELATIVE_DIR); 121 dfl_pathnames.pidfile = qemu_get_local_state_pathname( 122 QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S "qemu-ga.pid"); 123 } 124 125 static void quit_handler(int sig) 126 { 127 /* if we're frozen, don't exit unless we're absolutely forced to, 128 * because it's basically impossible for graceful exit to complete 129 * unless all log/pid files are on unfreezable filesystems. there's 130 * also a very likely chance killing the agent before unfreezing 131 * the filesystems is a mistake (or will be viewed as one later). 132 */ 133 if (ga_is_frozen(ga_state)) { 134 return; 135 } 136 g_debug("received signal num %d, quitting", sig); 137 138 if (g_main_loop_is_running(ga_state->main_loop)) { 139 g_main_loop_quit(ga_state->main_loop); 140 } 141 } 142 143 #ifndef _WIN32 144 static gboolean register_signal_handlers(void) 145 { 146 struct sigaction sigact; 147 int ret; 148 149 memset(&sigact, 0, sizeof(struct sigaction)); 150 sigact.sa_handler = quit_handler; 151 152 ret = sigaction(SIGINT, &sigact, NULL); 153 if (ret == -1) { 154 g_error("error configuring signal handler: %s", strerror(errno)); 155 } 156 ret = sigaction(SIGTERM, &sigact, NULL); 157 if (ret == -1) { 158 g_error("error configuring signal handler: %s", strerror(errno)); 159 } 160 161 sigact.sa_handler = SIG_IGN; 162 if (sigaction(SIGPIPE, &sigact, NULL) != 0) { 163 g_error("error configuring SIGPIPE signal handler: %s", 164 strerror(errno)); 165 } 166 167 return true; 168 } 169 170 /* TODO: use this in place of all post-fork() fclose(std*) callers */ 171 void reopen_fd_to_null(int fd) 172 { 173 int nullfd; 174 175 nullfd = open("/dev/null", O_RDWR); 176 if (nullfd < 0) { 177 return; 178 } 179 180 dup2(nullfd, fd); 181 182 if (nullfd != fd) { 183 close(nullfd); 184 } 185 } 186 #endif 187 188 static void usage(const char *cmd) 189 { 190 printf( 191 "Usage: %s [-m <method> -p <path>] [<options>]\n" 192 "QEMU Guest Agent %s\n" 193 "\n" 194 " -m, --method transport method: one of unix-listen, virtio-serial, or\n" 195 " isa-serial (virtio-serial is the default)\n" 196 " -p, --path device/socket path (the default for virtio-serial is:\n" 197 " %s,\n" 198 " the default for isa-serial is:\n" 199 " %s)\n" 200 " -l, --logfile set logfile path, logs to stderr by default\n" 201 " -f, --pidfile specify pidfile (default is %s)\n" 202 #ifdef CONFIG_FSFREEZE 203 " -F, --fsfreeze-hook\n" 204 " enable fsfreeze hook. Accepts an optional argument that\n" 205 " specifies script to run on freeze/thaw. Script will be\n" 206 " called with 'freeze'/'thaw' arguments accordingly.\n" 207 " (default is %s)\n" 208 " If using -F with an argument, do not follow -F with a\n" 209 " space.\n" 210 " (for example: -F/var/run/fsfreezehook.sh)\n" 211 #endif 212 " -t, --statedir specify dir to store state information (absolute paths\n" 213 " only, default is %s)\n" 214 " -v, --verbose log extra debugging information\n" 215 " -V, --version print version information and exit\n" 216 " -d, --daemonize become a daemon\n" 217 #ifdef _WIN32 218 " -s, --service service commands: install, uninstall, vss-install, vss-uninstall\n" 219 #endif 220 " -b, --blacklist comma-separated list of RPCs to disable (no spaces, \"?\"\n" 221 " to list available RPCs)\n" 222 " -D, --dump-conf dump a qemu-ga config file based on current config\n" 223 " options / command-line parameters to stdout\n" 224 " -h, --help display this help and exit\n" 225 "\n" 226 "Report bugs to <mdroth@linux.vnet.ibm.com>\n" 227 , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_SERIAL_PATH_DEFAULT, 228 dfl_pathnames.pidfile, 229 #ifdef CONFIG_FSFREEZE 230 QGA_FSFREEZE_HOOK_DEFAULT, 231 #endif 232 dfl_pathnames.state_dir); 233 } 234 235 static const char *ga_log_level_str(GLogLevelFlags level) 236 { 237 switch (level & G_LOG_LEVEL_MASK) { 238 case G_LOG_LEVEL_ERROR: 239 return "error"; 240 case G_LOG_LEVEL_CRITICAL: 241 return "critical"; 242 case G_LOG_LEVEL_WARNING: 243 return "warning"; 244 case G_LOG_LEVEL_MESSAGE: 245 return "message"; 246 case G_LOG_LEVEL_INFO: 247 return "info"; 248 case G_LOG_LEVEL_DEBUG: 249 return "debug"; 250 default: 251 return "user"; 252 } 253 } 254 255 bool ga_logging_enabled(GAState *s) 256 { 257 return s->logging_enabled; 258 } 259 260 void ga_disable_logging(GAState *s) 261 { 262 s->logging_enabled = false; 263 } 264 265 void ga_enable_logging(GAState *s) 266 { 267 s->logging_enabled = true; 268 } 269 270 static void ga_log(const gchar *domain, GLogLevelFlags level, 271 const gchar *msg, gpointer opaque) 272 { 273 GAState *s = opaque; 274 GTimeVal time; 275 const char *level_str = ga_log_level_str(level); 276 277 if (!ga_logging_enabled(s)) { 278 return; 279 } 280 281 level &= G_LOG_LEVEL_MASK; 282 #ifndef _WIN32 283 if (g_strcmp0(domain, "syslog") == 0) { 284 syslog(LOG_INFO, "%s: %s", level_str, msg); 285 } else if (level & s->log_level) { 286 #else 287 if (level & s->log_level) { 288 #endif 289 g_get_current_time(&time); 290 fprintf(s->log_file, 291 "%lu.