1 /* 2 * Secure Shell (ssh) backend for QEMU. 3 * 4 * Copyright (C) 2013 Red Hat Inc., Richard W.M. Jones <rjones@redhat.com> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 27 #include <libssh2.h> 28 #include <libssh2_sftp.h> 29 30 #include "block/block_int.h" 31 #include "qapi/error.h" 32 #include "qemu/error-report.h" 33 #include "qemu/sockets.h" 34 #include "qemu/uri.h" 35 #include "qapi/qmp/qint.h" 36 #include "qapi/qmp/qstring.h" 37 38 /* DEBUG_SSH=1 enables the DPRINTF (debugging printf) statements in 39 * this block driver code. 40 * 41 * TRACE_LIBSSH2=<bitmask> enables tracing in libssh2 itself. Note 42 * that this requires that libssh2 was specially compiled with the 43 * `./configure --enable-debug' option, so most likely you will have 44 * to compile it yourself. The meaning of <bitmask> is described 45 * here: http://www.libssh2.org/libssh2_trace.html 46 */ 47 #define DEBUG_SSH 0 48 #define TRACE_LIBSSH2 0 /* or try: LIBSSH2_TRACE_SFTP */ 49 50 #define DPRINTF(fmt, ...) \ 51 do { \ 52 if (DEBUG_SSH) { \ 53 fprintf(stderr, "ssh: %-15s " fmt "\n", \ 54 __func__, ##__VA_ARGS__); \ 55 } \ 56 } while (0) 57 58 typedef struct BDRVSSHState { 59 /* Coroutine. */ 60 CoMutex lock; 61 62 /* SSH connection. */ 63 int sock; /* socket */ 64 LIBSSH2_SESSION *session; /* ssh session */ 65 LIBSSH2_SFTP *sftp; /* sftp session */ 66 LIBSSH2_SFTP_HANDLE *sftp_handle; /* sftp remote file handle */ 67 68 /* See ssh_seek() function below. */ 69 int64_t offset; 70 bool offset_op_read; 71 72 /* File attributes at open. We try to keep the .filesize field 73 * updated if it changes (eg by writing at the end of the file). 74 */ 75 LIBSSH2_SFTP_ATTRIBUTES attrs; 76 77 /* Used to warn if 'flush' is not supported. */ 78 char *hostport; 79 bool unsafe_flush_warning; 80 } BDRVSSHState; 81 82 static void ssh_state_init(BDRVSSHState *s) 83 { 84 memset(s, 0, sizeof *s); 85 s->sock = -1; 86 s->offset = -1; 87 qemu_co_mutex_init(&s->lock); 88 } 89 90 static void ssh_state_free(BDRVSSHState *s) 91 { 92 g_free(s->hostport); 93 if (s->sftp_handle) { 94 libssh2_sftp_close(s->sftp_handle); 95 } 96 if (s->sftp) { 97 libssh2_sftp_shutdown(s->sftp); 98 } 99 if (s->session) { 100 libssh2_session_disconnect(s->session, 101 "from qemu ssh client: " 102 "user closed the connection"); 103 libssh2_session_free(s->session); 104 } 105 if (s->sock >= 0) { 106 close(s->sock); 107 } 108 } 109 110 static void GCC_FMT_ATTR(3, 4) 111 session_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...) 112 { 113 va_list args; 114 char *msg; 115 116 va_start(args, fs); 117 msg = g_strdup_vprintf(fs, args); 118 va_end(args); 119 120 if (s->session) { 121 char *ssh_err; 122 int ssh_err_code; 123 124 /* This is not an errno. See <libssh2.h>. */ 125 ssh_err_code = libssh2_session_last_error(s->session, 126 &ssh_err, NULL, 0); 127 error_setg(errp, "%s: %s (libssh2 error code: %d)", 128 msg, ssh_err, ssh_err_code); 129 } else { 130 error_setg(errp, "%s", msg); 131 } 132 g_free(msg); 133 } 134 135 static void GCC_FMT_ATTR(3, 4) 136 sftp_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...) 137 { 138 va_list args; 139 char *msg; 140 141 va_start(args, fs); 142 msg = g_strdup_vprintf(fs, args); 143 va_end(args); 144 145 if (s->sftp) { 146 char *ssh_err; 147 int ssh_err_code; 148 unsigned long sftp_err_code; 149 150 /* This is not an errno. See <libssh2.h>. */ 151 ssh_err_code = libssh2_session_last_error(s->session, 152 &ssh_err, NULL, 0); 153 /* See <libssh2_sftp.h>. */ 154 sftp_err_code = libssh2_sftp_last_error((s)->sftp); 155 156 error_setg(errp, 157 "%s: %s (libssh2 error code: %d, sftp error code: %lu)", 158 msg, ssh_err, ssh_err_code, sftp_err_code); 159 } else { 160 error_setg(errp, "%s", msg); 161 } 162 g_free(msg); 163 } 164 165 static void GCC_FMT_ATTR(2, 3) 166 sftp_error_report(BDRVSSHState *s, const char *fs, ...) 