Commit Graph

90 Commits

Author SHA1 Message Date
Paolo Bonzini
af02203fbe qemu-ga: make names more generic for mount list functions
We will use these functions and types for more than FSFREEZE, so rename them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-06-21 17:59:18 -05:00
Paolo Bonzini
4eb7ba8aff build: move qga/ objects to nested Makefile.objs
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-06-07 09:21:16 +02:00
Michael Roth
9e2fa418fb qemu-ga: avoid blocking on atime update when reading /etc/mtab
Currently we re-read/re-process /etc/mtab to get an updated list of
mounts when guest-fsfreeze-thaw is called. This can cause an atime
update on /etc/mtab, which will block if we're in a frozen state.

Instead, use /proc's version of mtab, which may not be up-to-date with
options passed via -o remount, but is compatible for our use cases since
we only care about the filesystem type.

Reported-by: Matsuda, Daiki <matsudadik@intellilink.co.jp>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-29 21:00:42 -05:00
Andreas Färber
eecae14724 qemu-ga: Fix use of environ on Darwin
Use _NSGetEnviron() helper to access the environment.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Charlie Somerville <charlie@charliesomerville.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-29 21:00:40 -05:00
Luiz Capitulino
2c02cbf6e9 qemu-ga: Fix missing environ declaration
Commit 3674838cd0 uses the environ global
variable, but is relying on environ to be declared somewhere else.

This worked for me because on F16 environ is declared in <unistd.h>, but
that doesn't happen in OpenBSD for example, causing a build failure.

This commit fixes the build error by declaring environ if it hasn't
being declared yet.

Also fixes a build warning due to a missing <sys/wait.h> include.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-24 13:06:33 -05:00
Michael Roth
8efacc43ae qemu-ga: align versioning with QEMU_VERSION
Previously qemu-ga version was defined seperately. Since it is aligned
with QEMU releases, use QEMU_VERSION instead. This also implies the
version bump for 1.1[-rcN] release of qemu-ga.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15 09:17:06 -05:00
Luiz Capitulino
3674838cd0 qemu-ga: guest-shutdown: use only async-signal-safe functions
POSIX mandates[1] that a child process of a multi-thread program uses
only async-signal-safe functions before exec(). We consider qemu-ga
to be multi-thread, because it uses glib.

However, qmp_guest_shutdown() uses functions that are not
async-signal-safe. Fix it the following way:

- fclose() -> reopen_fd_to_null()
- execl() -> execle()
- exit() -> _exit()
- drop slog() usage (which is not safe)

  [1] http://pubs.opengroup.org/onlinepubs/009695399/functions/fork.html

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15 09:15:16 -05:00
Luiz Capitulino
d5dd3498eb qemu-ga: guest-shutdown: become synchronous
Last commit dropped qemu-ga's SIGCHLD handler, used to automatically
reap terminated children processes. This introduced a bug to
qmp_guest_shutdown(): it will generate zombies.

This problem probably doesn't matter in the success case, as the VM
will shutdown anyway, but let's do the right thing and reap the
created process. This ultimately means that guest-shutdown is now a
synchronous command.

An interesting side effect is that guest-shutdown is now able to
report an error to the client if shutting down fails.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15 09:15:16 -05:00
Luiz Capitulino
dc8764f061 qemu-ga: guest-suspend: make the API synchronous
Currently, qemu-ga has a SIGCHLD handler that automatically reaps terminated
children processes. The idea is to avoid having qemu-ga commands blocked
waiting for children to terminate.

That approach has two problems:

 1. qemu-ga is unable to detect errors in the child, meaning that qemu-ga
    returns success even if the child fails to perform its task

 2. if a command does depend on the child exit status, the command has to
    play tricks to bypass the automatic reaper

Case 2 impacts the guest-suspend-* API, because it has to execute an external
program to check for suspend support. Today, to bypass the automatic reaper,
suspend code has to double fork and pass exit status information through a
pipe. Besides being complex, this is prone to race condition bugs. Indeed,
the current code does have such bugs.

Making the guest-suspend-* API synchronous (ie. by dropping the SIGCHLD
handler and calling waitpid() from commands) is a much simpler approach,
which fixes current race conditions bugs and enables commands to detect
errors in the child.