%lu: %s: %s\n", time.tv_sec, time.tv_usec, level_str, msg); 292 fflush(s->log_file); 293 } 294 } 295 296 void ga_set_response_delimited(GAState *s) 297 { 298 s->delimit_response = true; 299 } 300 301 static FILE *ga_open_logfile(const char *logfile) 302 { 303 FILE *f; 304 305 f = fopen(logfile, "a"); 306 if (!f) { 307 return NULL; 308 } 309 310 qemu_set_cloexec(fileno(f)); 311 return f; 312 } 313 314 #ifndef _WIN32 315 static bool ga_open_pidfile(const char *pidfile) 316 { 317 int pidfd; 318 char pidstr[32]; 319 320 pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR); 321 if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) { 322 g_critical("Cannot lock pid file, %s", strerror(errno)); 323 if (pidfd != -1) { 324 close(pidfd); 325 } 326 return false; 327 } 328 329 if (ftruncate(pidfd, 0)) { 330 g_critical("Failed to truncate pid file"); 331 goto fail; 332 } 333 snprintf(pidstr, sizeof(pidstr), "%d\n", getpid()); 334 if (write(pidfd, pidstr, strlen(pidstr)) != strlen(pidstr)) { 335 g_critical("Failed to write pid file"); 336 goto fail; 337 } 338 339 /* keep pidfile open & locked forever */ 340 return true; 341 342 fail: 343 unlink(pidfile); 344 close(pidfd); 345 return false; 346 } 347 #else /* _WIN32 */ 348 static bool ga_open_pidfile(const char *pidfile) 349 { 350 return true; 351 } 352 #endif 353 354 static gint ga_strcmp(gconstpointer str1, gconstpointer str2) 355 { 356 return strcmp(str1, str2); 357 } 358 359 /* disable commands that aren't safe for fsfreeze */ 360 static void ga_disable_non_whitelisted(QmpCommand *cmd, void *opaque) 361 { 362 bool whitelisted = false; 363 int i = 0; 364 const char *name = qmp_command_name(cmd); 365 366 while (ga_freeze_whitelist[i] != NULL) { 367 if (strcmp(name, ga_freeze_whitelist[i]) == 0) { 368 whitelisted = true; 369 } 370 i++; 371 } 372 if (!whitelisted) { 373 g_debug("disabling command: %s", name); 374 qmp_disable_command(name); 375 } 376 } 377 378 /* [re-]enable all commands, except those explicitly blacklisted by user */ 379 static void ga_enable_non_blacklisted(QmpCommand *cmd, void *opaque) 380 { 381 GList *blacklist = opaque; 382 const char *name = qmp_command_name(cmd); 383 384 if (g_list_find_custom(blacklist, name, ga_strcmp) == NULL && 385 !qmp_command_is_enabled(cmd)) { 386 g_debug("enabling command: %s", name); 387 qmp_enable_command(name); 388 } 389 } 390 391 static bool ga_create_file(const char *path) 392 { 393 int fd = open(path, O_CREAT | O_WRONLY, S_IWUSR | S_IRUSR); 394 if (fd == -1) { 395 g_warning("unable to open/create file %s: %s", path, strerror(errno)); 396 return false; 397 } 398 close(fd); 399 return true; 400 } 401 402 static bool ga_delete_file(const char *path) 403 { 404 int ret = unlink(path); 405 if (ret == -1) { 406 g_warning("unable to delete file: %s: %s", path, strerror(errno)); 407 return false; 408 } 409 410 return true; 411 } 412 413 bool ga_is_frozen(GAState *s) 414 { 415 return s->frozen; 416 } 417 418 void ga_set_frozen(GAState *s) 419 { 420 if (ga_is_frozen(s)) { 421 return; 422 } 423 /* disable all non-whitelisted (for frozen state) commands */ 424 qmp_for_each_command(ga_disable_non_whitelisted, NULL); 425 g_warning("disabling logging due to filesystem freeze"); 426 ga_disable_logging(s); 427 s->frozen = true; 428 if (!ga_create_file(s->state_filepath_isfrozen)) { 429 g_warning("unable to create %s, fsfreeze may not function properly", 430 s->state_filepath_isfrozen); 431 } 432 } 433 434 void ga_unset_frozen(GAState *s) 435 { 436 if (!ga_is_frozen(s)) { 437 return; 438 } 439 440 /* if we delayed creation/opening of pid/log files due to being 441 * in a frozen state at start up, do it now 442 */ 443 if (s->deferred_options.log_filepath) { 444 s->log_file = ga_open_logfile(s->deferred_options.log_filepath); 445 if (!s->log_file) { 446 s->log_file = stderr; 447 } 448 s->deferred_options.log_filepath = NULL; 449 } 450 ga_enable_logging(s); 451 g_warning("logging re-enabled due to filesystem unfreeze"); 452 if (s->deferred_options.pid_filepath) { 453 if (!ga_open_pidfile(s->deferred_options.pid_filepath)) { 