1 /* 2 * Copyright (C) 2016-2017 Red Hat, Inc. 3 * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws> 4 * 5 * Network Block Device Server Side 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; under version 2 of the License. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qapi/error.h" 22 #include "trace.h" 23 #include "nbd-internal.h" 24 25 static int system_errno_to_nbd_errno(int err) 26 { 27 switch (err) { 28 case 0: 29 return NBD_SUCCESS; 30 case EPERM: 31 case EROFS: 32 return NBD_EPERM; 33 case EIO: 34 return NBD_EIO; 35 case ENOMEM: 36 return NBD_ENOMEM; 37 #ifdef EDQUOT 38 case EDQUOT: 39 #endif 40 case EFBIG: 41 case ENOSPC: 42 return NBD_ENOSPC; 43 case ESHUTDOWN: 44 return NBD_ESHUTDOWN; 45 case EINVAL: 46 default: 47 return NBD_EINVAL; 48 } 49 } 50 51 /* Definitions for opaque data types */ 52 53 typedef struct NBDRequestData NBDRequestData; 54 55 struct NBDRequestData { 56 QSIMPLEQ_ENTRY(NBDRequestData) entry; 57 NBDClient *client; 58 uint8_t *data; 59 bool complete; 60 }; 61 62 struct NBDExport { 63 int refcount; 64 void (*close)(NBDExport *exp); 65 66 BlockBackend *blk; 67 char *name; 68 char *description; 69 off_t dev_offset; 70 off_t size; 71 uint16_t nbdflags; 72 QTAILQ_HEAD(, NBDClient) clients; 73 QTAILQ_ENTRY(NBDExport) next; 74 75 AioContext *ctx; 76 77 BlockBackend *eject_notifier_blk; 78 Notifier eject_notifier; 79 }; 80 81 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); 82 83 struct NBDClient { 84 int refcount; 85 void (*close_fn)(NBDClient *client, bool negotiated); 86 87 NBDExport *exp; 88 QCryptoTLSCreds *tlscreds; 89 char *tlsaclname; 90 QIOChannelSocket *sioc; /* The underlying data channel */ 91 QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ 92 93 Coroutine *recv_coroutine; 94 95 CoMutex send_lock; 96 Coroutine *send_coroutine; 97 98 QTAILQ_ENTRY(NBDClient) next; 99 int nb_requests; 100 bool closing; 101 }; 102 103 /* That's all folks */ 104 105 static void nbd_client_receive_next_request(NBDClient *client); 106 107 /* Basic flow for negotiation 108 109 Server Client 110 Negotiate 111 112 or 113 114 Server Client 115 Negotiate #1 116 Option 117 Negotiate #2 118 119 ---- 120 121 followed by 122 123 Server Client 124 Request 125 Response 126 Request 127 Response 128 ... 129 ... 130 Request (type == 2) 131 132 */ 133 134 /* Send a reply header, including length, but no payload. 135 * Return -errno on error, 0 on success. */ 136 static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type, 137 uint32_t opt, uint32_t len, Error **errp) 138 { 139 uint64_t magic; 140 141 trace_nbd_negotiate_send_rep_len(opt, nbd_opt_lookup(opt), 142 type, nbd_rep_lookup(type), len); 143 144 assert(len < NBD_MAX_BUFFER_SIZE); 145 magic = cpu_to_be64(NBD_REP_MAGIC); 146 if (nbd_write(ioc, &magic, sizeof(magic), errp) < 0) { 147 error_prepend(errp, "write failed (rep magic): "); 148 return -EINVAL; 149 } 150 151 opt = cpu_to_be32(opt); 152 if (nbd_write(ioc, &opt, sizeof(opt), errp) < 0) { 153 error_prepend(errp, "write failed (rep opt): "); 154 return -EINVAL; 155 } 156 157 type = cpu_to_be32(type); 158 if (nbd_write(ioc, &type, sizeof(type), errp) < 0) { 159 error_prepend(errp, "write failed (rep type): "); 160 return -EINVAL; 161 } 162 163 len = cpu_to_be32(len); 164 if (nbd_write(ioc, &len, sizeof(len), errp) < 0) { 165 error_prepend(errp, "write failed (rep data length): "); 166 return -EINVAL; 167 } 168 return 0; 169 } 170 171 /* Send a reply header with default 0 length. 172 * Return -errno on error, 0 on success. */ 173 static int nbd_negotiate_send_rep(QIOChannel *ioc, uint32_t type, uint32_t opt, 174 Error **errp) 175 { 176 return nbd_negotiate_send_rep_len(ioc, type, opt, 0, errp); 177 } 178 179 /* Send an error reply. 180 * Return -errno on error, 0 on success. */ 181 static int GCC_FMT_ATTR(5, 6) 182 nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type, 183 uint32_t opt, Error **errp, const char *fmt, ...) 