aboutsummaryrefslogtreecommitdiff
path: root/qemu-ga.c
AgeCommit message (Collapse)Author
2012-08-22qemu-ga: don't leak a file descriptor upon failed lockfJim Meyering
Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-13error: drop error_get_qobject()/error_set_qobject()Luiz Capitulino
error_get_qobject() is unused since last commit, error_set_qobject() has never been used. Also drops error_int.h. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-08-13qemu-ga: switch to the new error format on the wireLuiz Capitulino
IMPORTANT: this BREAKS qemu-ga compatibility for the error response. Instead of returning something like: { "error": { "class": "InvalidParameterValue", "data": {"name": "mode", "expected": "halt|powerdown|reboot" } } } qemu-ga now returns: { "error": { "class": "GenericError", "desc": "Parameter 'mode' expects halt|powerdown|reboot" } } Notice that this is also a bug fix, as qemu-ga wasn't returning the human message. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-08-02Support 'help' as a synonym for '?' in command line optionsPeter Maydell
For command line options which permit '?' meaning 'please list the permitted values', add support for 'help' as a synonym, by abstracting the check out into a helper function. This change means that in some cases where we were being lazy in our string parsing, "?junk" will now be rejected as an invalid option rather than being (undocumentedly) treated the same way as "?". Update the documentation to use 'help' rather than '?', since '?' is a shell metacharacter and thus prone to fail confusingly if there is a single character filename in the current working directory and the '?' has not been escaped. It's therefore better to steer users towards 'help', though '?' is retained for backwards compatibility. We do not, however, update the output of the system emulator's -help (or any documentation autogenerated from the qemu-options.hx which is the source of the -help text) because libvirt parses our -help output and will break. At a later date when QEMU provides a better interface so libvirt can avoid having to do this, we can update the -help text too. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-05-15qemu-ga: align versioning with QEMU_VERSIONMichael Roth
Previously qemu-ga version was defined seperately. Since it is aligned with QEMU releases, use QEMU_VERSION instead. This also implies the version bump for 1.1[-rcN] release of qemu-ga. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Acked-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15qemu-ga: fix segv after failure to open log fileMichael Roth
Currently, if we fail to open the specified log file (generally due to a permissions issue), we'll assign NULL to the logfile handle (stderr, initially) used by the logging routines, which can cause a segfault to occur when we attempt to report the error before exiting. Instead, only re-assign if the open() was successful. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15qemu-ga: guest-suspend: make the API synchronousLuiz Capitulino
Currently, qemu-ga has a SIGCHLD handler that automatically reaps terminated children processes. The idea is to avoid having qemu-ga commands blocked waiting for children to terminate. That approach has two problems: 1. qemu-ga is unable to detect errors in the child, meaning that qemu-ga returns success even if the child fails to perform its task 2. if a command does depend on the child exit status, the command has to play tricks to bypass the automatic reaper Case 2 impacts the guest-suspend-* API, because it has to execute an external program to check for suspend support. Today, to bypass the automatic reaper, suspend code has to double fork and pass exit status information through a pipe. Besides being complex, this is prone to race condition bugs. Indeed, the current code does have such bugs. Making the guest-suspend-* API synchronous (ie. by dropping the SIGCHLD handler and calling waitpid() from commands) is a much simpler approach, which fixes current race conditions bugs and enables commands to detect errors in the child. This commit does just that. There's a side effect though, guest-shutdown will generate zombies if shutting down fails. This will be fixed by the next commit. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15qemu-ga: become_daemon(): reopen standard fds to /dev/nullLuiz Capitulino