454 g_warning("failed to create/open pid file"); 455 } 456 s->deferred_options.pid_filepath = NULL; 457 } 458 459 /* enable all disabled, non-blacklisted commands */ 460 qmp_for_each_command(ga_enable_non_blacklisted, s->blacklist); 461 s->frozen = false; 462 if (!ga_delete_file(s->state_filepath_isfrozen)) { 463 g_warning("unable to delete %s, fsfreeze may not function properly", 464 s->state_filepath_isfrozen); 465 } 466 } 467 468 #ifdef CONFIG_FSFREEZE 469 const char *ga_fsfreeze_hook(GAState *s) 470 { 471 return s->fsfreeze_hook; 472 } 473 #endif 474 475 static void become_daemon(const char *pidfile) 476 { 477 #ifndef _WIN32 478 pid_t pid, sid; 479 480 pid = fork(); 481 if (pid < 0) { 482 exit(EXIT_FAILURE); 483 } 484 if (pid > 0) { 485 exit(EXIT_SUCCESS); 486 } 487 488 if (pidfile) { 489 if (!ga_open_pidfile(pidfile)) { 490 g_critical("failed to create pidfile"); 491 exit(EXIT_FAILURE); 492 } 493 } 494 495 umask(S_IRWXG | S_IRWXO); 496 sid = setsid(); 497 if (sid < 0) { 498 goto fail; 499 } 500 if ((chdir("/")) < 0) { 501 goto fail; 502 } 503 504 reopen_fd_to_null(STDIN_FILENO); 505 reopen_fd_to_null(STDOUT_FILENO); 506 reopen_fd_to_null(STDERR_FILENO); 507 return; 508 509 fail: 510 if (pidfile) { 511 unlink(pidfile); 512 } 513 g_critical("failed to daemonize"); 514 exit(EXIT_FAILURE); 515 #endif 516 } 517 518 static int send_response(GAState *s, QObject *payload) 519 { 520 const char *buf; 521 QString *payload_qstr, *response_qstr; 522 GIOStatus status; 523 524 g_assert(payload && s->channel); 525 526 payload_qstr = qobject_to_json(payload); 527 if (!payload_qstr) { 528 return -EINVAL; 529 } 530 531 if (s->delimit_response) { 532 s->delimit_response = false; 533 response_qstr = qstring_new(); 534 qstring_append_chr(response_qstr, QGA_SENTINEL_BYTE); 535 qstring_append(response_qstr, qstring_get_str(payload_qstr)); 536 QDECREF(payload_qstr); 537 } else { 538 response_qstr = payload_qstr; 539 } 540 541 qstring_append_chr(response_qstr, '\n'); 542 buf = qstring_get_str(response_qstr); 543 status = ga_channel_write_all(s->channel, buf, strlen(buf)); 544 QDECREF(response_qstr); 545 if (status != G_IO_STATUS_NORMAL) { 546 return -EIO; 547 } 548 549 return 0; 550 } 551 552 static void process_command(GAState *s, QDict *req) 553 { 554 QObject *rsp = NULL; 555 int ret; 556 557 g_assert(req); 558 g_debug("processing command"); 559 rsp = qmp_dispatch(QOBJECT(req)); 560 if (rsp) { 561 ret = send_response(s, rsp); 562 if (ret) { 563 g_warning("error sending response: %s", strerror(ret)); 564 } 565 qobject_decref(rsp); 566 } 567 } 568 569 /* handle requests/control events coming in over the channel */ 570 static void process_event(JSONMessageParser *parser, GQueue *tokens) 571 { 572 GAState *s = container_of(parser, GAState, parser); 573 QDict *qdict; 574 Error *err = NULL; 575 int ret; 576 577 g_assert(s && parser); 578 579 g_debug("process_event: called"); 580 qdict = qobject_to_qdict(json_parser_parse_err(tokens, NULL, &err)); 581 if (err || !qdict) { 582 QDECREF(qdict); 583 qdict = qdict_new(); 584 if (!err) { 585 g_warning("failed to parse event: unknown error"); 586 error_setg(&err, QERR_JSON_PARSING); 587 } else { 588 g_warning("failed to parse event: %s", error_get_pretty(err)); 589 } 590 qdict_put_obj(qdict, "error", qmp_build_error_object(err)); 591 error_free(err); 592 } 593 594 /* handle host->guest commands */ 595 if (qdict_haskey(qdict, "execute")) { 596 process_command(s, qdict); 597 } else { 598 if (!qdict_haskey(qdict, "error")) { 599 QDECREF(qdict); 600 qdict = qdict_new(); 601 g_warning("unrecognized payload format"); 602 error_setg(&err, QERR_UNSUPPORTED); 603 qdict_put_obj(qdict, "error", qmp_build_error_object(err)); 604 error_free(err); 605 } 606 ret = send_response(s, QOBJECT(qdict)); 607 if (ret < 0) { 608 g_warning("error sending error response: %s", strerror(-ret)); 609 } 610 } 611 612 QDECREF(qdict); 613 } 614 615 /* false return signals GAChannel to close the current client connection */ 616 static gboolean channel_event_cb(GIOCondition condition, gpointer data) 617 { 618 GAState *s = data; 619 gchar buf[QGA_READ_COUNT_DEFAULT+1]; 620 gsize count; 621 GIOStatus status = ga_channel_read(s->channel, buf, QGA_READ_COUNT_DEFAULT, &count); 622 switch (status) { 623 case G_IO_STATUS_ERROR: 624 g_warning("error reading channel"); 625 return false; 626 case G_IO_STATUS_NORMAL: 627 buf[count] = 0; 628 g_debug("read data, count: %d, data: %s", (int)count, buf); 629 json_message_parser_feed(&s->parser, (char *)buf, (int)count); 630 