1 /* 2 * QEMU Guest Agent 3 * 4 * Copyright IBM Corp. 2011 5 * 6 * Authors: 7 * Adam Litke <aglitke@linux.vnet.ibm.com> 8 * Michael Roth <mdroth@linux.vnet.ibm.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 #include "qemu/osdep.h" 14 #include <glib.h> 15 #include <getopt.h> 16 #include <glib/gstdio.h> 17 #ifndef _WIN32 18 #include <syslog.h> 19 #include <sys/wait.h> 20 #endif 21 #include "qapi/qmp/json-streamer.h" 22 #include "qapi/qmp/json-parser.h" 23 #include "qapi/qmp/qint.h" 24 #include "qapi/qmp/qjson.h" 25 #include "qga/guest-agent-core.h" 26 #include "qemu/module.h" 27 #include "signal.h" 28 #include "qapi/qmp/qerror.h" 29 #include "qapi/qmp/dispatch.h" 30 #include "qga/channel.h" 31 #include "qemu/bswap.h" 32 #ifdef _WIN32 33 #include "qga/service-win32.h" 34 #include "qga/vss-win32.h" 35 #endif 36 #ifdef __linux__ 37 #include <linux/fs.h> 38 #ifdef FIFREEZE 39 #define CONFIG_FSFREEZE 40 #endif 41 #endif 42 43 #ifndef _WIN32 44 #define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0" 45 #define QGA_STATE_RELATIVE_DIR "run" 46 #define QGA_SERIAL_PATH_DEFAULT "/dev/ttyS0" 47 #else 48 #define QGA_VIRTIO_PATH_DEFAULT "\\\\.\\Global\\org.qemu.guest_agent.0" 49 #define QGA_STATE_RELATIVE_DIR "qemu-ga" 50 #define QGA_SERIAL_PATH_DEFAULT "COM1" 51 #endif 52 #ifdef CONFIG_FSFREEZE 53 #define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR "/fsfreeze-hook" 54 #endif 55 #define QGA_SENTINEL_BYTE 0xFF 56 #define QGA_CONF_DEFAULT CONFIG_QEMU_CONFDIR G_DIR_SEPARATOR_S "qemu-ga.conf" 57 58 static struct { 59 const char *state_dir; 60 const char *pidfile; 61 } dfl_pathnames; 62 63 typedef struct GAPersistentState { 64 #define QGA_PSTATE_DEFAULT_FD_COUNTER 1000 65 int64_t fd_counter; 66 } GAPersistentState; 67 68 struct GAState { 69 JSONMessageParser parser; 70 GMainLoop *main_loop; 71 GAChannel *channel; 72 bool virtio; /* fastpath to check for virtio to deal with poll() quirks */ 73 GACommandState *command_state; 74 GLogLevelFlags log_level; 75 FILE *log_file; 76 bool logging_enabled; 77 #ifdef _WIN32 78 GAService service; 79 #endif 80 bool delimit_response; 81 bool frozen; 82 GList *blacklist; 83 char *state_filepath_isfrozen; 84 struct { 85 const char *log_filepath; 86 const char *pid_filepath; 87 } deferred_options; 88 #ifdef CONFIG_FSFREEZE 89 const char *fsfreeze_hook; 90 #endif 91 gchar *pstate_filepath; 92 GAPersistentState pstate; 93 }; 94 95 struct GAState *ga_state; 96 97 /* commands that are safe to issue while filesystems are frozen */ 98 static const char *ga_freeze_whitelist[] = { 99 "guest-ping", 100 "guest-info", 101 "guest-sync", 102 "guest-sync-delimited", 103 "guest-fsfreeze-status", 104 "guest-fsfreeze-thaw", 105 NULL 106 }; 107 108 #ifdef _WIN32 109 DWORD WINAPI service_ctrl_handler(DWORD ctrl, DWORD type, LPVOID data, 110 LPVOID ctx); 111 VOID WINAPI service_main(DWORD argc, TCHAR *argv[]); 112 #endif 113 114 static void 115 init_dfl_pathnames(void) 116 { 117 g_assert(dfl_pathnames.state_dir == NULL); 118 g_assert(dfl_pathnames.pidfile == NULL); 119 dfl_pathnames.state_dir = qemu_get_local_state_pathname( 120 QGA_STATE_RELATIVE_DIR); 121 dfl_pathnames.pidfile = qemu_get_local_state_pathname( 122 QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S "qemu-ga.pid"); 123 } 124 125 static void quit_handler(int sig) 126 { 127 /* if we're frozen, don't exit unless we're absolutely forced to, 128 * because it's basically impossible for graceful exit to complete 129 * unless all log/pid files are on unfreezable filesystems. there's 130 * also a very likely chance killing the agent before unfreezing 131 * the filesystems is a mistake (or will be viewed as one later). 132 */ 133 if (ga_is_frozen(ga_state)) { 134 return; 135 } 136 g_debug("received signal num %d, quitting", sig); 137 138 if (g_main_loop_is_running(ga_state->main_loop)) { 139 g_main_loop_quit(ga_state->main_loop); 140 } 141 } 142 143 #ifndef _WIN32 144 static gboolean register_signal_handlers(void) 145 { 146 struct sigaction sigact; 147 int ret; 148 149 memset(&sigact, 0, sizeof(struct sigaction)); 150 sigact.sa_handler = quit_handler; 151 152 ret = sigaction(SIGINT, &sigact, NULL); 153 if (ret == -1) { 154 g_error("error configuring signal handler: %s", strerror(errno)); 155 } 156 ret = sigaction(SIGTERM, &sigact, NULL); 157 if (ret == -1) { 158 g_error("error configuring signal handler: %s", strerror(errno)); 159 } 160 161 sigact.sa_handler = SIG_IGN; 162 if (sigaction(SIGPIPE, &sigact, NULL) != 0) { 163 g_error("error configuring SIGPIPE signal handler: %s", 164 strerror(errno)); 165 } 166 167 return true; 168 } 169 170 /* TODO: use this in place of all post-fork() fclose(std*) callers */ 171 void reopen_fd_to_null(int fd) 172 { 173 int nullfd; 174 175 nullfd = open("/dev/null", O_RDWR); 176 if (nullfd < 0) { 177 return; 178 } 179 180 dup2(nullfd, fd); 181 182 if (nullfd != fd) { 183 close(nullfd); 184 } 185 } 186 #endif 187 188 static void usage(const