This commit does just that. There's a side effect though, guest-shutdown
will generate zombies if shutting down fails. This will be fixed by the
next commit.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15 09:15:16 -05:00
Luiz Capitulino
04b4e75f33 qemu-ga: make reopen_fd_to_null() public
The next commit wants to use it.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-05-15 09:15:16 -05:00
Jim Meyering
a31f053129 fix some common typos
These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:

git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'

Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:

  sed -i '450s!thru!through!' Changelog
  sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
  sed -i '54s!miniscule!minuscule!' disas.c
  sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
  sed -i '307s!explictly!explicitly!' qemu-ga.c
  sed -i '490s!preceeding!preceding!' qga/commands-posix.c
  sed -i '792s!addres!address!' qga/commands-posix.c
  sed -i '6s!beeing!being!' tests/tcg/test-mmap.c

Also, manually fix "arithmentic", spotted by Peter Maydell:

  sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c

Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2012-05-14 07:27:24 +02:00
Anthony Liguori
75e4e8475b Merge remote-tracking branch 'mdroth/qga-pull-4-27-12' into staging
* mdroth/qga-pull-4-27-12:
  qemu-ga: persist tracking of fsfreeze state via filesystem
  qemu-ga: add a whitelist for fsfreeze-safe commands
  qemu-ga: improve recovery options for fsfreeze
2012-05-01 18:44:03 -05:00
Andreas Färber
e61ab1da7e qemu-ga: Implement alternative to O_ASYNC
ga_channel_open() was using open flag O_ASYNC for SIGIO-driven I/O.
This breaks on illumos, so fall back to POSIX I_SETSIG ioctl (SIGPOLL).

Signed-off-by: Lee Essen <lee.essen@nowonline.co.uk>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-05-01 10:49:23 +00:00
Michael Roth
f22d85e9e6 qemu-ga: add a whitelist for fsfreeze-safe commands
Currently we rely on fsfreeze/thaw commands disabling/enabling logging
then having other commands check whether logging is disabled to avoid
executing if they aren't safe for running while a filesystem is frozen.

Instead, have an explicit whitelist of fsfreeze-safe commands, and
consolidate logging and command enablement/disablement into a pair
of helper functions: ga_set_frozen()/ga_unset_frozen()

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-04-30 08:42:10 -05:00
Michael Roth
9e8aded432 qemu-ga: improve recovery options for fsfreeze
guest-fsfreeze-thaw relies on state information obtained from
guest-fsfreeze-freeze to determine what filesystems to unfreeze.
This is unreliable due to the fact that that state does not account
for FIFREEZE being issued by other processes, or previous instances
of qemu-ga. This means in certain situations we cannot thaw
filesystems even with a responsive qemu-ga instance at our disposal.

This patch allows guest-fsfreeze-thaw to be issued unconditionally.
It also adds some additional logic to allow us to thaw filesystems
regardless of how many times the filesystem's "frozen" refcount has
been incremented by any guest processes.

Also, guest-fsfreeze-freeze now operates atomically: on success all
freezable filesystems are frozen, and on error all filesystems are
thawed. The ambiguous "GUEST_FSFREEZE_STATUS_ERROR" state is no
longer entered.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-04-30 08:41:40 -05:00
Michael Roth
d35d4cb517 qemu-ga: generate missing stubs for fsfreeze
When linux-specific commands (including guest-fsfreeze-*) were consolidated
under defined(__linux__), we forgot to account for the case where
defined(__linux__) && !defined(FIFREEZE). As a result stubs are no longer
being generated on linux hosts that don't have FIFREEZE support. Fix
this.

Tested-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-04-19 10:42:59 -05:00
Michael Roth
e72c3f2ed9 qemu-ga: fix bsd build, and re-org linux-specific implementations 2012-03-25 14:34:20 -05:00
Jeff Cody
b71706d122 qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()
In the function ga_channel_write(), the handle ov.hEvent is created
by the call to CreateEvent(). However, the handle is not closed
prior to the function return.

This patch closes the handle before the return of the function.

Kudos to Paolo Bonzini for spotting this bug.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-03-19 11:31:04 +00:00
Michael Roth
3cf0bed836 qemu-ga: add guest-sync-delimited
guest-sync leaves it as an exercise to the user as to how to reliably
obtain the response to guest-sync if the client had previously read in a
partial response (due qemu-ga previously being restarted mid-"sentence"
due to reboot, forced restart, etc).

qemu-ga handles this situation on its end by having a client precede
their guest-sync request with a 0xFF byte (invalid UTF-8), which
qemu-ga/QEMU JSON parsers will treat as a flush event. Thus we can
reliably flush the qemu-ga parser state in preparation for receiving
the guest-sync request.

guest-sync-delimited provides the same functionality for a client: when
a guest-sync-delimited is issued, qemu-ga will precede it's response
with a 0xFF byte that the client can use as an indicator to flush its
buffer/parser state in preparation for reliably receiving the
guest-sync-delimited response.

