qemu/qga/qapi-schema.json
Philippe Mathieu-Daudé 1329651fb4 qga: Restrict guest-file-read count to 48 MB to avoid crashes
On [*] Daniel Berrangé commented:

  The QEMU guest agent protocol is not sensible way to access huge
  files inside the guest. It requires the inefficient process of
  reading the entire data into memory than duplicating it again in
  base64 format, and then copying it again in the JSON serializer /
  monitor code.

  For arbitrary general purpose file access, especially for large
  files, use a real file transfer program or use a network block
  device, not the QEMU guest agent.

To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his
suggestion to put a low, hard limit on "count" in the guest agent
QAPI schema, and don't allow count to be larger than 48 MB.

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html

Fixes: CVE-2018-12617
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054
Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
*update schema documentation to indicate 48MB limit instead of 10MB
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:18:48 -05:00

1255 lines
34 KiB
Python

# *-*- Mode: Python -*-*
##
#
# General note concerning the use of guest agent interfaces:
#
# "unsupported" is a higher-level error than the errors that individual
# commands might document. The caller should always be prepared to receive
# QERR_UNSUPPORTED, even if the given command doesn't specify it, or doesn't
# document any failure mode at all.
#
##
{ 'pragma': { 'doc-required': true } }
# Whitelists to permit QAPI rule violations; think twice before you
# add to them!
{ 'pragma': {
# Commands allowed to return a non-dictionary:
'returns-whitelist': [
'guest-file-open',
'guest-fsfreeze-freeze',
'guest-fsfreeze-freeze-list',
'guest-fsfreeze-status',
'guest-fsfreeze-thaw',
'guest-get-time',
'guest-set-vcpus',
'guest-sync',
'guest-sync-delimited' ] } }
##
# @guest-sync-delimited:
#
# Echo back a unique integer value, and prepend to response a
# leading sentinel byte (0xFF) the client can check scan for.
#
# This is used by clients talking to the guest agent over the
# wire to ensure the stream is in sync and doesn't contain stale
# data from previous client. It must be issued upon initial
# connection, and after any client-side timeouts (including
# timeouts on receiving a response to this command).
#
# After issuing this request, all guest agent responses should be
# ignored until the response containing the unique integer value
# the client passed in is returned. Receival of the 0xFF sentinel
# byte must be handled as an indication that the client's
# lexer/tokenizer/parser state should be flushed/reset in
# preparation for reliably receiving the subsequent response. As
# an optimization, clients may opt to ignore all data until a
# sentinel value is receiving to avoid unnecessary processing of
# stale data.
#
# Similarly, clients should also precede this *request*
# with a 0xFF byte to make sure the guest agent flushes any
# partially read JSON data from a previous client connection.
#
# @id: randomly generated 64-bit integer
#
# Returns: The unique integer id passed in by the client
#
# Since: 1.1
##
{ 'command': 'guest-sync-delimited',
'data': { 'id': 'int' },
'returns': 'int' }
##
# @guest-sync:
#
# Echo back a unique integer value
#
# This is used by clients talking to the guest agent over the
# wire to ensure the stream is in sync and doesn't contain stale
# data from previous client. All guest agent responses should be
# ignored until the provided unique integer value is returned,
# and it is up to the client to handle stale whole or
# partially-delivered JSON text in such a way that this response
# can be obtained.
#
# In cases where a partial stale response was previously
# received by the client, this cannot always be done reliably.
# One particular scenario being if qemu-ga responses are fed
# character-by-character into a JSON parser. In these situations,
# using guest-sync-delimited may be optimal.
#
# For clients that fetch responses line by line and convert them
# to JSON objects, guest-sync should be sufficient, but note that
# in cases where the channel is dirty some attempts at parsing the
# response may result in a parser error.
#
# Such clients should also precede this command
# with a 0xFF byte to make sure the guest agent flushes any
# partially read JSON data from a previous session.
#
# @id: randomly generated 64-bit integer
#
# Returns: The unique integer id passed in by the client
#
# Since: 0.15.0
##
{ 'command': 'guest-sync',
'data': { 'id': 'int' },
'returns': 'int' }
##
# @guest-ping:
#
# Ping the guest agent, a non-error return implies success
#
# Since: 0.15.0
##
{ 'command': 'guest-ping' }