break; 631 case G_IO_STATUS_EOF: 632 g_debug("received EOF"); 633 if (!s->virtio) { 634 return false; 635 } 636 /* fall through */ 637 case G_IO_STATUS_AGAIN: 638 /* virtio causes us to spin here when no process is attached to 639 * host-side chardev. sleep a bit to mitigate this 640 */ 641 if (s->virtio) { 642 usleep(100*1000); 643 } 644 return true; 645 default: 646 g_warning("unknown channel read status, closing"); 647 return false; 648 } 649 return true; 650 } 651 652 static gboolean channel_init(GAState *s, const gchar *method, const gchar *path) 653 { 654 GAChannelMethod channel_method; 655 656 if (strcmp(method, "virtio-serial") == 0) { 657 s->virtio = true; /* virtio requires special handling in some cases */ 658 channel_method = GA_CHANNEL_VIRTIO_SERIAL; 659 } else if (strcmp(method, "isa-serial") == 0) { 660 channel_method = GA_CHANNEL_ISA_SERIAL; 661 } else if (strcmp(method, "unix-listen") == 0) { 662 channel_method = GA_CHANNEL_UNIX_LISTEN; 663 } else { 664 g_critical("unsupported channel method/type: %s", method); 665 return false; 666 } 667 668 s->channel = ga_channel_new(channel_method, path, channel_event_cb, s); 669 if (!s->channel) { 670 g_critical("failed to create guest agent channel"); 671 return false; 672 } 673 674 return true; 675 } 676 677 #ifdef _WIN32 678 DWORD WINAPI service_ctrl_handler(DWORD ctrl, DWORD type, LPVOID data, 679 LPVOID ctx) 680 { 681 DWORD ret = NO_ERROR; 682 GAService *service = &ga_state->service; 683 684 switch (ctrl) 685 { 686 case SERVICE_CONTROL_STOP: 687 case SERVICE_CONTROL_SHUTDOWN: 688 quit_handler(SIGTERM); 689 service->status.dwCurrentState = SERVICE_STOP_PENDING; 690 SetServiceStatus(service->status_handle, &service->status); 691 break; 692 693 default: 694 ret = ERROR_CALL_NOT_IMPLEMENTED; 695 } 696 return ret; 697 } 698 699 VOID WINAPI service_main(DWORD argc, TCHAR *argv[]) 700 { 701 GAService *service = &ga_state->service; 702 703 service->status_handle = RegisterServiceCtrlHandlerEx(QGA_SERVICE_NAME, 704 service_ctrl_handler, NULL); 705 706 if (service->status_handle == 0) { 707 g_critical("Failed to register extended requests function!\n"); 708 return; 709 } 710 711 service->status.dwServiceType = SERVICE_WIN32; 712 service->status.dwCurrentState = SERVICE_RUNNING; 713 service->status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; 714 service->status.dwWin32ExitCode = NO_ERROR; 715 service->status.dwServiceSpecificExitCode = NO_ERROR; 716 service->status.dwCheckPoint = 0; 717 service->status.dwWaitHint = 0; 718 SetServiceStatus(service->status_handle, &service->status); 719 720 g_main_loop_run(ga_state->main_loop); 721 722 service->status.dwCurrentState = SERVICE_STOPPED; 723 SetServiceStatus(service->status_handle, &service->status); 724 } 725 #endif 726 727 static void set_persistent_state_defaults(GAPersistentState *pstate) 728 { 729 g_assert(pstate); 730 pstate->fd_counter = QGA_PSTATE_DEFAULT_FD_COUNTER; 731 } 732 733 static void persistent_state_from_keyfile(GAPersistentState *pstate, 734 GKeyFile *keyfile) 735 { 736 g_assert(pstate); 737 g_assert(keyfile); 738 /* if any fields are missing, either because the file was tampered with 739 * by agents of chaos, or because the field wasn't present at the time the 740 * file was created, the best we can ever do is start over with the default 741 * values. so load them now, and ignore any errors in accessing key-value 742 * pairs 743 */ 744 set_persistent_state_defaults(pstate); 745 746 if (g_key_file_has_key(keyfile, "global", "fd_counter", NULL)) { 747 pstate->fd_counter = 748 g_key_file_get_integer(keyfile, "global", "fd_counter", NULL); 749 } 750 } 751 752 static void persistent_state_to_keyfile(const GAPersistentState *pstate, 753 GKeyFile *keyfile) 754 { 755 g_assert(pstate); 756 g_assert(keyfile); 757 758 g_key_file_set_integer(keyfile, "global", "fd_counter", pstate->fd_counter); 759 } 760 761 static gboolean write_persistent_state(const GAPersistentState *pstate, 762 const gchar *path) 763 { 764 GKeyFile *keyfile = g_key_file_new(); 765 GError *gerr = NULL; 766 gboolean ret = true; 767 gchar *data = NULL; 768 gsize data_len; 769 770 g_assert(pstate); 771 772 persistent_state_to_keyfile(pstate, keyfile); 773 data = g_key_file_to_data(keyfile, &data_len, &gerr); 774 if (gerr) { 775 g_critical("failed to convert persistent state to string: %s", 776 gerr->message); 777 ret = false; 778 goto out; 779 } 780 781 g_file_set_contents(path, data, data_len, &gerr); 782 if (gerr) { 783 g_critical("failed to write persistent state