It is also useful as an optimization for clients, since, after issuing a
guest-sync-delimited, clients can safely discard all stale data read
from the channel until the 0xFF is found.

More information available on the wiki:

http://wiki.qemu.org/Features/QAPI/GuestAgent#QEMU_Guest_Agent_Protocol

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-03-12 15:09:23 -05:00
Michal Privoznik
3424fc9f16 qemu-ga: add guest-network-get-interfaces command
This command returns an array of:

 [ifname, hwaddr, [ipaddr, ipaddr_family, prefix] ]

for each interface in the system.
Currently, only IPv4 and IPv6 are supported.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2012-03-12 15:09:18 -05:00
Michael Roth
f54603b6aa qemu-ga: add win32 guest-suspend-ram command
S3 sleep implementation for windows.
2012-03-12 15:09:18 -05:00
Gal Hammer
aa59637ea1 qemu-ga: add win32 guest-suspend-disk command.
Implement guest-suspend-disk RPC for Windows. Functionally this should be
equivalent to the posix implementation.

Signed-off-by: Gal Hammer <ghammer@redhat.com>
2012-03-12 15:09:18 -05:00
Luiz Capitulino
95f4f404e1 qemu-ga: add guest-suspend-hybrid
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-03-12 15:09:18 -05:00
Luiz Capitulino
fbf42210c1 qemu-ga: add guest-suspend-ram
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-03-12 15:09:18 -05:00
Luiz Capitulino
11d0f1255b qemu-ga: add guest-suspend-disk
As the command name implies, this command suspends the guest to disk.

The suspend operation is implemented by two functions: bios_supports_mode()
and guest_suspend(). Both functions are generic enough to be used by
other suspend modes (introduced by next commits).

Both functions will try to use the scripts provided by the pm-utils
package if it's available. If it's not available, a manual method,
which consists of directly writing to '/sys/power/state', will be used.

To reap terminated children, a new signal handler is installed in the
parent to catch SIGCHLD signals and a non-blocking call to waitpid()
is done to collect their exit statuses. The statuses, however, are
discarded.

The approach used to query the guest for suspend support deserves some
explanation. It's implemented by bios_supports_mode() and shown below:

  qemu-ga
     |
 create pipe
     |
   fork()
     -----------------
     |               |
     |               |
     |             fork()
     |               --------------------------
     |               |                        |
     |               |                        |
     |               |               exec('pm-is-supported')
     |               |
     |              wait()
     |       write exit status to pipe
     |              exit
     |
  read pipe

This might look complex, but the resulting code is quite simple.
The purpose of that approach is to allow qemu-ga to reap its children
(semi-)automatically from its SIGCHLD handler.

Implementing this the obvious way, that's, doing the exec() call from
the first child process, would force us to introduce a more complex way
to reap qemu-ga's children. Like registering PIDs to be reaped and
having a way to wait for them when returning their exit status to
qemu-ga is necessary. The approach explained above avoids that complexity.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-03-12 15:09:18 -05:00
Michael Roth
546b60d06b qemu-ga: add win32 guest-shutdown command
Implement guest-shutdown RPC for Windows. Functionally this should be
equivalent to the posix implementation.

Original patch by Gal Hammer <ghammer@redhat.com>
2012-02-23 15:43:50 -06:00
Michael Roth
bc62fa039c qemu-ga: add Windows service integration
This allows qemu-ga to function as a Windows service:

 - to install the service (will auto-start on boot):
     qemu-ga --service install
 - to start the service:
     net start qemu-ga
 - to stop the service:
     net stop qemu-ga
 - to uninstall service:
     qemu-ga --service uninstall

Original patch by Gal Hammer <ghammer@redhat.com>
2012-02-23 15:43:50 -06:00
Michael Roth
7868e26e59 qemu-ga: add initial win32 support
This adds a win32 channel implementation that makes qemu-ga functional
on Windows using virtio-serial (unix-listen/isa-serial not currently
implemented). Unlike with the posix implementation, we do not use
GIOChannel for the following reasons:

 - glib calls stat() on an fd to check whether S_IFCHR is set, which is
   the case for virtio-serial on win32. Because of that, a one-time
   check to determine whether the channel is readable is done by making
   a call to PeekConsoleInput(), which reports the underlying handle is
   not a valid console handle, and thus we can never read from the
   channel.

 - if one goes as far as to "trick" glib into thinking it is a normal
   file descripter, the buffering is done in such a way that data
   written to the output stream will subsequently result in that same
   data being read back as if it were input, causing an error loop.
   furthermore, a forced flush of the channel only moves the data into a
   secondary buffer managed by glib, so there's no way to prevent output
   from getting read back as input.

