Re: [Qemu-devel] [PATCH 1/2] qemu-ga: execute script to quiesce the guest on fsfreeze-freeze/thaw

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 3634 bytes --]

On 11/08/2012 05:05 AM, Tomoki Sekiyama wrote:

[Recoding to UTF-8, as ISO-2022-JP is not universally installed these
days - you may want to reconsider your mailer's defaults]

> To use the online disk snapshot for online-backup, application-level
> consistency of the snapshot image is required. However, currently the
> guest agent can provide only filesystem-level consistency, and the
> snapshot may contain dirty data, for example, incomplete transactions.
> This patch provides the opportunity to quiesce applications before
> snapshot is taken.
> 
> When the qemu-ga receives fsfreeze-freeze command, the script specified
> in --fsfreeze-script option is executed with "freeze" argument before the
> filesystem is frozen. For fsfreeze-thaw command, the script is executed
> with "thaw" argument after the filesystem is thawed.
> 
> Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
> ---

> @@ -396,6 +397,34 @@ GuestFsfreezeStatus qmp_guest_fsfreeze_status(Error **err)
>      return GUEST_FSFREEZE_STATUS_THAWED;
>  }
>  
> +int execute_fsfreeze_script(const char *arg)
> +{
> +    int ret = -1;
> +    const char *fsfreeze_script;
> +    char *cmdline;
> +    struct stat st;
> +
> +    fsfreeze_script = ga_fsfreeze_script(ga_state);
> +    if (fsfreeze_script && stat(fsfreeze_script, &st) == 0) {
> +        if (S_ISREG(st.st_mode) && (st.st_mode & S_IXUSR)) {

Is it any simpler to use access(fsfreeze_script, X_OK) to check if the
script exists and is executable?

> +            slog("executing fsfreeze script with arg `%s'", arg);
> +            cmdline = malloc(strlen(fsfreeze_script) + strlen(arg) + 2);

Don't we prefer g_malloc over malloc in qemu-ga?

> +            if (cmdline) {
> +                sprintf(cmdline, "%s %s", fsfreeze_script, arg);

Thankfully, this doesn't overflow, but isn't there a glib function that
makes it easier to create a malloc'd concatenated string in one call
rather than pairing a malloc and sprintf?  That said, why do you even
need a single string, given that...

> +                ret = system(cmdline);

...system() is not required to be thread-safe, but we should assume that
qemu-ga is multi-threaded, and therefore we should not use system.
Besides executing things via an extra layer of shell opens doors for
further problems; for example, if the user starts qemu-ga with
--fsfreeze-script '/path/with spaces/script', your command line is
horribly broken when passed through the shell.  It would be much better
to directly fork() and exec() the script ourselves instead of relying on
system().

> +                free(cmdline);
> +            }
> +            if (ret > 0) {
> +                g_warning("fsfreeze script failed with status=%d", ret);

This is a potentially misleading message; you should be using macros
such as WEXITSTATUS when interpreting the result of system(), since not
all systems return exit status 1 in the same bit position.

> +            } else if (ret == -1) {
> +                g_warning("execution of fsfreeze script failed: %s",
> +                          strerror(errno));

free() is allowed to clobber errno, which means you may be reporting the
wrong error if system() failed with -1.

> +            }
> +        }
> +    }
> +    return ret;
> +}
> +

The idea of having the freeze and thaw actions hook out to
user-specified actions for additional steps seems nice, but this patch
series needs a lot more work.

-- 
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 617 bytes --]