to %s: %s", 784 path, gerr->message); 785 ret = false; 786 goto out; 787 } 788 789 out: 790 if (gerr) { 791 g_error_free(gerr); 792 } 793 if (keyfile) { 794 g_key_file_free(keyfile); 795 } 796 g_free(data); 797 return ret; 798 } 799 800 static gboolean read_persistent_state(GAPersistentState *pstate, 801 const gchar *path, gboolean frozen) 802 { 803 GKeyFile *keyfile = NULL; 804 GError *gerr = NULL; 805 struct stat st; 806 gboolean ret = true; 807 808 g_assert(pstate); 809 810 if (stat(path, &st) == -1) { 811 /* it's okay if state file doesn't exist, but any other error 812 * indicates a permissions issue or some other misconfiguration 813 * that we likely won't be able to recover from. 814 */ 815 if (errno != ENOENT) { 816 g_critical("unable to access state file at path %s: %s", 817 path, strerror(errno)); 818 ret = false; 819 goto out; 820 } 821 822 /* file doesn't exist. initialize state to default values and 823 * attempt to save now. (we could wait till later when we have 824 * modified state we need to commit, but if there's a problem, 825 * such as a missing parent directory, we want to catch it now) 826 * 827 * there is a potential scenario where someone either managed to 828 * update the agent from a version that didn't use a key store 829 * while qemu-ga thought the filesystem was frozen, or 830 * deleted the key store prior to issuing a fsfreeze, prior 831 * to restarting the agent. in this case we go ahead and defer 832 * initial creation till we actually have modified state to 833 * write, otherwise fail to recover from freeze. 834 */ 835 set_persistent_state_defaults(pstate); 836 if (!frozen) { 837 ret = write_persistent_state(pstate, path); 838 if (!ret) { 839 g_critical("unable to create state file at path %s", path); 840 ret = false; 841 goto out; 842 } 843 } 844 ret = true; 845 goto out; 846 } 847 848 keyfile = g_key_file_new(); 849 g_key_file_load_from_file(keyfile, path, 0, &gerr); 850 if (gerr) { 851 g_critical("error loading persistent state from path: %s, %s", 852 path, gerr->message); 853 ret = false; 854 goto out; 855 } 856 857 persistent_state_from_keyfile(pstate, keyfile); 858 859 out: 860 if (keyfile) { 861 g_key_file_free(keyfile); 862 } 863 if (gerr) { 864 g_error_free(gerr); 865 } 866 867 return ret; 868 } 869 870 int64_t ga_get_fd_handle(GAState *s, Error **errp) 871 { 872 int64_t handle; 873 874 g_assert(s->pstate_filepath); 875 /* we blacklist commands and avoid operations that potentially require 876 * writing to disk when we're in a frozen state. this includes opening 877 * new files, so we should never get here in that situation 878 */ 879 g_assert(!ga_is_frozen(s)); 880 881 handle = s->pstate.fd_counter++; 882 883 /* This should never happen on a reasonable timeframe, as guest-file-open 884 * would have to be issued 2^63 times */ 885 if (s->pstate.fd_counter == INT64_MAX) { 886 abort(); 887 } 888 889 if (!write_persistent_state(&s->pstate, s->pstate_filepath)) { 890 error_setg(errp, "failed to commit persistent state to disk"); 891 return -1; 892 } 893 894 return handle; 895 } 896 897 static void ga_print_cmd(QmpCommand *cmd, void *opaque) 898 { 899 printf("%s\n", qmp_command_name(cmd)); 900 } 901 902 static GList *split_list(const gchar *str, const gchar *delim) 903 { 904 GList *list = NULL; 905 int i; 906 gchar **strv; 907 908 strv = g_strsplit(str, delim, -1); 909 for (i = 0; strv[i]; i++) { 910 list = g_list_prepend(list, strv[i]); 911 } 912 g_free(strv); 913 914 return list; 915 } 916 917 typedef struct GAConfig { 918 char *channel_path; 919 char *method; 920 char *log_filepath; 921 char *pid_filepath; 922 #ifdef CONFIG_FSFREEZE 923 char *fsfreeze_hook; 924 #endif 925 char *state_dir; 926 #ifdef _WIN32 927 const char *service; 928 #endif 929 gchar *bliststr; /* blacklist may point to this string */ 930 GList *blacklist; 931 int daemonize; 932 GLogLevelFlags log_level; 933 int dumpconf; 934 } GAConfig; 935 936 static void config_load(GAConfig *config) 937 { 938 GError *gerr = NULL; 939 GKeyFile *keyfile; 940 const char *conf = g_getenv("QGA_CONF") ?: QGA_CONF_DEFAULT; 941 942 /* read system config */ 943 keyfile = g_key_file_new(); 944 if (!g_key_file_load_from_file(keyfile, conf, 0, &gerr)) { 945 goto end; 946 } 947 if (g_key_file_has_key(keyfile, "general", "daemon", NULL)) { 948 config->daemonize = 949 g_key_file_get_boolean(keyfile, "general", "daemon", &gerr); 950 } 951 if (g_key_file_has_key(keyfile, "general", "method", NULL)) { 952 config->method = 953 g_key_file_get_string(keyfile, "general", "method", &gerr); 