diff options
Diffstat (limited to 'nbd')
| -rw-r--r-- | nbd/client.c | 60 | ||||
| -rw-r--r-- | nbd/server.c | 62 | ||||
| -rw-r--r-- | nbd/trace-events | 3 |
3 files changed, 66 insertions, 59 deletions
diff --git a/nbd/client.c b/nbd/client.c index 3d680e63e1..eea236ca06 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -79,12 +79,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt, stl_be_p(&req.length, len); if (nbd_write(ioc, &req, sizeof(req), errp) < 0) { - error_prepend(errp, "Failed to send option request header"); + error_prepend(errp, "Failed to send option request header: "); return -1; } if (len && nbd_write(ioc, (char *) data, len, errp) < 0) { - error_prepend(errp, "Failed to send option request data"); + error_prepend(errp, "Failed to send option request data: "); return -1; } @@ -113,7 +113,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt, { QEMU_BUILD_BUG_ON(sizeof(*reply) != 20); if (nbd_read(ioc, reply, sizeof(*reply), errp) < 0) { - error_prepend(errp, "failed to read option reply"); + error_prepend(errp, "failed to read option reply: "); nbd_send_opt_abort(ioc); return -1; } @@ -166,7 +166,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply, msg = g_malloc(reply->length + 1); if (nbd_read(ioc, msg, reply->length, errp) < 0) { error_prepend(errp, "failed to read option error 0x%" PRIx32 - " (%s) message", + " (%s) message: ", reply->type, nbd_rep_lookup(reply->type)); goto cleanup; } @@ -277,7 +277,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, return -1; } if (nbd_read(ioc, &namelen, sizeof(namelen), errp) < 0) { - error_prepend(errp, "failed to read option name length"); + error_prepend(errp, "failed to read option name length: "); nbd_send_opt_abort(ioc); return -1; } @@ -290,7 +290,8 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, } if (namelen != strlen(want)) { if (nbd_drop(ioc, len, errp) < 0) { - error_prepend(errp, "failed to skip export name with wrong length"); + error_prepend(errp, + "failed to skip export name with wrong length: "); nbd_send_opt_abort(ioc); return -1; } @@ -299,14 +300,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, assert(namelen < sizeof(name)); if (nbd_read(ioc, name, namelen, errp) < 0) { - error_prepend(errp, "failed to read export name"); + error_prepend(errp, "failed to read export name: "); nbd_send_opt_abort(ioc); return -1; } name[namelen] = '\0'; len -= namelen; if (nbd_drop(ioc, len, errp) < 0) { - error_prepend(errp, "failed to read export description"); + error_prepend(errp, "failed to read export description: "); nbd_send_opt_abort(ioc); return -1; } @@ -390,7 +391,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, return -1; } if (nbd_read(ioc, &type, sizeof(type), errp) < 0) { - error_prepend(errp, "failed to read info type"); + error_prepend(errp, "failed to read info type: "); nbd_send_opt_abort(ioc); return -1; } @@ -405,13 +406,13 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, return -1; } if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { - error_prepend(errp, "failed to read info size"); + error_prepend(errp, "failed to read info size: "); nbd_send_opt_abort(ioc); return -1; } be64_to_cpus(&info->size); if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { - error_prepend(errp, "failed to read info flags"); + error_prepend(errp, "failed to read info flags: "); nbd_send_opt_abort(ioc); return -1; } @@ -428,7 +429,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, } if (nbd_read(ioc, &info->min_block, sizeof(info->min_block), errp) < 0) { - error_prepend(errp, "failed to read info minimum block size"); + error_prepend(errp, "failed to read info minimum block size: "); nbd_send_opt_abort(ioc); return -1; } @@ -441,7 +442,8 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, } if (nbd_read(ioc, &info->opt_block, sizeof(info->opt_block), errp) < 0) { - error_prepend(errp, "failed to read info preferred block size"); + error_prepend(errp, + "failed to read info preferred block size: "); nbd_send_opt_abort(ioc); return -1; } @@ -455,7 +457,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, } if (nbd_read(ioc, &info->max_block, sizeof(info->max_block), errp) < 0) { - error_prepend(errp, "failed to read info maximum block size"); + error_prepend(errp, "failed to read info maximum block size: "); nbd_send_opt_abort(ioc); return -1; } @@ -467,7 +469,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname, default: trace_nbd_opt_go_info_unknown(type, nbd_info_lookup(type)); if (nbd_drop(ioc, len, errp) < 0) { - error_prepend(errp, "Failed to read info payload"); + error_prepend(errp, "Failed to read info payload: "); nbd_send_opt_abort(ioc); return -1; } @@ -618,7 +620,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, } if (nbd_read(ioc, buf, 8, errp) < 0) { - error_prepend(errp, "Failed to read data"); + error_prepend(errp, "Failed to read data: "); goto fail; } @@ -637,7 +639,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, } if (nbd_read(ioc, &magic, sizeof(magic), errp) < 0) { - error_prepend(errp, "Failed to read magic"); + error_prepend(errp, "Failed to read magic: "); goto fail; } magic = be64_to_cpu(magic); @@ -649,7 +651,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, bool fixedNewStyle = false; if (nbd_read(ioc, &globalflags, sizeof(globalflags), errp) < 0) { - error_prepend(errp, "Failed to read server flags"); + error_prepend(errp, "Failed to read server flags: "); goto fail; } globalflags = be16_to_cpu(globalflags); @@ -665,7 +667,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, /* client requested flags */ clientflags = cpu_to_be32(clientflags); if (nbd_write(ioc, &clientflags, sizeof(clientflags), errp) < 0) { - error_prepend(errp, "Failed to send clientflags field"); + error_prepend(errp, "Failed to send clientflags field: "); goto fail; } if (tlscreds) { @@ -727,13 +729,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, /* Read the response */ if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { - error_prepend(errp, "Failed to read export length"); + error_prepend(errp, "Failed to read export length: "); goto fail; } be64_to_cpus(&info->size); if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { - error_prepend(errp, "Failed to read export flags"); + error_prepend(errp, "Failed to read export flags: "); goto fail; } be16_to_cpus(&info->flags); @@ -750,13 +752,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, } if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { - error_prepend(errp, "Failed to read export length"); + error_prepend(errp, "Failed to read export length: "); goto fail; } be64_to_cpus(&info->size); if (nbd_read(ioc, &oldflags, sizeof(oldflags), errp) < 0) { - error_prepend(errp, "Failed to read export flags"); + error_prepend(errp, "Failed to read export flags: "); goto fail; } be32_to_cpus(&oldflags); @@ -772,7 +774,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, trace_nbd_receive_negotiate_size_flags(info->size, info->flags); if (zeroes && nbd_drop(ioc, 124, errp) < 0) { - error_prepend(errp, "Failed to read reserved block"); + error_prepend(errp, "Failed to read reserved block: "); goto fail; } rc = 0; @@ -979,6 +981,7 @@ static int nbd_receive_structured_reply_chunk(QIOChannel *ioc, int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp) { int ret; + const char *type; ret = nbd_read_eof(ioc, &reply->magic, sizeof(reply->magic), errp); if (ret <= 0) { @@ -993,23 +996,18 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp) if (ret < 0) { break; } - trace_nbd_receive_simple_reply(reply->simple.error, nbd_err_lookup(reply->simple.error), reply->handle); - if (reply->simple.error == NBD_ESHUTDOWN) { - /* This works even on mingw which lacks a native ESHUTDOWN */ - error_setg(errp, "server shutting down"); - return -EINVAL; - } break; case NBD_STRUCTURED_REPLY_MAGIC: ret = nbd_receive_structured_reply_chunk(ioc, &reply->structured, errp); if (ret < 0) { break; } + type = nbd_reply_type_lookup(reply->structured.type); trace_nbd_receive_structured_reply_chunk(reply->structured.flags, - reply->structured.type, + reply->structured.type, type, reply->structured.handle, reply->structured.length); break; diff --git a/nbd/server.c b/nbd/server.c index 70b40ed27e..7d6801b427 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -423,6 +423,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length, break; } } + assert(length == 0); exp = nbd_export_find(name); if (!exp) { @@ -433,7 +434,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length, /* Don't bother sending NBD_INFO_NAME unless client requested it */ if (sendname) { - rc = nbd_negotiate_send_info(client, opt, NBD_INFO_NAME, length, name, + rc = nbd_negotiate_send_info(client, opt, NBD_INFO_NAME, namelen, name, errp); if (rc < 0) { return rc; @@ -1272,6 +1273,21 @@ static inline void set_be_chunk(NBDStructuredReplyChunk *chunk, uint16_t flags, stl_be_p(&chunk->length, length); } +static int coroutine_fn nbd_co_send_structured_done(NBDClient *client, + uint64_t handle, + Error **errp) +{ + NBDStructuredReplyChunk chunk; + struct iovec iov[] = { + {.iov_base = &chunk, .iov_len = sizeof(chunk)}, + }; + + trace_nbd_co_send_structured_done(handle); + set_be_chunk(&chunk, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_NONE, handle, 0); + + return nbd_co_send_iov(client, iov, 1, errp); +} + static int coroutine_fn nbd_co_send_structured_read(NBDClient *client, uint64_t handle, uint64_t offset, @@ -1279,12 +1295,13 @@ static int coroutine_fn nbd_co_send_structured_read(NBDClient *client, size_t size, Error **errp) { - NBDStructuredRead chunk; + NBDStructuredReadData chunk; struct iovec iov[] = { {.iov_base = &chunk, .iov_len = sizeof(chunk)}, {.iov_base = data, .iov_len = size} }; + assert(size); trace_nbd_co_send_structured_read(handle, offset, data, size); set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_OFFSET_DATA, handle, sizeof(chunk) - sizeof(chunk.h) + size); @@ -1349,15 +1366,6 @@ static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request, return -EIO; } - /* Check for sanity in the parameters, part 1. Defer as many - * checks as possible until after reading any NBD_CMD_WRITE - * payload, so we can try and keep the connection alive. */ - if ((request->from + request->len) < request->from) { - error_setg(errp, - "integer overflow detected, you're probably being attacked"); - return -EINVAL; - } - if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) { if (request->len > NBD_MAX_BUFFER_SIZE) { error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", @@ -1382,12 +1390,21 @@ static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request, request->len); } - /* Sanity checks, part 2. */ - if (request->from + request->len > client->exp->size) { + /* Sanity checks. */ + if (client->exp->nbdflags & NBD_FLAG_READ_ONLY && + (request->type == NBD_CMD_WRITE || + request->type == NBD_CMD_WRITE_ZEROES || + request->type == NBD_CMD_TRIM)) { + error_setg(errp, "Export is read-only"); + return -EROFS; + } + if (request->from > client->exp->size || + request->from + request->len > client->exp->size) { error_setg(errp, "operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 ", Size: %" PRIu64, request->from, request->len, (uint64_t)client->exp->size); - return request->type == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; + return (request->type == NBD_CMD_WRITE || + request->type == NBD_CMD_WRITE_ZEROES) ? -ENOSPC : -EINVAL; } valid_flags = NBD_CMD_FLAG_FUA; if (request->type == NBD_CMD_READ && client->structured_reply) { @@ -1465,12 +1482,6 @@ static coroutine_fn void nbd_trip(void *opaque) break; case NBD_CMD_WRITE: - if (exp->nbdflags & NBD_FLAG_READ_ONLY) { - error_setg(&local_err, "Export is read-only"); - ret = -EROFS; - break; - } - flags = 0; if (request.flags & NBD_CMD_FLAG_FUA) { flags |= BDRV_REQ_FUA; @@ -1483,12 +1494,6 @@ static coroutine_fn void nbd_trip(void *opaque) break; case NBD_CMD_WRITE_ZEROES: - if (exp->nbdflags & NBD_FLAG_READ_ONLY) { - error_setg(&local_err, "Export is read-only"); - ret = -EROFS; - break; - } - flags = 0; if (request.flags & NBD_CMD_FLAG_FUA) { flags |= BDRV_REQ_FUA; @@ -1543,10 +1548,13 @@ reply: if (ret < 0) { ret = nbd_co_send_structured_error(req->client, request.handle, -ret, msg, &local_err); - } else { + } else if (reply_data_len) { ret = nbd_co_send_structured_read(req->client, request.handle, request.from, req->data, reply_data_len, &local_err); + } else { + ret = nbd_co_send_structured_done(req->client, request.handle, + &local_err); } } else { ret = nbd_co_send_simple_reply(req->client, request.handle, diff --git a/nbd/trace-events b/nbd/trace-events index 4a13757524..92568edce5 100644 --- a/nbd/trace-events +++ b/nbd/trace-events @@ -27,7 +27,7 @@ nbd_client_clear_queue(void) "Clearing NBD queue" nbd_client_clear_socket(void) "Clearing NBD socket" nbd_send_request(uint64_t from, uint32_t len, uint64_t handle, uint16_t flags, uint16_t type, const char *name) "Sending request to server: { .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64 ", .flags = 0x%" PRIx16 ", .type = %" PRIu16 " (%s) }" nbd_receive_simple_reply(int32_t error, const char *errname, uint64_t handle) "Got simple reply: { .error = %" PRId32 " (%s), handle = %" PRIu64" }" -nbd_receive_structured_reply_chunk(uint16_t flags, uint16_t type, uint64_t handle, uint32_t length) "Got structured reply chunk: { flags = 0x%" PRIx16 ", type = %d, handle = %" PRIu64 ", length = %" PRIu32 " }" +nbd_receive_structured_reply_chunk(uint16_t flags, uint16_t type, const char *name, uint64_t handle, uint32_t length) "Got structured reply chunk: { flags = 0x%" PRIx16 ", type = %d (%s), handle = %" PRIu64 ", length = %" PRIu32 " }" # nbd/common.c nbd_unknown_error(int err) "Squashing unexpected error %d to EINVAL" @@ -55,6 +55,7 @@ nbd_receive_request(uint32_t magic, uint16_t flags, uint16_t type, uint64_t from nbd_blk_aio_attached(const char *name, void *ctx) "Export %s: Attaching clients to AIO context %p\n" nbd_blk_aio_detach(const char *name, void *ctx) "Export %s: Detaching clients from AIO context %p\n" nbd_co_send_simple_reply(uint64_t handle, uint32_t error, const char *errname, int len) "Send simple reply: handle = %" PRIu64 ", error = %" PRIu32 " (%s), len = %d" +nbd_co_send_structured_done(uint64_t handle) "Send structured reply done: handle = %" PRIu64 nbd_co_send_structured_read(uint64_t handle, uint64_t offset, void *data, size_t size) "Send structured read data reply: handle = %" PRIu64 ", offset = %" PRIu64 ", data = %p, len = %zu" nbd_co_send_structured_error(uint64_t handle, int err, const char *errname, const char *msg) "Send structured error reply: handle = %" PRIu64 ", error = %d (%s), msg = '%s'" nbd_co_receive_request_decode_type(uint64_t handle, uint16_t type, const char *name) "Decoding type: handle = %" PRIu64 ", type = %" PRIu16 " (%s)" |