Patchwork [1/2] qemu-ga: execute script to quiesce the guest on fsfreeze-freeze/thaw

login
register
mail settings
Submitter Tomoki Sekiyama
Date Nov. 8, 2012, 12:05 p.m.
Message ID <509B9FEF.4040604@hitachi.com>
Download mbox | patch
Permalink /patch/197859/
State New
Headers show

Comments

Tomoki Sekiyama - Nov. 8, 2012, 12:05 p.m.
To use the online disk snapshot for online-backup, application-level
consistency of the snapshot image is required. However, currently the
guest agent can provide only filesystem-level consistency, and the
snapshot may contain dirty data, for example, incomplete transactions.
This patch provides the opportunity to quiesce applications before
snapshot is taken.

When the qemu-ga receives fsfreeze-freeze command, the script specified
in --fsfreeze-script option is executed with "freeze" argument before the
filesystem is frozen. For fsfreeze-thaw command, the script is executed
with "thaw" argument after the filesystem is thawed.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
---
 qemu-ga.c              | 42 +++++++++++++++++++++++++++++++++++++++++-
 qga/commands-posix.c   | 34 ++++++++++++++++++++++++++++++++++
 qga/guest-agent-core.h |  2 ++
 3 files changed, 77 insertions(+), 1 deletion(-)
Eric Blake - Nov. 8, 2012, 6:38 p.m.
On 11/08/2012 05:05 AM, Tomoki Sekiyama wrote:

[Recoding to UTF-8, as ISO-2022-JP is not universally installed these
days - you may want to reconsider your mailer's defaults]

> To use the online disk snapshot for online-backup, application-level
> consistency of the snapshot image is required. However, currently the
> guest agent can provide only filesystem-level consistency, and the
> snapshot may contain dirty data, for example, incomplete transactions.
> This patch provides the opportunity to quiesce applications before
> snapshot is taken.
> 
> When the qemu-ga receives fsfreeze-freeze command, the script specified
> in --fsfreeze-script option is executed with "freeze" argument before the
> filesystem is frozen. For fsfreeze-thaw command, the script is executed
> with "thaw" argument after the filesystem is thawed.
> 
> Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
> ---

> @@ -396,6 +397,34 @@ GuestFsfreezeStatus qmp_guest_fsfreeze_status(Error **err)
>      return GUEST_FSFREEZE_STATUS_THAWED;
>  }
>  
> +int execute_fsfreeze_script(const char *arg)
> +{
> +    int ret = -1;
> +    const char *fsfreeze_script;
> +    char *cmdline;
> +    struct stat st;
> +
> +    fsfreeze_script = ga_fsfreeze_script(ga_state);
> +    if (fsfreeze_script && stat(fsfreeze_script, &st) == 0) {
> +        if (S_ISREG(st.st_mode) && (st.st_mode & S_IXUSR)) {

Is it any simpler to use access(fsfreeze_script, X_OK) to check if the
script exists and is executable?

> +            slog("executing fsfreeze script with arg `%s'", arg);
> +            cmdline = malloc(strlen(fsfreeze_script) + strlen(arg) + 2);

Don't we prefer g_malloc over malloc in qemu-ga?

> +            if (cmdline) {
> +                sprintf(cmdline, "%s %s", fsfreeze_script, arg);

Thankfully, this doesn't overflow, but isn't there a glib function that
makes it easier to create a malloc'd concatenated string in one call
rather than pairing a malloc and sprintf?  That said, why do you even
need a single string, given that...

> +                ret = system(cmdline);

...system() is not required to be thread-safe, but we should assume that
qemu-ga is multi-threaded, and therefore we should not use system.
Besides executing things via an extra layer of shell opens doors for
further problems; for example, if the user starts qemu-ga with
--fsfreeze-script '/path/with spaces/script', your command line is
horribly broken when passed through the shell.  It would be much better
to directly fork() and exec() the script ourselves instead of relying on
system().

> +                free(cmdline);
> +            }
> +            if (ret > 0) {
> +                g_warning("fsfreeze script failed with status=%d", ret);

This is a potentially misleading message; you should be using macros
such as WEXITSTATUS when interpreting the result of system(), since not
all systems return exit status 1 in the same bit position.

> +            } else if (ret == -1) {
> +                g_warning("execution of fsfreeze script failed: %s",
> +                          strerror(errno));

free() is allowed to clobber errno, which means you may be reporting the
wrong error if system() failed with -1.

> +            }
> +        }
> +    }
> +    return ret;
> +}
> +

The idea of having the freeze and thaw actions hook out to
user-specified actions for additional steps seems nice, but this patch
series needs a lot more work.
Tomoki Sekiyama - Nov. 12, 2012, 4:10 a.m.
Hi Eric, thanks for your review.

On 2012/11/09 3:38, Eric Blake wrote:
> On 11/08/2012 05:05 AM, Tomoki Sekiyama wrote:
> 
> [Recoding to UTF-8, as ISO-2022-JP is not universally installed these
> days - you may want to reconsider your mailer's defaults]

Now this should be UTF-8, sorry.