char *cmd) 189 { 190 printf( 191 "Usage: %s [-m <method> -p <path>] [<options>]\n" 192 "QEMU Guest Agent %s\n" 193 "\n" 194 " -m, --method transport method: one of unix-listen, virtio-serial, or\n" 195 " isa-serial (virtio-serial is the default)\n" 196 " -p, --path device/socket path (the default for virtio-serial is:\n" 197 " %s,\n" 198 " the default for isa-serial is:\n" 199 " %s)\n" 200 " -l, --logfile set logfile path, logs to stderr by default\n" 201 " -f, --pidfile specify pidfile (default is %s)\n" 202 #ifdef CONFIG_FSFREEZE 203 " -F, --fsfreeze-hook\n" 204 " enable fsfreeze hook. Accepts an optional argument that\n" 205 " specifies script to run on freeze/thaw. Script will be\n" 206 " called with 'freeze'/'thaw' arguments accordingly.\n" 207 " (default is %s)\n" 208 " If using -F with an argument, do not follow -F with a\n" 209 " space.\n" 210 " (for example: -F/var/run/fsfreezehook.sh)\n" 211 #endif 212 " -t, --statedir specify dir to store state information (absolute paths\n" 213 " only, default is %s)\n" 214 " -v, --verbose log extra debugging information\n" 215 " -V, --version print version information and exit\n" 216 " -d, --daemonize become a daemon\n" 217 #ifdef _WIN32 218 " -s, --service service commands: install, uninstall, vss-install, vss-uninstall\n" 219 #endif 220 " -b, --blacklist comma-separated list of RPCs to disable (no spaces, \"?\"\n" 221 " to list available RPCs)\n" 222 " -D, --dump-conf dump a qemu-ga config file based on current config\n" 223 " options / command-line parameters to stdout\n" 224 " -h, --help display this help and exit\n" 225 "\n" 226 "Report bugs to <mdroth@linux.vnet.ibm.com>\n" 227 , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_SERIAL_PATH_DEFAULT, 228 dfl_pathnames.pidfile, 229 #ifdef CONFIG_FSFREEZE 230 QGA_FSFREEZE_HOOK_DEFAULT, 231 #endif 232 dfl_pathnames.state_dir); 233 } 234 235 static const char *ga_log_level_str(GLogLevelFlags level) 236 { 237 switch (level & G_LOG_LEVEL_MASK) { 238 case G_LOG_LEVEL_ERROR: 239 return "error"; 240 case G_LOG_LEVEL_CRITICAL: 241 return "critical"; 242 case G_LOG_LEVEL_WARNING: 243 return "warning"; 244 case G_LOG_LEVEL_MESSAGE: 245 return "message"; 246 case G_LOG_LEVEL_INFO: 247 return "info"; 248 case G_LOG_LEVEL_DEBUG: 249 return "debug"; 250 default: 251 return "user"; 252 } 253 } 254 255 bool ga_logging_enabled(GAState *s) 256 { 257 return s->logging_enabled; 258 } 259 260 void ga_disable_logging(GAState *s) 261 { 262 s->logging_enabled = false; 263 } 264 265 void ga_enable_logging(GAState *s) 266 { 267 s->logging_enabled = true; 268 } 269 270 static void ga_log(const gchar *domain, GLogLevelFlags level, 271 const gchar *msg, gpointer opaque) 272 { 273 GAState *s = opaque; 274 GTimeVal time; 275 const char *level_str = ga_log_level_str(level); 276 277 if (!ga_logging_enabled(s)) { 278 return; 279 } 280 281 level &= G_LOG_LEVEL_MASK; 282 #ifndef _WIN32 283 if (g_strcmp0(domain, "syslog") == 0) { 284 syslog(LOG_INFO, "%s: %s", level_str, msg); 285 } else if (level & s->log_level) { 286 #else 287 if (level & s->log_level) { 288 #endif 289 g_get_current_time(&time); 290 fprintf(s->log_file, 291 "%lu.%lu: %s: %s\n", time.tv_sec, time.tv_usec, level_str, msg); 292 fflush(s->log_file); 293 } 294 } 295 296 void ga_set_response_delimited(GAState *s) 297 { 298 s->delimit_response = true; 299 } 300 301 static FILE *ga_open_logfile(const char *logfile) 302 { 303 FILE *f; 304 305 f = fopen(logfile, "a"); 306 if (!f) { 307 return NULL; 308 } 309 310 qemu_set_cloexec(fileno(f)); 311 return f; 312 } 313 314 #ifndef _WIN32 315 static bool ga_open_pidfile(const char *pidfile) 316 { 317 int pidfd; 318 char pidstr[32]; 319 320 pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR); 321 if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) { 322 g_critical("Cannot lock pid file, %s", strerror(errno)); 323 if (pidfd != -1) { 324 close(pidfd); 325 } 326 return false; 327 } 328 329 if (ftruncate(pidfd, 0)) { 330 g_critical("Failed to truncate pid file"); 331 goto fail; 332 } 333 snprintf(pidstr, sizeof(pidstr), "%d\n", getpid()); 334 if (write(pidfd, pidstr, strlen(pidstr)) != strlen(pidstr)) { 335 g_critical("Failed to write pid file"); 336 goto fail; 337 } 338 339 /* keep pidfile open & locked forever */ 340 return true; 341 342 fail: 343 unlink(pidfile); 344 close(pidfd); 345 return false; 346 } 347 #else /* _WIN32 */ 348 static bool ga_open_pidfile(const char *pidfile) 349 { 350 return true; 351 } 352 #endif 353 354 static gint ga_strcmp(gconstpointer str1, gconstpointer str2) 355 { 356 return strcmp(str1, str2); 357 } 358 359 /* disable commands that aren't safe for fsfreeze */ 360 static void ga_disable_non_whitelisted(QmpCommand *cmd, void *opaque) 361 { 362 bool whitelisted = false; 363 int i = 0; 364 const char *name = qmp_command_name(cmd); 365 366 while (ga_freeze_whitelist[i] != NULL) { 367 if (strcmp(name, ga_freeze_whitelist[i]) == 0) { 368 