VirtualBox

source: vbox/trunk/src/VBox/Additions/common/VBoxService/VBoxServiceControl.cpp@ 76409

Last change on this file since 76409 was 75853, checked in by vboxsync, 6 years ago

GuestControl,HGCM,VBoxService: Save/restore related optimizations and changes. bugref:9313

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 21.1 KB
Line 
1/* $Id: VBoxServiceControl.cpp 75853 2018-11-30 19:26:42Z vboxsync $ */
2/** @file
3 * VBoxServiceControl - Host-driven Guest Control.
4 */
5
6/*
7 * Copyright (C) 2012-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/** @page pg_vgsvc_gstctrl VBoxService - Guest Control
19 *
20 * The Guest Control subservice helps implementing the IGuest APIs.
21 *
22 * The communication between this service (and its children) and IGuest goes
23 * over the HGCM GuestControl service.
24 *
25 * The IGuest APIs provides means to manipulate (control) files, directories,
26 * symbolic links and processes within the guest. Most of these means requires
27 * credentials of a guest OS user to operate, though some restricted ones
28 * operates directly as the VBoxService user (root / system service account).
29 *
30 * The current design is that a subprocess is spawned for handling operations as
31 * a given user. This process is represented as IGuestSession in the API. The
32 * subprocess will be spawned as the given use, giving up the privileges the
33 * parent subservice had.
34 *
35 * It will try handle as many of the operations directly from within the
36 * subprocess, but for more complicated things (or things that haven't yet been
37 * converted), it will spawn a helper process that does the actual work.
38 *
39 * These helpers are the typically modeled on similar unix core utilities, like
40 * mkdir, rm, rmdir, cat and so on. The helper tools can also be launched
41 * directly from VBoxManage by the user by prepending the 'vbox_' prefix to the
42 * unix command.
43 *
44 */
45
46
47/*********************************************************************************************************************************
48* Header Files *
49*********************************************************************************************************************************/
50#include <iprt/asm.h>
51#include <iprt/assert.h>
52#include <iprt/env.h>
53#include <iprt/file.h>
54#include <iprt/getopt.h>
55#include <iprt/mem.h>
56#include <iprt/path.h>
57#include <iprt/process.h>
58#include <iprt/semaphore.h>
59#include <iprt/thread.h>
60#include <VBox/VBoxGuestLib.h>
61#include <VBox/HostServices/GuestControlSvc.h>
62#include "VBoxServiceInternal.h"
63#include "VBoxServiceControl.h"
64#include "VBoxServiceUtils.h"
65
66using namespace guestControl;
67
68
69/*********************************************************************************************************************************
70* Global Variables *
71*********************************************************************************************************************************/
72/** The control interval (milliseconds). */
73static uint32_t g_msControlInterval = 0;
74/** The semaphore we're blocking our main control thread on. */
75static RTSEMEVENTMULTI g_hControlEvent = NIL_RTSEMEVENTMULTI;
76/** The VM session ID. Changes whenever the VM is restored or reset. */
77static uint64_t g_idControlSession;
78/** The guest control service client ID. */
79uint32_t g_idControlSvcClient = 0;
80#if 0 /** @todo process limit */
81/** How many started guest processes are kept into memory for supplying
82 * information to the host. Default is 256 processes. If 0 is specified,
83 * the maximum number of processes is unlimited. */
84static uint32_t g_uControlProcsMaxKept = 256;
85#endif
86/** List of guest control session threads (VBOXSERVICECTRLSESSIONTHREAD).
87 * A guest session thread represents a forked guest session process
88 * of VBoxService. */
89RTLISTANCHOR g_lstControlSessionThreads;
90/** The local session object used for handling all session-related stuff.