##
# @guest-get-time:
#
# Get the information about guest's System Time relative to
# the Epoch of 1970-01-01 in UTC.
#
# Returns: Time in nanoseconds.
#
# Since: 1.5
##
{ 'command': 'guest-get-time',
'returns': 'int' }
##
# @guest-set-time:
#
# Set guest time.
#
# When a guest is paused or migrated to a file then loaded
# from that file, the guest OS has no idea that there
# was a big gap in the time. Depending on how long the
# gap was, NTP might not be able to resynchronize the
# guest.
#
# This command tries to set guest's System Time to the
# given value, then sets the Hardware Clock (RTC) to the
# current System Time. This will make it easier for a guest
# to resynchronize without waiting for NTP. If no @time is
# specified, then the time to set is read from RTC. However,
# this may not be supported on all platforms (i.e. Windows).
# If that's the case users are advised to always pass a
# value.
#
# @time: time of nanoseconds, relative to the Epoch
# of 1970-01-01 in UTC.
#
# Returns: Nothing on success.
#
# Since: 1.5
##
{ 'command': 'guest-set-time',
'data': { '*time': 'int' } }
##
# @GuestAgentCommandInfo:
#
# Information about guest agent commands.
#
# @name: name of the command
#
# @enabled: whether command is currently enabled by guest admin
#
# @success-response: whether command returns a response on success
# (since 1.7)
#
# Since: 1.1.0
##
{ 'struct': 'GuestAgentCommandInfo',
'data': { 'name': 'str', 'enabled': 'bool', 'success-response': 'bool' } }
##
# @GuestAgentInfo:
#
# Information about guest agent.
#
# @version: guest agent version
#
# @supported_commands: Information about guest agent commands
#
# Since: 0.15.0
##
{ 'struct': 'GuestAgentInfo',
'data': { 'version': 'str',
'supported_commands': ['GuestAgentCommandInfo'] } }
##
# @guest-info:
#
# Get some information about the guest agent.
#
# Returns: @GuestAgentInfo
#
# Since: 0.15.0
##
{ 'command': 'guest-info',
'returns': 'GuestAgentInfo' }
##
# @guest-shutdown:
#
# Initiate guest-activated shutdown. Note: this is an asynchronous
# shutdown request, with no guarantee of successful shutdown.
#
# @mode: "halt", "powerdown" (default), or "reboot"
#
# This command does NOT return a response on success. Success condition
# is indicated by the VM exiting with a zero exit status or, when
# running with --no-shutdown, by issuing the query-status QMP command
# to confirm the VM status is "shutdown".
#
# Since: 0.15.0
##
{ 'command': 'guest-shutdown', 'data': { '*mode': 'str' },
'success-response': false }
##
# @guest-file-open:
#
# Open a file in the guest and retrieve a file handle for it
#
# @path: Full path to the file in the guest to open.
#
# @mode: open mode, as per fopen(), "r" is the default.
#
# Returns: Guest file handle on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-open',
'data': { 'path': 'str', '*mode': 'str' },
'returns': 'int' }
##
# @guest-file-close:
#
# Close an open file in the guest
#
# @handle: filehandle returned by guest-file-open
#
# Returns: Nothing on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-close',
'data': { 'handle': 'int' } }
##
# @GuestFileRead:
#
# Result of guest agent file-read operation
#
# @count: number of bytes read (note: count is *before*
# base64-encoding is applied)
#
# @buf-b64: base64-encoded bytes read
#
# @eof: whether EOF was encountered during read operation.
#
# Since: 0.15.0
##
{ 'struct': 'GuestFileRead',
'data': { 'count': 'int', 'buf-b64': 'str', 'eof': 'bool' } }
##
# @guest-file-read:
#
# Read from an open file in the guest. Data will be base64-encoded.
# As this command is just for limited, ad-hoc debugging, such as log
# file access, the number of bytes to read is limited to 48 MB.
#
# @handle: filehandle returned by guest-file-open
#
# @count: maximum number of bytes to read (default is 4KB, maximum is 48MB)
#
# Returns: @GuestFileRead on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-read',
'data': { 'handle': 'int', '*count': 'int' },
'returns': 'GuestFileRead' }
##
# @GuestFileWrite:
#
# Result of guest agent file-write operation
#
# @count: number of bytes written (note: count is actual bytes
# written, after base64-decoding of provided buffer)
#
# @eof: whether EOF was encountered during write operation.
#
# Since: 0.15.0
##
{ 'struct': 'GuestFileWrite',
'data': { 'count': 'int', 'eof': 'bool' } }
##
# @guest-file-write:
#
# Write to an open file in the guest.
#
# @handle: filehandle returned by guest-file-open
#
# @buf-b64: base64-encoded string representing data to be written
#
# @count: bytes to write (actual bytes, after base64-decode),
# default is all content in buf-b64 buffer after base64 decoding
#
# Returns: @GuestFileWrite on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-write',
'data': { 'handle': 'int', 'buf-b64': 'str', '*count': 'int' },