This fixes a bug where qemu-ga doesn't suspend the guest because it fails to detect suspend support even when the guest does support suspend. This happens because of the way qemu-ga fds are managed in daemon mode. When starting qemu-ga with --daemon, become_daemon() will close all standard fds. This will cause qemu-ga to end up with the following fds (if started with 'qemu-ga --daemon'): 0 -> /dev/vport0p1 3 -> /run/qemu-ga.pid Then a guest-suspend-* function is issued. They call bios_supports_mode(), which will call pipe(), and qemu-ga's fd will be: 0 -> /dev/vport0p1 1 -> pipe:[16247] 2 -> pipe:[16247] 3 -> /run/qemu-ga.pid bios_supports_mode() forks off a child and blocks waiting for the child to write something to the pipe. The child, however, closes its reading end of the pipe _and_ reopen all standard fds to /dev/null. This will cause the child's fds to be: 0 -> /dev/null 1 -> /dev/null 2 -> /dev/null 3 -> /run/qemu-ga.pid In other words, the child's writing end of the pipe is now /dev/null. It writes there and exits. The parent process (blocked on read()) will get an EOF and interpret this as "something unexpected happened in the child, let's assume the guest doesn't support suspend". And suspend will fail. To solve this problem we have to reopen standard fds to /dev/null in become_daemon(), instead of closing them. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15qemu-ga: make reopen_fd_to_null() publicLuiz Capitulino
The next commit wants to use it. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15qemu-ga: don't warn on no command returnLuiz Capitulino
This is a valid condition when a command chooses to not emit a success response. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-14fix some common typosJim Meyering
These were identified using: http://github.com/lyda/misspell-check and run like this to create a bourne shell script using GNU sed's -i option: git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \ -pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/' Manually eliding the FP, "rela->real" and resolving "addres" to address (not "adders") we get this: sed -i '450s!thru!through!' Changelog sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c sed -i '54s!miniscule!minuscule!' disas.c sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json sed -i '307s!explictly!explicitly!' qemu-ga.c sed -i '490s!preceeding!preceding!' qga/commands-posix.c sed -i '792s!addres!address!' qga/commands-posix.c sed -i '6s!beeing!being!' tests/tcg/test-mmap.c Also, manually fix "arithmentic", spotted by Peter Maydell: sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c Signed-off-by: Jim Meyering <meyering@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2012-04-30qemu-ga: persist tracking of fsfreeze state via filesystemMichael Roth
Currently, qemu-ga may die/get killed/go away for whatever reason after guest-fsfreeze-freeze has been issued, and before guest-fsfreeze-thaw has been issued. This means the only way to unfreeze the guest is via VNC/network/console access, but obtaining that access after-the-fact can often be very difficult when filesystems are frozen. Logins will almost always hang, for instance. In many cases the only recourse would be to reboot the guest without any quiescing of volatile state, which makes this a corner-case worth giving some attention to. A likely failsafe for this situation would be to use a watchdog to restart qemu-ga if it goes away. There are some precautions qemu-ga needs to take in order to avoid immediately hanging itself on I/O, however, namely, we must disable logging and defer to processing/creation of user-specific logfiles, along with creation of the pid file if we're running as a daemon. We also need to disable non-fsfreeze-safe commands, as we normally would when processing the guest-fsfreeze-freeze command. To track when we need to do this in a way that persists between multiple invocations of qemu-ga, we create a file on the guest filesystem before issuing the fsfreeze, and delete it when doing the thaw. On qemu-ga startup, we check for the existance of this file to determine the need to take the above precautions. We're forced to do it this way since a more traditional approach such as reading/writing state to a dedicated state file will cause access/modification time updates, respectively, both of which will hang if the file resides on a frozen filesystem. Both can occur even if relatime is enabled. Checking for file existence will not update the access time, however, so it's a safe way to check for fsfreeze state. An actual watchdog-based restart of qemu-ga can itself cause an access time update that would thus hang the invocation of qemu-ga, but the logic to workaround that can be handled via the watchdog, so we don't address that here (for relatime we'd periodically touch the qemu-ga binary if the file $qga_statedir/qga.state.isfrozen is not present, this avoids qemu-ga updates or the 1 day relatime threshold causing an access-time update if we try to respawn qemu-ga shortly after it goes away) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-04-30qemu-ga: add a whitelist for fsfreeze-safe commandsMichael Roth
Currently we rely on fsfreeze/thaw commands disabling/enabling logging then having other commands check whether logging is disabled to avoid executing if they aren't safe for running while a filesystem is frozen. Instead, have an explicit whitelist of fsfreeze-safe commands, and consolidate logging and command enablement/disablement into a pair of helper functions: ga_set_frozen()/ga_unset_frozen() Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-04-19qemu-ga: fix help outputMichael Roth