184 { 185 va_list va; 186 char *msg; 187 int ret; 188 size_t len; 189 190 va_start(va, fmt); 191 msg = g_strdup_vprintf(fmt, va); 192 va_end(va); 193 len = strlen(msg); 194 assert(len < 4096); 195 trace_nbd_negotiate_send_rep_err(msg); 196 ret = nbd_negotiate_send_rep_len(ioc, type, opt, len, errp); 197 if (ret < 0) { 198 goto out; 199 } 200 if (nbd_write(ioc, msg, len, errp) < 0) { 201 error_prepend(errp, "write failed (error message): "); 202 ret = -EIO; 203 } else { 204 ret = 0; 205 } 206 207 out: 208 g_free(msg); 209 return ret; 210 } 211 212 /* Send a single NBD_REP_SERVER reply to NBD_OPT_LIST, including payload. 213 * Return -errno on error, 0 on success. */ 214 static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp, 215 Error **errp) 216 { 217 size_t name_len, desc_len; 218 uint32_t len; 219 const char *name = exp->name ? exp->name : ""; 220 const char *desc = exp->description ? exp->description : ""; 221 int ret; 222 223 trace_nbd_negotiate_send_rep_list(name, desc); 224 name_len = strlen(name); 225 desc_len = strlen(desc); 226 len = name_len + desc_len + sizeof(len); 227 ret = nbd_negotiate_send_rep_len(ioc, NBD_REP_SERVER, NBD_OPT_LIST, len, 228 errp); 229 if (ret < 0) { 230 return ret; 231 } 232 233 len = cpu_to_be32(name_len); 234 if (nbd_write(ioc, &len, sizeof(len), errp) < 0) { 235 error_prepend(errp, "write failed (name length): "); 236 return -EINVAL; 237 } 238 239 if (nbd_write(ioc, name, name_len, errp) < 0) { 240 error_prepend(errp, "write failed (name buffer): "); 241 return -EINVAL; 242 } 243 244 if (nbd_write(ioc, desc, desc_len, errp) < 0) { 245 error_prepend(errp, "write failed (description buffer): "); 246 return -EINVAL; 247 } 248 249 return 0; 250 } 251 252 /* Process the NBD_OPT_LIST command, with a potential series of replies. 253 * Return -errno on error, 0 on success. */ 254 static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length, 255 Error **errp) 256 { 257 NBDExport *exp; 258 259 if (length) { 260 if (nbd_drop(client->ioc, length, errp) < 0) { 261 return -EIO; 262 } 263 return nbd_negotiate_send_rep_err(client->ioc, 264 NBD_REP_ERR_INVALID, NBD_OPT_LIST, 265 errp, 266 "OPT_LIST should not have length"); 267 } 268 269 /* For each export, send a NBD_REP_SERVER reply. */ 270 QTAILQ_FOREACH(exp, &exports, next) { 271 if (nbd_negotiate_send_rep_list(client->ioc, exp, errp)) { 272 return -EINVAL; 273 } 274 } 275 /* Finish with a NBD_REP_ACK. */ 276 return nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, NBD_OPT_LIST, errp); 277 } 278 279 /* Send a reply to NBD_OPT_EXPORT_NAME. 280 * Return -errno on error, 0 on success. */ 281 static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length, 282 uint16_t myflags, bool no_zeroes, 283 Error **errp) 284 { 285 char name[NBD_MAX_NAME_SIZE + 1]; 286 char buf[NBD_REPLY_EXPORT_NAME_SIZE] = ""; 287 size_t len; 288 int ret; 289 290 /* Client sends: 291 [20 .. xx] export name (length bytes) 292 Server replies: 293 [ 0 .. 7] size 294 [ 8 .. 9] export flags 295 [10 .. 133] reserved (0) [unless no_zeroes] 296 */ 297 trace_nbd_negotiate_handle_export_name(); 298 if (length >= sizeof(name)) { 299 error_setg(errp, "Bad length received"); 300 return -EINVAL; 301 } 302 if (nbd_read(client->ioc, name, length, errp) < 0) { 303 error_prepend(errp, "read failed: "); 304 return -EINVAL; 305 } 306 name[length] = '\0'; 307 308 trace_nbd_negotiate_handle_export_name_request(name); 309 310 client->exp = nbd_export_find(name); 311 if (!client->exp) { 312 error_setg(errp, "export not found"); 313 return -EINVAL; 314 } 315 316 trace_nbd_negotiate_new_style_size_flags(client->exp->size, 317 client->exp->nbdflags | myflags); 318 stq_be_p(buf, client->exp->size); 319 stw_be_p(buf + 8, client->exp->nbdflags | myflags); 320 len = no_zeroes ? 