'returns': 'GuestFileWrite' }
##
# @GuestFileSeek:
#
# Result of guest agent file-seek operation
#
# @position: current file position
#
# @eof: whether EOF was encountered during file seek
#
# Since: 0.15.0
##
{ 'struct': 'GuestFileSeek',
'data': { 'position': 'int', 'eof': 'bool' } }
##
# @QGASeek:
#
# Symbolic names for use in @guest-file-seek
#
# @set: Set to the specified offset (same effect as 'whence':0)
# @cur: Add offset to the current location (same effect as 'whence':1)
# @end: Add offset to the end of the file (same effect as 'whence':2)
#
# Since: 2.6
##
{ 'enum': 'QGASeek', 'data': [ 'set', 'cur', 'end' ] }
##
# @GuestFileWhence:
#
# Controls the meaning of offset to @guest-file-seek.
#
# @value: Integral value (0 for set, 1 for cur, 2 for end), available
# for historical reasons, and might differ from the host's or
# guest's SEEK_* values (since: 0.15)
# @name: Symbolic name, and preferred interface
#
# Since: 2.6
##
{ 'alternate': 'GuestFileWhence',
'data': { 'value': 'int', 'name': 'QGASeek' } }
##
# @guest-file-seek:
#
# Seek to a position in the file, as with fseek(), and return the
# current file position afterward. Also encapsulates ftell()'s
# functionality, with offset=0 and whence=1.
#
# @handle: filehandle returned by guest-file-open
#
# @offset: bytes to skip over in the file stream
#
# @whence: Symbolic or numeric code for interpreting offset
#
# Returns: @GuestFileSeek on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-seek',
'data': { 'handle': 'int', 'offset': 'int',
'whence': 'GuestFileWhence' },
'returns': 'GuestFileSeek' }
##
# @guest-file-flush:
#
# Write file changes bufferred in userspace to disk/kernel buffers
#
# @handle: filehandle returned by guest-file-open
#
# Returns: Nothing on success.
#
# Since: 0.15.0
##
{ 'command': 'guest-file-flush',
'data': { 'handle': 'int' } }
##
# @GuestFsfreezeStatus:
#
# An enumeration of filesystem freeze states
#
# @thawed: filesystems thawed/unfrozen
#
# @frozen: all non-network guest filesystems frozen
#
# Since: 0.15.0
##
{ 'enum': 'GuestFsfreezeStatus',
'data': [ 'thawed', 'frozen' ] }
##
# @guest-fsfreeze-status:
#
# Get guest fsfreeze state. error state indicates
#
# Returns: GuestFsfreezeStatus ("thawed", "frozen", etc., as defined below)
#
# Note: This may fail to properly report the current state as a result of
# some other guest processes having issued an fs freeze/thaw.
#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-status',
'returns': 'GuestFsfreezeStatus' }
##
# @guest-fsfreeze-freeze:
#
# Sync and freeze all freezable, local guest filesystems. If this
# command succeeded, you may call @guest-fsfreeze-thaw later to
# unfreeze.
#
# Note: On Windows, the command is implemented with the help of a
# Volume Shadow-copy Service DLL helper. The frozen state is limited
# for up to 10 seconds by VSS.
#
# Returns: Number of file systems currently frozen. On error, all filesystems
# will be thawed. If no filesystems are frozen as a result of this call,
# then @guest-fsfreeze-status will remain "thawed" and calling
# @guest-fsfreeze-thaw is not necessary.
#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-freeze',
'returns': 'int' }
##
# @guest-fsfreeze-freeze-list:
#
# Sync and freeze specified guest filesystems.
# See also @guest-fsfreeze-freeze.
#
# @mountpoints: an array of mountpoints of filesystems to be frozen.
# If omitted, every mounted filesystem is frozen.
# Invalid mount points are ignored.
#
# Returns: Number of file systems currently frozen. On error, all filesystems
# will be thawed.
#
# Since: 2.2
##
{ 'command': 'guest-fsfreeze-freeze-list',
'data': { '*mountpoints': ['str'] },
'returns': 'int' }
##
# @guest-fsfreeze-thaw:
#
# Unfreeze all frozen guest filesystems
#
# Returns: Number of file systems thawed by this call
#
# Note: if return value does not match the previous call to
# guest-fsfreeze-freeze, this likely means some freezable
# filesystems were unfrozen before this call, and that the
# filesystem state may have changed before issuing this
# command.
#
# Since: 0.15.0
##
{ 'command': 'guest-fsfreeze-thaw',
'returns': 'int' }
##
# @GuestFilesystemTrimResult:
#
# @path: path that was trimmed
# @error: an error message when trim failed
# @trimmed: bytes trimmed for this path
# @minimum: reported effective minimum for this path
#
# Since: 2.4
##
{ 'struct': 'GuestFilesystemTrimResult',
'data': {'path': 'str',
'*trimmed': 'int', '*minimum': 'int', '*error': 'str'} }
##
# @GuestFilesystemTrimResponse:
#
# @paths: list of @GuestFilesystemTrimResult per path that was trimmed
#
# Since: 2.4
##
{ 'struct': 'GuestFilesystemTrimResponse',
'data': {'paths': ['GuestFilesystemTrimResult']} }
