aboutsummaryrefslogtreecommitdiff
path: root/qga/main.c
AgeCommit message (Collapse)AuthorFilesLines
2013-05-30qga: save state directory in ga_install_service()Laszlo Ersek1-1/+10
If the user selects a non-default state directory at service installation time, we should remember it in the registered service. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: create state directory on win32Laszlo Ersek1-0/+14
On Win32 the local state directory is application specific and users might expect qemu-ga to create it automatically. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: determine default state dir and pidfile dynamicallyLaszlo Ersek1-6/+26
No effective change on POSIX, but on Win32 the defaults come from the environment / session. Since commit 39097daf ("qemu-ga: use key-value store to avoid recycling fd handles after restart") we've relied on the state directory for the fd handles' key-value store. Even though we don't support the guest-file-* commands on win32 yet, the key-value store is written, and it's the first use of the state directory on win32. We should have a sensible default for its location. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-07qga: set umask 0077 when daemonizing (CVE-2013-2007)Laszlo Ersek1-1/+1
The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-02qemu-ga: ga_get_fd_handle(): abort if fd_counter overflowsLuiz Capitulino1-2/+6
Today we reset fd_counter if it wraps, but it's better to abort() instead, as fd_counter should never reach INT64_MAX. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> *fixed typo: s/resonable/reasonable/ Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-03-15qga/main.c: Don't use g_key_file_get/set_int64Peter Crosthwaite1-2/+2
These functions don't exist until glib version 2.26. QEMU is currently only mandating glib 2.12. This patch replaces the functions with g_key_file_get/set_integer. Unbreaks the build on Ubuntu 10.04 and RHEL 5.6. Regression was introduced by 39097daf15c42243742667607d2cad2c9dc4f764 Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1363323879-682-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-03-11qemu-ga: use key-value store to avoid recycling fd handles after restartMichael Roth1-0/+184
Hosts hold on to handles provided by guest-file-open for periods that can span beyond the life of the qemu-ga process that issued them. Since these are issued starting from 0 on every restart, we run the risk of issuing duplicate handles after restarts/reboots. As a result, users with a stale copy of these handles may end up reading/writing corrupted data due to their existing handles effectively being re-assigned to an unexpected file or offset. We unfortunately do not issue handles as strings, but as integers, so a solution such as using UUIDs can't be implemented without introducing a new interface. As a workaround, we fix this by implementing a persistent key-value store that will be used to track the value of the last handle that was issued across restarts/reboots to avoid issuing duplicates. The store is automatically written to the same directory we currently set via --statedir to track fsfreeze state, and so should be applicable for stable releases where this flag is supported. A follow-up can use this same store for handling fsfreeze state, but that change is cosmetic and left out for now. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org * fixed guest_file_handle_add() return value from uint64_t to int64_t
2013-03-11qemu-ga: make guest-sync-delimited available during fsfreezeMichael Roth1-0/+1
We currently maintain a whitelist of commands that are safe during fsfreeze. During fsfreeze, we disable all commands that aren't part of that whitelist. guest-sync-delimited meets the criteria for being whitelisted, and is also required for qemu-ga clients that rely on guest-sync-delimited for re-syncing the channel after a timeout. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com>
2013-01-14qemu-ga: Plug file descriptor leak on ga_open_pidfile() error pathMarkus Armbruster1-0/+2
Spotted by Coverity. Also document why we keep it open on success. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-01-14qemu-ga: Drop pointless lseek() from ga_open_pidfile()Markus Armbruster1-1/+1
After open(), the file offset is already zero, and neither lockf() nor ftruncate() change it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-01-14qemu-ga: Document intentional fall through in channel_event_cb()Markus Armbruster1-0/+1
For clarity, and to hush up Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-01-14qemu-ga: add ga_open_logfile()Luiz Capitulino1-2/+15
This function sets O_CLOEXEC on the log file fd so that it isn't leaked to executed processes. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Amos Kong <akong@redhat.com> Tested-by: Amos Kong <akong@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-01-14qemu-ga: ga_open_pidfile(): use qemu_open()Luiz Capitulino1-1/+1
This ensures that O_CLOEXEC is passed to open(), this way the pid file fd is not leaked to executed processes. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Amos Kong <akong@redhat.com> Tested-by: Amos Kong <akong@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-01-08qemu-ga: execute hook to quiesce the guest on fsfreeze-freeze/thawTomoki Sekiyama1-1/+47
To use the online disk snapshot for online-backup, application-level consistency of the snapshot image is required. However, currently the guest agent can provide only filesystem-level consistency, and the snapshot may contain dirty data, for example, incomplete transactions. This patch provides the opportunity to quiesce applications before snapshot is taken. If --fsfreeze-hook option is specified, the hook is executed with "freeze" argument before the filesystem is frozen by fsfreeze-freeze command. As for fsfreeze-thaw command, the hook is executed with "thaw" argument after the filesystem is thawed. This patch depends on patchset to improve error reporting by Luiz Capitulino: http://lists.gnu.org/archive/html/qemu-devel/2012-11/msg03016.html Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> *clarified usage in help output Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini1-1/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19qapi: move include files to include/qobject/Paolo Bonzini1-6/+6
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19qemu-ga: move qemu-ga files to qga/Paolo Bonzini1-0/+901
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>