aboutsummaryrefslogtreecommitdiff
path: root/qga
AgeCommit message (Collapse)AuthorFilesLines
2014-11-17qga: fix false negative argument passingGonglei1-2/+2
Function send_response(s, &qdict->base) returns a negative number when any failures occured. But strerror()'s parameter cannot be negative. Let's change the testing condition and pass '-ret' to strerr(). Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-22qga: Rewrite code where using readdir_rzhanghailiang1-12/+15
If readdir_r fails, error_setg_errno will reference the freed pointer *dirpath*. Moreover, readdir_r may cause a buffer overflow, using readdir instead. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-08-15channel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)Gonglei1-1/+1
Technically, fcntl(soc, F_SETFL, O_NONBLOCK) is incorrect since it clobbers all other file flags. We can use F_GETFL to get the current flags, set or clear the O_NONBLOCK flag, then use F_SETFL to set the flags. Using the qemu_set_nonblock() wrapper. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Wangxin <wangxinxin.wang@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-07qga: Disable unsupported commands by defaultTomoki Sekiyama4-1/+71
Currently management softwares cannot know whether a qemu-ga command is supported or not on the running platform until they actually execute it. This patch disables unsupported commands at launch time of qemu-ga, so that management softwares can check whether they are supported from 'enabled' property of the result from 'guest-info' command. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-08-07qga: Add guest-get-fsinfo commandTomoki Sekiyama3-1/+522
Add command to get mounted filesystems information in the guest. The returned value contains a list of mountpoint paths and corresponding disks info such as disk bus type, drive address, and the disk controllers' PCI addresses, so that management layer such as libvirt can resolve the disk backends. For example, when `lsblk' result is: NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 0 1G 0 disk `-sdb1 8:17 0 1024M 0 part `-vg0-lv0 253:1 0 1.4G 0 lvm /mnt/test sdc 8:32 0 1G 0 disk `-sdc1 8:33 0 512M 0 part `-vg0-lv0 253:1 0 1.4G 0 lvm /mnt/test vda 252:0 0 25G 0 disk `-vda1 252:1 0 25G 0 part / where sdb is a SCSI disk with PCI controller 0000:00:0a.0 and ID=1, sdc is an IDE disk with PCI controller 0000:00:01.1, and vda is a virtio-blk disk with PCI device 0000:00:06.0, guest-get-fsinfo command will return the following result: {"return": [{"name":"dm-1", "mountpoint":"/mnt/test", "disk":[ {"bus-type":"scsi","bus":0,"unit":1,"target":0, "pci-controller":{"bus":0,"slot":10,"domain":0,"function":0}}, {"bus-type":"ide","bus":0,"unit":0,"target":0, "pci-controller":{"bus":0,"slot":1,"domain":0,"function":1}}], "type":"xfs"}, {"name":"vda1", "mountpoint":"/", "disk":[ {"bus-type":"virtio","bus":0,"unit":0,"target":0, "pci-controller":{"bus":0,"slot":6,"domain":0,"function":0}}], "type":"ext4"}]} In Linux guest, the disk information is resolved from sysfs. So far, it only supports virtio-blk, virtio-scsi, IDE, SATA, SCSI disks on x86 hosts, and "disk" parameter may be empty for unsupported disk types. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> *updated schema to report 2.2 as initial supported version Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-08-07qga: Add guest-fsfreeze-freeze-list commandTomoki Sekiyama3-1/+57
If an array of mount point paths is specified as 'mountpoints' argument of guest-fsfreeze-freeze-list, qemu-ga will only freeze the file systems mounted on specified paths in Linux guests. Otherwise, it works as the same way as guest-fsfreeze-freeze. This would be useful when the host wants to create partial disk snapshots. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Eric Blake <eblake@redhat.com> *updated schema to report 2.2 as initial supported version Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-07-18qga: Add missing 'static' attributeStefan Weil1-1/+1
This fixes a warning from the static code analysis (smatch). Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-06-03qga: Fix handle fd leak in acquire_privilege()Gonglei1-2/+4
token should be closed in all conditions. So move CloseHandle(token) to "out" branch. Signed-off-by: Wang Rui <moon.wangrui@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-05-09qga: Drop superfluous error_is_set()Markus Armbruster1-10/+0