##
# @guest-fstrim:
#
# Discard (or "trim") blocks which are not in use by the filesystem.
#
# @minimum: Minimum contiguous free range to discard, in bytes. Free ranges
# smaller than this may be ignored (this is a hint and the guest
# may not respect it). By increasing this value, the fstrim
# operation will complete more quickly for filesystems with badly
# fragmented free space, although not all blocks will be discarded.
# The default value is zero, meaning "discard every free block".
#
# Returns: A @GuestFilesystemTrimResponse which contains the
# status of all trimmed paths. (since 2.4)
#
# Since: 1.2
##
{ 'command': 'guest-fstrim',
'data': { '*minimum': 'int' },
'returns': 'GuestFilesystemTrimResponse' }
##
# @guest-suspend-disk:
#
# Suspend guest to disk.
#
# This command attempts to suspend the guest using three strategies, in this
# order:
#
# - systemd hibernate
# - pm-utils (via pm-hibernate)
# - manual write into sysfs
#
# This command does NOT return a response on success. There is a high chance
# the command succeeded if the VM exits with a zero exit status or, when
# running with --no-shutdown, by issuing the query-status QMP command to
# to confirm the VM status is "shutdown". However, the VM could also exit
# (or set its status to "shutdown") due to other reasons.
#
# The following errors may be returned:
#
# - If suspend to disk is not supported, Unsupported
#
# Notes: It's strongly recommended to issue the guest-sync command before
# sending commands when the guest resumes
#
# Since: 1.1
##
{ 'command': 'guest-suspend-disk', 'success-response': false }
##
# @guest-suspend-ram:
#
# Suspend guest to ram.
#
# This command attempts to suspend the guest using three strategies, in this
# order:
#
# - systemd suspend
# - pm-utils (via pm-suspend)
# - manual write into sysfs
#
# IMPORTANT: guest-suspend-ram requires working wakeup support in
# QEMU. You should check QMP command query-current-machine returns
# wakeup-suspend-support: true before issuing this command. Failure in
# doing so can result in a suspended guest that QEMU will not be able to
# awaken, forcing the user to power cycle the guest to bring it back.
#
# This command does NOT return a response on success. There are two options
# to check for success:
#
# 1. Wait for the SUSPEND QMP event from QEMU
# 2. Issue the query-status QMP command to confirm the VM status is
# "suspended"
#
# The following errors may be returned:
#
# - If suspend to ram is not supported, Unsupported
#
# Notes: It's strongly recommended to issue the guest-sync command before
# sending commands when the guest resumes
#
# Since: 1.1
##
{ 'command': 'guest-suspend-ram', 'success-response': false }
##
# @guest-suspend-hybrid:
#
# Save guest state to disk and suspend to ram.
#
# This command attempts to suspend the guest by executing, in this order:
#
# - systemd hybrid-sleep
# - pm-utils (via pm-suspend-hybrid)
#
# IMPORTANT: guest-suspend-hybrid requires working wakeup support in
# QEMU. You should check QMP command query-current-machine returns
# wakeup-suspend-support: true before issuing this command. Failure in
# doing so can result in a suspended guest that QEMU will not be able to
# awaken, forcing the user to power cycle the guest to bring it back.
#
# This command does NOT return a response on success. There are two options
# to check for success:
#
# 1. Wait for the SUSPEND QMP event from QEMU
# 2. Issue the query-status QMP command to confirm the VM status is
# "suspended"
#
# The following errors may be returned:
#
# - If hybrid suspend is not supported, Unsupported
#
# Notes: It's strongly recommended to issue the guest-sync command before
# sending commands when the guest resumes
#
# Since: 1.1
##
{ 'command': 'guest-suspend-hybrid', 'success-response': false }
##
# @GuestIpAddressType:
#
# An enumeration of supported IP address types
#
# @ipv4: IP version 4
#
# @ipv6: IP version 6
#
# Since: 1.1
##
{ 'enum': 'GuestIpAddressType',
'data': [ 'ipv4', 'ipv6' ] }
##
# @GuestIpAddress:
#
# @ip-address: IP address
#
# @ip-address-type: Type of @ip-address (e.g. ipv4, ipv6)
#
# @prefix: Network prefix length of @ip-address
#
# Since: 1.1
##
{ 'struct': 'GuestIpAddress',
'data': {'ip-address': 'str',
'ip-address-type': 'GuestIpAddressType',
'prefix': 'int'} }
##
# @GuestNetworkInterfaceStat:
#
# @rx-bytes: total bytes received
#
# @rx-packets: total packets received
#
# @rx-errs: bad packets received
#
# @rx-dropped: receiver dropped packets
#
# @tx-bytes: total bytes transmitted
#
# @tx-packets: total packets transmitted
#
# @tx-errs: packet transmit problems
#
# @tx-dropped: dropped packets transmitted
#
# Since: 2.11
##
{ 'struct': 'GuestNetworkInterfaceStat',
'data': {'rx-bytes': 'uint64',
'rx-packets': 'uint64',
'rx-errs': 'uint64',
'rx-dropped': 'uint64',
'tx-bytes': 'uint64',
'tx-packets': 'uint64',
'tx-errs': 'uint64',
'tx-dropped': 'uint64'