167 { 168 va_list args; 169 170 va_start(args, fs); 171 error_vprintf(fs, args); 172 173 if ((s)->sftp) { 174 char *ssh_err; 175 int ssh_err_code; 176 unsigned long sftp_err_code; 177 178 /* This is not an errno. See <libssh2.h>. */ 179 ssh_err_code = libssh2_session_last_error(s->session, 180 &ssh_err, NULL, 0); 181 /* See <libssh2_sftp.h>. */ 182 sftp_err_code = libssh2_sftp_last_error((s)->sftp); 183 184 error_printf(": %s (libssh2 error code: %d, sftp error code: %lu)", 185 ssh_err, ssh_err_code, sftp_err_code); 186 } 187 188 va_end(args); 189 error_printf("\n"); 190 } 191 192 static int parse_uri(const char *filename, QDict *options, Error **errp) 193 { 194 URI *uri = NULL; 195 QueryParams *qp; 196 int i; 197 198 uri = uri_parse(filename); 199 if (!uri) { 200 return -EINVAL; 201 } 202 203 if (strcmp(uri->scheme, "ssh") != 0) { 204 error_setg(errp, "URI scheme must be 'ssh'"); 205 goto err; 206 } 207 208 if (!uri->server || strcmp(uri->server, "") == 0) { 209 error_setg(errp, "missing hostname in URI"); 210 goto err; 211 } 212 213 if (!uri->path || strcmp(uri->path, "") == 0) { 214 error_setg(errp, "missing remote path in URI"); 215 goto err; 216 } 217 218 qp = query_params_parse(uri->query); 219 if (!qp) { 220 error_setg(errp, "could not parse query parameters"); 221 goto err; 222 } 223 224 if(uri->user && strcmp(uri->user, "") != 0) { 225 qdict_put(options, "user", qstring_from_str(uri->user)); 226 } 227 228 qdict_put(options, "host", qstring_from_str(uri->server)); 229 230 if (uri->port) { 231 qdict_put(options, "port", qint_from_int(uri->port)); 232 } 233 234 qdict_put(options, "path", qstring_from_str(uri->path)); 235 236 /* Pick out any query parameters that we understand, and ignore 237 * the rest. 238 */ 239 for (i = 0; i < qp->n; ++i) { 240 if (strcmp(qp->p[i].name, "host_key_check") == 0) { 241 qdict_put(options, "host_key_check", 242 qstring_from_str(qp->p[i].value)); 243 } 244 } 245 246 query_params_free(qp); 247 uri_free(uri); 248 return 0; 249 250 err: 251 if (uri) { 252 uri_free(uri); 253 } 254 return -EINVAL; 255 } 256 257 static void ssh_parse_filename(const char *filename, QDict *options, 258 Error **errp) 259 { 260 if (qdict_haskey(options, "user") || 261 qdict_haskey(options, "host") || 262 qdict_haskey(options, "port") || 263 qdict_haskey(options, "path") || 264 qdict_haskey(options, "host_key_check")) { 265 error_setg(errp, "user, host, port, path, host_key_check cannot be used at the same time as a file option"); 266 return; 267 } 268 269 parse_uri(filename, options, errp); 270 } 271 272 static int check_host_key_knownhosts(BDRVSSHState *s, 273 const char *host, int port, Error **errp) 274 { 275 const char *home; 276 char *knh_file = NULL; 277 LIBSSH2_KNOWNHOSTS *knh = NULL; 278 struct libssh2_knownhost *found; 279 int ret, r; 280 const char *hostkey; 281 size_t len; 282 int type; 283 284 hostkey = libssh2_session_hostkey(s->session, &len, &type); 285 if (!hostkey) { 286 ret = -EINVAL; 287 session_error_setg(errp, s, "failed to read remote host key"); 288 goto out; 289 } 290 291 knh = libssh2_knownhost_init(s->session); 292 if (!knh) { 293 ret = -EINVAL; 294 session_error_setg(errp, s, 295 "failed to initialize known hosts support"); 296 goto out; 297 } 298 299 home = getenv("HOME"); 300 if (home) { 301 