1 /* 2 * QEMU Block driver for CURL images 3 * 4 * Copyright (c) 2009 Alexander Graf <agraf@suse.de> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 #include "qemu-common.h" 25 #include "block/block_int.h" 26 #include <curl/curl.h> 27 28 // #define DEBUG 29 // #define DEBUG_VERBOSE 30 31 #ifdef DEBUG_CURL 32 #define DPRINTF(fmt, ...) do { printf(fmt, ## __VA_ARGS__); } while (0) 33 #else 34 #define DPRINTF(fmt, ...) do { } while (0) 35 #endif 36 37 #define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \ 38 CURLPROTO_FTP | CURLPROTO_FTPS | \ 39 CURLPROTO_TFTP) 40 41 #define CURL_NUM_STATES 8 42 #define CURL_NUM_ACB 8 43 #define SECTOR_SIZE 512 44 #define READ_AHEAD_SIZE (256 * 1024) 45 46 #define FIND_RET_NONE 0 47 #define FIND_RET_OK 1 48 #define FIND_RET_WAIT 2 49 50 struct BDRVCURLState; 51 52 typedef struct CURLAIOCB { 53 BlockDriverAIOCB common; 54 QEMUBH *bh; 55 QEMUIOVector *qiov; 56 57 int64_t sector_num; 58 int nb_sectors; 59 60 size_t start; 61 size_t end; 62 } CURLAIOCB; 63 64 typedef struct CURLState 65 { 66 struct BDRVCURLState *s; 67 CURLAIOCB *acb[CURL_NUM_ACB]; 68 CURL *curl; 69 char *orig_buf; 70 size_t buf_start; 71 size_t buf_off; 72 size_t buf_len; 73 char range[128]; 74 char errmsg[CURL_ERROR_SIZE]; 75 char in_use; 76 } CURLState; 77 78 typedef struct BDRVCURLState { 79 CURLM *multi; 80 size_t len; 81 CURLState states[CURL_NUM_STATES]; 82 char *url; 83 size_t readahead_size; 84 bool accept_range; 85 } BDRVCURLState; 86 87 static void curl_clean_state(CURLState *s); 88 static void curl_multi_do(void *arg); 89 90 static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action, 91 void *s, void *sp) 92 { 93 DPRINTF("CURL (AIO): Sock action %d on fd %d\n", action, fd); 94 switch (action) { 95 case CURL_POLL_IN: 96 qemu_aio_set_fd_handler(fd, curl_multi_do, NULL, s); 97 break; 98 case CURL_POLL_OUT: 99 qemu_aio_set_fd_handler(fd, NULL, curl_multi_do, s); 100 break; 101 case CURL_POLL_INOUT: 102 qemu_aio_set_fd_handler(fd, curl_multi_do, curl_multi_do, s); 103 break; 104 case CURL_POLL_REMOVE: 105 qemu_aio_set_fd_handler(fd, NULL, NULL, NULL); 106 break; 107 } 108 109 return 0; 110 } 111 112 static size_t curl_header_cb(void *ptr, size_t size, size_t nmemb, void *opaque) 113 { 114 BDRVCURLState *s = opaque; 115 size_t realsize = size * nmemb; 116 const char *accept_line = "Accept-Ranges: bytes"; 117 118 if (realsize >= strlen(accept_line) 119 && strncmp((char *)ptr, accept_line, strlen(accept_line)) == 0) { 120 s->accept_range = true; 121 } 122 123 return realsize; 124 } 125 126 static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque) 127 { 128 CURLState *s = ((CURLState*)opaque); 129 size_t realsize = size * nmemb; 130 int i; 131 132 DPRINTF("CURL: Just reading %zd bytes\n", realsize); 133 134 if (!s || !s->orig_buf) 135 goto read_end; 136 137 memcpy(s->orig_buf + s->buf_off, ptr, realsize); 138 s->buf_off += realsize; 139 140 for(i=0; i<CURL_NUM_ACB; i++) { 141 CURLAIOCB *acb = s->acb[i]; 142 143 if (!acb) 144 continue; 145 146 if ((s->buf_off >= acb->end)) { 147 qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start, 148 acb->end - acb->start); 149 acb->common.cb(acb->common.opaque, 0); 150 qemu_aio_release(acb); 151 s->acb[i] = NULL; 152 } 153 } 154 155 read_end: 156 return realsize; 157 } 158 159 static int curl_find_buf(BDRVCURLState *s, size_t start, size_t len, 160 CURLAIOCB *acb) 161 { 162 int i; 163 size_t end = start + len; 164 165 for (i=0; i<CURL_NUM_STATES; i++) { 166 CURLState *state = &s->states[i]; 167 size_t buf_end = (state->buf_start + state->buf_off); 168 size_t buf_fend = (state->buf_start + state->buf_len); 169 170 if (!state->orig_buf) 171 continue; 172 if (!state->buf_off) 173 continue; 174 175 // Does the existing buffer cover our section? 