1 /* 2 * Serving QEMU block devices via NBD 3 * 4 * Copyright (c) 2012 Red Hat, Inc. 5 * 6 * Author: Paolo Bonzini <pbonzini@redhat.com> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or 9 * later. See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "sysemu/blockdev.h" 14 #include "sysemu/block-backend.h" 15 #include "hw/block/block.h" 16 #include "qapi/error.h" 17 #include "qapi/clone-visitor.h" 18 #include "qapi/qapi-visit-block-export.h" 19 #include "qapi/qapi-commands-block-export.h" 20 #include "block/nbd.h" 21 #include "io/channel-socket.h" 22 #include "io/net-listener.h" 23 24 typedef struct NBDConn { 25 QIOChannelSocket *cioc; 26 QLIST_ENTRY(NBDConn) next; 27 } NBDConn; 28 29 typedef struct NBDServerData { 30 QIONetListener *listener; 31 QCryptoTLSCreds *tlscreds; 32 char *tlsauthz; 33 uint32_t max_connections; 34 uint32_t connections; 35 QLIST_HEAD(, NBDConn) conns; 36 } NBDServerData; 37 38 static NBDServerData *nbd_server; 39 static int qemu_nbd_connections = -1; /* Non-negative if this is qemu-nbd */ 40 41 static void nbd_update_server_watch(NBDServerData *s); 42 43 void nbd_server_is_qemu_nbd(int max_connections) 44 { 45 qemu_nbd_connections = max_connections; 46 } 47 48 bool nbd_server_is_running(void) 49 { 50 return nbd_server || qemu_nbd_connections >= 0; 51 } 52 53 int nbd_server_max_connections(void) 54 { 55 return nbd_server ? nbd_server->max_connections : qemu_nbd_connections; 56 } 57 58 static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) 59 { 60 NBDConn *conn = nbd_client_owner(client); 61 62 assert(qemu_in_main_thread() && nbd_server); 63 64 object_unref(OBJECT(conn->cioc)); 65 QLIST_REMOVE(conn, next); 66 g_free(conn); 67 68 nbd_client_put(client); 69 assert(nbd_server->connections > 0); 70 nbd_server->connections--; 71 nbd_update_server_watch(nbd_server); 72 } 73 74 static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 75 gpointer opaque) 76 { 77 NBDConn *conn = g_new0(NBDConn, 1); 78 79 assert(qemu_in_main_thread() && nbd_server); 80 nbd_server->connections++; 81 object_ref(OBJECT(cioc)); 82 conn->cioc = cioc; 83 QLIST_INSERT_HEAD(&nbd_server->conns, conn, next); 84 nbd_update_server_watch(nbd_server); 85 86 qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); 87 /* TODO - expose handshake timeout as QMP option */ 88 nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, 89 nbd_server->tlscreds, nbd_server->tlsauthz, 90 nbd_blockdev_client_closed, conn); 91 } 92 93 static void nbd_update_server_watch(NBDServerData *s) 94 { 95 if (s->listener) { 96 if (!s->max_connections || s->connections < s->max_connections) { 97 qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, 98 NULL); 99 } else { 100 qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); 101 } 102 } 103 } 104 105 static void nbd_server_free(NBDServerData *server) 106 { 107 NBDConn *conn, *tmp; 108 109 if (!server) { 110 return; 111 } 112 113 /* 114 * Forcefully close the listener socket, and any clients that have 115 * not yet disconnected on their own. 116 */ 117 qio_net_listener_disconnect(server->listener); 118 object_unref(OBJECT(server->listener)); 119 server->listener = NULL; 120 QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { 121 qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, 122 NULL); 123 } 124 125 AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0); 126 127 if (server->tlscreds) { 128 object_unref(OBJECT(server->tlscreds)); 129 } 130 g_free(server->tlsauthz); 131 132 g_free(server); 133 } 134 135 static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp) 136 { 137 Object *obj; 138 QCryptoTLSCreds *creds; 139 140 obj = object_resolve_path_component( 141 object_get_objects_root(), id); 142 if (!obj) { 143 error_setg(errp, "No TLS credentials with id '%s'", 144 id); 145 return NULL; 146 } 147 creds = (QCryptoTLSCreds *) 148 object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); 149 if (!creds) { 150 error_setg(errp, "Object with id '%s' is not TLS credentials", 151 id); 152 return NULL; 153 } 154 155 if (!qcrypto_tls_creds_check_endpoint(creds, 156 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, 157 errp)) { 158 return NULL; 159 } 160 object_ref(obj); 161 return creds; 162 } 163 164 165 void nbd_server_start(SocketAddress *addr, const char *tls_creds, 166 const char *tls_authz, uint32_t max_connections, 167 Error **errp) 168 { 169 if (nbd_server) { 170 error_setg(errp, "NBD server already running"); 171 return; 172 } 173 174 nbd_server = g_new0(NBDServerData, 1); 175 nbd_server->max_connections = max_connections; 176 nbd_server->listener = qio_net_listener_new(); 177 178 qio_net_listener_set_name(nbd_server->listener, 179 "nbd-listener"); 180 181 /* 182 * Because this server is persistent, a backlog of SOMAXCONN is 183 * better than trying to size it to max_connections. 