} }
##
# @GuestNetworkInterface:
#
# @name: The name of interface for which info are being delivered
#
# @hardware-address: Hardware address of @name
#
# @ip-addresses: List of addresses assigned to @name
#
# @statistics: various statistic counters related to @name
# (since 2.11)
#
# Since: 1.1
##
{ 'struct': 'GuestNetworkInterface',
'data': {'name': 'str',
'*hardware-address': 'str',
'*ip-addresses': ['GuestIpAddress'],
'*statistics': 'GuestNetworkInterfaceStat' } }
##
# @guest-network-get-interfaces:
#
# Get list of guest IP addresses, MAC addresses
# and netmasks.
#
# Returns: List of GuestNetworkInfo on success.
#
# Since: 1.1
##
{ 'command': 'guest-network-get-interfaces',
'returns': ['GuestNetworkInterface'] }
##
# @GuestLogicalProcessor:
#
# @logical-id: Arbitrary guest-specific unique identifier of the VCPU.
#
# @online: Whether the VCPU is enabled.
#
# @can-offline: Whether offlining the VCPU is possible. This member
# is always filled in by the guest agent when the structure is
# returned, and always ignored on input (hence it can be omitted
# then).
#
# Since: 1.5
##
{ 'struct': 'GuestLogicalProcessor',
'data': {'logical-id': 'int',
'online': 'bool',
'*can-offline': 'bool'} }
##
# @guest-get-vcpus:
#
# Retrieve the list of the guest's logical processors.
#
# This is a read-only operation.
#
# Returns: The list of all VCPUs the guest knows about. Each VCPU is put on the
# list exactly once, but their order is unspecified.
#
# Since: 1.5
##
{ 'command': 'guest-get-vcpus',
'returns': ['GuestLogicalProcessor'] }
##
# @guest-set-vcpus:
#
# Attempt to reconfigure (currently: enable/disable) logical processors inside
# the guest.
#
# The input list is processed node by node in order. In each node @logical-id
# is used to look up the guest VCPU, for which @online specifies the requested
# state. The set of distinct @logical-id's is only required to be a subset of
# the guest-supported identifiers. There's no restriction on list length or on
# repeating the same @logical-id (with possibly different @online field).
# Preferably the input list should describe a modified subset of
# @guest-get-vcpus' return value.
#
# Returns: The length of the initial sublist that has been successfully
# processed. The guest agent maximizes this value. Possible cases:
#
# - 0:
# if the @vcpus list was empty on input. Guest state
# has not been changed. Otherwise,
# - Error:
# processing the first node of @vcpus failed for the
# reason returned. Guest state has not been changed.
# Otherwise,
# - < length(@vcpus):
# more than zero initial nodes have been processed,
# but not the entire @vcpus list. Guest state has
# changed accordingly. To retrieve the error
# (assuming it persists), repeat the call with the
# successfully processed initial sublist removed.
# Otherwise,
# - length(@vcpus):
# call successful.
#
# Since: 1.5
##
{ 'command': 'guest-set-vcpus',
'data': {'vcpus': ['GuestLogicalProcessor'] },
'returns': 'int' }
##
# @GuestDiskBusType:
#
# An enumeration of bus type of disks
#
# @ide: IDE disks
# @fdc: floppy disks
# @scsi: SCSI disks
# @virtio: virtio disks
# @xen: Xen disks
# @usb: USB disks
# @uml: UML disks
# @sata: SATA disks
# @sd: SD cards
# @unknown: Unknown bus type
# @ieee1394: Win IEEE 1394 bus type
# @ssa: Win SSA bus type
# @fibre: Win fiber channel bus type
# @raid: Win RAID bus type
# @iscsi: Win iScsi bus type
# @sas: Win serial-attaches SCSI bus type
# @mmc: Win multimedia card (MMC) bus type
# @virtual: Win virtual bus type
# @file-backed-virtual: Win file-backed bus type
#
# Since: 2.2; 'Unknown' and all entries below since 2.4
##
{ 'enum': 'GuestDiskBusType',
'data': [ 'ide', 'fdc', 'scsi', 'virtio', 'xen', 'usb', 'uml', 'sata',
'sd', 'unknown', 'ieee1394', 'ssa', 'fibre', 'raid', 'iscsi',
'sas', 'mmc', 'virtual', 'file-backed-virtual' ] }