10 : sizeof(buf); 321 ret = nbd_write(client->ioc, buf, len, errp); 322 if (ret < 0) { 323 error_prepend(errp, "write failed: "); 324 return ret; 325 } 326 327 QTAILQ_INSERT_TAIL(&client->exp->clients, client, next); 328 nbd_export_get(client->exp); 329 330 return 0; 331 } 332 333 /* Send a single NBD_REP_INFO, with a buffer @buf of @length bytes. 334 * The buffer does NOT include the info type prefix. 335 * Return -errno on error, 0 if ready to send more. */ 336 static int nbd_negotiate_send_info(NBDClient *client, uint32_t opt, 337 uint16_t info, uint32_t length, void *buf, 338 Error **errp) 339 { 340 int rc; 341 342 trace_nbd_negotiate_send_info(info, nbd_info_lookup(info), length); 343 rc = nbd_negotiate_send_rep_len(client->ioc, NBD_REP_INFO, opt, 344 sizeof(info) + length, errp); 345 if (rc < 0) { 346 return rc; 347 } 348 cpu_to_be16s(&info); 349 if (nbd_write(client->ioc, &info, sizeof(info), errp) < 0) { 350 return -EIO; 351 } 352 if (nbd_write(client->ioc, buf, length, errp) < 0) { 353 return -EIO; 354 } 355 return 0; 356 } 357 358 /* Handle NBD_OPT_INFO and NBD_OPT_GO. 359 * Return -errno on error, 0 if ready for next option, and 1 to move 360 * into transmission phase. */ 361 static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length, 362 uint32_t opt, uint16_t myflags, 363 Error **errp) 364 { 365 int rc; 366 char name[NBD_MAX_NAME_SIZE + 1]; 367 NBDExport *exp; 368 uint16_t requests; 369 uint16_t request; 370 uint32_t namelen; 371 bool sendname = false; 372 bool blocksize = false; 373 uint32_t sizes[3]; 374 char buf[sizeof(uint64_t) + sizeof(uint16_t)]; 375 const char *msg; 376 377 /* Client sends: 378 4 bytes: L, name length (can be 0) 379 L bytes: export name 380 2 bytes: N, number of requests (can be 0) 381 N * 2 bytes: N requests 382 */ 383 if (length < sizeof(namelen) + sizeof(requests)) { 384 msg = "overall request too short"; 385 goto invalid; 386 } 387 if (nbd_read(client->ioc, &namelen, sizeof(namelen), errp) < 0) { 388 return -EIO; 389 } 390 be32_to_cpus(&namelen); 391 length -= sizeof(namelen); 392 if (namelen > length - sizeof(requests) || (length - namelen) % 2) { 393 msg = "name length is incorrect"; 394 goto invalid; 395 } 396 if (nbd_read(client->ioc, name, namelen, errp) < 0) { 397 return -EIO; 398 } 399 name[namelen] = '\0'; 400 length -= namelen; 401 trace_nbd_negotiate_handle_export_name_request(name); 402 403 if (nbd_read(client->ioc, &requests, sizeof(requests), errp) < 0) { 404 return -EIO; 405 } 406 be16_to_cpus(&requests); 407 length -= sizeof(requests); 408 trace_nbd_negotiate_handle_info_requests(requests); 409 if (requests != length / sizeof(request)) { 410 msg = "incorrect number of requests for overall length"; 411 goto invalid; 412 } 413 while (requests--) { 414 if (nbd_read(client->ioc, &request, sizeof(request), errp) < 0) { 415 return -EIO; 416 } 417 be16_to_cpus(&request); 418 length -= sizeof(request); 419 trace_nbd_negotiate_handle_info_request(request, 420 nbd_info_lookup(request)); 421 /* We care about NBD_INFO_NAME and NBD_INFO_BLOCK_SIZE; 422 * everything else is either a request we don't know or 423 * something we send regardless of request */ 424 switch (request) { 425 case NBD_INFO_NAME: 426 sendname = true; 427 break; 428 case NBD_INFO_BLOCK_SIZE: 429 blocksize = true; 430 break; 431 } 432 } 433 434 exp = nbd_export_find(name); 435 if (!exp) { 436 return nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_UNKNOWN, 437 opt, errp, "export '%s' not present", 438 name); 439 } 440 441 /* Don't bother sending NBD_INFO_NAME unless client requested it */ 442 if (sendname) { 443 rc = nbd_negotiate_send_info(client, opt, NBD_INFO_NAME, length, name, 444 errp); 445 if (rc < 0) { 446 return rc; 447 } 448 } 449 450 /* Send NBD_INFO_DESCRIPTION only if available, regardless of 451 * client request */ 452 if (exp->description) { 453 size_t len = strlen(exp->description); 454 455 rc = nbd_negotiate_send_info(client, opt, NBD_INFO_DESCRIPTION, 456 len, exp->description, errp); 457 if (rc < 0) { 458 return rc; 459 } 460 } 461 462 /* Send NBD_INFO_BLOCK_SIZE always, but tweak the minimum size 463 * according to whether the client requested it, and according to 464 * whether this is OPT_INFO or OPT_GO. */ 465 /* minimum - 1 for back-compat, or 512 if client is new enough. 