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-03-12qemu-ga: add guest-sync-delimitedMichael Roth
guest-sync leaves it as an exercise to the user as to how to reliably obtain the response to guest-sync if the client had previously read in a partial response (due qemu-ga previously being restarted mid-"sentence" due to reboot, forced restart, etc). qemu-ga handles this situation on its end by having a client precede their guest-sync request with a 0xFF byte (invalid UTF-8), which qemu-ga/QEMU JSON parsers will treat as a flush event. Thus we can reliably flush the qemu-ga parser state in preparation for receiving the guest-sync request. guest-sync-delimited provides the same functionality for a client: when a guest-sync-delimited is issued, qemu-ga will precede it's response with a 0xFF byte that the client can use as an indicator to flush its buffer/parser state in preparation for reliably receiving the guest-sync-delimited response. It is also useful as an optimization for clients, since, after issuing a guest-sync-delimited, clients can safely discard all stale data read from the channel until the 0xFF is found. More information available on the wiki: http://wiki.qemu.org/Features/QAPI/GuestAgent#QEMU_Guest_Agent_Protocol Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-03-12qemu-ga: add guest-suspend-diskLuiz Capitulino
As the command name implies, this command suspends the guest to disk. The suspend operation is implemented by two functions: bios_supports_mode() and guest_suspend(). Both functions are generic enough to be used by other suspend modes (introduced by next commits). Both functions will try to use the scripts provided by the pm-utils package if it's available. If it's not available, a manual method, which consists of directly writing to '/sys/power/state', will be used. To reap terminated children, a new signal handler is installed in the parent to catch SIGCHLD signals and a non-blocking call to waitpid() is done to collect their exit statuses. The statuses, however, are discarded. The approach used to query the guest for suspend support deserves some explanation. It's implemented by bios_supports_mode() and shown below: qemu-ga | create pipe | fork() ----------------- | | | | | fork() | -------------------------- | | | | | | | | exec('pm-is-supported') | | | wait() | write exit status to pipe | exit | read pipe This might look complex, but the resulting code is quite simple. The purpose of that approach is to allow qemu-ga to reap its children (semi-)automatically from its SIGCHLD handler. Implementing this the obvious way, that's, doing the exec() call from the first child process, would force us to introduce a more complex way to reap qemu-ga's children. Like registering PIDs to be reaped and having a way to wait for them when returning their exit status to qemu-ga is necessary. The approach explained above avoids that complexity. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-02-23qemu-ga: add Windows service integrationMichael Roth
This allows qemu-ga to function as a Windows service: - to install the service (will auto-start on boot): qemu-ga --service install - to start the service: net start qemu-ga - to stop the service: net stop qemu-ga - to uninstall service: qemu-ga --service uninstall Original patch by Gal Hammer <ghammer@redhat.com>
2012-02-23qemu-ga: add initial win32 supportMichael Roth
This adds a win32 channel implementation that makes qemu-ga functional on Windows using virtio-serial (unix-listen/isa-serial not currently implemented). Unlike with the posix implementation, we do not use GIOChannel for the following reasons: - glib calls stat() on an fd to check whether S_IFCHR is set, which is the case for virtio-serial on win32. Because of that, a one-time check to determine whether the channel is readable is done by making a call to PeekConsoleInput(), which reports the underlying handle is not a valid console handle, and thus we can never read from the channel. - if one goes as far as to "trick" glib into thinking it is a normal file descripter, the buffering is done in such a way that data written to the output stream will subsequently result in that same data being read back as if it were input, causing an error loop. furthermore, a forced flush of the channel only moves the data into a secondary buffer managed by glib, so there's no way to prevent output from getting read back as input. The implementation here ties into the glib main loop by implementing a custom GSource that continually submits asynchronous/overlapped I/O to fill an GAChannel-managed read buffer, and tells glib to poll the corresponding event handle for a completion whenever there is no data/RPC in the read buffer to notify the main application about.