acquire_privilege(), execute_async() and check_suspend_mode() do nothing when called with an error set. Callers shouldn't do that, and no caller does. Drop the superfluous tests. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-09qga: Clean up fragile use of error_is_set()Markus Armbruster2-20/+40
Using error_is_set(ERRP) to find out whether a function failed is either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP may be null, because errors go undetected when it is. It's fragile when proving ERRP non-null involves a non-local argument. Else, it's unnecessarily opaque (see commit 84d18f0). The error_is_set(errp) in the guest agent command handler functions are merely fragile, because all chall chains (do_qmp_dispatch() via the generated marshalling functions) pass a non-null errp argument. Make the code more robust and more obviously correct: receive the error in a local variable, then propagate it through the parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-09qga: Use return values instead of error_is_set(errp)Markus Armbruster2-3/+4
Using error_is_set(errp) to check whether a function call failed is fragile: it breaks when errp is null. ga_get_fd_handle() and guest_file_handle_add() don't return a useful value when they fail, but that's just stupid. Fix that, and check them instead. As far as I can tell, errp can't be null there, but this is more robust and more obviously correct. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-09qga: Consistently name Error ** objects errp, and not errMarkus Armbruster5-155/+161
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-07qga: Fix typo (plural) in commentStefan Weil1-1/+1
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-18qga: trivial fix for unclear documentation of guest-set-timeAmos Kong2-8/+8
We mixed the use of "guest time", "system time", "hardware time", "RTC" in documentation, it's unclear. This patch just added two remarks of RTC and replace two "guest time" by "guest's system time". Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-07vss-win32: Fix build with mingw64-headers-3.1.0Tomoki Sekiyama1-0/+3
In mingw64-headers-3.1.0, definition of _com_issue_error() is added, which conflicts with definition in install.cpp. This adds version checking for mingw headers to disable the definition when the headers>=3.1 is used. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-03-03qga: Remove unneeded include fileStefan Weil1-1/+0
This file does not depend on windows.h. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-02-23qemu-ga: isa-serial support on WindowsMiki Mishael2-6/+31
Add support for isa-serial method for qemu-ga on Windows, Added -p command line parameter for serial port name specification, e.g. "-p COM15". Signed-off-by: Miki Mishael <mmishael@redhat.com> Signed-off-by: Dmitry Fleytman <dfleytma@redhat.com> *added default isa-serial path to help output Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-23qga: Fix memory allocation pastoMarkus Armbruster1-1/+1
qmp_guest_file_seek() allocates memory for a GuestFileRead object instead of the GuestFileSeek object it actually uses. Harmless, because the GuestFileRead is slightly larger. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-23qga: Don't require 'time' argument in guest-set-time commandMichal Privoznik3-29/+51
As the description to the guest-set-time states, the command is there to ease time synchronization after resume. If guest was suspended for longer period of time, its system time can go off so badly, that even NTP refuses to set it. That's why the command was invented: to give users chance to set the time (not necessarily 100% correct). However, there's is no real need for us to require users to pass an arbitrary time. Especially if we can read the correct value from RTC (boiling down to reading host's time). Hence this commit enables logic: guest-set-time() == guest-set-time($now_from_rtc) Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-23qga: vss-win32: Fix interference with snapshot deletion by other VSS requestTomoki Sekiyama1-1/+3
When a VSS requester such as vshadow.exe or diskshadow.exe requests to delete snapshots, qemu-ga VSS provider's DeleteSnapshots() is also called and returns E_NOTIMPL, that makes the deletion fail. To avoid this issue, return S_OK and set values that represent no snapshots are deleted by qemu-ga VSS provider. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-23qga: vss-win32: Fix interference with snapshot creation by other VSS requestersTomoki Sekiyama2-27/+36