176 if ((start >= state->buf_start) && 177 (start <= buf_end) && 178 (end >= state->buf_start) && 179 (end <= buf_end)) 180 { 181 char *buf = state->orig_buf + (start - state->buf_start); 182 183 qemu_iovec_from_buf(acb->qiov, 0, buf, len); 184 acb->common.cb(acb->common.opaque, 0); 185 186 return FIND_RET_OK; 187 } 188 189 // Wait for unfinished chunks 190 if ((start >= state->buf_start) && 191 (start <= buf_fend) && 192 (end >= state->buf_start) && 193 (end <= buf_fend)) 194 { 195 int j; 196 197 acb->start = start - state->buf_start; 198 acb->end = acb->start + len; 199 200 for (j=0; j<CURL_NUM_ACB; j++) { 201 if (!state->acb[j]) { 202 state->acb[j] = acb; 203 return FIND_RET_WAIT; 204 } 205 } 206 } 207 } 208 209 return FIND_RET_NONE; 210 } 211 212 static void curl_multi_do(void *arg) 213 { 214 BDRVCURLState *s = (BDRVCURLState *)arg; 215 int running; 216 int r; 217 int msgs_in_queue; 218 219 if (!s->multi) 220 return; 221 222 do { 223 r = curl_multi_socket_all(s->multi, &running); 224 } while(r == CURLM_CALL_MULTI_PERFORM); 225 226 /* Try to find done transfers, so we can free the easy 227 * handle again. */ 228 do { 229 CURLMsg *msg; 230 msg = curl_multi_info_read(s->multi, &msgs_in_queue); 231 232 if (!msg) 233 break; 234 if (msg->msg == CURLMSG_NONE) 235 break; 236 237 switch (msg->msg) { 238 case CURLMSG_DONE: 239 { 240 CURLState *state = NULL; 241 curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE, (char**)&state); 242 243 /* ACBs for successful messages get completed in curl_read_cb */ 244 if (msg->data.result != CURLE_OK) { 245 int i; 246 for (i = 0; i < CURL_NUM_ACB; i++) { 247 CURLAIOCB *acb = state->acb[i]; 248 249 if (acb == NULL) { 250 continue; 251 } 252 253 acb->common.cb(acb->common.opaque, -EIO); 254 qemu_aio_release(acb); 255 state->acb[i] = NULL; 256 } 257 } 258 259 curl_clean_state(state); 260 break; 261 } 262 default: 263 msgs_in_queue = 0; 264 break; 265 } 266 } while(msgs_in_queue); 267 } 268 269 static CURLState *curl_init_state(BDRVCURLState *s) 270 { 271 CURLState *state = NULL; 272 int i, j; 273 274 do { 275 for (i=0; i<CURL_NUM_STATES; i++) { 276 for (j=0; j<CURL_NUM_ACB; j++) 277 if (s->states[i].acb[j]) 278 continue; 279 if (s->states[i].in_use) 280 continue; 281 282 state = &s->states[i]; 283 state->in_use = 1; 284 break; 285 } 286 if (!state) { 287 g_usleep(100); 288 curl_multi_do(s); 289 } 290 } while(!state); 291 292 if (state->curl) 293 goto has_curl; 294 295 state->curl = curl_easy_init(); 296 if (!state->curl) 297 return NULL; 298 curl_easy_setopt(state->curl, CURLOPT_URL, s->url); 299 curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5); 300 curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION, (void *)curl_read_cb); 301 curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state); 302 curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state); 303 curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1); 304 curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1); 305 curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1); 306 curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg); 307 curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1); 308 309 /* Restrict supported protocols to avoid security issues in the more 310 * obscure protocols. For example, do not allow POP3/SMTP/IMAP see 311 * CVE-2013-0249. 