##
# @GuestPCIAddress:
#
# @domain: domain id
# @bus: bus id
# @slot: slot id
# @function: function id
#
# Since: 2.2
##
{ 'struct': 'GuestPCIAddress',
'data': {'domain': 'int', 'bus': 'int',
'slot': 'int', 'function': 'int'} }
##
# @GuestDiskAddress:
#
# @pci-controller: controller's PCI address
# @bus-type: bus type
# @bus: bus id
# @target: target id
# @unit: unit id
# @serial: serial number (since: 3.1)
# @dev: device node (POSIX) or device UNC (Windows) (since: 3.1)
#
# Since: 2.2
##
{ 'struct': 'GuestDiskAddress',
'data': {'pci-controller': 'GuestPCIAddress',
'bus-type': 'GuestDiskBusType',
'bus': 'int', 'target': 'int', 'unit': 'int',
'*serial': 'str', '*dev': 'str'} }
##
# @GuestFilesystemInfo:
#
# @name: disk name
# @mountpoint: mount point path
# @type: file system type string
# @used-bytes: file system used bytes (since 3.0)
# @total-bytes: non-root file system total bytes (since 3.0)
# @disk: an array of disk hardware information that the volume lies on,
# which may be empty if the disk type is not supported
#
# Since: 2.2
##
{ 'struct': 'GuestFilesystemInfo',
'data': {'name': 'str', 'mountpoint': 'str', 'type': 'str',
'*used-bytes': 'uint64', '*total-bytes': 'uint64',
'disk': ['GuestDiskAddress']} }
##
# @guest-get-fsinfo:
#
# Returns: The list of filesystems information mounted in the guest.
# The returned mountpoints may be specified to
# @guest-fsfreeze-freeze-list.
# Network filesystems (such as CIFS and NFS) are not listed.
#
# Since: 2.2
##
{ 'command': 'guest-get-fsinfo',
'returns': ['GuestFilesystemInfo'] }
##
# @guest-set-user-password:
#
# @username: the user account whose password to change
# @password: the new password entry string, base64 encoded
# @crypted: true if password is already crypt()d, false if raw
#
# If the @crypted flag is true, it is the caller's responsibility
# to ensure the correct crypt() encryption scheme is used. This
# command does not attempt to interpret or report on the encryption
# scheme. Refer to the documentation of the guest operating system
# in question to determine what is supported.
#
# Not all guest operating systems will support use of the
# @crypted flag, as they may require the clear-text password
#
# The @password parameter must always be base64 encoded before
# transmission, even if already crypt()d, to ensure it is 8-bit
# safe when passed as JSON.
#
# Returns: Nothing on success.
#
# Since: 2.3
##
{ 'command': 'guest-set-user-password',
'data': { 'username': 'str', 'password': 'str', 'crypted': 'bool' } }
##
# @GuestMemoryBlock:
#
# @phys-index: Arbitrary guest-specific unique identifier of the MEMORY BLOCK.
#
# @online: Whether the MEMORY BLOCK is enabled in guest.
#
# @can-offline: Whether offlining the MEMORY BLOCK is possible.
# This member is always filled in by the guest agent when the
# structure is returned, and always ignored on input (hence it
# can be omitted then).
#
# Since: 2.3
##
{ 'struct': 'GuestMemoryBlock',
'data': {'phys-index': 'uint64',
'online': 'bool',
'*can-offline': 'bool'} }
##
# @guest-get-memory-blocks:
#
# Retrieve the list of the guest's memory blocks.
#
# This is a read-only operation.
#
# Returns: The list of all memory blocks the guest knows about.
# Each memory block is put on the list exactly once, but their order
# is unspecified.
#
# Since: 2.3
##
{ 'command': 'guest-get-memory-blocks',
'returns': ['GuestMemoryBlock'] }
##
# @GuestMemoryBlockResponseType:
#
# An enumeration of memory block operation result.
#
# @success: the operation of online/offline memory block is successful.
# @not-found: can't find the corresponding memoryXXX directory in sysfs.
# @operation-not-supported: for some old kernels, it does not support
# online or offline memory block.
# @operation-failed: the operation of online/offline memory block fails,
# because of some errors happen.
#
# Since: 2.3
##
{ 'enum': 'GuestMemoryBlockResponseType',