whitelisted = true; 369 } 370 i++; 371 } 372 if (!whitelisted) { 373 g_debug("disabling command: %s", name); 374 qmp_disable_command(name); 375 } 376 } 377 378 /* [re-]enable all commands, except those explicitly blacklisted by user */ 379 static void ga_enable_non_blacklisted(QmpCommand *cmd, void *opaque) 380 { 381 GList *blacklist = opaque; 382 const char *name = qmp_command_name(cmd); 383 384 if (g_list_find_custom(blacklist, name, ga_strcmp) == NULL && 385 !qmp_command_is_enabled(cmd)) { 386 g_debug("enabling command: %s", name); 387 qmp_enable_command(name); 388 } 389 } 390 391 static bool ga_create_file(const char *path) 392 { 393 int fd = open(path, O_CREAT | O_WRONLY, S_IWUSR | S_IRUSR); 394 if (fd == -1) { 395 g_warning("unable to open/create file %s: %s", path, strerror(errno)); 396 return false; 397 } 398 close(fd); 399 return true; 400 } 401 402 static bool ga_delete_file(const char *path) 403 { 404 int ret = unlink(path); 405 if (ret == -1) { 406 g_warning("unable to delete file: %s: %s", path, strerror(errno)); 407 return false; 408 } 409 410 return true; 411 } 412 413 bool ga_is_frozen(GAState *s) 414 { 415 return s->frozen; 416 } 417 418 void ga_set_frozen(GAState *s) 419 { 420 if (ga_is_frozen(s)) { 421 return; 422 } 423 /* disable all non-whitelisted (for frozen state) commands */ 424 qmp_for_each_command(ga_disable_non_whitelisted, NULL); 425 g_warning("disabling logging due to filesystem freeze"); 426 ga_disable_logging(s); 427 s->frozen = true; 428 if (!ga_create_file(s->state_filepath_isfrozen)) { 429 g_warning("unable to create %s, fsfreeze may not function properly", 430 s->state_filepath_isfrozen); 431 } 432 } 433 434 void ga_unset_frozen(GAState *s) 435 { 436 if (!ga_is_frozen(s)) { 437 return; 438 } 439 440 /* if we delayed creation/opening of pid/log files due to being 441 * in a frozen state at start up, do it now 442 */ 443 if (s->deferred_options.log_filepath) { 444 s->log_file = ga_open_logfile(s->deferred_options.log_filepath); 445 if (!s->log_file) { 446 s->log_file = stderr; 447 } 448 s->deferred_options.log_filepath = NULL; 449 } 450 ga_enable_logging(s); 451 g_warning("logging re-enabled due to filesystem unfreeze"); 452 if (s->deferred_options.pid_filepath) { 453 if (!ga_open_pidfile(s->deferred_options.pid_filepath)) { 454 g_warning("failed to create/open pid file"); 455 } 456 s->deferred_options.pid_filepath = NULL; 457 } 458 459 /* enable all disabled, non-blacklisted commands */ 460 qmp_for_each_command(ga_enable_non_blacklisted, s->blacklist); 461 s->frozen = false; 462 if (!ga_delete_file(s->state_filepath_isfrozen)) { 463 g_warning("unable to delete %s, fsfreeze may not function properly", 464 s->state_filepath_isfrozen); 465 } 466 } 467 468 #ifdef CONFIG_FSFREEZE 469 const char *ga_fsfreeze_hook(GAState *s) 470 { 471 return s->fsfreeze_hook; 472 } 473 #endif 474 475 static void become_daemon(const char *pidfile) 476 { 477 #ifndef _WIN32 478 pid_t pid, sid; 479 480 pid = fork(); 481 if (pid < 0) { 482 exit(EXIT_FAILURE); 483 } 484 if (pid > 0) { 485 exit(EXIT_SUCCESS); 486 } 487 488 if (pidfile) { 489 if (!ga_open_pidfile(pidfile)) { 490 g_critical("failed to create pidfile"); 491 exit(EXIT_FAILURE); 492 } 493 } 494 495 umask(S_IRWXG | S_IRWXO); 496 sid = setsid(); 497 if (sid < 0) { 498 goto fail; 499 } 500 if ((chdir("/")) < 0) { 501 goto fail; 502 } 503 504 reopen_fd_to_null(STDIN_FILENO); 505 reopen_fd_to_null(STDOUT_FILENO); 506 reopen_fd_to_null(STDERR_FILENO); 507 return; 508 509 fail: 510 if (pidfile) { 511 unlink(pidfile); 512 } 513 g_critical("failed to daemonize"); 514 exit(EXIT_FAILURE); 515 #endif 516 } 517 518 static int send_response(GAState *s, QObject *payload) 519 { 520 const char *buf; 521 QString *payload_qstr, *response_qstr; 522 GIOStatus status; 523 524 g_assert(payload && s->channel); 525 526 payload_qstr = qobject_to_json(payload); 527 if (!payload_qstr) { 528 return -EINVAL; 529 } 530 531 if (s->delimit_response) { 532 s->delimit_response = false; 533 response_qstr = qstring_new(); 534 qstring_append_chr(response_qstr, QGA_SENTINEL_BYTE); 535 qstring_append(response_qstr, qstring_get_str(payload_qstr)); 536 QDECREF(payload_qstr); 537 } else { 538 response_qstr = payload_qstr; 539 } 540 541 qstring_append_chr(response_qstr, '\n'); 542 buf = qstring_get_str(response_qstr); 543 status = ga_channel_write_all(s->channel, buf, strlen(buf)); 544 QDECREF(response_qstr); 545 if (status != G_IO_STATUS_NORMAL) { 546 return -EIO; 547 } 548 549 return 0; 550 } 551 552 static void process_command(GAState *s, QDict *req) 553 { 554 QObject *rsp = NULL; 555 int ret; 556 557 g_assert(req); 558 g_debug("processing command"); 559 rsp = qmp_dispatch(QOBJECT(req)); 560 if (rsp) { 561 ret = send_response(s, rsp); 562 if (ret) { 563 g_warning("error sending response: %s", strerror(ret)); 564 } 565 qobject_decref(rsp); 566 } 567 } 568 569 /* handle requests/control events coming in over the channel */ 