knh_file = g_strdup_printf("%s/.ssh/known_hosts", home); 302 } else { 303 knh_file = g_strdup_printf("/root/.ssh/known_hosts"); 304 } 305 306 /* Read all known hosts from OpenSSH-style known_hosts file. */ 307 libssh2_knownhost_readfile(knh, knh_file, LIBSSH2_KNOWNHOST_FILE_OPENSSH); 308 309 r = libssh2_knownhost_checkp(knh, host, port, hostkey, len, 310 LIBSSH2_KNOWNHOST_TYPE_PLAIN| 311 LIBSSH2_KNOWNHOST_KEYENC_RAW, 312 &found); 313 switch (r) { 314 case LIBSSH2_KNOWNHOST_CHECK_MATCH: 315 /* OK */ 316 DPRINTF("host key OK: %s", found->key); 317 break; 318 case LIBSSH2_KNOWNHOST_CHECK_MISMATCH: 319 ret = -EINVAL; 320 session_error_setg(errp, s, 321 "host key does not match the one in known_hosts" 322 " (found key %s)", found->key); 323 goto out; 324 case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND: 325 ret = -EINVAL; 326 session_error_setg(errp, s, "no host key was found in known_hosts"); 327 goto out; 328 case LIBSSH2_KNOWNHOST_CHECK_FAILURE: 329 ret = -EINVAL; 330 session_error_setg(errp, s, 331 "failure matching the host key with known_hosts"); 332 goto out; 333 default: 334 ret = -EINVAL; 335 session_error_setg(errp, s, "unknown error matching the host key" 336 " with known_hosts (%d)", r); 337 goto out; 338 } 339 340 /* known_hosts checking successful. */ 341 ret = 0; 342 343 out: 344 if (knh != NULL) { 345 libssh2_knownhost_free(knh); 346 } 347 g_free(knh_file); 348 return ret; 349 } 350 351 static unsigned hex2decimal(char ch) 352 { 353 if (ch >= '0' && ch <= '9') { 354 return (ch - '0'); 355 } else if (ch >= 'a' && ch <= 'f') { 356 return 10 + (ch - 'a'); 357 } else if (ch >= 'A' && ch <= 'F') { 358 return 10 + (ch - 'A'); 359 } 360 361 return -1; 362 } 363 364 /* Compare the binary fingerprint (hash of host key) with the 365 * host_key_check parameter. 366 */ 367 static int compare_fingerprint(const unsigned char *fingerprint, size_t len, 368 const char *host_key_check) 369 { 370 unsigned c; 371 372 while (len > 0) { 373 while (*host_key_check == ':') 374 host_key_check++; 375 if (!qemu_isxdigit(host_key_check[0]) || 376 !qemu_isxdigit(host_key_check[1])) 377 return 1; 378 c = hex2decimal(host_key_check[0]) * 16 + 379 hex2decimal(host_key_check[1]); 380 if (c - *fingerprint != 0) 381 return c - *fingerprint; 382 fingerprint++; 383 len--; 384 host_key_check += 2; 385 } 386 return *host_key_check - '\0'; 387 } 388 389 static int 390 check_host_key_hash(BDRVSSHState *s, const char *hash, 391 int hash_type, size_t fingerprint_len, Error **errp) 392 { 393 const char *fingerprint; 394 395 fingerprint = libssh2_hostkey_hash(s->session, hash_type); 396 if (!fingerprint) { 397 session_error_setg(errp, s, "failed to read remote host key"); 398 return -EINVAL; 399 } 400 401 if(compare_fingerprint((unsigned char *) fingerprint, fingerprint_len, 402 hash) != 0) { 403 error_setg(errp, "remote host key does not match host_key_check '%s'", 404 hash); 405 return -EPERM; 406 } 407 408 return 0; 409 } 410 411 static int check_host_key(BDRVSSHState *s, const char *host, int port, 412 const char *host_key_check, Error **errp) 413 { 414 /* host_key_check=no */ 415 if (strcmp(host_key_check, "no") == 0) { 416 return 0; 417 } 418 419 /* host_key_check=md5:xx:yy:zz:... */ 420 if (strncmp(host_key_check, "md5:", 4) == 0) { 421 return check_host_key_hash(s, &host_key_check[4], 422 LIBSSH2_HOSTKEY_HASH_MD5, 16, errp); 423 } 424 425 /* host_key_check=sha1:xx:yy:zz:... */ 426 if (strncmp(host_key_check, "sha1:", 5) == 0) { 427 return check_host_key_hash(s, &host_key_check[5], 428 LIBSSH2_HOSTKEY_HASH_SHA1, 20, errp); 