1 /* 2 * Serving QEMU block devices via NBD 3 * 4 * Copyright (c) 2012 Red Hat, Inc. 5 * 6 * Author: Paolo Bonzini <pbonzini@redhat.com> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or 9 * later. See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "sysemu/blockdev.h" 14 #include "sysemu/block-backend.h" 15 #include "hw/block/block.h" 16 #include "qapi/error.h" 17 #include "qapi/qapi-commands-block.h" 18 #include "block/nbd.h" 19 #include "io/channel-socket.h" 20 #include "io/net-listener.h" 21 22 typedef struct NBDServerData { 23 QIONetListener *listener; 24 QCryptoTLSCreds *tlscreds; 25 char *tlsauthz; 26 } NBDServerData; 27 28 static NBDServerData *nbd_server; 29 30 static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) 31 { 32 nbd_client_put(client); 33 } 34 35 static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 36 gpointer opaque) 37 { 38 qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); 39 nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, 40 nbd_blockdev_client_closed); 41 } 42 43 44 static void nbd_server_free(NBDServerData *server) 45 { 46 if (!server) { 47 return; 48 } 49 50 qio_net_listener_disconnect(server->listener); 51 object_unref(OBJECT(server->listener)); 52 if (server->tlscreds) { 53 object_unref(OBJECT(server->tlscreds)); 54 } 55 g_free(server->tlsauthz); 56 57 g_free(server); 58 } 59 60 static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp) 61 { 62 Object *obj; 63 QCryptoTLSCreds *creds; 64 65 obj = object_resolve_path_component( 66 object_get_objects_root(), id); 67 if (!obj) { 68 error_setg(errp, "No TLS credentials with id '%s'", 69 id); 70 return NULL; 71 } 72 creds = (QCryptoTLSCreds *) 73 object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); 74 if (!creds) { 75 error_setg(errp, "Object with id '%s' is not TLS credentials", 76 id); 77 return NULL; 78 } 79 80 if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 81 error_setg(errp, 82 "Expecting TLS credentials with a server endpoint"); 83 return NULL; 84 } 85 object_ref(obj); 86 return creds; 87 } 88 89 90 void nbd_server_start(SocketAddress *addr, const char *tls_creds, 91 const char *tls_authz, Error **errp) 92 { 93 if (nbd_server) { 94 error_setg(errp, "NBD server already running"); 95 return; 96 } 97 98 nbd_server = g_new0(NBDServerData, 1); 99 nbd_server->listener = qio_net_listener_new(); 100 101 qio_net_listener_set_name(nbd_server->listener, 102 "nbd-listener"); 103 104 if (qio_net_listener_open_sync(nbd_server->listener, addr, 1, errp) < 0) { 105 goto error; 106 } 107 108 if (tls_creds) { 109 nbd_server->tlscreds = nbd_get_tls_creds(tls_creds, errp); 110 if (!nbd_server->tlscreds) { 111 goto error; 112 } 113 114 /* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */ 115 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 116 error_setg(errp, "TLS is only supported with IPv4/IPv6"); 117 goto error; 118 } 119 } 120 121 nbd_server->tlsauthz = g_strdup(tls_authz); 122 123 qio_net_listener_set_client_func(nbd_server->listener, 124 nbd_accept, 125 NULL, 126 NULL); 127 128 return; 129 130 error: 131 nbd_server_free(nbd_server); 132 nbd_server = NULL; 133 } 134 135 void qmp_nbd_server_start(SocketAddressLegacy *addr, 136 bool has_tls_creds, const char *tls_creds, 137 bool has_tls_authz, const char *tls_authz, 138 Error **errp) 139 { 140 SocketAddress *addr_flat = socket_address_flatten(addr); 141 142 nbd_server_start(addr_flat, tls_creds, tls_authz, errp); 143 qapi_free_SocketAddress(addr_flat); 144 } 145 146 void qmp_nbd_server_add(const char *device, bool has_name, const char *name, 147 bool has_writable, bool writable, 148 bool has_bitmap, const char *bitmap, Error **errp) 149 { 150 BlockDriverState *bs = NULL; 151 BlockBackend *on_eject_blk; 152 NBDExport *exp; 153 int64_t len; 154 AioContext *aio_context; 155 156 if (!nbd_server) { 157 error_setg(errp, "NBD server not running"); 158 return; 159 } 160 161 if (!has_name) { 162 name = device; 163 } 164 165 if (nbd_export_find(name)) { 166 error_setg(errp, "NBD server already has export named '%s'", name); 167 return; 168 } 169 170 on_eject_blk = blk_by_name(device); 171 172 bs = bdrv_lookup_bs(device, device, errp); 173 if (!bs) { 174 return; 175 } 176 177 aio_context = bdrv_get_aio_context(bs); 178 aio_context_acquire(aio_context); 179 len = bdrv_getlength(bs); 180 if (len < 0) { 181 error_setg_errno(errp, -len, 182 "Failed to determine the NBD export's length"); 183 goto out; 184 } 185 186 if (!has_writable) { 187 writable = false; 188 } 189 if (bdrv_is_read_only(bs)) { 190 writable = false; 191 } 192 193 exp = nbd_export_new(bs, 0, len, name, NULL, bitmap, !writable, !writable, 194 NULL, false, on_eject_blk, errp); 195 if (!exp) { 196 goto out; 197 } 198 199 /* The list of named exports has a strong reference to this export now and 200 * our only way of accessing it is through nbd_export_find(), so we can drop 201 * the strong reference that is @exp. */ 202 nbd_export_put(exp); 203 204 out: 205 aio_context_release(aio_context); 206 } 207 208 void qmp_nbd_server_remove(const char *name, 209 bool has_mode, NbdServerRemoveMode mode, 210 Error **errp) 211 { 212 NBDExport *exp; 213 AioContext *aio_context; 214 215 if (!nbd_server) { 216 error_setg(errp, "NBD server not running"); 217 return; 218 } 219 220 exp = nbd_export_find(name); 221 if (exp == NULL) { 222 error_setg(errp, "Export '%s' is not found", name); 223 return; 224 } 225 226 if (!has_mode) { 227 mode = NBD_SERVER_REMOVE_MODE_SAFE; 228 } 229 230 aio_context = nbd_export_aio_context(exp); 231 aio_context_acquire(aio_context); 232 nbd_export_remove(exp, mode, errp); 233 aio_context_release(aio_context); 234 } 235 236 void qmp_nbd_server_stop(Error **errp) 237 { 238 if (!nbd_server) { 239 error_setg(errp, "NBD server not running"); 240 return; 241 } 242 243 nbd_export_close_all(); 244 245 nbd_server_free(nbd_server); 246 nbd_server = NULL; 247 } 248