954 } 955 if (g_key_file_has_key(keyfile, "general", "path", NULL)) { 956 config->channel_path = 957 g_key_file_get_string(keyfile, "general", "path", &gerr); 958 } 959 if (g_key_file_has_key(keyfile, "general", "logfile", NULL)) { 960 config->log_filepath = 961 g_key_file_get_string(keyfile, "general", "logfile", &gerr); 962 } 963 if (g_key_file_has_key(keyfile, "general", "pidfile", NULL)) { 964 config->pid_filepath = 965 g_key_file_get_string(keyfile, "general", "pidfile", &gerr); 966 } 967 #ifdef CONFIG_FSFREEZE 968 if (g_key_file_has_key(keyfile, "general", "fsfreeze-hook", NULL)) { 969 config->fsfreeze_hook = 970 g_key_file_get_string(keyfile, 971 "general", "fsfreeze-hook", &gerr); 972 } 973 #endif 974 if (g_key_file_has_key(keyfile, "general", "statedir", NULL)) { 975 config->state_dir = 976 g_key_file_get_string(keyfile, "general", "statedir", &gerr); 977 } 978 if (g_key_file_has_key(keyfile, "general", "verbose", NULL) && 979 g_key_file_get_boolean(keyfile, "general", "verbose", &gerr)) { 980 /* enable all log levels */ 981 config->log_level = G_LOG_LEVEL_MASK; 982 } 983 if (g_key_file_has_key(keyfile, "general", "blacklist", NULL)) { 984 config->bliststr = 985 g_key_file_get_string(keyfile, "general", "blacklist", &gerr); 986 config->blacklist = g_list_concat(config->blacklist, 987 split_list(config->bliststr, ",")); 988 } 989 990 end: 991 g_key_file_free(keyfile); 992 if (gerr && 993 !(gerr->domain == G_FILE_ERROR && gerr->code == G_FILE_ERROR_NOENT)) { 994 g_critical("error loading configuration from path: %s, %s", 995 QGA_CONF_DEFAULT, gerr->message); 996 exit(EXIT_FAILURE); 997 } 998 g_clear_error(&gerr); 999 } 1000 1001 static gchar *list_join(GList *list, const gchar separator) 1002 { 1003 GString *str = g_string_new(""); 1004 1005 while (list) { 1006 str = g_string_append(str, (gchar *)list->data); 1007 list = g_list_next(list); 1008 if (list) { 1009 str = g_string_append_c(str, separator); 1010 } 1011 } 1012 1013 return g_string_free(str, FALSE); 1014 } 1015 1016 static void config_dump(GAConfig *config) 1017 { 1018 GError *error = NULL; 1019 GKeyFile *keyfile; 1020 gchar *tmp; 1021 1022 keyfile = g_key_file_new(); 1023 g_assert(keyfile); 1024 1025 g_key_file_set_boolean(keyfile, "general", "daemon", config->daemonize); 1026 g_key_file_set_string(keyfile, "general", "method", config->method); 1027 g_key_file_set_string(keyfile, "general", "path", config->channel_path); 1028 if (config->log_filepath) { 1029 g_key_file_set_string(keyfile, "general", "logfile", 1030 config->log_filepath); 1031 } 1032 g_key_file_set_string(keyfile, "general", "pidfile", config->pid_filepath); 1033 #ifdef CONFIG_FSFREEZE 1034 if (config->fsfreeze_hook) { 1035 g_key_file_set_string(keyfile, "general", "fsfreeze-hook", 1036 config->fsfreeze_hook); 1037 } 1038 #endif 1039 g_key_file_set_string(keyfile, "general", "statedir", config->state_dir); 1040 g_key_file_set_boolean(keyfile, "general", "verbose", 1041 config->log_level == G_LOG_LEVEL_MASK); 1042 tmp = list_join(config->blacklist, ','); 1043 g_key_file_set_string(keyfile, "general", "blacklist", tmp); 1044 g_free(tmp); 1045 1046 tmp = g_key_file_to_data(keyfile, NULL, &error); 1047 printf("%s", tmp); 1048 1049 g_free(tmp); 1050 g_key_file_free(keyfile); 1051 } 1052 1053 static void config_parse(GAConfig *config, int argc, char **argv) 1054 { 1055 const char *sopt = "hVvdm:p:l:f:F::b:s:t:D"; 1056 int opt_ind = 0, ch; 1057 const struct option lopt[] = { 1058 { "help", 0, NULL, 'h' }, 1059 { "version", 0, NULL, 'V' }, 1060 { "dump-conf", 0, NULL, 'D' }, 1061 { "logfile", 1, NULL, 'l' }, 1062 { "pidfile", 1, NULL, 'f' }, 1063 #ifdef CONFIG_FSFREEZE 1064 { "fsfreeze-hook", 2, NULL, 'F' }, 1065 #endif 1066 { "verbose", 0, NULL, 'v' }, 1067 { "method", 1, NULL, 'm' }, 1068 { "path", 1, NULL, 'p' }, 1069 { "daemonize", 0, NULL, 'd' }, 1070 { "blacklist", 1, NULL, 'b' }, 1071 #ifdef _WIN32 1072 { "service", 1, NULL, 's' }, 1073 #endif 1074 { "statedir", 1, NULL, 't' }, 1075 { NULL, 0, NULL, 0 } 1076 }; 1077 1078 while ((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) { 1079 switch (ch) { 1080 case 'm': 1081 g_free(config->method); 1082 config->method = g_strdup(optarg); 1083 break; 1084 case 'p': 1085 g_free(config->channel_path); 1086 config->channel_path = g_strdup(optarg); 1087 break; 1088 case 'l': 1089 g_free(config->log_filepath); 1090 config->log_filepath = g_strdup(optarg); 1091 break; 1092 case 'f': 1093 g_free(config->pid_filepath); 1094 config->pid_filepath = g_strdup(optarg); 