91 * When using the legacy guest control protocol (< 2), this session runs
92 * under behalf of the VBoxService main process. On newer protocol versions
93 * each session is a forked version of VBoxService using the appropriate
94 * user credentials for opening a guest session. These forked sessions then
95 * are kept in VBOXSERVICECTRLSESSIONTHREAD structures. */
96VBOXSERVICECTRLSESSION g_Session;
97/** Copy of VbglR3GuestCtrlSupportsOptimizations().*/
98bool g_fControlSupportsOptimizations = true;
99
100
101/*********************************************************************************************************************************
102* Internal Functions *
103*********************************************************************************************************************************/
104static int vgsvcGstCtrlHandleSessionOpen(PVBGLR3GUESTCTRLCMDCTX pHostCtx);
105static int vgsvcGstCtrlHandleSessionClose(PVBGLR3GUESTCTRLCMDCTX pHostCtx);
106static void vgsvcGstCtrlShutdown(void);
107
108
109/**
110 * @interface_method_impl{VBOXSERVICE,pfnPreInit}
111 */
112static DECLCALLBACK(int) vgsvcGstCtrlPreInit(void)
113{
114 int rc;
115#ifdef VBOX_WITH_GUEST_PROPS
116 /*
117 * Read the service options from the VM's guest properties.
118 * Note that these options can be overridden by the command line options later.
119 */
120 uint32_t uGuestPropSvcClientID;
121 rc = VbglR3GuestPropConnect(&uGuestPropSvcClientID);
122 if (RT_FAILURE(rc))
123 {
124 if (rc == VERR_HGCM_SERVICE_NOT_FOUND) /* Host service is not available. */
125 {
126 VGSvcVerbose(0, "Guest property service is not available, skipping\n");
127 rc = VINF_SUCCESS;
128 }
129 else
130 VGSvcError("Failed to connect to the guest property service, rc=%Rrc\n", rc);
131 }
132 else
133 VbglR3GuestPropDisconnect(uGuestPropSvcClientID);
134
135 if (rc == VERR_NOT_FOUND) /* If a value is not found, don't be sad! */
136 rc = VINF_SUCCESS;
137#else
138 /* Nothing to do here yet. */
139 rc = VINF_SUCCESS;
140#endif
141
142 if (RT_SUCCESS(rc))
143 {
144 /* Init session object. */
145 rc = VGSvcGstCtrlSessionInit(&g_Session, 0 /* Flags */);
146 }
147
148 return rc;
149}
150
151
152/**
153 * @interface_method_impl{VBOXSERVICE,pfnOption}
154 */
155static DECLCALLBACK(int) vgsvcGstCtrlOption(const char **ppszShort, int argc, char **argv, int *pi)
156{
157 int rc = -1;
158 if (ppszShort)
159 /* no short options */;
160 else if (!strcmp(argv[*pi], "--control-interval"))
161 rc = VGSvcArgUInt32(argc, argv, "", pi,
162 &g_msControlInterval, 1, UINT32_MAX - 1);
163#ifdef DEBUG
164 else if (!strcmp(argv[*pi], "--control-dump-stdout"))
165 {
166 g_Session.fFlags |= VBOXSERVICECTRLSESSION_FLAG_DUMPSTDOUT;
167 rc = 0; /* Flag this command as parsed. */
168 }
169 else if (!strcmp(argv[*pi], "--control-dump-stderr"))
170 {
171 g_Session.fFlags |= VBOXSERVICECTRLSESSION_FLAG_DUMPSTDERR;
172 rc = 0; /* Flag this command as parsed. */
173 }
174#endif
175 return rc;
176}
177
178
179/**
180 * @interface_method_impl{VBOXSERVICE,pfnInit}
181 */
182static DECLCALLBACK(int) vgsvcGstCtrlInit(void)
183{
184 /*
185 * If not specified, find the right interval default.
186 * Then create the event sem to block on.
187 */
188 if (!g_msControlInterval)
189 g_msControlInterval = 1000;
190
191 int rc = RTSemEventMultiCreate(&g_hControlEvent);
192 AssertRCReturn(rc, rc);
193
194 VbglR3GetSessionId(&g_idControlSession); /* The status code is ignored as this information is not available with VBox < 3.2.10. */
195
196 RTListInit(&g_lstControlSessionThreads);
197
198 /*
199 * Try connect to the host service and tell it we want to be master (if supported).