'data': ['success', 'not-found', 'operation-not-supported',
'operation-failed'] }
##
# @GuestMemoryBlockResponse:
#
# @phys-index: same with the 'phys-index' member of @GuestMemoryBlock.
#
# @response: the result of memory block operation.
#
# @error-code: the error number.
# When memory block operation fails, we assign the value of
# 'errno' to this member, it indicates what goes wrong.
# When the operation succeeds, it will be omitted.
#
# Since: 2.3
##
{ 'struct': 'GuestMemoryBlockResponse',
'data': { 'phys-index': 'uint64',
'response': 'GuestMemoryBlockResponseType',
'*error-code': 'int' }}
##
# @guest-set-memory-blocks:
#
# Attempt to reconfigure (currently: enable/disable) state of memory blocks
# inside the guest.
#
# The input list is processed node by node in order. In each node @phys-index
# is used to look up the guest MEMORY BLOCK, for which @online specifies the
# requested state. The set of distinct @phys-index's is only required to be a
# subset of the guest-supported identifiers. There's no restriction on list
# length or on repeating the same @phys-index (with possibly different @online
# field).
# Preferably the input list should describe a modified subset of
# @guest-get-memory-blocks' return value.
#
# Returns: The operation results, it is a list of @GuestMemoryBlockResponse,
# which is corresponding to the input list.
#
# Note: it will return NULL if the @mem-blks list was empty on input,
# or there is an error, and in this case, guest state will not be
# changed.
#
# Since: 2.3
##
{ 'command': 'guest-set-memory-blocks',
'data': {'mem-blks': ['GuestMemoryBlock'] },
'returns': ['GuestMemoryBlockResponse'] }
##
# @GuestMemoryBlockInfo:
#
# @size: the size (in bytes) of the guest memory blocks,
# which are the minimal units of memory block online/offline
# operations (also called Logical Memory Hotplug).
#
# Since: 2.3
##
{ 'struct': 'GuestMemoryBlockInfo',
'data': {'size': 'uint64'} }
##
# @guest-get-memory-block-info:
#
# Get information relating to guest memory blocks.
#
# Returns: @GuestMemoryBlockInfo
#
# Since: 2.3
##
{ 'command': 'guest-get-memory-block-info',
'returns': 'GuestMemoryBlockInfo' }
##
# @GuestExecStatus:
#
# @exited: true if process has already terminated.
# @exitcode: process exit code if it was normally terminated.
# @signal: signal number (linux) or unhandled exception code
# (windows) if the process was abnormally terminated.
# @out-data: base64-encoded stdout of the process
# @err-data: base64-encoded stderr of the process
# Note: @out-data and @err-data are present only
# if 'capture-output' was specified for 'guest-exec'
# @out-truncated: true if stdout was not fully captured
# due to size limitation.
# @err-truncated: true if stderr was not fully captured
# due to size limitation.
#
# Since: 2.5
##
{ 'struct': 'GuestExecStatus',
'data': { 'exited': 'bool', '*exitcode': 'int', '*signal': 'int',
'*out-data': 'str', '*err-data': 'str',
'*out-truncated': 'bool', '*err-truncated': 'bool' }}
##
# @guest-exec-status:
#
# Check status of process associated with PID retrieved via guest-exec.
# Reap the process and associated metadata if it has exited.
#
# @pid: pid returned from guest-exec
#
# Returns: GuestExecStatus on success.
#
# Since: 2.5
##
{ 'command': 'guest-exec-status',
'data': { 'pid': 'int' },
'returns': 'GuestExecStatus' }
##
# @GuestExec:
# @pid: pid of child process in guest OS
#
# Since: 2.5
##
{ 'struct': 'GuestExec',
'data': { 'pid': 'int'} }
##
# @guest-exec:
#
# Execute a command in the guest
#
# @path: path or executable name to execute
# @arg: argument list to pass to executable
# @env: environment variables to pass to executable
# @input-data: data to be passed to process stdin (base64 encoded)
# @capture-output: bool flag to enable capture of
# stdout/stderr of running process. defaults to false.
#
# Returns: PID on success.
#
# Since: 2.5
##
{ 'command': 'guest-exec',