570 static void process_event(JSONMessageParser *parser, GQueue *tokens) 571 { 572 GAState *s = container_of(parser, GAState, parser); 573 QDict *qdict; 574 Error *err = NULL; 575 int ret; 576 577 g_assert(s && parser); 578 579 g_debug("process_event: called"); 580 qdict = qobject_to_qdict(json_parser_parse_err(tokens, NULL, &err)); 581 if (err || !qdict) { 582 QDECREF(qdict); 583 qdict = qdict_new(); 584 if (!err) { 585 g_warning("failed to parse event: unknown error"); 586 error_setg(&err, QERR_JSON_PARSING); 587 } else { 588 g_warning("failed to parse event: %s", error_get_pretty(err)); 589 } 590 qdict_put_obj(qdict, "error", qmp_build_error_object(err)); 591 error_free(err); 592 } 593 594 /* handle host->guest commands */ 595 if (qdict_haskey(qdict, "execute")) { 596 process_command(s, qdict); 597 } else { 598 if (!qdict_haskey(qdict, "error")) { 599 QDECREF(qdict); 600 qdict = qdict_new(); 601 g_warning("unrecognized payload format"); 602 error_setg(&err, QERR_UNSUPPORTED); 603 qdict_put_obj(qdict, "error", qmp_build_error_object(err)); 604 error_free(err); 605 } 606 ret = send_response(s, QOBJECT(qdict)); 607 if (ret < 0) { 608 g_warning("error sending error response: %s", strerror(-ret)); 609 } 610 } 611 612 QDECREF(qdict); 613 } 614 615 /* false return signals GAChannel to close the current client connection */ 616 static gboolean channel_event_cb(GIOCondition condition, gpointer data) 617 { 618 GAState *s = data; 619 gchar buf[QGA_READ_COUNT_DEFAULT+1]; 620 gsize count; 621 GError *err = NULL; 622 GIOStatus status = ga_channel_read(s->channel, buf, QGA_READ_COUNT_DEFAULT, &count); 623 if (err != NULL) { 624 g_warning("error reading channel: %s", err->message); 625 g_error_free(err); 626 return false; 627 } 628 switch (status) { 629 case G_IO_STATUS_ERROR: 630 g_warning("error reading channel"); 631 return false; 632 case G_IO_STATUS_NORMAL: 633 buf[count] = 0; 634 g_debug("read data, count: %d, data: %s", (int)count, buf); 635 json_message_parser_feed(&s->parser, (char *)buf, (int)count); 636 break; 637 case G_IO_STATUS_EOF: 638 g_debug("received EOF"); 639 if (!s->virtio) { 640 return false; 641 } 642 /* fall through */ 643 case G_IO_STATUS_AGAIN: 644 /* virtio causes us to spin here when no process is attached to 645 * host-side chardev. sleep a bit to mitigate this 646 */ 647 if (s->virtio) { 648 usleep(100*1000); 649 } 650 return true; 651 default: 652 g_warning("unknown channel read status, closing"); 653 return false; 654 } 655 return true; 656 } 657 658 static gboolean channel_init(GAState *s, const gchar *method, const gchar *path) 659 { 660 GAChannelMethod channel_method; 661 662 if (strcmp(method, "virtio-serial") == 0) { 663 s->virtio = true; /* virtio requires special handling in some cases */ 664 channel_method = GA_CHANNEL_VIRTIO_SERIAL; 665 } else if (strcmp(method, "isa-serial") == 0) { 666 channel_method = GA_CHANNEL_ISA_SERIAL; 667 } else if (strcmp(method, "unix-listen") == 0) { 668 channel_method = GA_CHANNEL_UNIX_LISTEN; 669 } else { 670 g_critical("unsupported channel method/type: %s", method); 671 return false; 672 } 673 674 s->channel = ga_channel_new(channel_method, path, channel_event_cb, s); 675 if (!s->channel) { 676 g_critical("failed to create guest agent channel"); 677 return false; 678 } 679 680 return true; 681 } 682 683 #ifdef _WIN32 684 DWORD WINAPI service_ctrl_handler(DWORD ctrl, DWORD type, LPVOID data, 685 LPVOID ctx) 686 { 687 DWORD ret = NO_ERROR; 688 GAService *service = &ga_state->service; 689 690 switch (ctrl) 691 { 692 case SERVICE_CONTROL_STOP: 693 case SERVICE_CONTROL_SHUTDOWN: 694 quit_handler(SIGTERM); 695 service->status.dwCurrentState = SERVICE_STOP_PENDING; 696 SetServiceStatus(service->status_handle, &service->status); 697 break; 698 699 default: 700 ret = ERROR_CALL_NOT_IMPLEMENTED; 701 } 702 return ret; 703 } 704 705 VOID WINAPI service_main(DWORD argc, TCHAR *argv[]) 706 { 707 GAService *service = &ga_state->service; 708 709 service->status_handle = RegisterServiceCtrlHandlerEx(QGA_SERVICE_NAME, 710 service_ctrl_handler, NULL); 711 712 if (service->status_handle == 0) { 713 g_critical("Failed to register extended requests function!\n"); 714 return; 715 } 716 717 service->status.dwServiceType = SERVICE_WIN32; 718 service->status.dwCurrentState = SERVICE_RUNNING; 719 service->status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; 720 service->status.dwWin32ExitCode = NO_ERROR; 721 service->status.dwServiceSpecificExitCode = NO_ERROR; 722 service->status.dwCheckPoint = 0; 723 service->status.dwWaitHint = 0; 724 SetServiceStatus(service->status_handle, &service->status); 725 726 g_main_loop_run(ga_state->main_loop); 727 728 service->status.dwCurrentState = SERVICE_STOPPED; 729 SetServiceStatus(service->status_handle, &service->status); 730 } 731 #endif 732 733 static void set_persistent_state_defaults(GAPersistentState *pstate) 734 { 735 g_assert(pstate); 736 pstate->fd_counter = QGA_PSTATE_DEFAULT_FD_COUNTER; 737 } 738 739 static void persistent_state_from_keyfile(GAPersistentState *pstate, 740 GKeyFile *keyfile) 741 { 742 g_assert(pstate); 743 g_assert(keyfile); 744 /* if any fields are missing, either because the file was tampered with 745 * by agents of chaos, or because the field wasn't present at the time the 746 * file was created, the best we can ever do is start over with the default 747 * values. so load them now, and ignore any errors in accessing key-value 748 * pairs 749 */ 750 set_persistent_state_defaults(pstate); 751 752 if (g_key_file_has_key(keyfile, "global", "fd_counter", NULL)) { 753 pstate->fd_counter = 754 g_key_file_get_integer(keyfile, "global", "fd_counter", NULL); 755 } 756 } 757 758 static void persistent_state_to_keyfile(const GAPersistentState *pstate, 759 GKeyFile *keyfile) 760 { 761 g_assert(pstate); 762 g_assert(keyfile); 763 764 g_key_file_set_integer(keyfile, "global", "fd_counter", pstate->fd_counter); 765 } 766 767 static gboolean write_persistent_state(const GAPersistentState *pstate, 768 const gchar *path) 769 { 770 GKeyFile *keyfile = g_key_file_new(); 771 GError *gerr = NULL; 772 gboolean ret = true; 773 gchar *data = NULL; 774 gsize data_len; 775 776 g_assert(pstate); 777 778 persistent_state_to_keyfile(pstate, keyfile); 779 data = g_key_file_to_data(keyfile, &data_len, &gerr); 780 if (gerr) { 781 g_critical("failed to convert persistent state to string: %s", 782 gerr->message); 783 ret = false; 784 goto out; 785 } 786 787 g_file_set_contents(path, data, data_len, &gerr); 788 if (gerr) { 789 g_critical("failed to write persistent state to %s: %s", 790 path, gerr->message); 791 ret = false; 792 goto out; 793 } 794 795 out: 796 if (gerr) { 797 g_error_free(gerr); 798 } 799 if (keyfile) { 800 g_key_file_free(keyfile); 801 } 802 g_free(data); 803 return ret; 804 } 805 806 static gboolean read_persistent_state(GAPersistentState *pstate, 807 const gchar *path, gboolean frozen) 808 { 809 GKeyFile *keyfile = NULL; 810 GError *gerr = NULL; 811 struct stat st; 812 gboolean ret = true; 813 814 g_assert(pstate); 815 816 if (stat(path, &st) == -1) { 817 /* it's okay if state file doesn't exist, but any other error 818 * indicates a permissions issue or some other misconfiguration 819 * that we likely won't be able to recover from. 820 */ 821 if (errno != ENOENT) { 822 g_critical("unable to access state file at path %s: %s", 823 path, strerror(errno)); 824 ret = false; 825 goto out; 826 } 827 828 /* file doesn't exist. initialize state to default values and 829 * attempt to save now. (we could wait till later when we have 830 * modified state we need to commit, but if there's a problem, 831 * such as a missing parent directory, we want to catch it now) 832 * 833 * there is a potential scenario where someone either managed to 834 * update the agent from a version that didn't use a key store 835 * while qemu-ga thought the filesystem was frozen, or 836 * deleted the key store prior to issuing a fsfreeze, prior 837 * to restarting the agent. in this case we go ahead and defer 838 * initial creation till we actually have modified state to 839 * write, otherwise fail to recover from freeze. 840 */ 841 set_persistent_state_defaults(pstate); 842 if (!frozen) { 843 ret = write_persistent_state(pstate, path); 844 if (!ret) { 845 g_critical("unable to create state file at path %s", path); 846 ret = false; 847 goto out; 848 } 849 } 850 ret = true; 851 goto out; 852 } 853 854 keyfile = g_key_file_new(); 855 g_key_file_load_from_file(keyfile, path, 0, &gerr); 856 if (gerr) { 857 g_critical("error loading persistent state from path: %s, %s", 858 path, gerr->message); 859 ret = false; 860 goto out; 861 } 862 863 persistent_state_from_keyfile(pstate, keyfile); 864 865 out: 866 if (keyfile) { 867 g_key_file_free(keyfile); 868 } 869 if (gerr) { 870 g_error_free(gerr); 871 } 872 873 return ret; 874 } 875 876 int64_t ga_get_fd_handle(GAState *s, Error **errp) 877 { 878 int64_t handle; 879 880 g_assert(s->pstate_filepath); 881 /* we blacklist commands and avoid operations that potentially require 882 * writing to disk when we're in a frozen state. this includes opening 883 * new files, so we should never get here in that situation 884 */ 885 g_assert(!ga_is_frozen(s)); 886 887 handle = s->pstate.fd_counter++; 888 889 /* This should never happen on a reasonable timeframe, as guest-file-open 890 * would have to be issued 2^63 times */ 891 if (s->pstate.fd_counter == INT64_MAX) { 892 abort(); 893 } 894 895 if (!write_persistent_state(&s->pstate, s->pstate_filepath)) { 896 error_setg(errp, "failed to commit persistent state to disk"); 897 return -1; 898 } 899 900 return handle; 901 } 902 903 static void ga_print_cmd(QmpCommand *cmd, void *opaque) 904 { 905 printf("%s\n", qmp_command_name(cmd)); 906 } 907 908 static GList *split_list(const gchar *str, const gchar *delim) 909 { 910 GList *list = NULL; 911 int i; 912 