1095 break; 1096 #ifdef CONFIG_FSFREEZE 1097 case 'F': 1098 g_free(config->fsfreeze_hook); 1099 config->fsfreeze_hook = g_strdup(optarg ?: QGA_FSFREEZE_HOOK_DEFAULT); 1100 break; 1101 #endif 1102 case 't': 1103 g_free(config->state_dir); 1104 config->state_dir = g_strdup(optarg); 1105 break; 1106 case 'v': 1107 /* enable all log levels */ 1108 config->log_level = G_LOG_LEVEL_MASK; 1109 break; 1110 case 'V': 1111 printf("QEMU Guest Agent %s\n", QEMU_VERSION); 1112 exit(EXIT_SUCCESS); 1113 case 'd': 1114 config->daemonize = 1; 1115 break; 1116 case 'D': 1117 config->dumpconf = 1; 1118 break; 1119 case 'b': { 1120 if (is_help_option(optarg)) { 1121 qmp_for_each_command(ga_print_cmd, NULL); 1122 exit(EXIT_SUCCESS); 1123 } 1124 config->blacklist = g_list_concat(config->blacklist, 1125 split_list(optarg, ",")); 1126 break; 1127 } 1128 #ifdef _WIN32 1129 case 's': 1130 config->service = optarg; 1131 if (strcmp(config->service, "install") == 0) { 1132 if (ga_install_vss_provider()) { 1133 exit(EXIT_FAILURE); 1134 } 1135 if (ga_install_service(config->channel_path, 1136 config->log_filepath, config->state_dir)) { 1137 exit(EXIT_FAILURE); 1138 } 1139 exit(EXIT_SUCCESS); 1140 } else if (strcmp(config->service, "uninstall") == 0) { 1141 ga_uninstall_vss_provider(); 1142 exit(ga_uninstall_service()); 1143 } else if (strcmp(config->service, "vss-install") == 0) { 1144 if (ga_install_vss_provider()) { 1145 exit(EXIT_FAILURE); 1146 } 1147 exit(EXIT_SUCCESS); 1148 } else if (strcmp(config->service, "vss-uninstall") == 0) { 1149 ga_uninstall_vss_provider(); 1150 exit(EXIT_SUCCESS); 1151 } else { 1152 printf("Unknown service command.\n"); 1153 exit(EXIT_FAILURE); 1154 } 1155 break; 1156 #endif 1157 case 'h': 1158 usage(argv[0]); 1159 exit(EXIT_SUCCESS); 1160 case '?': 1161 g_print("Unknown option, try '%s --help' for more information.\n", 1162 argv[0]); 1163 exit(EXIT_FAILURE); 1164 } 1165 } 1166 } 1167 1168 static void config_free(GAConfig *config) 1169 { 1170 g_free(config->method); 1171 g_free(config->log_filepath); 1172 g_free(config->pid_filepath); 1173 g_free(config->state_dir); 1174 g_free(config->channel_path); 1175 g_free(config->bliststr); 1176 #ifdef CONFIG_FSFREEZE 1177 g_free(config->fsfreeze_hook); 1178 #endif 1179 g_free(config); 1180 } 1181 1182 static bool check_is_frozen(GAState *s) 1183 { 1184 #ifndef _WIN32 1185 /* check if a previous instance of qemu-ga exited with filesystems' state 1186 * marked as frozen. this could be a stale value (a non-qemu-ga process 1187 * or reboot may have since unfrozen them), but better to require an 1188 * uneeded unfreeze than to risk hanging on start-up 1189 */ 1190 struct stat st; 1191 if (stat(s->state_filepath_isfrozen, &st) == -1) { 1192 /* it's okay if the file doesn't exist, but if we can't access for 1193 * some other reason, such as permissions, there's a configuration 1194 * that needs to be addressed. so just bail now before we get into 1195 * more trouble later 1196 */ 1197 if (errno != ENOENT) { 1198 g_critical("unable to access state file at path %s: %s", 1199 s->state_filepath_isfrozen, strerror(errno)); 1200 return EXIT_FAILURE; 1201 } 1202 } else { 1203 g_warning("previous instance appears to have exited with frozen" 1204 " filesystems. deferring logging/pidfile creation and" 1205 " disabling non-fsfreeze-safe commands until" 1206 " guest-fsfreeze-thaw is issued, or filesystems are" 1207 " manually unfrozen and the file %s is removed", 1208 s->state_filepath_isfrozen); 1209 return true; 1210 } 1211 #endif 1212 return false; 1213 } 1214 1215 static int run_agent(GAState *s, GAConfig *config) 1216 { 1217 ga_state = s; 1218 1219 g_log_set_default_handler(ga_log, s); 1220 g_log_set_fatal_mask(NULL, G_LOG_LEVEL_ERROR); 1221 ga_enable_logging(s); 1222 1223 #ifdef _WIN32 1224 /* On win32 the state directory is application specific (be it the default 1225 * or a user override). We got past the command line parsing; let's create 1226 * the directory (with any intermediate directories). If we run into an 1227 * error later on, we won't try to clean up the directory, it is considered 1228 * persistent. 