'data': { 'path': 'str', '*arg': ['str'], '*env': ['str'],
'*input-data': 'str', '*capture-output': 'bool' },
'returns': 'GuestExec' }
##
# @GuestHostName:
# @host-name: Fully qualified domain name of the guest OS
#
# Since: 2.10
##
{ 'struct': 'GuestHostName',
'data': { 'host-name': 'str' } }
##
# @guest-get-host-name:
#
# Return a name for the machine.
#
# The returned name is not necessarily a fully-qualified domain name, or even
# present in DNS or some other name service at all. It need not even be unique
# on your local network or site, but usually it is.
#
# Returns: the host name of the machine on success
#
# Since: 2.10
##
{ 'command': 'guest-get-host-name',
'returns': 'GuestHostName' }
##
# @GuestUser:
# @user: Username
# @domain: Logon domain (windows only)
# @login-time: Time of login of this user on the computer. If multiple
# instances of the user are logged in, the earliest login time is
# reported. The value is in fractional seconds since epoch time.
#
# Since: 2.10
##
{ 'struct': 'GuestUser',
'data': { 'user': 'str', 'login-time': 'number', '*domain': 'str' } }
##
# @guest-get-users:
# Retrieves a list of currently active users on the VM.
#
# Returns: A unique list of users.
#
# Since: 2.10
##
{ 'command': 'guest-get-users',
'returns': ['GuestUser'] }
##
# @GuestTimezone:
#
# @zone: Timezone name. These values may differ depending on guest/OS and
# should only be used for informational purposes.
# @offset: Offset to UTC in seconds, negative numbers for time zones west of
# GMT, positive numbers for east
#
# Since: 2.10
##
{ 'struct': 'GuestTimezone',
'data': { '*zone': 'str', 'offset': 'int' } }
##
# @guest-get-timezone:
#
# Retrieves the timezone information from the guest.
#
# Returns: A GuestTimezone dictionary.
#
# Since: 2.10
##
{ 'command': 'guest-get-timezone',
'returns': 'GuestTimezone' }
##
# @GuestOSInfo:
#
# @kernel-release:
# * POSIX: release field returned by uname(2)
# * Windows: build number of the OS
# @kernel-version:
# * POSIX: version field returned by uname(2)
# * Windows: version number of the OS
# @machine:
# * POSIX: machine field returned by uname(2)
# * Windows: one of x86, x86_64, arm, ia64
# @id:
# * POSIX: as defined by os-release(5)
# * Windows: contains string "mswindows"
# @name:
# * POSIX: as defined by os-release(5)
# * Windows: contains string "Microsoft Windows"
# @pretty-name:
# * POSIX: as defined by os-release(5)
# * Windows: product name, e.g. "Microsoft Windows 10 Enterprise"
# @version:
# * POSIX: as defined by os-release(5)
# * Windows: long version string, e.g. "Microsoft Windows Server 2008"
# @version-id:
# * POSIX: as defined by os-release(5)
# * Windows: short version identifier, e.g. "7" or "20012r2"
# @variant:
# * POSIX: as defined by os-release(5)
# * Windows: contains string "server" or "client"
# @variant-id:
# * POSIX: as defined by os-release(5)
# * Windows: contains string "server" or "client"
#
# Notes:
#
# On POSIX systems the fields @id, @name, @pretty-name, @version, @version-id,
# @variant and @variant-id follow the definition specified in os-release(5).
# Refer to the manual page for exact description of the fields. Their values
# are taken from the os-release file. If the file is not present in the system,
# or the values are not present in the file, the fields are not included.
#
# On Windows the values are filled from information gathered from the system.
#
# Since: 2.10
##
{ 'struct': 'GuestOSInfo',
'data': {
'*kernel-release': 'str', '*kernel-version': 'str',
'*machine': 'str', '*id': 'str', '*name': 'str',
'*pretty-name': 'str', '*version': 'str', '*version-id': 'str',
'*variant': 'str', '*variant-id': 'str' } }
##
# @guest-get-osinfo:
#
# Retrieve guest operating system information
#
# Returns: @GuestOSInfo
#
# Since: 2.10
##
{ 'command': 'guest-get-osinfo',
'returns': 'GuestOSInfo' }