When a VSS requester such as vshadow.exe or diskshadow.exe requests to create disk snapshots, Windows may choose qemu-ga VSS provider if it is only provider registered on the system. However, because it provides only a function to freeze the filesystem, the snapshotting fails. This patch adds a check into CQGAVssProvider::IsVolumeSupported() to reject the request from other VSS requesters, so that the other provider is chosen. The check of requester is done by confirming event channels between qemu-ga's requester and provider established. To ensure that the events are initialized when CQGAVssProvider::IsVolumeSupported() is called, it moves the initialization earlier. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-23qga: vss-win32: Use NULL as an invalid pointer for OpenEvent and CreateEventTomoki Sekiyama2-17/+13
OpenEvent and CreateEvent WinAPI return NULL when failed to open/create events handles, instead of INVALID_HANDLE_VALUE (although their return types are HANDLE). This replaces INVALID_HANDLE_VALUE related to event handles with NULL. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-02-17Use error_is_set() only when necessaryMarkus Armbruster2-10/+10
error_is_set(&var) is the same as var != NULL, but it takes whole-program analysis to figure that out. Unnecessarily hard for optimizers, static checkers, and human readers. Dumb it down to obvious. Gets rid of several dozen Coverity false positives. Note that the obvious form is already used in many places. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2013-11-25qga: Fix two format strings for MinGWStefan Weil1-2/+2
Both code locations cause a compiler warning. Using "%s" instead of "%lu" would result in a program crash if the wrong code were executed. Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-id: 1385409257-2522-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-11-25Merge remote-tracking branch 'bonzini/tags/for-anthony' into stagingAnthony Liguori2-5/+5
Here are a bunch of 1.7-tagged patches that I was afraid were getting forgotten or that did not have a clear maintainer responsible for making a pull request. # gpg: Signature made Thu 21 Nov 2013 08:40:59 AM PST using RSA key ID 9B4D86F2 # gpg: Can't check signature: public key not found # By Peter Maydell (3) and others # Via Paolo Bonzini * bonzini/tags/for-anthony: qga: Fix compiler warnings (missing format attribute, wrong format strings) mips jazz: do not raise data bus exception when accessing invalid addresses target-i386: yield to another VCPU on PAUSE rng-egd: offset the point when repeatedly read from the buffer rng-egd: remove redundant free target-i386: Fix build by providing stub kvm_arch_get_supported_cpuid() vfio-pci: Fix multifunction=on atomic.h: Fix build with clang pc: get rid of builtin pvpanic for "-M pc-1.5" configure: Explicitly set ARFLAGS so we can build with GNU Make 4.0 sun4m: Add FCode ROM for TCX framebuffer Message-id: 1385052578-32352-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-11-22qemu-ga: vss-win32: Install VSS provider COM+ application serviceTomoki Sekiyama1-6/+10
Currently, qemu-ga for Windows fails to execute guset-fsfreeze-freeze when no user is logging in to Windows, with an error message: {"error":{"class":"GenericError", "desc":"failed to add C:\\ to snapshotset: (error: 8004230f)"}} To enable guest-fsfreeze-freeze/thaw without logging in users, this installs a service to execute qemu-ga VSS provider COM+ application that has full access privileges to the local system. The service will automatically be removed when the COM+ application is deregistered. This patch replaces ICOMAdminCatalog interface with ICOMAdminCatalog2 interface that contains CreateServiceForApplication() method in addition. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Tested-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-11-21qga: Fix compiler warnings (missing format attribute, wrong format strings)Stefan Weil2-5/+5
gcc 4.8.2 reports this warning when extra warnings are enabled (-Wextra): CC qga/commands.o qga/commands.c: In function ‘slog’: qga/commands.c:28:5: error: function might be possible candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format] g_logv("syslog", G_LOG_LEVEL_INFO, fmt, ap); ^ gcc 4.8.2 reports this warning when slog is declared with the gnu_printf format attribute: qga/commands-posix.c: In function ‘qmp_guest_file_open’: qga/commands-posix.c:404:5: warning: format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘int64_t’ [-Wformat=] slog("guest-file-open, handle: %d", handle); ^ On 32 bit hosts there are three more warnings which are also fixed here. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-11-16qga: Fix shutdown command of guest agent to work with SysVwhitearchey1-1/+1