312 * 313 * Restricting protocols is only supported from 7.19.4 upwards. 314 */ 315 #if LIBCURL_VERSION_NUM >= 0x071304 316 curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS); 317 curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS); 318 #endif 319 320 #ifdef DEBUG_VERBOSE 321 curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1); 322 #endif 323 324 has_curl: 325 326 state->s = s; 327 328 return state; 329 } 330 331 static void curl_clean_state(CURLState *s) 332 { 333 if (s->s->multi) 334 curl_multi_remove_handle(s->s->multi, s->curl); 335 s->in_use = 0; 336 } 337 338 static void curl_parse_filename(const char *filename, QDict *options, 339 Error **errp) 340 { 341 342 #define RA_OPTSTR ":readahead=" 343 char *file; 344 char *ra; 345 const char *ra_val; 346 int parse_state = 0; 347 348 file = g_strdup(filename); 349 350 /* Parse a trailing ":readahead=#:" param, if present. */ 351 ra = file + strlen(file) - 1; 352 while (ra >= file) { 353 if (parse_state == 0) { 354 if (*ra == ':') { 355 parse_state++; 356 } else { 357 break; 358 } 359 } else if (parse_state == 1) { 360 if (*ra > '9' || *ra < '0') { 361 char *opt_start = ra - strlen(RA_OPTSTR) + 1; 362 if (opt_start > file && 363 strncmp(opt_start, RA_OPTSTR, strlen(RA_OPTSTR)) == 0) { 364 ra_val = ra + 1; 365 ra -= strlen(RA_OPTSTR) - 1; 366 *ra = '\0'; 367 qdict_put(options, "readahead", qstring_from_str(ra_val)); 368 } 369 break; 370 } 371 } 372 ra--; 373 } 374 375 qdict_put(options, "url", qstring_from_str(file)); 376 377 g_free(file); 378 } 379 380 static QemuOptsList runtime_opts = { 381 .name = "curl", 382 .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head), 383 .desc = { 384 { 385 .name = "url", 386 .type = QEMU_OPT_STRING, 387 .help = "URL to open", 388 }, 389 { 390 .name = "readahead", 391 .type = QEMU_OPT_SIZE, 392 .help = "Readahead size", 393 }, 394 { /* end of list */ } 395 }, 396 }; 397 398 static int curl_open(BlockDriverState *bs, QDict *options, int flags) 399 { 400 BDRVCURLState *s = bs->opaque; 401 CURLState *state = NULL; 402 QemuOpts *opts; 403 Error *local_err = NULL; 404 const char *file; 405 double d; 406 407 static int inited = 0; 408 409 if (flags & BDRV_O_RDWR) { 410 qerror_report(ERROR_CLASS_GENERIC_ERROR, 411 "curl block device does not support writes"); 412 return -EROFS; 413 } 414 415 opts = qemu_opts_create_nofail(&runtime_opts); 416 qemu_opts_absorb_qdict(opts, options, &local_err); 417 if (error_is_set(&local_err)) { 418 qerror_report_err(local_err); 419 error_free(local_err); 420 goto out_noclean; 421 } 422 423 s->readahead_size = qemu_opt_get_size(opts, "readahead", READ_AHEAD_SIZE); 424 if ((s->readahead_size & 0x1ff) != 0) { 425 fprintf(stderr, "HTTP_READAHEAD_SIZE %zd is not a multiple of 512\n", 426 s->readahead_size); 427 goto out_noclean; 428 } 429 430 file = qemu_opt_get(opts, "url"); 431 if (file == NULL) { 432 qerror_report(ERROR_CLASS_GENERIC_ERROR, "curl