200 */
201 rc = VbglR3GuestCtrlConnect(&g_idControlSvcClient);
202 if (RT_SUCCESS(rc))
203 {
204 g_fControlSupportsOptimizations = VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient);
205 if (g_fControlSupportsOptimizations)
206 rc = VbglR3GuestCtrlMakeMeMaster(g_idControlSvcClient);
207 if (RT_SUCCESS(rc))
208 {
209 VGSvcVerbose(3, "Guest control service client ID=%RU32%s\n",
210 g_idControlSvcClient, g_fControlSupportsOptimizations ? " w/ optimizations" : "");
211 return VINF_SUCCESS;
212 }
213 VGSvcError("Failed to become guest control master: %Rrc\n", rc);
214 VbglR3GuestCtrlDisconnect(g_idControlSvcClient);
215 }
216 else
217 {
218 /* If the service was not found, we disable this service without
219 causing VBoxService to fail. */
220 if (rc == VERR_HGCM_SERVICE_NOT_FOUND) /* Host service is not available. */
221 {
222 VGSvcVerbose(0, "Guest control service is not available\n");
223 rc = VERR_SERVICE_DISABLED;
224 }
225 else
226 VGSvcError("Failed to connect to the guest control service! Error: %Rrc\n", rc);
227 }
228 RTSemEventMultiDestroy(g_hControlEvent);
229 g_hControlEvent = NIL_RTSEMEVENTMULTI;
230 g_idControlSvcClient = 0;
231 return rc;
232}
233
234
235/**
236 * @interface_method_impl{VBOXSERVICE,pfnWorker}
237 */
238static DECLCALLBACK(int) vgsvcGstCtrlWorker(bool volatile *pfShutdown)
239{
240 /*
241 * Tell the control thread that it can continue spawning services.
242 */
243 RTThreadUserSignal(RTThreadSelf());
244 Assert(g_idControlSvcClient > 0);
245
246 /* Allocate a scratch buffer for commands which also send
247 * payload data with them. */
248 uint32_t cbScratchBuf = _64K; /** @todo Make buffer size configurable via guest properties/argv! */
249 AssertReturn(RT_IS_POWER_OF_TWO(cbScratchBuf), VERR_INVALID_PARAMETER);
250 uint8_t *pvScratchBuf = (uint8_t*)RTMemAlloc(cbScratchBuf);
251 AssertReturn(pvScratchBuf, VERR_NO_MEMORY);
252
253 int rc = VINF_SUCCESS; /* (shut up compiler warnings) */
254 int cRetrievalFailed = 0; /* Number of failed message retrievals in a row. */
255 while (!*pfShutdown)
256 {
257 VGSvcVerbose(3, "GstCtrl: Waiting for host msg ...\n");
258 VBGLR3GUESTCTRLCMDCTX ctxHost = { g_idControlSvcClient, 0 /*idContext*/, 2 /*uProtocol*/, 0 /*cParms*/ };
259 uint32_t idMsg = 0;
260 rc = VbglR3GuestCtrlMsgPeekWait(g_idControlSvcClient, &idMsg, &ctxHost.uNumParms, &g_idControlSession);
261 if (RT_SUCCESS(rc))
262 {
263 cRetrievalFailed = 0; /* Reset failed retrieval count. */
264 VGSvcVerbose(4, "idMsg=%RU32 (%s) (%RU32 parms) retrieved\n",
265 idMsg, GstCtrlHostFnName((eHostFn)idMsg), ctxHost.uNumParms);
266
267 /*
268 * Handle the host message.