gchar **strv; 913 914 strv = g_strsplit(str, delim, -1); 915 for (i = 0; strv[i]; i++) { 916 list = g_list_prepend(list, strv[i]); 917 } 918 g_free(strv); 919 920 return list; 921 } 922 923 typedef struct GAConfig { 924 char *channel_path; 925 char *method; 926 char *log_filepath; 927 char *pid_filepath; 928 #ifdef CONFIG_FSFREEZE 929 char *fsfreeze_hook; 930 #endif 931 char *state_dir; 932 #ifdef _WIN32 933 const char *service; 934 #endif 935 gchar *bliststr; /* blacklist may point to this string */ 936 GList *blacklist; 937 int daemonize; 938 GLogLevelFlags log_level; 939 int dumpconf; 940 } GAConfig; 941 942 static void config_load(GAConfig *config) 943 { 944 GError *gerr = NULL; 945 GKeyFile *keyfile; 946 const char *conf = g_getenv("QGA_CONF") ?: QGA_CONF_DEFAULT; 947 948 /* read system config */ 949 keyfile = g_key_file_new(); 950 if (!g_key_file_load_from_file(keyfile, conf, 0, &gerr)) { 951 goto end; 952 } 953 if (g_key_file_has_key(keyfile, "general", "daemon", NULL)) { 954 config->daemonize = 955 g_key_file_get_boolean(keyfile, "general", "daemon", &gerr); 956 } 957 if (g_key_file_has_key(keyfile, "general", "method", NULL)) { 958 config->method = 959 g_key_file_get_string(keyfile, "general", "method", &gerr); 960 } 961 if (g_key_file_has_key(keyfile, "general", "path", NULL)) { 962 config->channel_path = 963 g_key_file_get_string(keyfile, "general", "path", &gerr); 964 } 965 if (g_key_file_has_key(keyfile, "general", "logfile", NULL)) { 966 config->log_filepath = 967 g_key_file_get_string(keyfile, "general", "logfile", &gerr); 968 } 969 if (g_key_file_has_key(keyfile, "general", "pidfile", NULL)) { 970 config->pid_filepath = 971 g_key_file_get_string(keyfile, "general", "pidfile", &gerr); 972 } 973 #ifdef CONFIG_FSFREEZE 974 if (g_key_file_has_key(keyfile, "general", "fsfreeze-hook", NULL)) { 975 config->fsfreeze_hook = 976 g_key_file_get_string(keyfile, 977 "general", "fsfreeze-hook", &gerr); 978 } 979 #endif 980 if (g_key_file_has_key(keyfile, "general", "statedir", NULL)) { 981 config->state_dir = 982 g_key_file_get_string(keyfile, "general", "statedir", &gerr); 983 } 984 if (g_key_file_has_key(keyfile, "general", "verbose", NULL) && 985 g_key_file_get_boolean(keyfile, "general", "verbose", &gerr)) { 986 /* enable all log levels */ 987 config->log_level = G_LOG_LEVEL_MASK; 988 } 989 if (g_key_file_has_key(keyfile, "general", "blacklist", NULL)) { 990 config->bliststr = 991 g_key_file_get_string(keyfile, "general", "blacklist", &gerr); 992 config->blacklist = g_list_concat(config->blacklist, 993 split_list(config->bliststr, ",")); 994 } 995 996 end: 997 g_key_file_free(keyfile); 998 if (gerr && 999 !(gerr->domain == G_FILE_ERROR && gerr->code == G_FILE_ERROR_NOENT)) { 1000 g_critical("error loading configuration from path: %s, %s", 1001 QGA_CONF_DEFAULT, gerr->message); 1002 exit(EXIT_FAILURE); 1003 } 1004 g_clear_error(&gerr); 1005 } 1006 1007 static gchar *list_join(GList *list, const gchar separator) 1008 { 1009 GString *str = g_string_new(""); 1010 1011 while (list) { 1012 str = g_string_append(str, (gchar *)list->data); 1013 list = g_list_next(list); 1014 if (list) { 1015 str = g_string_append_c(str, separator); 1016 } 1017 } 1018 1019 return g_string_free(str, FALSE); 1020 } 1021 1022 static void config_dump(GAConfig *config) 1023 { 1024 GError *error = NULL; 1025 GKeyFile *keyfile; 1026 gchar *tmp; 1027 1028 keyfile = g_key_file_new(); 1029 g_assert(keyfile); 1030 1031 g_key_file_set_boolean(keyfile, "general", "daemon", config->daemonize); 1032 g_key_file_set_string(keyfile, "general", "method", config->method); 1033 g_key_file_set_string(keyfile, "general", "path", config->channel_path); 1034 if (config->log_filepath) { 1035 g_key_file_set_string(keyfile, "general", "logfile", 1036 config->log_filepath); 1037 } 1038 g_key_file_set_string(keyfile, "general", "pidfile", config->pid_filepath); 1039 #ifdef CONFIG_FSFREEZE 1040 if (config->fsfreeze_hook) { 1041 g_key_file_set_string(keyfile, "general", "fsfreeze-hook", 1042 config->fsfreeze_hook); 1043 } 1044 #endif 1045 g_key_file_set_string(keyfile, "general", "statedir", config->state_dir); 1046 g_key_file_set_boolean(keyfile, "general", "verbose", 1047 config->log_level == G_LOG_LEVEL_MASK); 1048 tmp = list_join(config->blacklist, ','); 1049 g_key_file_set_string(keyfile, "general", "blacklist", tmp); 1050 g_free(tmp); 1051 1052 tmp = g_key_file_to_data(keyfile, NULL, &error); 1053 printf("%s", tmp); 1054 1055 g_free(tmp); 1056 g_key_file_free(keyfile); 1057 } 1058 1059 static void config_parse(GAConfig *config, int argc, char **argv) 1060 { 1061 const char *sopt = "hVvdm:p:l:f:F::b:s:t:D"; 1062 int opt_ind = 0, ch; 1063 const struct option lopt[] = { 1064 { "help", 0, NULL, 'h' }, 1065 { "version", 0, NULL, 'V' }, 1066 { "dump-conf", 0, NULL, 'D' }, 1067 { "logfile", 1, NULL, 'l' }, 1068 { "pidfile", 1, NULL, 'f' }, 1069 #ifdef CONFIG_FSFREEZE 1070 { "fsfreeze-hook", 2, NULL, 