>> To use the online disk snapshot for online-backup, application-level
>> consistency of the snapshot image is required. However, currently the
>> guest agent can provide only filesystem-level consistency, and the
>> snapshot may contain dirty data, for example, incomplete transactions.
>> This patch provides the opportunity to quiesce applications before
>> snapshot is taken.
>>
>> When the qemu-ga receives fsfreeze-freeze command, the script specified
>> in --fsfreeze-script option is executed with "freeze" argument before the
>> filesystem is frozen. For fsfreeze-thaw command, the script is executed
>> with "thaw" argument after the filesystem is thawed.
>>
>> Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
>> ---
> 
>> @@ -396,6 +397,34 @@ GuestFsfreezeStatus qmp_guest_fsfreeze_status(Error **err)
>>      return GUEST_FSFREEZE_STATUS_THAWED;
>>  }
>>  
>> +int execute_fsfreeze_script(const char *arg)
>> +{
>> +    int ret = -1;
>> +    const char *fsfreeze_script;
>> +    char *cmdline;
>> +    struct stat st;
>> +
>> +    fsfreeze_script = ga_fsfreeze_script(ga_state);
>> +    if (fsfreeze_script && stat(fsfreeze_script, &st) == 0) {
>> +        if (S_ISREG(st.st_mode) && (st.st_mode & S_IXUSR)) {
> 
> Is it any simpler to use access(fsfreeze_script, X_OK) to check if the
> script exists and is executable?

OK, I will use access() here.

<snip>
>> +                ret = system(cmdline);
> 
> ...system() is not required to be thread-safe, but we should assume that
> qemu-ga is multi-threaded, and therefore we should not use system.
> Besides executing things via an extra layer of shell opens doors for
> further problems; for example, if the user starts qemu-ga with
> --fsfreeze-script '/path/with spaces/script', your command line is
> horribly broken when passed through the shell.  It would be much better
> to directly fork() and exec() the script ourselves instead of relying on
> system().

I will use fork()/exec() method instead of system(), as in shutdown,
so I can remove malloc/free.

>> +            if (ret > 0) {
>> +                g_warning("fsfreeze script failed with status=%d", ret);
> 
> This is a potentially misleading message; you should be using macros
> such as WEXITSTATUS when interpreting the result of system(), since not
> all systems return exit status 1 in the same bit position.

OK. I will refine error messages.

> The idea of having the freeze and thaw actions hook out to
> user-specified actions for additional steps seems nice, but this patch
> series needs a lot more work.

Regards,

Patch

diff --git a/qemu-ga.c b/qemu-ga.c
index 9b59a52..7cb682e 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -34,6 +34,12 @@ 
 #include "qga/service-win32.h"
 #include <windows.h>
 #endif
+#ifdef __linux__
+#include <linux/fs.h>
+#ifdef FIFREEZE
+#define CONFIG_FSFREEZE
+#endif
+#endif
 
 #ifndef _WIN32
 #define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
@@ -42,6 +48,9 @@ 
 #endif
 #define QGA_STATEDIR_DEFAULT CONFIG_QEMU_LOCALSTATEDIR "/run"
 #define QGA_PIDFILE_DEFAULT QGA_STATEDIR_DEFAULT "/qemu-ga.pid"
+#ifdef CONFIG_FSFREEZE
+#define QGA_FSFREEZE_SCRIPT_DEFAULT CONFIG_QEMU_CONFDIR "/fsfreeze.sh"
+#endif
 #define QGA_SENTINEL_BYTE 0xFF
 
 struct GAState {
@@ -64,6 +73,9 @@  struct GAState {
         const char *log_filepath;
         const char *pid_filepath;
     } deferred_options;
+#ifdef CONFIG_FSFREEZE
+    const char *fsfreeze_script;
+#endif
 };
 
 struct GAState *ga_state;
@@ -153,6 +165,10 @@  static void usage(const char *cmd)
 "                    %s)\n"
 "  -l, --logfile     set logfile path, logs to stderr by default\n"
 "  -f, --pidfile     specify pidfile (default is %s)\n"
+#ifdef CONFIG_FSFREEZE
+"  -F, --fsfreeze_script\n"
+"                    specify fsfreeze script (default is %s)\n"
+#endif
 "  -t, --statedir    specify dir to store state information (absolute paths\n"
 "                    only, default is %s)\n"
 "  -v, --verbose     log extra debugging information\n"
@@ -167,6 +183,9 @@  static void usage(const char *cmd)
 "\n"
 "Report bugs to <mdroth@linux.vnet.ibm.com>\n"
     , cmd, QEMU_VERSION, QGA_VIRTIO_PATH_DEFAULT, QGA_PIDFILE_DEFAULT,
+#ifdef CONFIG_FSFREEZE
+    QGA_FSFREEZE_SCRIPT_DEFAULT,
+#endif
     QGA_STATEDIR_DEFAULT);
 }
 