For now guest agent uses following command to shutdown system: shutdown -P +0 "blabla" but this syntax works only with shutdown command from systemd or upstart, because SysV shutdown requires -h switch. Following patch changes the command so it works with systemd, upstart and SysV With upstart/systemd qga use one of thee commands, depending on 'mode' parameter: shutdown -P +0 "..." shutdown -H +0 "..." shutdown -r +0 "..." SysV equivalents for these are: shutdown -h -P +0 "..." shutdown -h -H +0 "..." shutdown -h -r +0 "..." and these retain their meaning with upstart/systemd. According to FreeBSD manpages, shutdown does not accept -P and -H options. Commands should be: shutdown -p +0 "..." shutdown -h +0 "..." shutdown -r +0 "..." shutdown in Solaris does not accept any of -hHpPr and does not accept time in "+0" format Signed-off-by: Michael Avdienko <whitearchey@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-11-13qga: Fix compilation for old versions of MinGWStefan Weil1-0/+1
While MinGW-w64 can compile the qga code, MinGW from Debian lenny (gcc-mingw32 4.4.2-3) shows these errors: In file included from qga/vss-win32.c:17: qga/vss-win32/requester.h:31: error: expected »=«, »,«, »;«, »asm« or »__attribute__« before »requester_init« qga/vss-win32/requester.h:32: error: expected »=«, »,«, »;«, »asm« or »__attribute__« before »requester_deinit« The macro STDAPI is unknown, so add the missing include file which defines it. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-10qemu-ga: Extend 'guest-info' command to expose flag 'success-response'Mark Wu2-1/+5
Now we have several qemu-ga commands not returning response on success. It has been documented in qga/qapi-schema.json already. This patch exposes the 'success-response' flag by extending 'guest-info' command. With this change, the clients can handle the command response more flexibly. Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> *fixed up commit subject Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-10-10qemu-ga: Add interface to traverse the qmp command list by QmpCommandMark Wu2-68/+45
In the original code, qmp_get_command_list is used to construct a list of all commands' name. To get the information of all qga commands, it traverses the name list and search the command info with its name. So it can cause O(n^2) in the number of commands. This patch adds an interface to traverse the qmp command list by QmpCommand to replace qmp_get_command_list. It can decrease the complexity from O(n^2) to O(n). Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> *fix up commit subject Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-10-10qemu-ga: execute fsfreeze-freeze in reverse order of mountsTomoki Sekiyama1-2/+2
Currently, fsfreeze-freeze may cause deadlock if a guest has loopback mounts of image files in its disk; e.g.: # mount | grep ^/ /dev/vda1 / type ext4 (rw,noatime,seclabel,data=ordered) /tmp/disk.img on /mnt type ext4 (rw,relatime,seclabel) To avoid the deadlock, this freezes filesystems in reverse order of mounts. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Eric Blake <eblake@redhat.com> *fix up commit msg Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-09-09qemu-ga: Install Windows VSS provider on `qemu-ga -s install'Tomoki Sekiyama3-1/+37
Register QGA VSS provider library into Windows when qemu-ga is installed as Windows service ('-s install' option). It is deregistered when the service is uninstalled ('-s uninstall' option). Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-09-09qemu-ga: Call Windows VSS requester in fsfreeze command handlerTomoki Sekiyama4-8/+240
Support guest-fsfreeze-freeze and guest-fsfreeze-thaw commands for Windows guests. When fsfreeze command is issued, it calls the VSS requester to freeze filesystems and applications. On thaw command, it again tells the VSS requester to thaw them. This also adds calling of initialize functions for the VSS requester. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-09-09qemu-ga: Add Windows VSS provider and requester as DLLTomoki Sekiyama10-0/+1717
