From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Markus Armbruster" <armbru@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Konstantin Kostiuk" <kkostiuk@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH 07/14] qga: use special feature to mark those that can run when FS are frozen
Date: Tue, 4 Jun 2024 16:32:35 +0100 [thread overview]
Message-ID: <20240604153242.251334-8-berrange@redhat.com> (raw)
In-Reply-To: <20240604153242.251334-1-berrange@redhat.com>
Currently a list of commands which are safe to run when FS are frozen
is hardcoded in the source. Now that the QAPI schema allows custom
special features, a 'fs-frozen' feature can be added to track this
metadata.
This has the benefit that the restrictions on commands permitted when
frozen are now recorded in the QGA generated documentation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
qga/main.c | 22 ++--------------------
qga/qapi-schema.json | 44 +++++++++++++++++++++++++++++++++++++++-----
2 files changed, 41 insertions(+), 25 deletions(-)
diff --git a/qga/main.c b/qga/main.c
index c7b7b0a9bc..7bf5ec49ba 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -128,17 +128,6 @@ struct GAState {
struct GAState *ga_state;
QmpCommandList ga_commands;
-/* commands that are safe to issue while filesystems are frozen */
-static const char *ga_freeze_allowlist[] = {
- "guest-ping",
- "guest-info",
- "guest-sync",
- "guest-sync-delimited",
- "guest-fsfreeze-status",
- "guest-fsfreeze-thaw",
- NULL
-};
-
#ifdef _WIN32
DWORD WINAPI service_ctrl_handler(DWORD ctrl, DWORD type, LPVOID data,
LPVOID ctx);
@@ -421,7 +410,6 @@ static gint ga_strcmp(gconstpointer str1, gconstpointer str2)
static bool ga_command_is_allowed(const QmpCommand *cmd, GAState *state)
{
- int i = 0;
GAConfig *config = state->config;
const char *name = qmp_command_name(cmd);
/* Fallback policy is allow everything */
@@ -453,15 +441,9 @@ static bool ga_command_is_allowed(const QmpCommand *cmd, GAState *state)
* If frozen, this filtering must take priority over
* absolutely everything
*/
- if (state->frozen) {
+ if (state->frozen &&
+ !qmp_command_has_feature(cmd, QAPI_FEATURE_FS_FROZEN)) {
allowed = false;
-
- while (ga_freeze_allowlist[i] != NULL) {
- if (strcmp(name, ga_freeze_allowlist[i]) == 0) {
- allowed = true;
- }
- i++;
- }
}
return allowed;
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 571be3a914..8b1eff3abc 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -36,7 +36,11 @@
'guest-sync-delimited' ],
# Types and commands with undocumented members:
'documentation-exceptions': [
- 'GuestNVMeSmart' ] } }
+ 'GuestNVMeSmart' ],
+ 'command-features': [
+ # Commands permitted while FS are frozen
+ 'fs-frozen'
+ ] } }
##
# @guest-sync-delimited:
@@ -67,11 +71,16 @@
#
# Returns: The unique integer id passed in by the client
#
+# Features:
+#
+# @fs-frozen: permitted to execute when filesystems are frozen
+#
# Since: 1.1
##
{ 'command': 'guest-sync-delimited',
'data': { 'id': 'int' },
- 'returns': 'int' }
+ 'returns': 'int',
+ 'features': [ 'fs-frozen'] }
##
# @guest-sync:
@@ -104,20 +113,30 @@
#
# Returns: The unique integer id passed in by the client
#
+# Features:
+#
+# @fs-frozen: permitted to execute when filesystems are frozen
+#
# Since: 0.15.0
##
{ 'command': 'guest-sync',
'data': { 'id': 'int' },
- 'returns': 'int' }
+ 'returns': 'int',
+ 'features': [ 'fs-frozen'] }
##
# @guest-ping:
#
# Ping the guest agent, a non-error return implies success
#
+# Features:
+#
+# @fs-frozen: permitted to execute when filesystems are frozen
+#
# Since: 0.15.0
##
-{ 'command': 'guest-ping' }
+{ 'command': 'guest-ping',
+ 'features': [ 'fs-frozen'] }
##
# @guest-get-time:
@@ -196,10 +215,15 @@
#
# Returns: @GuestAgentInfo
#
+# Features:
+#
+# @fs-frozen: permitted when filesystems are frozen
+#
# Since: 0.15.0
##
{ 'command': 'guest-info',
- 'returns': 'GuestAgentInfo' }
+ 'returns': 'GuestAgentInfo',
+ 'features': [ 'fs-frozen'] }
##
# @guest-shutdown:
@@ -426,10 +450,15 @@
# Note: This may fail to properly report the current state as a result
# of some other guest processes having issued an fs freeze/thaw.
#
+# Features:
+#
+# @fs-frozen: permitted when filesystems are frozen
+#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-status',
'returns': 'GuestFsfreezeStatus',
+ 'features': [ 'fs-frozen'],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
@@ -488,10 +517,15 @@
# filesystems were unfrozen before this call, and that the
# filesystem state may have changed before issuing this command.
#
+# Features:
+#
+# @fs-frozen: permitted when filesystems are frozen
+#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-thaw',
'returns': 'int',
+ 'features': [ 'fs-frozen'],
'if': { 'any': ['CONFIG_WIN32', 'CONFIG_FSFREEZE'] } }
##
--
2.45.1
next prev parent reply other threads:[~2024-06-04 15:33 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 15:32 [PATCH 00/14] Improve mechanism for configuring allowed commands Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 01/14] qapi: use "QAPI_FEATURE" as namespace for special features Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 02/14] qapi: add helper for checking if a command feature is set Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 03/14] qapi: cope with special feature names containing a '-' Daniel P. Berrangé
2024-07-12 7:54 ` Markus Armbruster
2024-06-04 15:32 ` [PATCH 04/14] qapi: add a 'command-features' pragma Daniel P. Berrangé
2024-07-12 8:07 ` Markus Armbruster
2024-07-12 8:12 ` Daniel P. Berrangé
2024-07-12 8:50 ` Markus Armbruster
2024-07-12 9:17 ` Daniel P. Berrangé
2024-07-16 18:08 ` Markus Armbruster
2024-07-17 10:46 ` Daniel P. Berrangé
2024-07-17 11:43 ` Markus Armbruster
2024-06-04 15:32 ` [PATCH 05/14] qapi: stop hardcoding list of special features Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 06/14] qapi: define enum for custom special features on commands Daniel P. Berrangé
2024-06-04 15:32 ` Daniel P. Berrangé [this message]
2024-06-04 15:32 ` [PATCH 08/14] qga: add command line to limit commands for confidential guests Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 09/14] qga: define commands which can be run in confidential mode Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 10/14] qga: add command line to block unrestricted command/file access Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 11/14] qga: mark guest-file-* commands with 'unrestricted' flag Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 12/14] qga: mark guest-exec-* " Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 13/14] qga: add command line to block user authentication commands Daniel P. Berrangé
2024-06-04 15:32 ` [PATCH 14/14] qga: mark guest-ssh-* / guest-*-password commands with 'unrestricted' flag Daniel P. Berrangé
2024-07-02 18:09 ` [PATCH 00/14] Improve mechanism for configuring allowed commands Daniel P. Berrangé
2024-07-15 9:52 ` Markus Armbruster
2024-07-15 10:56 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604153242.251334-8-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=kkostiuk@redhat.com \
--cc=michael.roth@amd.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.