block driver requires " 433 "an 'url' option"); 434 goto out_noclean; 435 } 436 437 if (!inited) { 438 curl_global_init(CURL_GLOBAL_ALL); 439 inited = 1; 440 } 441 442 DPRINTF("CURL: Opening %s\n", file); 443 s->url = g_strdup(file); 444 state = curl_init_state(s); 445 if (!state) 446 goto out_noclean; 447 448 // Get file size 449 450 s->accept_range = false; 451 curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1); 452 curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION, 453 curl_header_cb); 454 curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s); 455 if (curl_easy_perform(state->curl)) 456 goto out; 457 curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d); 458 if (d) 459 s->len = (size_t)d; 460 else if(!s->len) 461 goto out; 462 if ((!strncasecmp(s->url, "http://", strlen("http://")) 463 || !strncasecmp(s->url, "https://", strlen("https://"))) 464 && !s->accept_range) { 465 pstrcpy(state->errmsg, CURL_ERROR_SIZE, 466 "Server does not support 'range' (byte ranges)."); 467 goto out; 468 } 469 DPRINTF("CURL: Size = %zd\n", s->len); 470 471 curl_clean_state(state); 472 curl_easy_cleanup(state->curl); 473 state->curl = NULL; 474 475 // Now we know the file exists and its size, so let's 476 // initialize the multi interface! 477 478 s->multi = curl_multi_init(); 479 curl_multi_setopt(s->multi, CURLMOPT_SOCKETDATA, s); 480 curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb); 481 curl_multi_do(s); 482 483 qemu_opts_del(opts); 484 return 0; 485 486 out: 487 fprintf(stderr, "CURL: Error opening file: %s\n", state->errmsg); 488 curl_easy_cleanup(state->curl); 489 state->curl = NULL; 490 out_noclean: 491 g_free(s->url); 492 qemu_opts_del(opts); 493 return -EINVAL; 494 } 495 496 static void curl_aio_cancel(BlockDriverAIOCB *blockacb) 497 { 498 // Do we have to implement canceling? Seems to work without... 499 } 500 501 static const AIOCBInfo curl_aiocb_info = { 502 .aiocb_size = sizeof(CURLAIOCB), 503 .cancel = curl_aio_cancel, 504 }; 505 506 507 static void curl_readv_bh_cb(void *p) 508 { 509 CURLState *state; 510 511 CURLAIOCB *acb = p; 512 BDRVCURLState *s = acb->common.bs->opaque; 513 514 qemu_bh_delete(acb->bh); 515 acb->bh = NULL; 516 517 size_t start = acb->sector_num * SECTOR_SIZE; 518 size_t end; 519 520 // In case we have the requested data already (e.g. read-ahead), 521 // we can just call the callback and be done. 522 switch (curl_find_buf(s, start, acb->nb_sectors * SECTOR_SIZE, acb)) { 523 case FIND_RET_OK: 524 qemu_aio_release(acb); 525 // fall through 526 case FIND_RET_WAIT: 527 return; 528 default: 529 break; 530 } 531 532 // No cache found, so let's start a new request 533 state = curl_init_state(s); 534 if (!state) { 535 acb->common.cb(acb->common.opaque, -EIO); 536 qemu_aio_release(acb); 537 return; 538 } 539 540 acb->start = 0; 541 acb->end = (acb->nb_sectors * SECTOR_SIZE); 542 543 state->buf_off = 0; 544 if (state->orig_buf) 545 g_free(state->orig_buf); 546 state->buf_start = start; 547 state->buf_len = acb->end + s->readahead_size; 548 end = MIN(start + state->buf_len, s->len) - 1; 549 state->orig_buf = g_malloc(state->buf_len); 550 state->acb[0] = acb; 551 552 snprintf(state->range, 127, "%zd-%zd", start, end); 553 DPRINTF("CURL (AIO): Reading %d at %zd (%s)\n", 554 (acb->nb_sectors * SECTOR_SIZE), start, state->range); 555 curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range); 556 557 curl_multi_add_handle(s->multi, state->curl); 558 curl_multi_do(s); 559 560 } 561 562 static BlockDriverAIOCB *curl_aio_readv(BlockDriverState *bs, 563 int64_t sector_num, QEMUIOVector *qiov, int nb_sectors, 564 BlockDriverCompletionFunc *cb, void *opaque) 565 { 566 CURLAIOCB *acb; 567 568 acb = qemu_aio_get(&curl_aiocb_info, bs, cb, opaque); 569 570 acb->qiov = qiov; 571 acb->sector_num = sector_num; 572 acb->nb_sectors = nb_sectors; 573 574 acb->bh = qemu_bh_new(curl_readv_bh_cb, acb); 575 576 if (!acb->bh) { 577 DPRINTF("CURL: qemu_bh_new failed\n"); 578 return NULL; 579 } 580 581 qemu_bh_schedule(acb->bh); 582 return &acb->common; 583 } 584 585 static void curl_close(BlockDriverState *bs) 586 { 587 BDRVCURLState *s = bs->opaque; 588 int i; 589 590 DPRINTF("CURL: Close\n"); 591 for (i=0; i<CURL_NUM_STATES; i++) { 592 if (s->states[i].in_use) 593 curl_clean_state(&s->states[i]); 594 if (s->states[i].curl) { 595 curl_easy_cleanup(s->states[i].curl); 596 s->states[i].curl = NULL; 597 } 598 if (s->states[i].orig_buf) { 599 g_free(s->states[i].orig_buf); 600 s->states[i].orig_buf = NULL; 601 } 602 } 603 if (s->multi) 604 curl_multi_cleanup(s->multi); 605 g_free(s->url); 606 } 607 608 static int64_t curl_getlength(BlockDriverState *bs) 609 { 610 BDRVCURLState *s = bs->opaque; 611 return s->len; 612 } 613 614 static BlockDriver bdrv_http = { 615 .format_name = "http", 616 .protocol_name = "http", 617 618 .instance_size = sizeof(BDRVCURLState), 619 .bdrv_parse_filename = curl_parse_filename, 620 .bdrv_file_open = curl_open, 621 .bdrv_close = curl_close, 622 .bdrv_getlength = curl_getlength, 623 624 .bdrv_aio_readv = curl_aio_readv, 625 }; 626 627 static BlockDriver bdrv_https = { 628 .format_name = "https", 629 .protocol_name = "https", 630 631 .instance_size = sizeof(BDRVCURLState), 632 .bdrv_parse_filename = curl_parse_filename, 633 .bdrv_file_open = curl_open, 634 .bdrv_close = curl_close, 635 .bdrv_getlength = curl_getlength, 636 637 .bdrv_aio_readv = curl_aio_readv, 638 }; 639 640 static BlockDriver bdrv_ftp = { 641 .format_name = "ftp", 642 .protocol_name = "ftp", 643 644 .instance_size = sizeof(BDRVCURLState), 645 .bdrv_parse_filename = curl_parse_filename, 646 .bdrv_file_open = curl_open, 647 .bdrv_close = curl_close, 648 .bdrv_getlength = curl_getlength, 649 650 .bdrv_aio_readv = curl_aio_readv, 651 }; 652 653 static BlockDriver bdrv_ftps = { 654 .format_name = "ftps", 655 .protocol_name = "ftps", 656 657 .instance_size = sizeof(BDRVCURLState), 658 .bdrv_parse_filename = curl_parse_filename, 659 .bdrv_file_open = curl_open, 660 .bdrv_close = curl_close, 661 .bdrv_getlength = curl_getlength, 662 663 .bdrv_aio_readv = curl_aio_readv, 664 }; 665 666 static BlockDriver bdrv_tftp = { 667 .format_name = "tftp", 668 .protocol_name = "tftp", 669 670 .instance_size = sizeof(BDRVCURLState), 671 .bdrv_parse_filename = curl_parse_filename, 672 .bdrv_file_open = curl_open, 673 .bdrv_close = curl_close, 674 .bdrv_getlength = curl_getlength, 675 676 .bdrv_aio_readv = curl_aio_readv, 677 }; 678 679 static void curl_block_init(void) 680 { 681 bdrv_register(&bdrv_http); 682 bdrv_register(&bdrv_https); 683 bdrv_register(&bdrv_ftp); 684 bdrv_register(&bdrv_ftps); 685 bdrv_register(&bdrv_tftp); 686 } 687 688 block_init(curl_block_init); 689