The implementation here ties into the glib main loop by implementing a
custom GSource that continually submits asynchronous/overlapped I/O to
fill an GAChannel-managed read buffer, and tells glib to poll the
corresponding event handle for a completion whenever there is no
data/RPC in the read buffer to notify the main application about.
2012-02-23 15:43:49 -06:00
Michael Roth
d8ca685acb qemu-ga: fixes for win32 build of qemu-ga
Various stubs and #ifdefs to compile for Windows using mingw
cross-build. Still has 1 linker error due to a dependency on the
forthcoming win32 versions of the GAChannel/transport class.
2012-02-23 15:40:16 -06:00
Michael Roth
c216e5add1 qemu-ga: rename guest-agent-commands.c -> commands-posix.c 2012-02-23 15:40:16 -06:00
Michael Roth
42074a9d4d qemu-ga: separate out common commands from posix-specific ones
Many of the current RPC implementations are very much POSIX-specific
and require complete re-writes for Windows. There are however a small
set of core guest agent commands that are common to both, and other
commands such as guest-file-* which *may* be portable. So we introduce
commands.c for the latter, and will rename guest-agent-commands.c to
commands-posix.c in a future commit. Windows implementations will go in
commands-win32.c, eventually.
2012-02-23 15:40:16 -06:00
Michael Roth
125b310e1d qemu-ga: move channel/transport functionality into wrapper class
This is mostly in preparation for the win32 port, which won't use
GIO channels for reasons that will be made clearer later. Here the
GAChannel class is just a loose wrapper around GIOChannel
calls/callbacks, but we also roll in the logic/configuration for
various channel types and managing unix socket connections, which makes
the abstraction much more complete and further aids in the win32 port
since isa-serial/unix-listen will not be supported initially.

There's also a bit of refactoring in the main logic to consolidate the
exit paths so we can do common cleanup for things like pid files, which
weren't always cleaned up previously.
2012-02-23 15:40:16 -06:00
Michael Roth
bf95c0d55c guest agent: add supported command list to guest-info RPC
Not that there is blacklisting functionality we can no longer infer
the agent's capabilities via version. This patch extends the current
guest-info RPC to also return a list of dictionaries containing the name
of each supported RPC, along with a boolean indicating whether or not
the command has been disabled by a guest administrator/distro.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-12-12 17:06:21 -06:00
Anthony Liguori
7267c0947d Use glib memory allocation and free functions
qemu_malloc/qemu_free no longer exist after this commit.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-20 23:01:08 -05:00
Anthony Liguori
4eb36d40da guest-agent: only enable FSFREEZE when it's supported by the kernel
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23 18:24:05 -05:00
Michael Roth
9af99f1daf guest agent: use QERR_UNSUPPORTED for disabled RPCs
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23 10:19:50 -05:00
Anthony Liguori
7006b9cff3 guest-agent: fix build with OpenBSD
FS-Freeze only works with Linux.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-22 15:21:59 -05:00
Michael Roth
e3d4d25206 guest agent: add guest agent RPCs/commands
This adds the initial set of QMP/QAPI commands provided by the guest
agent:

guest-sync
guest-ping
guest-info
guest-shutdown
guest-file-open
guest-file-read
guest-file-write
guest-file-seek
guest-file-flush
guest-file-close
guest-fsfreeze-freeze
guest-fsfreeze-thaw
guest-fsfreeze-status

The input/output specification for these commands are documented in the
schema.

Example usage:

  host:
    qemu -device virtio-serial \
         -chardev socket,path=/tmp/vs0.sock,server,nowait,id=qga0 \
         -device virtserialport,chardev=qga0,name=org.qemu.quest_agent.0
         ...

    echo "{'execute':'guest-info'}" | socat stdio unix-connect:/tmp/qga0.sock

  guest:
    qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
            -p /var/run/qemu-guest-agent.pid -d

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@gmail.com>
2011-07-21 16:48:15 -03:00
Michael Roth
48ff7a625b guest agent: qemu-ga daemon
This is the actual guest daemon, it listens for requests over a
virtio-serial/isa-serial/unix socket channel and routes them through
to dispatch routines, and writes the results back to the channel in
a manner similar to QMP.

A shorthand invocation:

  qemu-ga -d

Is equivalent to:

  qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
          -f /var/run/qemu-ga.pid -d

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@gmail.com>
2011-07-21 16:48:15 -03:00
Michael Roth
13a286d57b guest agent: command state class
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@gmail.com>
2011-07-21 16:48:15 -03:00