466 * TODO: consult blk_bs(blk)->bl.request_alignment? */ 467 sizes[0] = (opt == NBD_OPT_INFO || blocksize) ? BDRV_SECTOR_SIZE : 1; 468 /* preferred - Hard-code to 4096 for now. 469 * TODO: is blk_bs(blk)->bl.opt_transfer appropriate? */ 470 sizes[1] = 4096; 471 /* maximum - At most 32M, but smaller as appropriate. */ 472 sizes[2] = MIN(blk_get_max_transfer(exp->blk), NBD_MAX_BUFFER_SIZE); 473 trace_nbd_negotiate_handle_info_block_size(sizes[0], sizes[1], sizes[2]); 474 cpu_to_be32s(&sizes[0]); 475 cpu_to_be32s(&sizes[1]); 476 cpu_to_be32s(&sizes[2]); 477 rc = nbd_negotiate_send_info(client, opt, NBD_INFO_BLOCK_SIZE, 478 sizeof(sizes), sizes, errp); 479 if (rc < 0) { 480 return rc; 481 } 482 483 /* Send NBD_INFO_EXPORT always */ 484 trace_nbd_negotiate_new_style_size_flags(exp->size, 485 exp->nbdflags | myflags); 486 stq_be_p(buf, exp->size); 487 stw_be_p(buf + 8, exp->nbdflags | myflags); 488 rc = nbd_negotiate_send_info(client, opt, NBD_INFO_EXPORT, 489 sizeof(buf), buf, errp); 490 if (rc < 0) { 491 return rc; 492 } 493 494 /* If the client is just asking for NBD_OPT_INFO, but forgot to 495 * request block sizes, return an error. 496 * TODO: consult blk_bs(blk)->request_align, and only error if it 497 * is not 1? */ 498 if (opt == NBD_OPT_INFO && !blocksize) { 499 return nbd_negotiate_send_rep_err(client->ioc, 500 NBD_REP_ERR_BLOCK_SIZE_REQD, opt, 501 errp, 502 "request NBD_INFO_BLOCK_SIZE to " 503 "use this export"); 504 } 505 506 /* Final reply */ 507 rc = nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, opt, errp); 508 if (rc < 0) { 509 return rc; 510 } 511 512 if (opt == NBD_OPT_GO) { 513 client->exp = exp; 514 QTAILQ_INSERT_TAIL(&client->exp->clients, client, next); 515 nbd_export_get(client->exp); 516 rc = 1; 517 } 518 return rc; 519 520 invalid: 521 if (nbd_drop(client->ioc, length, errp) < 0) { 522 return -EIO; 523 } 524 return nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID, opt, 525 errp, "%s", msg); 526 } 527 528 529 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the 530 * new channel for all further (now-encrypted) communication. */ 531 static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, 532 uint32_t length, 533 Error **errp) 534 { 535 QIOChannel *ioc; 536 QIOChannelTLS *tioc; 537 struct NBDTLSHandshakeData data = { 0 }; 538 539 trace_nbd_negotiate_handle_starttls(); 540 ioc = client->ioc; 541 if (length) { 542 if (nbd_drop(ioc, length, errp) < 0) { 543 return NULL; 544 } 545 nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS, 546 errp, 547 "OPT_STARTTLS should not have length"); 548 return NULL; 549 } 550 551 if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, 552 NBD_OPT_STARTTLS, errp) < 0) { 553 return NULL; 554 } 555 556 tioc = qio_channel_tls_new_server(ioc, 557 client->tlscreds, 558 client->tlsaclname, 559 errp); 560 if (!tioc) { 561 return NULL; 562 } 563 564 qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-server-tls"); 565 trace_nbd_negotiate_handle_starttls_handshake(); 566 data.loop = g_main_loop_new(g_main_context_default(), FALSE); 567 qio_channel_tls_handshake(tioc, 568 nbd_tls_handshake, 569 &data, 570 NULL); 571 572 if (!data.complete) { 573 g_main_loop_run(data.loop); 574 } 575 g_main_loop_unref(data.loop); 576 if (data.error) { 577 object_unref(OBJECT(tioc)); 578 error_propagate(errp, data.error); 579 return NULL; 580 } 581 582 return QIO_CHANNEL(tioc); 583 } 584 585 /* nbd_negotiate_options 586 * Process all NBD_OPT_* client option commands, during fixed newstyle 587 * negotiation. 