@@ -401,6 +420,13 @@  void ga_unset_frozen(GAState *s)
     }
 }
 
+#ifdef CONFIG_FSFREEZE
+const char *ga_fsfreeze_script(GAState *s)
+{
+    return s->fsfreeze_script;
+}
+#endif
+
 static void become_daemon(const char *pidfile)
 {
 #ifndef _WIN32
@@ -678,10 +704,13 @@  VOID WINAPI service_main(DWORD argc, TCHAR *argv[])
 
 int main(int argc, char **argv)
 {
-    const char *sopt = "hVvdm:p:l:f:b:s:t:";
+    const char *sopt = "hVvdm:p:l:f:F:b:s:t:";
     const char *method = NULL, *path = NULL;
     const char *log_filepath = NULL;
     const char *pid_filepath = QGA_PIDFILE_DEFAULT;
+#ifdef CONFIG_FSFREEZE
+    const char *fsfreeze_script = QGA_FSFREEZE_SCRIPT_DEFAULT;
+#endif
     const char *state_dir = QGA_STATEDIR_DEFAULT;
 #ifdef _WIN32
     const char *service = NULL;
@@ -691,6 +720,9 @@  int main(int argc, char **argv)
         { "version", 0, NULL, 'V' },
         { "logfile", 1, NULL, 'l' },
         { "pidfile", 1, NULL, 'f' },
+#ifdef CONFIG_FSFREEZE
+        { "fsfreeze-script", 1, NULL, 'F' },
+#endif
         { "verbose", 0, NULL, 'v' },
         { "method", 1, NULL, 'm' },
         { "path", 1, NULL, 'p' },
@@ -723,6 +755,11 @@  int main(int argc, char **argv)
         case 'f':
             pid_filepath = optarg;
             break;
+#ifdef CONFIG_FSFREEZE
+        case 'F':
+            fsfreeze_script = optarg;
+            break;
+#endif
         case 't':
              state_dir = optarg;
              break;
@@ -786,6 +823,9 @@  int main(int argc, char **argv)
     s = g_malloc0(sizeof(GAState));
     s->log_level = log_level;
     s->log_file = stderr;
+#ifdef CONFIG_FSFREEZE
+    s->fsfreeze_script = fsfreeze_script;
+#endif
     g_log_set_default_handler(ga_log, s);
     g_log_set_fatal_mask(NULL, G_LOG_LEVEL_ERROR);
     ga_enable_logging(s);
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 726930a..007c0a3 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -13,6 +13,7 @@ 
 
 #include <glib.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/wait.h>
 #include "qga/guest-agent-core.h"
@@ -396,6 +397,34 @@  GuestFsfreezeStatus qmp_guest_fsfreeze_status(Error **err)
     return GUEST_FSFREEZE_STATUS_THAWED;
 }
 
+int execute_fsfreeze_script(const char *arg)
+{
+    int ret = -1;
+    const char *fsfreeze_script;
+    char *cmdline;
+    struct stat st;
+
+    fsfreeze_script = ga_fsfreeze_script(ga_state);
+    if (fsfreeze_script && stat(fsfreeze_script, &st) == 0) {
+        if (S_ISREG(st.st_mode) && (st.st_mode & S_IXUSR)) {
+            slog("executing fsfreeze script with arg `%s'", arg);
+            cmdline = malloc(strlen(fsfreeze_script) + strlen(arg) + 2);
+            if (cmdline) {
+                sprintf(cmdline, "%s %s", fsfreeze_script, arg);
+                ret = system(cmdline);
+                free(cmdline);
+            }
+            if (ret > 0) {
+                g_warning("fsfreeze script failed with status=%d", ret);
+            } else if (ret == -1) {
+                g_warning("execution of fsfreeze script failed: %s",
+                          strerror(errno));
+            }
+        }
+    }
+    return ret;
+}
+
 /*
  * Walk list of mounted file systems in the guest, and freeze the ones which
  * are real local file systems.
@@ -410,6 +439,8 @@  int64_t qmp_guest_fsfreeze_freeze(Error **err)
 
     slog("guest-fsfreeze called");
 
+    execute_fsfreeze_script("freeze");
+
     QTAILQ_INIT(&mounts);
     ret = build_fs_mount_list(&mounts);
     if (ret < 0) {
@@ -513,6 +544,9 @@  int64_t qmp_guest_fsfreeze_thaw(Error **err)
 
     ga_unset_frozen(ga_state);
     free_fs_mount_list(&mounts);
+
+    execute_fsfreeze_script("thaw");
+
     return i;
 }
 
diff --git a/qga/guest-agent-core.h b/qga/guest-agent-core.h
index 49a7abe..b466bfd 100644
--- a/qga/guest-agent-core.h
+++ b/qga/guest-agent-core.h
@@ -34,6 +34,8 @@  void ga_set_response_delimited(GAState *s);
 bool ga_is_frozen(GAState *s);
 void ga_set_frozen(GAState *s);
 void ga_unset_frozen(GAState *s);
+const char *ga_fsfreeze_script(GAState *s);
+int execute_fsfreeze_script(const char *arg);
 
 #ifndef _WIN32
 void reopen_fd_to_null(int fd);