2012-02-23qemu-ga: fixes for win32 build of qemu-gaMichael Roth
Various stubs and #ifdefs to compile for Windows using mingw cross-build. Still has 1 linker error due to a dependency on the forthcoming win32 versions of the GAChannel/transport class.
2012-02-23qemu-ga: move channel/transport functionality into wrapper classMichael Roth
This is mostly in preparation for the win32 port, which won't use GIO channels for reasons that will be made clearer later. Here the GAChannel class is just a loose wrapper around GIOChannel calls/callbacks, but we also roll in the logic/configuration for various channel types and managing unix socket connections, which makes the abstraction much more complete and further aids in the win32 port since isa-serial/unix-listen will not be supported initially. There's also a bit of refactoring in the main logic to consolidate the exit paths so we can do common cleanup for things like pid files, which weren't always cleaned up previously.
2012-01-13Spelling fixes in comments and documentationStefan Weil
Codespell detected these new spelling issues. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-12-12guest agent: add RPC blacklist command-line optionMichael Roth
This adds a command-line option, -b/--blacklist, that accepts a comma-seperated list of RPCs to disable, or prints a list of available RPCs if passed "?". In consequence this also adds general blacklisting and RPC listing facilities to the new QMP dispatch/registry facilities, should the QMP monitor ever have a need for such a thing. Ideally, to avoid support/compatability issues in the future, blacklisting guest agent functionality will be the exceptional case, but we add the functionality here to handle guest administrators with specific requirements. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-29Fix spelling in comments and debug messages (recieve -> receive)Stefan Weil
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Reviewed-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-08-21guest agent: remove g_strcmp0 usageMichael Roth
g_strcmp0 isn't in all version of glib 2.0, so don't use it to avoid build breakage on older distros. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-20Use glib memory allocation and free functionsAnthony Liguori
qemu_malloc/qemu_free no longer exist after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23qemu-ga: remove dependency on gio and gthreadAnthony Liguori
As far as I can tell, there isn't a dependency on gthread. Also, the only use of gio was to enable GSocket to accept a unix domain socket. Since GSocket isn't available on OpenSuSE 11.1, let's just remove that dependency. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-21guest agent: add guest agent RPCs/commandsMichael Roth
This adds the initial set of QMP/QAPI commands provided by the guest agent: guest-sync guest-ping guest-info guest-shutdown guest-file-open guest-file-read guest-file-write guest-file-seek guest-file-flush guest-file-close guest-fsfreeze-freeze guest-fsfreeze-thaw guest-fsfreeze-status The input/output specification for these commands are documented in the schema. Example usage: host: qemu -device virtio-serial \ -chardev socket,path=/tmp/vs0.sock,server,nowait,id=qga0 \ -device virtserialport,chardev=qga0,name=org.qemu.quest_agent.0 ... echo "{'execute':'guest-info'}" | socat stdio unix-connect:/tmp/qga0.sock guest: qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \ -p /var/run/qemu-guest-agent.pid -d Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@gmail.com>
2011-07-21guest agent: qemu-ga daemonMichael Roth
This is the actual guest daemon, it listens for requests over a virtio-serial/isa-serial/unix socket channel and routes them through to dispatch routines, and writes the results back to the channel in a manner similar to QMP. A shorthand invocation: qemu-ga -d Is equivalent to: qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \ -f /var/run/qemu-ga.pid -d Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@gmail.com>