429 } 430 431 /* host_key_check=yes */ 432 if (strcmp(host_key_check, "yes") == 0) { 433 return check_host_key_knownhosts(s, host, port, errp); 434 } 435 436 error_setg(errp, "unknown host_key_check setting (%s)", host_key_check); 437 return -EINVAL; 438 } 439 440 static int authenticate(BDRVSSHState *s, const char *user, Error **errp) 441 { 442 int r, ret; 443 const char *userauthlist; 444 LIBSSH2_AGENT *agent = NULL; 445 struct libssh2_agent_publickey *identity; 446 struct libssh2_agent_publickey *prev_identity = NULL; 447 448 userauthlist = libssh2_userauth_list(s->session, user, strlen(user)); 449 if (strstr(userauthlist, "publickey") == NULL) { 450 ret = -EPERM; 451 error_setg(errp, 452 "remote server does not support \"publickey\" authentication"); 453 goto out; 454 } 455 456 /* Connect to ssh-agent and try each identity in turn. */ 457 agent = libssh2_agent_init(s->session); 458 if (!agent) { 459 ret = -EINVAL; 460 session_error_setg(errp, s, "failed to initialize ssh-agent support"); 461 goto out; 462 } 463 if (libssh2_agent_connect(agent)) { 464 ret = -ECONNREFUSED; 465 session_error_setg(errp, s, "failed to connect to ssh-agent"); 466 goto out; 467 } 468 if (libssh2_agent_list_identities(agent)) { 469 ret = -EINVAL; 470 session_error_setg(errp, s, 471 "failed requesting identities from ssh-agent"); 472 goto out; 473 } 474 475 for(;;) { 476 r = libssh2_agent_get_identity(agent, &identity, prev_identity); 477 if (r == 1) { /* end of list */ 478 break; 479 } 480 if (r < 0) { 481 ret = -EINVAL; 482 session_error_setg(errp, s, 483 "failed to obtain identity from ssh-agent"); 484 goto out; 485 } 486 r = libssh2_agent_userauth(agent, user, identity); 487 if (r == 0) { 488 /* Authenticated! */ 489 ret = 0; 490 goto out; 491 } 492 /* Failed to authenticate with this identity, try the next one. */ 493 prev_identity = identity; 494 } 495 496 ret = -EPERM; 497 error_setg(errp, "failed to authenticate using publickey authentication " 498 "and the identities held by your ssh-agent"); 499 500 out: 501 if (agent != NULL) { 502 /* Note: libssh2 implementation implicitly calls 503 * libssh2_agent_disconnect if necessary. 504 */ 505 libssh2_agent_free(agent); 506 } 507 508 return ret; 509 } 510 511 static int connect_to_ssh(BDRVSSHState *s, QDict *options, 512 int ssh_flags, int creat_mode, Error **errp) 513 { 514 int r, ret; 515 const char *host, *user, *path, *host_key_check; 516 int port; 517 518 if (!qdict_haskey(options, "host")) { 519 ret = -EINVAL; 520 error_setg(errp, "No hostname was specified"); 521 goto err; 522 } 523 host = qdict_get_str(options, "host"); 524 525 if (qdict_haskey(options, "port")) { 526 port = qdict_get_int(options, "port"); 527 } else { 528 port = 22; 529 } 530 531 if (!qdict_haskey(options, "path")) { 532 ret = -EINVAL; 533 error_setg(errp, "No path was specified"); 534 goto err; 535 } 536 path = qdict_get_str(options, "path"); 537 538 if (qdict_haskey(options, "user")) { 539 user = qdict_get_str(options, "user"); 540 } else { 541 user = g_get_user_name(); 542 if (!user) { 543 error_setg_errno(errp, errno, "Can't get user name"); 544 ret = -errno; 545 goto err; 546 } 547 } 548 549 if (qdict_haskey(options, "host_key_check")) { 550 host_key_check = qdict_get_str(options, "host_key_check"); 551 } else { 552 host_key_check = "yes"; 553 } 554 555 /* Construct the host:port name for inet_connect. */ 556 g_free(s->hostport); 557 s->hostport = g_strdup_printf("%s:%d", host, port); 558 559 /* Open the socket and connect. */ 560 s->sock = inet_connect(s->hostport, errp); 561 if (s->sock < 0) { 562 ret = -EIO; 563 goto err; 564 } 565 566 /* Create SSH session. */ 567 s->session = libssh2_session_init(); 568 if (!s->session) { 569 ret = -EINVAL; 570 session_error_setg(errp, s, "failed to initialize libssh2 session"); 571 goto err; 572 } 573 574 #if TRACE_LIBSSH2 != 0 575 libssh2_trace(s->session, TRACE_LIBSSH2); 576 #endif 577 578 r = libssh2_session_handshake(s->session, s->sock); 579 if (r != 0) { 580 ret = -EINVAL; 581 session_error_setg(errp, s, "failed to establish SSH session"); 582 goto err; 583 } 584 585 /* Check the remote host's key against known_hosts. */ 586 ret = check_host_key(s, host, port, host_key_check, errp); 587 if (ret < 0) { 588 goto err; 589 } 590 591 /* Authenticate. */ 592 ret = authenticate(s, user, errp); 593 if (ret < 0) { 594 goto err; 595 } 596 597 /* Start SFTP. */ 598 s->sftp = libssh2_sftp_init(s->session); 599 if (!s->sftp) { 600 session_error_setg(errp, s, "failed to initialize sftp handle"); 601 ret = -EINVAL; 602 goto err; 603 } 604 605 /* Open the remote file. */ 606 DPRINTF("opening file %s flags=0x%x creat_mode=0%o", 607 path, ssh_flags, creat_mode); 608 s->sftp_handle = libssh2_sftp_open(s->sftp, path, ssh_flags, creat_mode); 609 if (!s->sftp_handle) { 610 session_error_setg(errp, s, "failed to open remote file '%s'", path); 611 ret = -EINVAL; 612 goto err; 613 } 614 615 r = libssh2_sftp_fstat(s->sftp_handle, &s->attrs); 616 if (r < 0) { 617 sftp_error_setg(errp, s, "failed to read file attributes"); 618 return -EINVAL; 619 } 620 621 /* Delete the options we've used; any not deleted will cause the 622 * block layer to give an error about unused options. 623 */ 624 qdict_del(options, "host"); 625 qdict_del(options, "port"); 626 qdict_del(options, "user"); 627 qdict_del(options, "path"); 628 qdict_del(options, "host_key_check"); 629 630 return 0; 631 632 err: 633 if (s->sftp_handle) { 634 libssh2_sftp_close(s->sftp_handle); 635 } 636 s->sftp_handle = NULL; 637 if (s->sftp) { 638 libssh2_sftp_shutdown(s->sftp); 639 } 640 s->sftp = NULL; 641 if (s->session) { 642 libssh2_session_disconnect(s->session, 643 "from qemu ssh client: " 644 "error opening connection"); 645 libssh2_session_free(s->session); 646 } 647 s->session = NULL; 648 649 return ret; 650 } 651 652 static int ssh_file_open(BlockDriverState *bs, QDict *options, int bdrv_flags, 653 Error **errp) 654 { 655 BDRVSSHState *s = bs->opaque; 656 int ret; 657 int ssh_flags; 658 659 ssh_state_init(s); 660 661 ssh_flags = LIBSSH2_FXF_READ; 662 if (bdrv_flags & BDRV_O_RDWR) { 663 ssh_flags |= LIBSSH2_FXF_WRITE; 664 } 665 666 /* Start up SSH. */ 667 ret = connect_to_ssh(s, options, ssh_flags, 0, errp); 668 if (ret < 0) { 669 goto err; 670 } 671 672 /* Go non-blocking. */ 673 libssh2_session_set_blocking(s->session, 0); 674 675 return 0; 676 677 err: 678 if (s->sock >= 0) { 679 close(s->sock); 680 } 681 s->sock = -1; 682 683 return ret; 684 } 685 686 static QemuOptsList ssh_create_opts = { 687 .name = "ssh-create-opts", 688 .head = QTAILQ_HEAD_INITIALIZER(ssh_create_opts.head), 689 .desc = { 690 { 691 .name = BLOCK_OPT_SIZE, 692 .type = QEMU_OPT_SIZE, 693 .help = "Virtual disk size" 694 }, 695 { /* end of list */ } 696 } 697 }; 698 699 static int ssh_create(const char *filename, QemuOpts *opts, Error **errp) 700 { 701 int r, ret; 702 int64_t total_size = 0; 703 QDict *uri_options = NULL; 704 BDRVSSHState s; 705 ssize_t r2; 706 char c[1] = { '\0' }; 707 708 ssh_state_init(&s); 709 710 /* Get desired file size. */ 711 total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), 712 BDRV_SECTOR_SIZE); 713 