269 */
270 switch (idMsg)
271 {
272 case HOST_CANCEL_PENDING_WAITS:
273 VGSvcVerbose(1, "We were asked to quit ...\n");
274 break;
275
276 case HOST_SESSION_CREATE:
277 rc = vgsvcGstCtrlHandleSessionOpen(&ctxHost);
278 break;
279
280 /* This message is also sent to the child session process (by the host). */
281 case HOST_SESSION_CLOSE:
282 rc = vgsvcGstCtrlHandleSessionClose(&ctxHost);
283 break;
284
285 default:
286 if (VbglR3GuestCtrlSupportsOptimizations(g_idControlSvcClient))
287 {
288 rc = VbglR3GuestCtrlMsgSkip(g_idControlSvcClient, VERR_NOT_SUPPORTED, idMsg);
289 VGSvcVerbose(1, "Skipped unexpected message idMsg=%RU32 (%s), cParms=%RU32 (rc=%Rrc)\n",
290 idMsg, GstCtrlHostFnName((eHostFn)idMsg), ctxHost.uNumParms, rc);
291 }
292 else
293 {
294 rc = VbglR3GuestCtrlMsgSkipOld(g_idControlSvcClient);
295 VGSvcVerbose(3, "Skipped idMsg=%RU32, cParms=%RU32, rc=%Rrc\n", idMsg, ctxHost.uNumParms, rc);
296 }
297 break;
298 }
299
300 /* Do we need to shutdown? */
301 if (idMsg == HOST_CANCEL_PENDING_WAITS)
302 break;
303
304 /* Let's sleep for a bit and let others run ... */
305 RTThreadYield();
306 }
307 /*
308 * Handle restore notification from host. All the context IDs (sessions,
309 * files, proceses, etc) are invalidated by a VM restore and must be closed.
310 */
311 else if (rc == VERR_VM_RESTORED)
312 {
313 VGSvcVerbose(1, "The VM session ID changed (i.e. restored).\n");
314 int rc2 = VGSvcGstCtrlSessionClose(&g_Session);
315 AssertRC(rc2);
316 }
317 else
318 {
319 /* Note: VERR_GEN_IO_FAILURE seems to be normal if ran into timeout. */
320 /** @todo r=bird: Above comment makes no sense. How can you get a timeout in a blocking HGCM call? */
321 VGSvcError("GstCtrl: Getting host message failed with %Rrc\n", rc);
322
323 /* Check for VM session change. */
324 /** @todo We don't need to check the host here. */
325 uint64_t idNewSession = g_idControlSession;
326 int rc2 = VbglR3GetSessionId(&idNewSession);
327 if ( RT_SUCCESS(rc2)
328 && (idNewSession != g_idControlSession))
329 {
330 VGSvcVerbose(1, "GstCtrl: The VM session ID changed\n");
331 g_idControlSession = idNewSession;
332
333 /* Close all opened guest sessions -- all context IDs, sessions etc.
334 * are now invalid. */
335 rc2 = VGSvcGstCtrlSessionClose(&g_Session);
336 AssertRC(rc2);
337
338 /* Do a reconnect. */
339 VGSvcVerbose(1, "Reconnecting to HGCM service ...\n");
340 rc2 = VbglR3GuestCtrlConnect(&g_idControlSvcClient);
341 if (RT_SUCCESS(rc2))
342 {
343 VGSvcVerbose(3, "Guest control service client ID=%RU32\n", g_idControlSvcClient);
344 cRetrievalFailed = 0;
345 continue; /* Skip waiting. */
346 }
347 VGSvcError("Unable to re-connect to HGCM service, rc=%Rrc, bailing out\n", rc);
348 break;
349 }
350
351 if (rc == VERR_INTERRUPTED)
352 RTThreadYield(); /* To be on the safe side... */
353 else if (++cRetrievalFailed <= 16) /** @todo Make this configurable? */
354 RTThreadSleep(1000); /* Wait a bit before retrying. */
355 else
356 {
357 VGSvcError("Too many failed attempts in a row to get next message, bailing out\n");
358 break;
359 }
360 }
361 }
362
363 VGSvcVerbose(0, "Guest control service stopped\n");
364
365 /* Delete scratch buffer. */
366 if (pvScratchBuf)
367 RTMemFree(pvScratchBuf);
368
369 VGSvcVerbose(0, "Guest control worker returned with rc=%Rrc\n", rc);
370 return rc;
371}
372
373
374static int vgsvcGstCtrlHandleSessionOpen(PVBGLR3GUESTCTRLCMDCTX pHostCtx)
375{
376 AssertPtrReturn(pHostCtx, VERR_INVALID_POINTER);
377
378 /*
379 * Retrieve the message parameters.