588 * Return: 589 * -errno on error, errp is set 590 * 0 on successful negotiation, errp is not set 591 * 1 if client sent NBD_OPT_ABORT, i.e. on valid disconnect, 592 * errp is not set 593 */ 594 static int nbd_negotiate_options(NBDClient *client, uint16_t myflags, 595 Error **errp) 596 { 597 uint32_t flags; 598 bool fixedNewstyle = false; 599 bool no_zeroes = false; 600 601 /* Client sends: 602 [ 0 .. 3] client flags 603 604 Then we loop until NBD_OPT_EXPORT_NAME or NBD_OPT_GO: 605 [ 0 .. 7] NBD_OPTS_MAGIC 606 [ 8 .. 11] NBD option 607 [12 .. 15] Data length 608 ... Rest of request 609 610 [ 0 .. 7] NBD_OPTS_MAGIC 611 [ 8 .. 11] Second NBD option 612 [12 .. 15] Data length 613 ... Rest of request 614 */ 615 616 if (nbd_read(client->ioc, &flags, sizeof(flags), errp) < 0) { 617 error_prepend(errp, "read failed: "); 618 return -EIO; 619 } 620 be32_to_cpus(&flags); 621 trace_nbd_negotiate_options_flags(flags); 622 if (flags & NBD_FLAG_C_FIXED_NEWSTYLE) { 623 fixedNewstyle = true; 624 flags &= ~NBD_FLAG_C_FIXED_NEWSTYLE; 625 } 626 if (flags & NBD_FLAG_C_NO_ZEROES) { 627 no_zeroes = true; 628 flags &= ~NBD_FLAG_C_NO_ZEROES; 629 } 630 if (flags != 0) { 631 error_setg(errp, "Unknown client flags 0x%" PRIx32 " received", flags); 632 return -EINVAL; 633 } 634 635 while (1) { 636 int ret; 637 uint32_t option, length; 638 uint64_t magic; 639 640 if (nbd_read(client->ioc, &magic, sizeof(magic), errp) < 0) { 641 error_prepend(errp, "read failed: "); 642 return -EINVAL; 643 } 644 magic = be64_to_cpu(magic); 645 trace_nbd_negotiate_options_check_magic(magic); 646 if (magic != NBD_OPTS_MAGIC) { 647 error_setg(errp, "Bad magic received"); 648 return -EINVAL; 649 } 650 651 if (nbd_read(client->ioc, &option, 652 sizeof(option), errp) < 0) { 653 error_prepend(errp, "read failed: "); 654 return -EINVAL; 655 } 656 option = be32_to_cpu(option); 657 658 if (nbd_read(client->ioc, &length, sizeof(length), errp) < 0) { 659 error_prepend(errp, "read failed: "); 660 return -EINVAL; 661 } 662 length = be32_to_cpu(length); 663 664 trace_nbd_negotiate_options_check_option(option, 665 nbd_opt_lookup(option)); 666 if (client->tlscreds && 667 client->ioc == (QIOChannel *)client->sioc) { 668 QIOChannel *tioc; 669 if (!fixedNewstyle) { 670 error_setg(errp, "Unsupported option 0x%" PRIx32, option); 671 return -EINVAL; 672 } 673 switch (option) { 674 case NBD_OPT_STARTTLS: 675 tioc = nbd_negotiate_handle_starttls(client, length, errp); 676 if (!tioc) { 677 return -EIO; 678 } 679 object_unref(OBJECT(client->ioc)); 680 client->ioc = QIO_CHANNEL(tioc); 681 break; 682 683 case NBD_OPT_EXPORT_NAME: 684 /* No way to return an error to client, so drop connection */ 685 error_setg(errp, "Option 0x%x not permitted before TLS", 686 option); 687 return -EINVAL; 688 689 default: 690 if (nbd_drop(client->ioc, length, errp) < 0) { 691 return -EIO; 692 } 693 ret = nbd_negotiate_send_rep_err(client->ioc, 694 NBD_REP_ERR_TLS_REQD, 695 option, errp, 696 "Option 0x%" PRIx32 697 "not permitted before TLS", 698 option); 699 if (ret < 0) { 700 return ret; 701 } 702 /* Let the client keep trying, unless they asked to 703 * quit. In this mode, we've already sent an error, so 704 * we can't ack the abort. */ 705 if (option == NBD_OPT_ABORT) { 706 return 1; 707 } 708 break; 709 } 710 } else if (fixedNewstyle) { 711 switch (option) { 712 case NBD_OPT_LIST: 713 ret = nbd_negotiate_handle_list(client, length, errp); 714 if (ret < 0) { 715 return ret; 716 } 717 break; 718 719 case NBD_OPT_ABORT: 720 /* NBD spec says we must try to reply before 721 * disconnecting, but that we must also tolerate 722 * guests that don't wait for our reply. */ 723 nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, option, NULL); 724 return 1; 725 726 case