'F' }, 1071 #endif 1072 { "verbose", 0, NULL, 'v' }, 1073 { "method", 1, NULL, 'm' }, 1074 { "path", 1, NULL, 'p' }, 1075 { "daemonize", 0, NULL, 'd' }, 1076 { "blacklist", 1, NULL, 'b' }, 1077 #ifdef _WIN32 1078 { "service", 1, NULL, 's' }, 1079 #endif 1080 { "statedir", 1, NULL, 't' }, 1081 { NULL, 0, NULL, 0 } 1082 }; 1083 1084 while ((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) { 1085 switch (ch) { 1086 case 'm': 1087 g_free(config->method); 1088 config->method = g_strdup(optarg); 1089 break; 1090 case 'p': 1091 g_free(config->channel_path); 1092 config->channel_path = g_strdup(optarg); 1093 break; 1094 case 'l': 1095 g_free(config->log_filepath); 1096 config->log_filepath = g_strdup(optarg); 1097 break; 1098 case 'f': 1099 g_free(config->pid_filepath); 1100 config->pid_filepath = g_strdup(optarg); 1101 break; 1102 #ifdef CONFIG_FSFREEZE 1103 case 'F': 1104 g_free(config->fsfreeze_hook); 1105 config->fsfreeze_hook = g_strdup(optarg ?: QGA_FSFREEZE_HOOK_DEFAULT); 1106 break; 1107 #endif 1108 case 't': 1109 g_free(config->state_dir); 1110 config->state_dir = g_strdup(optarg); 1111 break; 1112 case 'v': 1113 /* enable all log levels */ 1114 config->log_level = G_LOG_LEVEL_MASK; 1115 break; 1116 case 'V': 1117 printf("QEMU Guest Agent %s\n", QEMU_VERSION); 1118 exit(EXIT_SUCCESS); 1119 case 'd': 1120 config->daemonize = 1; 1121 break; 1122 case 'D': 1123 config->dumpconf = 1; 1124 break; 1125 case 'b': { 1126 if (is_help_option(optarg)) { 1127 qmp_for_each_command(ga_print_cmd, NULL); 1128 exit(EXIT_SUCCESS); 1129 } 1130 config->blacklist = g_list_concat(config->blacklist, 1131 split_list(optarg, ",")); 1132 break; 1133 } 1134 #ifdef _WIN32 1135 case 's': 1136 config->service = optarg; 1137 if (strcmp(config->service, "install") == 0) { 1138 if (ga_install_vss_provider()) { 1139 exit(EXIT_FAILURE); 1140 } 1141 if (ga_install_service(config->channel_path, 1142 config->log_filepath, config->state_dir)) { 1143 exit(EXIT_FAILURE); 1144 } 1145 exit(EXIT_SUCCESS); 1146 } else if (strcmp(config->service, "uninstall") == 0) { 1147 ga_uninstall_vss_provider(); 1148 exit(ga_uninstall_service()); 1149 } else if (strcmp(config->service, "vss-install") == 0) { 1150 if (ga_install_vss_provider()) { 1151 exit(EXIT_FAILURE); 1152 } 1153 exit(EXIT_SUCCESS); 1154 } else if (strcmp(config->service, "vss-uninstall") == 0) { 1155 ga_uninstall_vss_provider(); 1156 exit(EXIT_SUCCESS); 1157 } else { 1158 printf("Unknown service command.\n"); 1159 exit(EXIT_FAILURE); 1160 } 1161 break; 1162 #endif 1163 case 'h': 1164 usage(argv[0]); 1165 exit(EXIT_SUCCESS); 1166 case '?': 1167 g_print("Unknown option, try '%s --help' for more information.\n", 1168 argv[0]); 1169 exit(EXIT_FAILURE); 1170 } 1171 } 1172 } 1173 1174 static void config_free(GAConfig *config) 1175 { 1176 g_free(config->method); 1177 g_free(config->log_filepath); 1178 g_free(config->pid_filepath); 1179 g_free(config->state_dir); 1180 g_free(config->channel_path); 1181 g_free(config->bliststr); 1182 #ifdef CONFIG_FSFREEZE 1183 g_free(config->fsfreeze_hook); 1184 #endif 1185 g_free(config); 1186 } 1187 1188 static bool check_is_frozen(GAState *s) 1189 { 1190 #ifndef _WIN32 1191 /* check if a previous instance of qemu-ga exited with filesystems' state 1192 * marked as frozen. this could be a stale value (a non-qemu-ga process 1193 * or reboot may have since unfrozen them), but better to require an 1194 * uneeded unfreeze than to risk hanging on start-up 1195 */ 1196 struct stat st; 1197 if (stat(s->state_filepath_isfrozen, &st) == -1) { 1198 /* it's okay if the file doesn't exist, but if we can't access for 1199 * some other reason, such as permissions, there's a configuration 1200 * that needs to be addressed. so just bail now before we get into 1201 * more trouble later 1202 */ 1203 if (errno != ENOENT) { 1204 g_critical("unable to access state file at path %s: %s", 1205 s->state_filepath_isfrozen, strerror(errno)); 1206 return EXIT_FAILURE; 1207 } 1208 } else { 1209 g_warning("previous instance appears to have exited with frozen" 1210 " filesystems. deferring logging/pidfile creation and" 1211 " disabling non-fsfreeze-safe commands until" 1212 " guest-fsfreeze-thaw is issued, or filesystems are" 1213 " manually unfrozen and the file %s is removed", 1214 s->state_filepath_isfrozen); 1215 return true; 1216 } 1217 #endif 1218 return false; 1219 } 1220 1221 static int run_agent(GAState *s, GAConfig *config) 1222 { 1223 ga_state = s; 1224 1225 g_log_set_default_handler(ga_log, s); 1226 g_log_set_fatal_mask(NULL, G_LOG_LEVEL_ERROR); 1227 ga_enable_logging(s); 1228 1229 #ifdef _WIN32 1230 /* On win32 the state directory is application specific (be it the default 1231 * or a user override). We got past the command line parsing; let's create 1232 * the directory (with any intermediate directories). If we run into an 1233 * error later on, we won't try to clean up the directory, it is considered 1234 * persistent. 