380 */
381 VBOXSERVICECTRLSESSIONSTARTUPINFO ssInfo = { 0 };
382 int rc = VbglR3GuestCtrlSessionGetOpen(pHostCtx,
383 &ssInfo.uProtocol,
384 ssInfo.szUser, sizeof(ssInfo.szUser),
385 ssInfo.szPassword, sizeof(ssInfo.szPassword),
386 ssInfo.szDomain, sizeof(ssInfo.szDomain),
387 &ssInfo.fFlags, &ssInfo.uSessionID);
388 if (RT_SUCCESS(rc))
389 {
390 /*
391 * Flat out refuse to work with protocol v1 hosts.
392 */
393 if (ssInfo.uProtocol == 2)
394 {
395 pHostCtx->uProtocol = ssInfo.uProtocol;
396 VGSvcVerbose(3, "Client ID=%RU32 now is using protocol %RU32\n", pHostCtx->uClientID, pHostCtx->uProtocol);
397
398/** @todo Someone explain why this code isn't in this file too? v1 support? */
399 rc = VGSvcGstCtrlSessionThreadCreate(&g_lstControlSessionThreads, &ssInfo, NULL /* ppSessionThread */);
400 /* Report failures to the host (successes are taken care of by the session thread). */
401 }
402 else
403 {
404 VGSvcError("The host wants to use protocol v%u, we only support v2!\n", ssInfo.uProtocol);
405 rc = VERR_VERSION_MISMATCH;
406 }
407 if (RT_FAILURE(rc))
408 {
409 int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx, GUEST_SESSION_NOTIFYTYPE_ERROR, rc);
410 if (RT_FAILURE(rc2))
411 VGSvcError("Reporting session error status on open failed with rc=%Rrc\n", rc2);
412 }
413 }
414 else
415 {
416 VGSvcError("Error fetching parameters for opening guest session: %Rrc\n", rc);
417 VbglR3GuestCtrlMsgSkip(pHostCtx->uClientID, rc, UINT32_MAX);
418 }
419 VGSvcVerbose(3, "Opening a new guest session returned rc=%Rrc\n", rc);
420 return rc;
421}
422
423
424static int vgsvcGstCtrlHandleSessionClose(PVBGLR3GUESTCTRLCMDCTX pHostCtx)
425{
426 AssertPtrReturn(pHostCtx, VERR_INVALID_POINTER);
427
428 uint32_t idSession;
429 uint32_t fFlags;
430 int rc = VbglR3GuestCtrlSessionGetClose(pHostCtx, &fFlags, &idSession);
431 if (RT_SUCCESS(rc))
432 {
433 rc = VERR_NOT_FOUND;
434
435 PVBOXSERVICECTRLSESSIONTHREAD pThread;
436 RTListForEach(&g_lstControlSessionThreads, pThread, VBOXSERVICECTRLSESSIONTHREAD, Node)
437 {
438 if (pThread->StartupInfo.uSessionID == idSession)
439 {
440 rc = VGSvcGstCtrlSessionThreadDestroy(pThread, fFlags);
441 break;
442 }
443 }
444
445#if 0 /** @todo A bit of a mess here as this message goes to both to this process (master) and the session process. */
446 if (RT_FAILURE(rc))
447 {
448 /* Report back on failure. On success this will be done
449 * by the forked session thread. */
450 int rc2 = VbglR3GuestCtrlSessionNotify(pHostCtx,
451 GUEST_SESSION_NOTIFYTYPE_ERROR, rc);
452 if (RT_FAILURE(rc2))
453 {
454 VGSvcError("Reporting session error status on close failed with rc=%Rrc\n", rc2);
455 if (RT_SUCCESS(rc))
456 rc = rc2;
457 }
458 }
459#endif
460 VGSvcVerbose(2, "Closing guest session %RU32 returned rc=%Rrc\n", idSession, rc);
461 }
462 else
463 {
464 VGSvcError("Error fetching parameters for closing guest session: %Rrc\n", rc);
465 VbglR3GuestCtrlMsgSkip(pHostCtx->uClientID, rc, UINT32_MAX);
466 }
467 return rc;
468}
469
470
471/**
472 * @interface_method_impl{VBOXSERVICE,pfnStop}
473 */
474static DECLCALLBACK(void) vgsvcGstCtrlStop(void)
475{
476 VGSvcVerbose(3, "Stopping ...\n");
477
478 /** @todo Later, figure what to do if we're in RTProcWait(). It's a very
479 * annoying call since doesn't support timeouts in the posix world. */
480 if (g_hControlEvent != NIL_RTSEMEVENTMULTI)
481 RTSemEventMultiSignal(g_hControlEvent);
482
483 /*
484 * Ask the host service to cancel all pending requests for the main
485 * control thread so that we can shutdown properly here.