NBD_OPT_EXPORT_NAME: 727 return nbd_negotiate_handle_export_name(client, length, 728 myflags, no_zeroes, 729 errp); 730 731 case NBD_OPT_INFO: 732 case NBD_OPT_GO: 733 ret = nbd_negotiate_handle_info(client, length, option, 734 myflags, errp); 735 if (ret == 1) { 736 assert(option == NBD_OPT_GO); 737 return 0; 738 } 739 if (ret) { 740 return ret; 741 } 742 break; 743 744 case NBD_OPT_STARTTLS: 745 if (nbd_drop(client->ioc, length, errp) < 0) { 746 return -EIO; 747 } 748 if (client->tlscreds) { 749 ret = nbd_negotiate_send_rep_err(client->ioc, 750 NBD_REP_ERR_INVALID, 751 option, errp, 752 "TLS already enabled"); 753 } else { 754 ret = nbd_negotiate_send_rep_err(client->ioc, 755 NBD_REP_ERR_POLICY, 756 option, errp, 757 "TLS not configured"); 758 } 759 if (ret < 0) { 760 return ret; 761 } 762 break; 763 default: 764 if (nbd_drop(client->ioc, length, errp) < 0) { 765 return -EIO; 766 } 767 ret = nbd_negotiate_send_rep_err(client->ioc, 768 NBD_REP_ERR_UNSUP, 769 option, errp, 770 "Unsupported option 0x%" 771 PRIx32 " (%s)", option, 772 nbd_opt_lookup(option)); 773 if (ret < 0) { 774 return ret; 775 } 776 break; 777 } 778 } else { 779 /* 780 * If broken new-style we should drop the connection 781 * for anything except NBD_OPT_EXPORT_NAME 782 */ 783 switch (option) { 784 case NBD_OPT_EXPORT_NAME: 785 return nbd_negotiate_handle_export_name(client, length, 786 myflags, no_zeroes, 787 errp); 788 789 default: 790 error_setg(errp, "Unsupported option 0x%" PRIx32 " (%s)", 791 option, nbd_opt_lookup(option)); 792 return -EINVAL; 793 } 794 } 795 } 796 } 797 798 /* nbd_negotiate 799 * Return: 800 * -errno on error, errp is set 801 * 0 on successful negotiation, errp is not set 802 * 1 if client sent NBD_OPT_ABORT, i.e. on valid disconnect, 803 * errp is not set 804 */ 805 static coroutine_fn int nbd_negotiate(NBDClient *client, Error **errp) 806 { 807 char buf[NBD_OLDSTYLE_NEGOTIATE_SIZE] = ""; 808 int ret; 809 const uint16_t myflags = (NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_TRIM | 810 NBD_FLAG_SEND_FLUSH | NBD_FLAG_SEND_FUA | 811 NBD_FLAG_SEND_WRITE_ZEROES); 812 bool oldStyle; 813 814 /* Old style negotiation header, no room for options 815 [ 0 .. 7] passwd ("NBDMAGIC") 816 [ 8 .. 15] magic (NBD_CLIENT_MAGIC) 817 [16 .. 23] size 818 [24 .. 27] export flags (zero-extended) 819 [28 .. 151] reserved (0) 820 821 New style negotiation header, client can send options 822 [ 0 .. 7] passwd ("NBDMAGIC") 823 [ 8 .. 15] magic (NBD_OPTS_MAGIC) 824 [16 .. 17] server flags (0) 825 ....options sent, ending in NBD_OPT_EXPORT_NAME or NBD_OPT_GO.... 826 */ 827 828 qio_channel_set_blocking(client->ioc, false, NULL); 829 830 trace_nbd_negotiate_begin(); 831 memcpy(buf, "NBDMAGIC", 8); 832 833 oldStyle = client->exp != NULL && !client->tlscreds; 834 if (oldStyle) { 835 trace_nbd_negotiate_old_style(client->exp->size, 836 client->exp->nbdflags | myflags); 837 stq_be_p(buf + 8, NBD_CLIENT_MAGIC); 838 stq_be_p(buf + 16, client->exp->size); 839 stl_be_p(buf + 24, client->exp->nbdflags | myflags); 840 841 if (nbd_write(client->ioc, buf, sizeof(buf), errp) < 0) { 842 error_prepend(errp, "write failed: "); 843 return -EINVAL; 844 } 845 } else { 846 stq_be_p(buf + 8, NBD_OPTS_MAGIC); 847 stw_be_p(buf + 16, NBD_FLAG_FIXED_NEWSTYLE | NBD_FLAG_NO_ZEROES); 848 849 if (nbd_write(client->ioc, buf, 18, errp) < 0) { 850 error_prepend(errp, "write failed: "); 851 return -EINVAL; 852 } 853 ret = nbd_negotiate_options(client, myflags, errp); 854 if (ret != 0) { 855 if (ret < 0) { 856 error_prepend(errp, "option negotiation failed: "); 857 } 858 return ret; 859 } 860 } 861 862 trace_nbd_negotiate_success(); 863 864 return 0; 865 } 866 867 static int nbd_receive_request(QIOChannel *ioc, NBDRequest *request, 868 Error **errp) 869 { 870 uint8_t buf[NBD_REQUEST_SIZE]; 871 uint32_t magic; 872 int ret; 873 874 ret = nbd_read(ioc, buf, sizeof(buf), errp); 875 if (ret < 0) { 876 return ret; 877 } 878 879 /* Request 880 [ 0 .. 3] magic (NBD_REQUEST_MAGIC) 881 [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...) 882 [ 6 .. 7] type (NBD_CMD_READ, ...) 883 [ 8 .. 15] handle 884 [16 .. 23] from 885 [24 .. 27] len 886 */ 887 888 magic = ldl_be_p(buf); 889 request->flags = lduw_be_p(buf + 4); 890 request->type = lduw_be_p(buf + 6); 891 request->handle = ldq_be_p(buf + 8); 892 request->from = ldq_be_p(buf + 16); 893 request->len = ldl_be_p(buf + 24); 894 895 trace_nbd_receive_request(magic, request->flags, request->type, 896 request->from, request->len); 897 898 if (magic != NBD_REQUEST_MAGIC) { 899 error_setg(errp, "invalid magic (got 0x%" PRIx32 ")", magic); 900 return -EINVAL; 901 } 902 return 0; 903 } 904 905 static int nbd_send_reply(QIOChannel *ioc, NBDReply *reply, Error **errp) 906 { 907 uint8_t buf[NBD_REPLY_SIZE]; 908 909 reply->error = system_errno_to_nbd_errno(reply->error); 910 911 trace_nbd_send_reply(reply->error, reply->handle); 912 913 /* Reply 914 [ 0 .. 3] magic (NBD_REPLY_MAGIC) 915 [ 4 .. 7] error (0 == no error) 916 [ 7 .. 15] handle 917 */ 918 stl_be_p(buf, NBD_REPLY_MAGIC); 919 stl_be_p(buf + 4, reply->error); 920 stq_be_p(buf + 8, reply->handle); 921 922 return nbd_write(ioc, buf, sizeof(buf), errp); 923 } 924 925 #define MAX_NBD_REQUESTS 16 926 927 void nbd_client_get(NBDClient *client) 928 { 929 client->refcount++; 930 } 931 932 void nbd_client_put(NBDClient *client) 933 { 934 if (--client->refcount == 0) { 935 /* The last reference should be dropped by client->close, 936 * which is called by client_close. 937 */ 938 assert(client->closing); 939 940 qio_channel_detach_aio_context(client->ioc); 941 object_unref(OBJECT(client->sioc)); 942 object_unref(OBJECT(client->ioc)); 943 if (client->tlscreds) { 944 object_unref(OBJECT(client->tlscreds)); 945 } 946 g_free(client->tlsaclname); 947 if (client->exp) { 948 QTAILQ_REMOVE(&client->exp->clients, client, next); 949 nbd_export_put(client->exp); 950 } 951 g_free(client); 952 } 953 } 954 955 static void client_close(NBDClient *client, bool negotiated) 956 { 957 if (client->closing) { 958 return; 959 } 960 961 client->closing = true; 962 963 /* Force requests to finish. They will drop their own references, 964 * then we'll close the socket and free the NBDClient. 965 */ 966 qio_channel_shutdown(client->ioc, QIO_CHANNEL_SHUTDOWN_BOTH, 967 NULL); 968 969 /* Also tell the client, so that they release their reference. */ 970 if (client->close_fn) { 971 client->close_fn(client, negotiated); 972 } 973 } 974 975 static NBDRequestData *nbd_request_get(NBDClient *client) 976 { 977 NBDRequestData *req; 978 979 assert(client->nb_requests <= MAX_NBD_REQUESTS - 1); 980 client->nb_requests++; 981 982 req = g_new0(NBDRequestData, 1); 983 nbd_client_get(client); 984 req->client = client; 985 return req; 986 } 987 988 static void nbd_request_put(NBDRequestData *req) 989 { 990 NBDClient *client = req->client; 991 992 if (req->data) { 993 qemu_vfree(req->data); 994 } 995 g_free(req); 996 997 client->nb_requests--; 998 nbd_client_receive_next_request(client); 999 1000 nbd_client_put(client); 1001 } 1002 1003 static void blk_aio_attached(AioContext *ctx, void *opaque) 1004 { 1005 NBDExport *exp = opaque; 1006 NBDClient *client; 1007 1008 trace_nbd_blk_aio_attached(exp->name, ctx); 1009 1010 exp->ctx = ctx; 1011 1012 QTAILQ_FOREACH(client, &exp->clients, next) { 1013 qio_channel_attach_aio_context(client->ioc, ctx); 1014 if (client->recv_coroutine) { 1015 aio_co_schedule(ctx, client->recv_coroutine); 1016 } 1017 if (client->send_coroutine) { 1018 aio_co_schedule(ctx, client->send_coroutine); 1019 } 1020 } 1021 } 1022 1023 static void blk_aio_detach(void *opaque) 1024 { 1025 NBDExport *exp = opaque; 1026 NBDClient *client; 1027 1028 trace_nbd_blk_aio_detach(exp->name, exp->ctx); 