DPRINTF("total_size=%" PRIi64, total_size); 714 715 uri_options = qdict_new(); 716 r = parse_uri(filename, uri_options, errp); 717 if (r < 0) { 718 ret = r; 719 goto out; 720 } 721 722 r = connect_to_ssh(&s, uri_options, 723 LIBSSH2_FXF_READ|LIBSSH2_FXF_WRITE| 724 LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC, 725 0644, errp); 726 if (r < 0) { 727 ret = r; 728 goto out; 729 } 730 731 if (total_size > 0) { 732 libssh2_sftp_seek64(s.sftp_handle, total_size-1); 733 r2 = libssh2_sftp_write(s.sftp_handle, c, 1); 734 if (r2 < 0) { 735 sftp_error_setg(errp, &s, "truncate failed"); 736 ret = -EINVAL; 737 goto out; 738 } 739 s.attrs.filesize = total_size; 740 } 741 742 ret = 0; 743 744 out: 745 ssh_state_free(&s); 746 if (uri_options != NULL) { 747 QDECREF(uri_options); 748 } 749 return ret; 750 } 751 752 static void ssh_close(BlockDriverState *bs) 753 { 754 BDRVSSHState *s = bs->opaque; 755 756 ssh_state_free(s); 757 } 758 759 static int ssh_has_zero_init(BlockDriverState *bs) 760 { 761 BDRVSSHState *s = bs->opaque; 762 /* Assume false, unless we can positively prove it's true. */ 763 int has_zero_init = 0; 764 765 if (s->attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { 766 if (s->attrs.permissions & LIBSSH2_SFTP_S_IFREG) { 767 has_zero_init = 1; 768 } 769 } 770 771 return has_zero_init; 772 } 773 774 static void restart_coroutine(void *opaque) 775 { 776 Coroutine *co = opaque; 777 778 DPRINTF("co=%p", co); 779 780 qemu_coroutine_enter(co); 781 } 782 783 static coroutine_fn void set_fd_handler(BDRVSSHState *s, BlockDriverState *bs) 784 { 785 int r; 786 IOHandler *rd_handler = NULL, *wr_handler = NULL; 787 Coroutine *co = qemu_coroutine_self(); 788 789 r = libssh2_session_block_directions(s->session); 790 791 if (r & LIBSSH2_SESSION_BLOCK_INBOUND) { 792 rd_handler = restart_coroutine; 793 } 794 if (r & LIBSSH2_SESSION_BLOCK_OUTBOUND) { 795 wr_handler = restart_coroutine; 796 } 797 798 DPRINTF("s->sock=%d rd_handler=%p wr_handler=%p", s->sock, 799 rd_handler, wr_handler); 800 801 aio_set_fd_handler(bdrv_get_aio_context(bs), s->sock, 802 false, rd_handler, wr_handler, co); 803 } 804 805 static coroutine_fn void clear_fd_handler(BDRVSSHState *s, 806 BlockDriverState *bs) 807 { 808 DPRINTF("s->sock=%d", s->sock); 809 aio_set_fd_handler(bdrv_get_aio_context(bs), s->sock, 810 false, NULL, NULL, NULL); 811 } 812 813 /* A non-blocking call returned EAGAIN, so yield, ensuring the 814 * handlers are set up so that we'll be rescheduled when there is an 815 * interesting event on the socket. 816 */ 817 static coroutine_fn void co_yield(BDRVSSHState *s, BlockDriverState *bs) 818 { 819 set_fd_handler(s, bs); 820 qemu_coroutine_yield(); 821 clear_fd_handler(s, bs); 822 } 823 824 /* SFTP has a function `libssh2_sftp_seek64' which seeks to a position 825 * in the remote file. Notice that it just updates a field in the 826 * sftp_handle structure, so there is no network traffic and it cannot 827 * fail. 828 * 829 * However, `libssh2_sftp_seek64' does have a catastrophic effect on 830 * performance since it causes the handle to throw away all in-flight 831 * reads and buffered readahead data. Therefore this function tries 832 * to be intelligent about when to call the underlying libssh2 function. 833 */ 834 #define SSH_SEEK_WRITE 0 835 #define SSH_SEEK_READ 1 836 #define SSH_SEEK_FORCE 2 837 838 static void ssh_seek(BDRVSSHState *s, int64_t offset, int flags) 839 { 840 bool op_read = (flags & SSH_SEEK_READ) != 0; 841 bool force = (flags & SSH_SEEK_FORCE) != 0; 842 843 if (force || op_read != s->offset_op_read || offset != s->offset) { 844 DPRINTF("seeking to offset=%" PRIi64, offset); 845 libssh2_sftp_seek64(s->sftp_handle, offset); 846 s->offset = offset; 847 s->offset_op_read = op_read; 848 } 849 } 850 851 static coroutine_fn int ssh_read(BDRVSSHState *s, BlockDriverState *bs, 852 int64_t offset, size_t size, 853 QEMUIOVector *qiov) 854 { 855 ssize_t r; 856 size_t got; 857 char *buf, *end_of_vec; 858 struct iovec *i; 859 860 DPRINTF("offset=%" PRIi64 " size=%zu", offset, size); 861 862 ssh_seek(s, offset, SSH_SEEK_READ); 863 864 /* This keeps track of the current iovec element ('i'), where we 865 * will write to next ('buf'), and the end of the current iovec 866 * ('end_of_vec'). 867 */ 868 i = &qiov->iov[0]; 869 buf = i->iov_base; 870 end_of_vec = i->iov_base + i->iov_len; 871 872 /* libssh2 has a hard-coded limit of 2000 bytes per request, 873 * although it will also do readahead behind our backs. Therefore 874 * we may have to do repeated reads here until we have read 'size' 875 * bytes. 876 */ 877 for (got = 0; got < size; ) { 878 again: 879 DPRINTF("sftp_read buf=%p size=%zu", buf, end_of_vec - buf); 880 r = libssh2_sftp_read(s->sftp_handle, buf, end_of_vec - buf); 881 DPRINTF("sftp_read returned %zd", r); 882 883 if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) { 884 co_yield(s, bs); 885 goto again; 886 } 887 if (r < 0) { 888 sftp_error_report(s, "read failed"); 889 s->offset = -1; 890 return -EIO; 891 } 892 if (r == 0) { 893 /* EOF: Short read so pad the buffer with zeroes and return it. */ 894 qemu_iovec_memset(qiov, got, 0, size - got); 895 return 0; 896 } 897 898 got += r; 899 buf += r; 900 s->offset += r; 901 if (buf >= end_of_vec && got < size) { 902 i++; 903 buf = i->iov_base; 904 end_of_vec = i->iov_base + i->iov_len; 905 } 906 } 907 908 return 0; 909 } 910 911 static coroutine_fn int ssh_co_readv(BlockDriverState *bs, 912 int64_t sector_num, 913 int nb_sectors, QEMUIOVector *qiov) 914 { 915 BDRVSSHState *s = bs->opaque; 916 int ret; 917 918 qemu_co_mutex_lock(&s->lock); 919 ret = ssh_read(s, bs, sector_num * BDRV_SECTOR_SIZE, 920 nb_sectors * BDRV_SECTOR_SIZE, qiov); 921 qemu_co_mutex_unlock(&s->lock); 922 923 return ret; 924 } 925 926 static int ssh_write(BDRVSSHState *s, BlockDriverState *bs, 927 int64_t offset, size_t size, 928 QEMUIOVector *qiov) 929 { 930 ssize_t r; 931 size_t written; 932 char *buf, *end_of_vec; 933 struct iovec *i; 934 935 DPRINTF("offset=%" PRIi64 " size=%zu", offset, size); 936 937 ssh_seek(s, offset, SSH_SEEK_WRITE); 938 939 /* This keeps track of the current iovec element ('i'), where we 940 * will read from next ('buf'), and the end of the current iovec 941 * ('end_of_vec'). 942 */ 943 i = &qiov->iov[0]; 944 buf = i->iov_base; 945 end_of_vec = i->iov_base + i->iov_len; 946 947 for (written = 0; written < size; ) { 948 again: 949 DPRINTF("sftp_write buf=%p size=%zu", buf, end_of_vec - buf); 950 r = libssh2_sftp_write(s->sftp_handle, buf, end_of_vec - buf); 951 DPRINTF("sftp_write returned %zd", r); 952 953 if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) { 954 co_yield(s, bs); 955 goto again; 956 } 957 if (r < 0) { 958 sftp_error_report(s, "write failed"); 959 s->offset = -1; 960 return -EIO; 961 } 962 /* The libssh2 API is very unclear about this. A comment in 963 * the code says "nothing was acked, and no EAGAIN was 964 * received!" which apparently means that no data got sent 965 * out, and the underlying channel didn't return any EAGAIN 966 * indication. I think this is a bug in either libssh2 or 967 * OpenSSH (server-side). In any case, forcing a seek (to 968 * discard libssh2 internal buffers), and then trying again 969 * works for me. 970 */ 971 if (r == 0) { 972 ssh_seek(s, offset + written, SSH_SEEK_WRITE|SSH_SEEK_FORCE); 973 co_yield(s, bs); 974 goto again; 975 } 976 977 written += r; 978 buf += r; 979 s->offset += r; 980 if (buf >= end_of_vec && written < size) { 981 i++; 982 buf = i->iov_base; 983 end_of_vec = i->iov_base + i->iov_len; 984 } 985 986 if (offset + written > s->attrs.filesize) 987 s->attrs.filesize = offset + written; 988 } 989 990 return 0; 991 } 992 993 static coroutine_fn int ssh_co_writev(BlockDriverState *bs, 994 int64_t sector_num, 995 int nb_sectors, QEMUIOVector *qiov) 996 { 997 BDRVSSHState *s = bs->opaque; 998 int ret; 999 1000 qemu_co_mutex_lock(&s->lock); 1001 ret = ssh_write(s, bs, sector_num * BDRV_SECTOR_SIZE, 1002 nb_sectors * BDRV_SECTOR_SIZE, qiov); 1003 qemu_co_mutex_unlock(&s->lock); 1004 1005 return ret; 1006 } 1007 1008 static void unsafe_flush_warning(BDRVSSHState *s, const char *what) 1009 { 1010 if (!s->unsafe_flush_warning) { 1011 error_report("warning: ssh server %s does not support fsync", 1012 s->hostport); 1013 if (what) { 1014 error_report("to support fsync, you need %s", what); 1015 } 1016 s->unsafe_flush_warning = true; 1017 } 1018 } 1019 1020 #ifdef HAS_LIBSSH2_SFTP_FSYNC 1021 1022 static coroutine_fn int ssh_flush(BDRVSSHState *s, BlockDriverState *bs) 1023 { 1024 int r; 1025 1026 DPRINTF("fsync"); 1027 again: 1028 r = libssh2_sftp_fsync(s->sftp_handle); 1029 if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) { 1030 co_yield(s, bs); 1031 goto again; 1032 } 1033 if (r == LIBSSH2_ERROR_SFTP_PROTOCOL && 1034 libssh2_sftp_last_error(s->sftp) == LIBSSH2_FX_OP_UNSUPPORTED) { 1035 unsafe_flush_warning(s, "OpenSSH >= 6.3"); 1036 return 0; 1037 } 1038 if (r < 0) { 1039 sftp_error_report(s, "fsync failed"); 1040 return -EIO; 1041 } 1042 1043 return 0; 1044 } 1045 1046 static coroutine_fn int ssh_co_flush(BlockDriverState *bs) 1047 { 1048 BDRVSSHState *s = bs->opaque; 1049 int ret; 1050 1051 qemu_co_mutex_lock(&s->lock); 1052 ret = ssh_flush(s, bs); 1053 qemu_co_mutex_unlock(&s->lock); 1054 1055 return ret; 1056 } 1057 1058 #else /* !HAS_LIBSSH2_SFTP_FSYNC */ 1059 1060 static coroutine_fn int ssh_co_flush(BlockDriverState *bs) 1061 { 1062 BDRVSSHState *s = bs->opaque; 1063 1064 unsafe_flush_warning(s, "libssh2 >= 1.4.4"); 1065 return 0; 1066 } 1067 1068 #endif /* !HAS_LIBSSH2_SFTP_FSYNC */ 1069 1070 static int64_t ssh_getlength(BlockDriverState *bs) 1071 { 1072 BDRVSSHState *s = bs->opaque; 1073 int64_t length; 1074 1075 /* Note we cannot make a libssh2 call here. */ 1076 length = (int64_t) s->attrs.filesize; 1077 DPRINTF("length=%" PRIi64, length); 1078 1079 return length; 1080 } 1081 1082 static BlockDriver bdrv_ssh = { 1083 .format_name = "ssh", 1084 .protocol_name = "ssh", 1085 .instance_size = sizeof(BDRVSSHState), 1086 .bdrv_parse_filename = ssh_parse_filename, 1087 .bdrv_file_open = ssh_file_open, 1088 .bdrv_create = ssh_create, 1089 .bdrv_close = ssh_close, 1090 .bdrv_has_zero_init = ssh_has_zero_init, 1091 .bdrv_co_readv = ssh_co_readv, 1092 .bdrv_co_writev = ssh_co_writev, 1093 .bdrv_getlength = ssh_getlength, 1094 .bdrv_co_flush_to_disk = ssh_co_flush, 1095 .create_opts = &ssh_create_opts, 1096 }; 1097 1098 static void bdrv_ssh_init(void) 1099 { 1100 int r; 1101 1102 r = libssh2_init(0); 1103 if (r != 0) { 1104 fprintf(stderr, "libssh2 initialization failed, %d\n", r); 1105 exit(EXIT_FAILURE); 1106 } 1107 1108 bdrv_register(&bdrv_ssh); 1109 } 1110 1111 block_init(bdrv_ssh_init); 1112