X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=monitor.c;h=4807bbe811aba3c0cd3eeb998d702259cf5a4d19;hb=28605a22f564860c885bde42ad91840e9aacec45;hp=0ad54d8b118d8fa325ad260ce21262c56b857887;hpb=b019f5e5375224a003f260c89d424fea7767b7fc;p=mirror_qemu.git diff --git a/monitor.c b/monitor.c index 0ad54d8b11..4807bbe811 100644 --- a/monitor.c +++ b/monitor.c @@ -51,7 +51,8 @@ #include "sysemu/balloon.h" #include "qemu/timer.h" #include "sysemu/hw_accel.h" -#include "qemu/acl.h" +#include "authz/list.h" +#include "qapi/util.h" #include "sysemu/tpm.h" #include "qapi/qmp/qdict.h" #include "qapi/qmp/qerror.h" @@ -75,7 +76,7 @@ #include "qemu/thread.h" #include "block/qapi.h" #include "qapi/qapi-commands.h" -#include "qapi/qapi-events.h" +#include "qapi/qapi-emit-events.h" #include "qapi/error.h" #include "qapi/qmp-event.h" #include "qapi/qapi-introspect.h" @@ -249,8 +250,6 @@ QEMUBH *qmp_dispatcher_bh; struct QMPRequest { /* Owner of the request */ Monitor *mon; - /* "id" field of the request */ - QObject *id; /* * Request object to be handled or Error to be reported * (exactly one of them is non-null) @@ -266,12 +265,12 @@ typedef struct QMPRequest QMPRequest; /* Protects mon_list, monitor_qapi_event_state, monitor_destroyed. */ static QemuMutex monitor_lock; static GHashTable *monitor_qapi_event_state; -static QTAILQ_HEAD(mon_list, Monitor) mon_list; +static QTAILQ_HEAD(, Monitor) mon_list; static bool monitor_destroyed; /* Protects mon_fdsets */ static QemuMutex mon_fdsets_lock; -static QLIST_HEAD(mon_fdsets, MonFdset) mon_fdsets; +static QLIST_HEAD(, MonFdset) mon_fdsets; static int mon_refcount; @@ -352,7 +351,6 @@ int monitor_read_password(Monitor *mon, ReadLineFunc *readline_func, static void qmp_request_free(QMPRequest *req) { - qobject_unref(req->id); qobject_unref(req->req); error_free(req->err); g_free(req); @@ -590,8 +588,7 @@ monitor_qapi_event_queue_no_reenter(QAPIEvent event, QDict *qdict) qemu_mutex_unlock(&monitor_lock); } -static void -monitor_qapi_event_queue(QAPIEvent event, QDict *qdict) +void qapi_event_emit(QAPIEvent event, QDict *qdict) { /* * monitor_qapi_event_queue_no_reenter() is not reentrant: it @@ -704,7 +701,6 @@ static void monitor_qapi_event_init(void) { monitor_qapi_event_state = g_hash_table_new(qapi_event_throttle_hash, qapi_event_throttle_equal); - qmp_event_set_func_emit(monitor_qapi_event_queue); } static void handle_hmp_command(Monitor *mon, const char *cmdline); @@ -1101,6 +1097,11 @@ CommandInfoList *qmp_query_commands(Error **errp) EventInfoList *qmp_query_events(Error **errp) { + /* + * TODO This deprecated command is the only user of + * QAPIEvent_str() and QAPIEvent_lookup[]. When the command goes, + * they should go, too. + */ EventInfoList *info, *ev_list = NULL; QAPIEvent e; @@ -1133,45 +1134,6 @@ static void qmp_query_qmp_schema(QDict *qdict, QObject **ret_data, *ret_data = qobject_from_qlit(&qmp_schema_qlit); } -/* - * We used to define commands in qmp-commands.hx in addition to the - * QAPI schema. This permitted defining some of them only in certain - * configurations. query-commands has always reflected that (good, - * because it lets QMP clients figure out what's actually available), - * while query-qmp-schema never did (not so good). This function is a - * hack to keep the configuration-specific commands defined exactly as - * before, even though qmp-commands.hx is gone. - * - * FIXME Educate the QAPI schema on configuration-specific commands, - * and drop this hack. - */ -static void qmp_unregister_commands_hack(void) -{ -#ifndef TARGET_I386 - qmp_unregister_command(&qmp_commands, "rtc-reset-reinjection"); - qmp_unregister_command(&qmp_commands, "query-sev"); - qmp_unregister_command(&qmp_commands, "query-sev-launch-measure"); - qmp_unregister_command(&qmp_commands, "query-sev-capabilities"); -#endif -#ifndef TARGET_S390X - qmp_unregister_command(&qmp_commands, "dump-skeys"); -#endif -#ifndef TARGET_ARM - qmp_unregister_command(&qmp_commands, "query-gic-capabilities"); -#endif -#if !defined(TARGET_S390X) && !defined(TARGET_I386) - qmp_unregister_command(&qmp_commands, "query-cpu-model-expansion"); -#endif -#if !defined(TARGET_S390X) - qmp_unregister_command(&qmp_commands, "query-cpu-model-baseline"); - qmp_unregister_command(&qmp_commands, "query-cpu-model-comparison"); -#endif -#if !defined(TARGET_PPC) && !defined(TARGET_ARM) && !defined(TARGET_I386) \ - && !defined(TARGET_S390X) - qmp_unregister_command(&qmp_commands, "query-cpu-definitions"); -#endif -} - static void monitor_init_qmp_commands(void) { /* @@ -1190,8 +1152,6 @@ static void monitor_init_qmp_commands(void) qmp_register_command(&qmp_commands, "netdev_add", qmp_netdev_add, QCO_NO_OPTIONS); - qmp_unregister_commands_hack(); - QTAILQ_INIT(&qmp_cap_negotiation_commands); qmp_register_command(&qmp_cap_negotiation_commands, "qmp_capabilities", qmp_marshal_qmp_capabilities, QCO_ALLOW_PRECONFIG); @@ -2054,93 +2014,169 @@ static void hmp_wavcapture(Monitor *mon, const QDict *qdict) QLIST_INSERT_HEAD (&capture_head, s, entries); } -static qemu_acl *find_acl(Monitor *mon, const char *name) +static QAuthZList *find_auth(Monitor *mon, const char *name) { - qemu_acl *acl = qemu_acl_find(name); + Object *obj; + Object *container; - if (!acl) { + container = object_get_objects_root(); + obj = object_resolve_path_component(container, name); + if (!obj) { monitor_printf(mon, "acl: unknown list '%s'\n", name); + return NULL; } - return acl; + + return QAUTHZ_LIST(obj); +} + +static bool warn_acl; +static void hmp_warn_acl(void) +{ + if (warn_acl) { + return; + } + error_report("The acl_show, acl_reset, acl_policy, acl_add, acl_remove " + "commands are deprecated with no replacement. Authorization " + "for VNC should be performed using the pluggable QAuthZ " + "objects"); + warn_acl = true; } static void hmp_acl_show(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); - qemu_acl *acl = find_acl(mon, aclname); - qemu_acl_entry *entry; - int i = 0; - - if (acl) { - monitor_printf(mon, "policy: %s\n", - acl->defaultDeny ? "deny" : "allow"); - QTAILQ_FOREACH(entry, &acl->entries, next) { - i++; - monitor_printf(mon, "%d: %s %s\n", i, - entry->deny ? "deny" : "allow", entry->match); - } + QAuthZList *auth = find_auth(mon, aclname); + QAuthZListRuleList *rules; + size_t i = 0; + + hmp_warn_acl(); + + if (!auth) { + return; + } + + monitor_printf(mon, "policy: %s\n", + QAuthZListPolicy_str(auth->policy)); + + rules = auth->rules; + while (rules) { + QAuthZListRule *rule = rules->value; + i++; + monitor_printf(mon, "%zu: %s %s\n", i, + QAuthZListPolicy_str(rule->policy), + rule->match); + rules = rules->next; } } static void hmp_acl_reset(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); - qemu_acl *acl = find_acl(mon, aclname); + QAuthZList *auth = find_auth(mon, aclname); - if (acl) { - qemu_acl_reset(acl); - monitor_printf(mon, "acl: removed all rules\n"); + hmp_warn_acl(); + + if (!auth) { + return; } + + auth->policy = QAUTHZ_LIST_POLICY_DENY; + qapi_free_QAuthZListRuleList(auth->rules); + auth->rules = NULL; + monitor_printf(mon, "acl: removed all rules\n"); } static void hmp_acl_policy(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *policy = qdict_get_str(qdict, "policy"); - qemu_acl *acl = find_acl(mon, aclname); + QAuthZList *auth = find_auth(mon, aclname); + int val; + Error *err = NULL; + + hmp_warn_acl(); - if (acl) { - if (strcmp(policy, "allow") == 0) { - acl->defaultDeny = 0; + if (!auth) { + return; + } + + val = qapi_enum_parse(&QAuthZListPolicy_lookup, + policy, + QAUTHZ_LIST_POLICY_DENY, + &err); + if (err) { + error_free(err); + monitor_printf(mon, "acl: unknown policy '%s', " + "expected 'deny' or 'allow'\n", policy); + } else { + auth->policy = val; + if (auth->policy == QAUTHZ_LIST_POLICY_ALLOW) { monitor_printf(mon, "acl: policy set to 'allow'\n"); - } else if (strcmp(policy, "deny") == 0) { - acl->defaultDeny = 1; - monitor_printf(mon, "acl: policy set to 'deny'\n"); } else { - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); + monitor_printf(mon, "acl: policy set to 'deny'\n"); } } } +static QAuthZListFormat hmp_acl_get_format(const char *match) +{ + if (strchr(match, '*')) { + return QAUTHZ_LIST_FORMAT_GLOB; + } else { + return QAUTHZ_LIST_FORMAT_EXACT; + } +} + static void hmp_acl_add(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *match = qdict_get_str(qdict, "match"); - const char *policy = qdict_get_str(qdict, "policy"); + const char *policystr = qdict_get_str(qdict, "policy"); int has_index = qdict_haskey(qdict, "index"); int index = qdict_get_try_int(qdict, "index", -1); - qemu_acl *acl = find_acl(mon, aclname); - int deny, ret; - - if (acl) { - if (strcmp(policy, "allow") == 0) { - deny = 0; - } else if (strcmp(policy, "deny") == 0) { - deny = 1; - } else { - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); - return; - } - if (has_index) - ret = qemu_acl_insert(acl, deny, match, index); - else - ret = qemu_acl_append(acl, deny, match); - if (ret < 0) - monitor_printf(mon, "acl: unable to add acl entry\n"); - else - monitor_printf(mon, "acl: added rule at position %d\n", ret); + QAuthZList *auth = find_auth(mon, aclname); + Error *err = NULL; + QAuthZListPolicy policy; + QAuthZListFormat format; + size_t i = 0; + + hmp_warn_acl(); + + if (!auth) { + return; + } + + policy = qapi_enum_parse(&QAuthZListPolicy_lookup, + policystr, + QAUTHZ_LIST_POLICY_DENY, + &err); + if (err) { + error_free(err); + monitor_printf(mon, "acl: unknown policy '%s', " + "expected 'deny' or 'allow'\n", policystr); + return; + } + + format = hmp_acl_get_format(match); + + if (has_index && index == 0) { + monitor_printf(mon, "acl: unable to add acl entry\n"); + return; + } + + if (has_index) { + i = qauthz_list_insert_rule(auth, match, policy, + format, index - 1, &err); + } else { + i = qauthz_list_append_rule(auth, match, policy, + format, &err); + } + if (err) { + monitor_printf(mon, "acl: unable to add rule: %s", + error_get_pretty(err)); + error_free(err); + } else { + monitor_printf(mon, "acl: added rule at position %zu\n", i + 1); } } @@ -2148,15 +2184,20 @@ static void hmp_acl_remove(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *match = qdict_get_str(qdict, "match"); - qemu_acl *acl = find_acl(mon, aclname); - int ret; + QAuthZList *auth = find_auth(mon, aclname); + ssize_t i = 0; - if (acl) { - ret = qemu_acl_remove(acl, match); - if (ret < 0) - monitor_printf(mon, "acl: no matching acl entry\n"); - else - monitor_printf(mon, "acl: removed rule at position %d\n", ret); + hmp_warn_acl(); + + if (!auth) { + return; + } + + i = qauthz_list_delete_rule(auth, match); + if (i >= 0) { + monitor_printf(mon, "acl: removed rule at position %zu\n", i + 1); + } else { + monitor_printf(mon, "acl: no matching acl entry\n"); } } @@ -4064,18 +4105,14 @@ static int monitor_can_read(void *opaque) * Null @rsp can only happen for commands with QCO_NO_SUCCESS_RESP. * Nothing is emitted then. */ -static void monitor_qmp_respond(Monitor *mon, QDict *rsp, QObject *id) +static void monitor_qmp_respond(Monitor *mon, QDict *rsp) { if (rsp) { - if (id) { - qdict_put_obj(rsp, "id", qobject_ref(id)); - } - qmp_send_response(mon, rsp); } } -static void monitor_qmp_dispatch(Monitor *mon, QObject *req, QObject *id) +static void monitor_qmp_dispatch(Monitor *mon, QObject *req) { Monitor *old_mon; QDict *rsp; @@ -4100,7 +4137,7 @@ static void monitor_qmp_dispatch(Monitor *mon, QObject *req, QObject *id) } } - monitor_qmp_respond(mon, rsp, id); + monitor_qmp_respond(mon, rsp); qobject_unref(rsp); } @@ -4164,13 +4201,15 @@ static void monitor_qmp_bh_dispatcher(void *data) mon->qmp.qmp_requests->length == QMP_REQ_QUEUE_LEN_MAX - 1; qemu_mutex_unlock(&mon->qmp.qmp_queue_lock); if (req_obj->req) { - trace_monitor_qmp_cmd_in_band(qobject_get_try_str(req_obj->id) ?: ""); - monitor_qmp_dispatch(mon, req_obj->req, req_obj->id); + QDict *qdict = qobject_to(QDict, req_obj->req); + QObject *id = qdict ? qdict_get(qdict, "id") : NULL; + trace_monitor_qmp_cmd_in_band(qobject_get_try_str(id) ?: ""); + monitor_qmp_dispatch(mon, req_obj->req); } else { assert(req_obj->err); rsp = qmp_error_response(req_obj->err); req_obj->err = NULL; - monitor_qmp_respond(mon, rsp, NULL); + monitor_qmp_respond(mon, rsp); qobject_unref(rsp); } @@ -4195,8 +4234,7 @@ static void handle_qmp_command(void *opaque, QObject *req, Error *err) qdict = qobject_to(QDict, req); if (qdict) { - id = qobject_ref(qdict_get(qdict, "id")); - qdict_del(qdict, "id"); + id = qdict_get(qdict, "id"); } /* else will fail qmp_dispatch() */ if (req && trace_event_get_state_backends(TRACE_HANDLE_QMP_COMMAND)) { @@ -4207,17 +4245,14 @@ static void handle_qmp_command(void *opaque, QObject *req, Error *err) if (qdict && qmp_is_oob(qdict)) { /* OOB commands are executed immediately */ - trace_monitor_qmp_cmd_out_of_band(qobject_get_try_str(id) - ?: ""); - monitor_qmp_dispatch(mon, req, id); + trace_monitor_qmp_cmd_out_of_band(qobject_get_try_str(id) ?: ""); + monitor_qmp_dispatch(mon, req); qobject_unref(req); - qobject_unref(id); return; } req_obj = g_new0(QMPRequest, 1); req_obj->mon = mon; - req_obj->id = id; req_obj->req = req; req_obj->err = err; @@ -4237,7 +4272,7 @@ static void handle_qmp_command(void *opaque, QObject *req, Error *err) /* * Put the request to the end of queue so that requests will be - * handled in time order. Ownership for req_obj, req, id, + * handled in time order. Ownership for req_obj, req, * etc. will be delivered to the handler side. */ assert(mon->qmp.qmp_requests->length < QMP_REQ_QUEUE_LEN_MAX); @@ -4619,8 +4654,6 @@ void monitor_init(Chardev *chr, int flags) void monitor_cleanup(void) { - Monitor *mon, *next; - /* * We need to explicitly stop the I/O thread (but not destroy it), * clean up the monitor resources, then destroy the I/O thread since @@ -4634,7 +4667,8 @@ void monitor_cleanup(void) /* Flush output buffers and destroy monitors */ qemu_mutex_lock(&monitor_lock); monitor_destroyed = true; - QTAILQ_FOREACH_SAFE(mon, &mon_list, entry, next) { + while (!QTAILQ_EMPTY(&mon_list)) { + Monitor *mon = QTAILQ_FIRST(&mon_list); QTAILQ_REMOVE(&mon_list, mon, entry); /* Permit QAPI event emission from character frontend release */ qemu_mutex_unlock(&monitor_lock); @@ -4673,46 +4707,6 @@ QemuOptsList qemu_mon_opts = { }, }; -#ifndef TARGET_I386 -void qmp_rtc_reset_reinjection(Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "rtc-reset-reinjection"); -} - -SevInfo *qmp_query_sev(Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "query-sev"); - return NULL; -} - -SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure"); - return NULL; -} - -SevCapability *qmp_query_sev_capabilities(Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-capabilities"); - return NULL; -} -#endif - -#ifndef TARGET_S390X -void qmp_dump_skeys(const char *filename, Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "dump-skeys"); -} -#endif - -#ifndef TARGET_ARM -GICCapabilityList *qmp_query_gic_capabilities(Error **errp) -{ - error_setg(errp, QERR_FEATURE_DISABLED, "query-gic-capabilities"); - return NULL; -} -#endif - HotpluggableCPUList *qmp_query_hotpluggable_cpus(Error **errp) { MachineState *ms = MACHINE(qdev_get_machine());