184 */ 185 if (qio_net_listener_open_sync(nbd_server->listener, addr, SOMAXCONN, 186 errp) < 0) { 187 goto error; 188 } 189 190 if (tls_creds) { 191 nbd_server->tlscreds = nbd_get_tls_creds(tls_creds, errp); 192 if (!nbd_server->tlscreds) { 193 goto error; 194 } 195 } 196 197 nbd_server->tlsauthz = g_strdup(tls_authz); 198 199 nbd_update_server_watch(nbd_server); 200 201 return; 202 203 error: 204 nbd_server_free(nbd_server); 205 nbd_server = NULL; 206 } 207 208 void nbd_server_start_options(NbdServerOptions *arg, Error **errp) 209 { 210 if (!arg->has_max_connections) { 211 arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS; 212 } 213 214 nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, 215 arg->max_connections, errp); 216 } 217 218 void qmp_nbd_server_start(SocketAddressLegacy *addr, 219 const char *tls_creds, 220 const char *tls_authz, 221 bool has_max_connections, uint32_t max_connections, 222 Error **errp) 223 { 224 SocketAddress *addr_flat = socket_address_flatten(addr); 225 226 if (!has_max_connections) { 227 max_connections = NBD_DEFAULT_MAX_CONNECTIONS; 228 } 229 230 nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); 231 qapi_free_SocketAddress(addr_flat); 232 } 233 234 void qmp_nbd_server_add(NbdServerAddOptions *arg, Error **errp) 235 { 236 BlockExport *export; 237 BlockDriverState *bs; 238 BlockBackend *on_eject_blk; 239 BlockExportOptions *export_opts; 240 241 bs = bdrv_lookup_bs(arg->device, arg->device, errp); 242 if (!bs) { 243 return; 244 } 245 246 /* 247 * block-export-add would default to the node-name, but we may have to use 248 * the device name as a default here for compatibility. 249 */ 250 if (!arg->name) { 251 arg->name = g_strdup(arg->device); 252 } 253 254 export_opts = g_new(BlockExportOptions, 1); 255 *export_opts = (BlockExportOptions) { 256 .type = BLOCK_EXPORT_TYPE_NBD, 257 .id = g_strdup(arg->name), 258 .node_name = g_strdup(bdrv_get_node_name(bs)), 259 .has_writable = arg->has_writable, 260 .writable = arg->writable, 261 }; 262 QAPI_CLONE_MEMBERS(BlockExportOptionsNbdBase, &export_opts->u.nbd, 263 qapi_NbdServerAddOptions_base(arg)); 264 if (arg->bitmap) { 265 BlockDirtyBitmapOrStr *el = g_new(BlockDirtyBitmapOrStr, 1); 266 267 *el = (BlockDirtyBitmapOrStr) { 268 .type = QTYPE_QSTRING, 269 .u.local = g_strdup(arg->bitmap), 270 }; 271 export_opts->u.nbd.has_bitmaps = true; 272 QAPI_LIST_PREPEND(export_opts->u.nbd.bitmaps, el); 273 } 274 275 /* 276 * nbd-server-add doesn't complain when a read-only device should be 277 * exported as writable, but simply downgrades it. This is an error with 278 * block-export-add. 279 */ 280 if (bdrv_is_read_only(bs)) { 281 export_opts->has_writable = true; 282 export_opts->writable = false; 283 } 284 285 export = blk_exp_add(export_opts, errp); 286 if (!export) { 287 goto fail; 288 } 289 290 /* 291 * nbd-server-add removes the export when the named BlockBackend used for 292 * @device goes away. 293 */ 294 on_eject_blk = blk_by_name(arg->device); 295 if (on_eject_blk) { 296 nbd_export_set_on_eject_blk(export, on_eject_blk); 297 } 298 299 fail: 300 qapi_free_BlockExportOptions(export_opts); 301 } 302 303 void qmp_nbd_server_remove(const char *name, 304 bool has_mode, BlockExportRemoveMode mode, 305 Error **errp) 306 { 307 BlockExport *exp; 308 309 exp = blk_exp_find(name); 310 if (exp && exp->drv->type != BLOCK_EXPORT_TYPE_NBD) { 311 error_setg(errp, "Block export '%s' is not an NBD export", name); 312 return; 313 } 314 315 qmp_block_export_del(name, has_mode, mode, errp); 316 } 317 318 void qmp_nbd_server_stop(Error **errp) 319 { 320 if (!nbd_server) { 321 error_setg(errp, "NBD server not running"); 322 return; 323 } 324 325 blk_exp_close_all_type(BLOCK_EXPORT_TYPE_NBD); 326 327 nbd_server_free(nbd_server); 328 nbd_server = NULL; 329 } 330