1235 */ 1236 if (g_mkdir_with_parents(config->state_dir, S_IRWXU) == -1) { 1237 g_critical("unable to create (an ancestor of) the state directory" 1238 " '%s': %s", config->state_dir, strerror(errno)); 1239 return EXIT_FAILURE; 1240 } 1241 #endif 1242 1243 if (ga_is_frozen(s)) { 1244 if (config->daemonize) { 1245 /* delay opening/locking of pidfile till filesystems are unfrozen */ 1246 s->deferred_options.pid_filepath = config->pid_filepath; 1247 become_daemon(NULL); 1248 } 1249 if (config->log_filepath) { 1250 /* delay opening the log file till filesystems are unfrozen */ 1251 s->deferred_options.log_filepath = config->log_filepath; 1252 } 1253 ga_disable_logging(s); 1254 qmp_for_each_command(ga_disable_non_whitelisted, NULL); 1255 } else { 1256 if (config->daemonize) { 1257 become_daemon(config->pid_filepath); 1258 } 1259 if (config->log_filepath) { 1260 FILE *log_file = ga_open_logfile(config->log_filepath); 1261 if (!log_file) { 1262 g_critical("unable to open specified log file: %s", 1263 strerror(errno)); 1264 return EXIT_FAILURE; 1265 } 1266 s->log_file = log_file; 1267 } 1268 } 1269 1270 /* load persistent state from disk */ 1271 if (!read_persistent_state(&s->pstate, 1272 s->pstate_filepath, 1273 ga_is_frozen(s))) { 1274 g_critical("failed to load persistent state"); 1275 return EXIT_FAILURE; 1276 } 1277 1278 config->blacklist = ga_command_blacklist_init(config->blacklist); 1279 if (config->blacklist) { 1280 GList *l = config->blacklist; 1281 s->blacklist = config->blacklist; 1282 do { 1283 g_debug("disabling command: %s", (char *)l->data); 1284 qmp_disable_command(l->data); 1285 l = g_list_next(l); 1286 } while (l); 1287 } 1288 s->command_state = ga_command_state_new(); 1289 ga_command_state_init(s, s->command_state); 1290 ga_command_state_init_all(s->command_state); 1291 json_message_parser_init(&s->parser, process_event); 1292 ga_state = s; 1293 #ifndef _WIN32 1294 if (!register_signal_handlers()) { 1295 g_critical("failed to register signal handlers"); 1296 return EXIT_FAILURE; 1297 } 1298 #endif 1299 1300 s->main_loop = g_main_loop_new(NULL, false); 1301 if (!channel_init(ga_state, config->method, config->channel_path)) { 1302 g_critical("failed to initialize guest agent channel"); 1303 return EXIT_FAILURE; 1304 } 1305 #ifndef _WIN32 1306 g_main_loop_run(ga_state->main_loop); 1307 #else 1308 if (config->daemonize) { 1309 SERVICE_TABLE_ENTRY service_table[] = { 1310 { (char *)QGA_SERVICE_NAME, service_main }, { NULL, NULL } }; 1311 StartServiceCtrlDispatcher(service_table); 1312 } else { 1313 g_main_loop_run(ga_state->main_loop); 1314 } 1315 #endif 1316 1317 return EXIT_SUCCESS; 1318 } 1319 1320 static void free_blacklist_entry(gpointer entry, gpointer unused) 1321 { 1322 g_free(entry); 1323 } 1324 1325 int main(int argc, char **argv) 1326 { 1327 int ret = EXIT_SUCCESS; 1328 GAState *s = g_new0(GAState, 1); 1329 GAConfig *config = g_new0(GAConfig, 1); 1330 1331 config->log_level = G_LOG_LEVEL_ERROR | G_LOG_LEVEL_CRITICAL; 1332 1333 module_call_init(MODULE_INIT_QAPI); 1334 1335 init_dfl_pathnames(); 1336 config_load(config); 1337 config_parse(config, argc, argv); 1338 1339 if (config->pid_filepath == NULL) { 1340 config->pid_filepath = g_strdup(dfl_pathnames.pidfile); 1341 } 1342 1343 if (config->state_dir == NULL) { 1344 config->state_dir = g_strdup(dfl_pathnames.state_dir); 1345 } 1346 1347 if (config->method == NULL) { 1348 config->method = g_strdup("virtio-serial"); 1349 } 1350 1351 if (config->channel_path == NULL) { 1352 if (strcmp(config->method, "virtio-serial") == 0) { 1353 /* try the default path for the virtio-serial port */ 1354 config->channel_path = g_strdup(QGA_VIRTIO_PATH_DEFAULT); 1355 } else if (strcmp(config->method, "isa-serial") == 0) { 1356 /* try the default path for the serial port - COM1 */ 1357 config->channel_path = g_strdup(QGA_SERIAL_PATH_DEFAULT); 1358 } else { 1359 g_critical("must specify a path for this channel"); 1360 ret = EXIT_FAILURE; 1361 goto end; 1362 } 1363 } 1364 1365 s->log_level = config->log_level; 1366 s->log_file = stderr; 1367 #ifdef CONFIG_FSFREEZE 1368 s->fsfreeze_hook = config->fsfreeze_hook; 1369 #endif 1370 s->pstate_filepath = g_strdup_printf("%s/qga.state", config->state_dir); 1371 s->state_filepath_isfrozen = g_strdup_printf("%s/qga.state.isfrozen", 1372 config->state_dir); 1373 s->frozen = check_is_frozen(s); 1374 1375 if (config->dumpconf) { 1376 config_dump(config); 1377 goto end; 1378 } 1379 1380 ret = run_agent(s, config); 1381 1382 end: 1383 if (s->command_state) { 1384 ga_command_state_cleanup_all(s->command_state); 1385 } 1386 if (s->channel) { 1387 ga_channel_free(s->channel); 1388 } 1389 g_list_foreach(config->blacklist, free_blacklist_entry, NULL); 1390 g_free(s->pstate_filepath); 1391 g_free(s->state_filepath_isfrozen); 1392 1393 if (config->daemonize) { 1394 unlink(config->pid_filepath); 1395 } 1396 1397 config_free(config); 1398 1399 return ret; 1400 } 1401