1 /* 2 * Serving QEMU block devices via NBD 3 * 4 * Copyright (c) 2012 Red Hat, Inc. 5 * 6 * Author: Paolo Bonzini <pbonzini@redhat.com> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or 9 * later. See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "sysemu/blockdev.h" 14 #include "sysemu/block-backend.h" 15 #include "hw/block/block.h" 16 #include "qapi/error.h" 17 #include "qapi/qapi-commands-block.h" 18 #include "block/nbd.h" 19 #include "io/channel-socket.h" 20 #include "io/net-listener.h" 21 22 typedef struct NBDServerData { 23 QIONetListener *listener; 24 QCryptoTLSCreds *tlscreds; 25 char *tlsauthz; 26 } NBDServerData; 27 28 static NBDServerData *nbd_server; 29 30 static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) 31 { 32 nbd_client_put(client); 33 } 34 35 static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 36 gpointer opaque) 37 { 38 qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); 39 nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, 40 nbd_blockdev_client_closed); 41 } 42 43 44 static void nbd_server_free(NBDServerData *server) 45 { 46 if (!server) { 47 return; 48 } 49 50 qio_net_listener_disconnect(server->listener); 51 object_unref(OBJECT(server->listener)); 52 if (server->tlscreds) { 53 object_unref(OBJECT(server->tlscreds)); 54 } 55 g_free(server->tlsauthz); 56 57 g_free(server); 58 } 59 60 static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp) 61 { 62 Object *obj; 63 QCryptoTLSCreds *creds; 64 65 obj = object_resolve_path_component( 66 object_get_objects_root(), id); 67 if (!obj) { 68 error_setg(errp, "No TLS credentials with id '%s'", 69 id); 70 return NULL; 71 } 72 creds = (QCryptoTLSCreds *) 73 object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); 74 if (!creds) { 75 error_setg(errp, "Object with id '%s' is not TLS credentials", 76 id); 77 return NULL; 78 } 79 80 if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 81 error_setg(errp, 82 "Expecting TLS credentials with a server endpoint"); 83 return NULL; 84 } 85 object_ref(obj); 86 return creds; 87 } 88 89 90 void nbd_server_start(SocketAddress *addr, const char *tls_creds, 91 const char *tls_authz, Error **errp) 92 { 93 if (nbd_server) { 94 error_setg(errp, "NBD server already running"); 95 return; 96 } 97 98 nbd_server = g_new0(NBDServerData, 1); 99 nbd_server->listener = qio_net_listener_new(); 100 101 qio_net_listener_set_name(nbd_server->listener, 102 "nbd-listener"); 103 104 if (qio_net_listener_open_sync(nbd_server->listener, addr, 1, errp) < 0) { 105 goto error; 106 } 107 108 if (tls_creds) { 109 nbd_server->tlscreds = nbd_get_tls_creds(tls_creds, errp); 110 if (!nbd_server->tlscreds) { 111 goto error; 112 } 113 114 /* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */ 115 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 116 error_setg(errp, "TLS is only supported with IPv4/IPv6"); 117 goto error; 118 } 119 } 120 121 nbd_server->tlsauthz = g_strdup(tls_authz); 122 123 qio_net_listener_set_client_func(nbd_server->listener, 124 nbd_accept, 125 NULL, 126 NULL); 127 128 return; 129 130 error: 131 nbd_server_free(nbd_server); 132 nbd_server = NULL; 133 } 134 135 void qmp_nbd_server_start(SocketAddressLegacy *addr, 136 bool has_tls_creds, const char *tls_creds, 137 bool has_tls_authz, const char *tls_authz, 138 Error **errp) 139 { 140 SocketAddress *addr_flat = socket_address_flatten(addr); 141 142 nbd_server_start(addr_flat, tls_creds, tls_authz, errp); 143 qapi_free_SocketAddress(addr_flat); 144 } 145 146 void qmp_nbd_server_add(const char *device, bool has_name, const char *name, 147 bool has_writable, bool writable, 148 bool has_bitmap, const char *bitmap, Error **errp) 149 { 150 BlockDriverState *bs = NULL; 151 BlockBackend *on_eject_blk; 152 NBDExport *exp; 153 int64_t len; 154 AioContext *aio_context; 155 156 if (!nbd_server) { 157 error_setg(errp, "NBD server not running"); 158 return; 159 } 160 161 if (!has_name) { 162 name = device; 163 } 164 165 if (strlen(name) > NBD_MAX_STRING_SIZE) { 166 error_setg(errp, "export name '%s' too long", name); 167 return; 168 } 169 170 if (nbd_export_find(name)) { 171 error_setg(errp, "NBD server already has export named '%s'", name); 172 return; 173 } 174 175 on_eject_blk = blk_by_name(device); 176 177 bs = bdrv_lookup_bs(device, device, errp); 178 if (!bs) { 179 return; 180 } 181 182 aio_context = bdrv_get_aio_context(bs); 183 aio_context_acquire(aio_context); 184 len = bdrv_getlength(bs); 185 if (len < 0) { 186 error_setg_errno(errp, -len, 187 "Failed to determine the NBD export's length"); 188 goto out; 189 } 190 191 if (!has_writable) { 192 writable = false; 193 } 194 if (bdrv_is_read_only(bs)) { 195 writable = false; 196 } 197 198 exp = nbd_export_new(bs, 0, len, name, NULL, bitmap, !writable, !writable, 199 NULL, false, on_eject_blk, errp); 200 if (!exp) { 201 goto out; 202 } 203 204 /* The list of named exports has a strong reference to this export now and 205 * our only way of accessing it is through nbd_export_find(), so we can drop 206 * the strong reference that is @exp. */ 207 nbd_export_put(exp); 208 209 out: 210 aio_context_release(aio_context); 211 } 212 213 void qmp_nbd_server_remove(const char *name, 214 bool has_mode, NbdServerRemoveMode mode, 215 Error **errp) 216 { 217 NBDExport *exp; 218 AioContext *aio_context; 219 220 if (!nbd_server) { 221 error_setg(errp, "NBD server not running"); 222 return; 223 } 224 225 exp = nbd_export_find(name); 226 if (exp == NULL) { 227 error_setg(errp, "Export '%s' is not found", name); 228 return; 229 } 230 231 if (!has_mode) { 232 mode = NBD_SERVER_REMOVE_MODE_SAFE; 233 } 234 235 aio_context = nbd_export_aio_context(exp); 236 aio_context_acquire(aio_context); 237 nbd_export_remove(exp, mode, errp); 238 aio_context_release(aio_context); 239 } 240 241 void qmp_nbd_server_stop(Error **errp) 242 { 243 if (!nbd_server) { 244 error_setg(errp, "NBD server not running"); 245 return; 246 } 247 248 nbd_export_close_all(); 249 250 nbd_server_free(nbd_server); 251 nbd_server = NULL; 252 } 253