1229 */ 1230 if (g_mkdir_with_parents(config->state_dir, S_IRWXU) == -1) { 1231 g_critical("unable to create (an ancestor of) the state directory" 1232 " '%s': %s", config->state_dir, strerror(errno)); 1233 return EXIT_FAILURE; 1234 } 1235 #endif 1236 1237 if (ga_is_frozen(s)) { 1238 if (config->daemonize) { 1239 /* delay opening/locking of pidfile till filesystems are unfrozen */ 1240 s->deferred_options.pid_filepath = config->pid_filepath; 1241 become_daemon(NULL); 1242 } 1243 if (config->log_filepath) { 1244 /* delay opening the log file till filesystems are unfrozen */ 1245 s->deferred_options.log_filepath = config->log_filepath; 1246 } 1247 ga_disable_logging(s); 1248 qmp_for_each_command(ga_disable_non_whitelisted, NULL); 1249 } else { 1250 if (config->daemonize) { 1251 become_daemon(config->pid_filepath); 1252 } 1253 if (config->log_filepath) { 1254 FILE *log_file = ga_open_logfile(config->log_filepath); 1255 if (!log_file) { 1256 g_critical("unable to open specified log file: %s", 1257 strerror(errno)); 1258 return EXIT_FAILURE; 1259 } 1260 s->log_file = log_file; 1261 } 1262 } 1263 1264 /* load persistent state from disk */ 1265 if (!read_persistent_state(&s->pstate, 1266 s->pstate_filepath, 1267 ga_is_frozen(s))) { 1268 g_critical("failed to load persistent state"); 1269 return EXIT_FAILURE; 1270 } 1271 1272 config->blacklist = ga_command_blacklist_init(config->blacklist); 1273 if (config->blacklist) { 1274 GList *l = config->blacklist; 1275 s->blacklist = config->blacklist; 1276 do { 1277 g_debug("disabling command: %s", (char *)l->data); 1278 qmp_disable_command(l->data); 1279 l = g_list_next(l); 1280 } while (l); 1281 } 1282 s->command_state = ga_command_state_new(); 1283 ga_command_state_init(s, s->command_state); 1284 ga_command_state_init_all(s->command_state); 1285 json_message_parser_init(&s->parser, process_event); 1286 ga_state = s; 1287 #ifndef _WIN32 1288 if (!register_signal_handlers()) { 1289 g_critical("failed to register signal handlers"); 1290 return EXIT_FAILURE; 1291 } 1292 #endif 1293 1294 s->main_loop = g_main_loop_new(NULL, false); 1295 if (!channel_init(ga_state, config->method, config->channel_path)) { 1296 g_critical("failed to initialize guest agent channel"); 1297 return EXIT_FAILURE; 1298 } 1299 #ifndef _WIN32 1300 g_main_loop_run(ga_state->main_loop); 1301 #else 1302 if (config->daemonize) { 1303 SERVICE_TABLE_ENTRY service_table[] = { 1304 { (char *)QGA_SERVICE_NAME, service_main }, { NULL, NULL } }; 1305 StartServiceCtrlDispatcher(service_table); 1306 } else { 1307 g_main_loop_run(ga_state->main_loop); 1308 } 1309 #endif 1310 1311 return EXIT_SUCCESS; 1312 } 1313 1314 static void free_blacklist_entry(gpointer entry, gpointer unused) 1315 { 1316 g_free(entry); 1317 } 1318 1319 int main(int argc, char **argv) 1320 { 1321 int ret = EXIT_SUCCESS; 1322 GAState *s = g_new0(GAState, 1); 1323 GAConfig *config = g_new0(GAConfig, 1); 1324 1325 config->log_level = G_LOG_LEVEL_ERROR | G_LOG_LEVEL_CRITICAL; 1326 1327 module_call_init(MODULE_INIT_QAPI); 1328 1329 init_dfl_pathnames(); 1330 config_load(config); 1331 config_parse(config, argc, argv); 1332 1333 if (config->pid_filepath == NULL) { 1334 config->pid_filepath = g_strdup(dfl_pathnames.pidfile); 1335 } 1336 1337 if (config->state_dir == NULL) { 1338 config->state_dir = g_strdup(dfl_pathnames.state_dir); 1339 } 1340 1341 if (config->method == NULL) { 1342 config->method = g_strdup("virtio-serial"); 1343 } 1344 1345 if (config->channel_path == NULL) { 1346 if (strcmp(config->method, "virtio-serial") == 0) { 1347 /* try the default path for the virtio-serial port */ 1348 config->channel_path = g_strdup(QGA_VIRTIO_PATH_DEFAULT); 1349 } else if (strcmp(config->method, "isa-serial") == 0) { 1350 /* try the default path for the serial port - COM1 */ 1351 config->channel_path = g_strdup(QGA_SERIAL_PATH_DEFAULT); 1352 } else { 1353 g_critical("must specify a path for this channel"); 1354 ret = EXIT_FAILURE; 1355 goto end; 1356 } 1357 } 1358 1359 s->log_level = config->log_level; 1360 s->log_file = stderr; 1361 #ifdef CONFIG_FSFREEZE 1362 s->fsfreeze_hook = config->fsfreeze_hook; 1363 #endif 1364 s->pstate_filepath = g_strdup_printf("%s/qga.state", config->state_dir); 1365 s->state_filepath_isfrozen = g_strdup_printf("%s/qga.state.isfrozen", 1366 config->state_dir); 1367 s->frozen = check_is_frozen(s); 1368 1369 if (config->dumpconf) { 1370 config_dump(config); 1371 goto end; 1372 } 1373 1374 ret = run_agent(s, config); 1375 1376 end: 1377 if (s->command_state) { 1378 ga_command_state_cleanup_all(s->command_state); 1379 } 1380 if (s->channel) { 1381 ga_channel_free(s->channel); 1382 } 1383 g_list_foreach(config->blacklist, free_blacklist_entry, NULL); 1384 g_free(s->pstate_filepath); 1385 g_free(s->state_filepath_isfrozen); 1386 1387 if (config->daemonize) { 1388 unlink(config->pid_filepath); 1389 } 1390 1391 config_free(config); 1392 1393 return ret; 1394 } 1395