486 */
487 if (g_idControlSvcClient)
488 {
489 VGSvcVerbose(3, "Cancelling pending waits (client ID=%u) ...\n",
490 g_idControlSvcClient);
491
492 int rc = VbglR3GuestCtrlCancelPendingWaits(g_idControlSvcClient);
493 if (RT_FAILURE(rc))
494 VGSvcError("Cancelling pending waits failed; rc=%Rrc\n", rc);
495 }
496}
497
498
499/**
500 * Destroys all guest process threads which are still active.
501 */
502static void vgsvcGstCtrlShutdown(void)
503{
504 VGSvcVerbose(2, "Shutting down ...\n");
505
506 int rc2 = VGSvcGstCtrlSessionThreadDestroyAll(&g_lstControlSessionThreads, 0 /* Flags */);
507 if (RT_FAILURE(rc2))
508 VGSvcError("Closing session threads failed with rc=%Rrc\n", rc2);
509
510 rc2 = VGSvcGstCtrlSessionClose(&g_Session);
511 if (RT_FAILURE(rc2))
512 VGSvcError("Closing session failed with rc=%Rrc\n", rc2);
513
514 VGSvcVerbose(2, "Shutting down complete\n");
515}
516
517
518/**
519 * @interface_method_impl{VBOXSERVICE,pfnTerm}
520 */
521static DECLCALLBACK(void) vgsvcGstCtrlTerm(void)
522{
523 VGSvcVerbose(3, "Terminating ...\n");
524
525 vgsvcGstCtrlShutdown();
526
527 VGSvcVerbose(3, "Disconnecting client ID=%u ...\n", g_idControlSvcClient);
528 VbglR3GuestCtrlDisconnect(g_idControlSvcClient);
529 g_idControlSvcClient = 0;
530
531 if (g_hControlEvent != NIL_RTSEMEVENTMULTI)
532 {
533 RTSemEventMultiDestroy(g_hControlEvent);
534 g_hControlEvent = NIL_RTSEMEVENTMULTI;
535 }
536}
537
538
539/**
540 * The 'vminfo' service description.
541 */
542VBOXSERVICE g_Control =
543{
544 /* pszName. */
545 "control",
546 /* pszDescription. */
547 "Host-driven Guest Control",
548 /* pszUsage. */
549#ifdef DEBUG
550 " [--control-dump-stderr] [--control-dump-stdout]\n"
551#endif
552 " [--control-interval <ms>]"
553 ,
554 /* pszOptions. */
555#ifdef DEBUG
556 " --control-dump-stderr Dumps all guest proccesses stderr data to the\n"
557 " temporary directory.\n"
558 " --control-dump-stdout Dumps all guest proccesses stdout data to the\n"
559 " temporary directory.\n"
560#endif
561 " --control-interval Specifies the interval at which to check for\n"
562 " new control commands. The default is 1000 ms.\n"
563 ,
564 /* methods */
565 vgsvcGstCtrlPreInit,
566 vgsvcGstCtrlOption,
567 vgsvcGstCtrlInit,
568 vgsvcGstCtrlWorker,
569 vgsvcGstCtrlStop,
570 vgsvcGstCtrlTerm
571};
572
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette