1 /* 2 * Serving QEMU block devices via NBD 3 * 4 * Copyright (c) 2012 Red Hat, Inc. 5 * 6 * Author: Paolo Bonzini <pbonzini@redhat.com> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or 9 * later. See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "sysemu/blockdev.h" 14 #include "sysemu/block-backend.h" 15 #include "hw/block/block.h" 16 #include "qapi/error.h" 17 #include "qapi/qapi-commands-block-export.h" 18 #include "block/nbd.h" 19 #include "io/channel-socket.h" 20 #include "io/net-listener.h" 21 22 typedef struct NBDServerData { 23 QIONetListener *listener; 24 QCryptoTLSCreds *tlscreds; 25 char *tlsauthz; 26 uint32_t max_connections; 27 uint32_t connections; 28 } NBDServerData; 29 30 static NBDServerData *nbd_server; 31 static bool is_qemu_nbd; 32 33 static void nbd_update_server_watch(NBDServerData *s); 34 35 void nbd_server_is_qemu_nbd(bool value) 36 { 37 is_qemu_nbd = value; 38 } 39 40 static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) 41 { 42 nbd_client_put(client); 43 assert(nbd_server->connections > 0); 44 nbd_server->connections--; 45 nbd_update_server_watch(nbd_server); 46 } 47 48 static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 49 gpointer opaque) 50 { 51 nbd_server->connections++; 52 nbd_update_server_watch(nbd_server); 53 54 qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); 55 nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, 56 nbd_blockdev_client_closed); 57 } 58 59 static void nbd_update_server_watch(NBDServerData *s) 60 { 61 if (!s->max_connections || s->connections < s->max_connections) { 62 qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL); 63 } else { 64 qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); 65 } 66 } 67 68 static void nbd_server_free(NBDServerData *server) 69 { 70 if (!server) { 71 return; 72 } 73 74 qio_net_listener_disconnect(server->listener); 75 object_unref(OBJECT(server->listener)); 76 if (server->tlscreds) { 77 object_unref(OBJECT(server->tlscreds)); 78 } 79 g_free(server->tlsauthz); 80 81 g_free(server); 82 } 83 84 static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp) 85 { 86 Object *obj; 87 QCryptoTLSCreds *creds; 88 89 obj = object_resolve_path_component( 90 object_get_objects_root(), id); 91 if (!obj) { 92 error_setg(errp, "No TLS credentials with id '%s'", 93 id); 94 return NULL; 95 } 96 creds = (QCryptoTLSCreds *) 97 object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); 98 if (!creds) { 99 error_setg(errp, "Object with id '%s' is not TLS credentials", 100 id); 101 return NULL; 102 } 103 104 if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 105 error_setg(errp, 106 "Expecting TLS credentials with a server endpoint"); 107 return NULL; 108 } 109 object_ref(obj); 110 return creds; 111 } 112 113 114 void nbd_server_start(SocketAddress *addr, const char *tls_creds, 115 const char *tls_authz, uint32_t max_connections, 116 Error **errp) 117 { 118 if (nbd_server) { 119 error_setg(errp, "NBD server already running"); 120 return; 121 } 122 123 nbd_server = g_new0(NBDServerData, 1); 124 nbd_server->max_connections = max_connections; 125 nbd_server->listener = qio_net_listener_new(); 126 127 qio_net_listener_set_name(nbd_server->listener, 128 "nbd-listener"); 129 130 if (qio_net_listener_open_sync(nbd_server->listener, addr, 1, errp) < 0) { 131 goto error; 132 } 133 134 if (tls_creds) { 135 nbd_server->tlscreds = nbd_get_tls_creds(tls_creds, errp); 136 if (!nbd_server->tlscreds) { 137 goto error; 138 } 139 140 /* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */ 141 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 142 error_setg(errp, "TLS is only supported with IPv4/IPv6"); 143 goto error; 144 } 145 } 146 147 nbd_server->tlsauthz = g_strdup(tls_authz); 148 149 nbd_update_server_watch(nbd_server); 150 151 return; 152 153 error: 154 nbd_server_free(nbd_server); 155 nbd_server = NULL; 156 } 157 158 void nbd_server_start_options(NbdServerOptions *arg, Error **errp) 159 { 160 nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, 161 arg->max_connections, errp); 162 } 163 164 void qmp_nbd_server_start(SocketAddressLegacy *addr, 165 bool has_tls_creds, const char *tls_creds, 166 bool has_tls_authz, const char *tls_authz, 167 bool has_max_connections, uint32_t max_connections, 168 Error **errp) 169 { 170 SocketAddress *addr_flat = socket_address_flatten(addr); 171 172 nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); 173 qapi_free_SocketAddress(addr_flat); 174 } 175 176 int nbd_export_create(BlockExport *exp, BlockExportOptions *exp_args, 177 Error **errp) 178 { 179 BlockExportOptionsNbd *arg = &exp_args->u.nbd; 180 181 assert(exp_args->type == BLOCK_EXPORT_TYPE_NBD); 182 183 if (!nbd_server && !is_qemu_nbd) { 184 error_setg(errp, "NBD server not running"); 185 return -EINVAL; 186 } 187 188 if (!arg->has_name) { 189 arg->name = exp_args->node_name; 190 } 191 192 if (strlen(arg->name) > NBD_MAX_STRING_SIZE) { 193 error_setg(errp, "export name '%s' too long", arg->name); 194 return -EINVAL; 195 } 196 197 if (arg->description && strlen(arg->description) > NBD_MAX_STRING_SIZE) { 198 error_setg(errp, "description '%s' too long", arg->description); 199 return -EINVAL; 200 } 201 202 if (nbd_export_find(arg->name)) { 203 error_setg(errp, "NBD server already has export named '%s'", arg->name); 204 return -EEXIST; 205 } 206 207 return nbd_export_new(exp, arg->name, arg->description, arg->bitmap, 208 !exp_args->writable, !exp_args->writable, errp); 209 } 210 211 void qmp_nbd_server_add(NbdServerAddOptions *arg, Error **errp) 212 { 213 BlockExport *export; 214 BlockDriverState *bs; 215 BlockBackend *on_eject_blk; 216 BlockExportOptions *export_opts; 217 218 bs = bdrv_lookup_bs(arg->device, arg->device, errp); 219 if (!bs) { 220 return; 221 } 222 223 /* 224 * block-export-add would default to the node-name, but we may have to use 225 * the device name as a default here for compatibility. 226 */ 227 if (!arg->has_name) { 228 arg->name = arg->device; 229 } 230 231 export_opts = g_new(BlockExportOptions, 1); 232 *export_opts = (BlockExportOptions) { 233 .type = BLOCK_EXPORT_TYPE_NBD, 234 .id = g_strdup(arg->name), 235 .node_name = g_strdup(bdrv_get_node_name(bs)), 236 .has_writable = arg->has_writable, 237 .writable = arg->writable, 238 .u.nbd = { 239 .has_name = true, 240 .name = g_strdup(arg->name), 241 .has_description = arg->has_description, 242 .description = g_strdup(arg->description), 243 .has_bitmap = arg->has_bitmap, 244 .bitmap = g_strdup(arg->bitmap), 245 }, 246 }; 247 248 /* 249 * nbd-server-add doesn't complain when a read-only device should be 250 * exported as writable, but simply downgrades it. This is an error with 251 * block-export-add. 252 */ 253 if (bdrv_is_read_only(bs)) { 254 export_opts->has_writable = true; 255 export_opts->writable = false; 256 } 257 258 export = blk_exp_add(export_opts, errp); 259 if (!export) { 260 goto fail; 261 } 262 263 /* 264 * nbd-server-add removes the export when the named BlockBackend used for 265 * @device goes away. 266 */ 267 on_eject_blk = blk_by_name(arg->device); 268 if (on_eject_blk) { 269 nbd_export_set_on_eject_blk(export, on_eject_blk); 270 } 271 272 fail: 273 qapi_free_BlockExportOptions(export_opts); 274 } 275 276 void qmp_nbd_server_remove(const char *name, 277 bool has_mode, BlockExportRemoveMode mode, 278 Error **errp) 279 { 280 BlockExport *exp; 281 282 exp = blk_exp_find(name); 283 if (exp && exp->drv->type != BLOCK_EXPORT_TYPE_NBD) { 284 error_setg(errp, "Block export '%s' is not an NBD export", name); 285 return; 286 } 287 288 qmp_block_export_del(name, has_mode, mode, errp); 289 } 290 291 void qmp_nbd_server_stop(Error **errp) 292 { 293 if (!nbd_server) { 294 error_setg(errp, "NBD server not running"); 295 return; 296 } 297 298 blk_exp_close_all_type(BLOCK_EXPORT_TYPE_NBD); 299 300 nbd_server_free(nbd_server); 301 nbd_server = NULL; 302 } 303