Adds VSS provider and requester as a qga-vss.dll, which is loaded by Windows VSS service as well as by qemu-ga. "provider.cpp" implements a basic stub of a software VSS provider. Currently, this module only relays a frozen event from VSS service to the agent, and thaw event from the agent to VSS service, to block VSS process to keep the system frozen while snapshots are taken at the host. To register the provider to the guest system as COM+ application, the type library (.tlb) for qga-vss.dll is required. To build it from COM IDL (.idl), VisualC++, MIDL and stdole2.tlb in Windows SDK are required. This patch also adds pre-compiled .tlb file in the repository in order to enable cross-compile qemu-ga.exe for Windows with VSS support. "requester.cpp" provides the VSS requester to kick the VSS snapshot process. Qemu-ga.exe works without the DLL, although fsfreeze features are disabled. These functions are only supported in Windows 2003 or later. In older systems, fsfreeze features are disabled. In several versions of Windows which don't support attribute VSS_VOLSNAP_ATTR_NO_AUTORECOVERY, DoSnapshotSet fails with error VSS_E_OBJECT_NOT_FOUND. In this patch, we just ignore this error. To solve this fundamentally, we need a framework to handle mount writable snapshot on guests, which is required by VSS auto-recovery feature (cleanup phase after a snapshot is taken). Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-07-25qga: escape cmdline args when registering win32 service (CVE-2013-2231)Laszlo Ersek1-5/+74
Reported-by: Lev Veyde <lveyde@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-07-25ga_install_service(): nest error paths more idiomaticallyLaszlo Ersek1-10/+12
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-07-25qga/service-win32.c: diagnostic output should go to stderrLaszlo Ersek1-3/+3
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: save state directory in ga_install_service()Laszlo Ersek3-3/+17
If the user selects a non-default state directory at service installation time, we should remember it in the registered service. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: remove undefined behavior in ga_install_service()Laszlo Ersek1-8/+11
We shouldn't snprintf() from a buffer to the same buffer. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: create state directory on win32Laszlo Ersek1-0/+14
On Win32 the local state directory is application specific and users might expect qemu-ga to create it automatically. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-30qga: determine default state dir and pidfile dynamicallyLaszlo Ersek1-6/+26
No effective change on POSIX, but on Win32 the defaults come from the environment / session. Since commit 39097daf ("qemu-ga: use key-value store to avoid recycling fd handles after restart") we've relied on the state directory for the fd handles' key-value store. Even though we don't support the guest-file-* commands on win32 yet, the key-value store is written, and it's the first use of the state directory on win32. We should have a sensible default for its location. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-17Merge remote-tracking branch 'mdroth/qga-pull-2013-05-13' into stagingAnthony Liguori1-6/+19
* mdroth/qga-pull-2013-05-13: qga: unlink just created guest-file if fchmod() or fdopen() fails on it qga: distinguish binary modes in "guest_file_open_modes" map Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-05-13qga: unlink just created guest-file if fchmod() or fdopen() fails on itLaszlo Ersek1-0/+3
We shouldn't allow guest filesystem pollution on error paths. Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-13qga: distinguish binary modes in "guest_file_open_modes" mapLaszlo Ersek1-6/+16
In Windows guests this may make a difference. Since the original patch (commit c689b4f1) sought to be pedantic and to consider theoretical corner cases of portability, we should fix it up where it failed to come through in that pursuit. Suggested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-05-12remove double semicolonsDong Xu Wang1-1/+1
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-05-07qga: set umask 0077 when daemonizing (CVE-2013-2007)Laszlo Ersek2-5/+120
The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-02qemu-ga: ga_get_fd_handle(): abort if fd_counter overflowsLuiz Capitulino1-2/+6
Today we reset fd_counter if it wraps, but it's better to abort() instead, as fd_counter should never reach INT64_MAX. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> *fixed typo: s/resonable/reasonable/ Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-04-02qga schema: document generic QERR_UNSUPPORTEDLaszlo Ersek1-0/+11
Part of the wording was shamelessly stolen from Michael Roth's email. Suggested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-04-02qga schema: mark optional GuestLogicalProcessor.can-offline with #optionalLaszlo Ersek1-3/+4
Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>