1029 1030 QTAILQ_FOREACH(client, &exp->clients, next) { 1031 qio_channel_detach_aio_context(client->ioc); 1032 } 1033 1034 exp->ctx = NULL; 1035 } 1036 1037 static void nbd_eject_notifier(Notifier *n, void *data) 1038 { 1039 NBDExport *exp = container_of(n, NBDExport, eject_notifier); 1040 nbd_export_close(exp); 1041 } 1042 1043 NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size, 1044 uint16_t nbdflags, void (*close)(NBDExport *), 1045 bool writethrough, BlockBackend *on_eject_blk, 1046 Error **errp) 1047 { 1048 BlockBackend *blk; 1049 NBDExport *exp = g_malloc0(sizeof(NBDExport)); 1050 uint64_t perm; 1051 int ret; 1052 1053 /* Don't allow resize while the NBD server is running, otherwise we don't 1054 * care what happens with the node. */ 1055 perm = BLK_PERM_CONSISTENT_READ; 1056 if ((nbdflags & NBD_FLAG_READ_ONLY) == 0) { 1057 perm |= BLK_PERM_WRITE; 1058 } 1059 blk = blk_new(perm, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED | 1060 BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD); 1061 ret = blk_insert_bs(blk, bs, errp); 1062 if (ret < 0) { 1063 goto fail; 1064 } 1065 blk_set_enable_write_cache(blk, !writethrough); 1066 1067 exp->refcount = 1; 1068 QTAILQ_INIT(&exp->clients); 1069 exp->blk = blk; 1070 exp->dev_offset = dev_offset; 1071 exp->nbdflags = nbdflags; 1072 exp->size = size < 0 ? blk_getlength(blk) : size; 1073 if (exp->size < 0) { 1074 error_setg_errno(errp, -exp->size, 1075 "Failed to determine the NBD export's length"); 1076 goto fail; 1077 } 1078 exp->size -= exp->size % BDRV_SECTOR_SIZE; 1079 1080 exp->close = close; 1081 exp->ctx = blk_get_aio_context(blk); 1082 blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp); 1083 1084 if (on_eject_blk) { 1085 blk_ref(on_eject_blk); 1086 exp->eject_notifier_blk = on_eject_blk; 1087 exp->eject_notifier.notify = nbd_eject_notifier; 1088 blk_add_remove_bs_notifier(on_eject_blk, &exp->eject_notifier); 1089 } 1090 1091 /* 1092 * NBD exports are used for non-shared storage migration. Make sure 1093 * that BDRV_O_INACTIVE is cleared and the image is ready for write 1094 * access since the export could be available before migration handover. 1095 */ 1096 aio_context_acquire(exp->ctx); 1097 blk_invalidate_cache(blk, NULL); 1098 aio_context_release(exp->ctx); 1099 return exp; 1100 1101 fail: 1102 blk_unref(blk); 1103 g_free(exp); 1104 return NULL; 1105 } 1106 1107 NBDExport *nbd_export_find(const char *name) 1108 { 1109 NBDExport *exp; 1110 QTAILQ_FOREACH(exp, &exports, next) { 1111 if (strcmp(name, exp->name) == 0) { 1112 return exp; 1113 } 1114 } 1115 1116 return NULL; 1117 } 1118 1119 void nbd_export_set_name(NBDExport *exp, const char *name) 1120 { 1121 if (exp->name == name) { 1122 return; 1123 } 1124 1125 nbd_export_get(exp); 1126 if (exp->name != NULL) { 1127 g_free(exp->name); 1128 exp->name = NULL; 1129 QTAILQ_REMOVE(&exports, exp, next); 1130 nbd_export_put(exp); 1131 } 1132 if (name != NULL) { 1133 nbd_export_get(exp); 1134 exp->name = g_strdup(name); 1135 QTAILQ_INSERT_TAIL(&exports, exp, next); 1136 } 1137 nbd_export_put(exp); 1138 } 1139 1140 void nbd_export_set_description(NBDExport *exp, const char *description) 1141 { 1142 g_free(exp->description); 1143 exp->description = g_strdup(description); 1144 } 1145 1146 void nbd_export_close(NBDExport *exp) 1147 { 1148 NBDClient *client, *next; 1149 1150 nbd_export_get(exp); 1151 QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { 1152 client_close(client, true); 1153 } 1154 nbd_export_set_name(exp, NULL); 1155 nbd_export_set_description(exp, NULL); 1156 nbd_export_put(exp); 1157 } 1158 1159 void nbd_export_get(NBDExport *exp) 1160 { 1161 assert(exp->refcount > 0); 1162 exp->refcount++; 1163 } 1164 1165 void nbd_export_put(NBDExport *exp) 1166 { 1167 assert(exp->refcount > 0); 1168 if (exp->refcount == 1) { 1169 nbd_export_close(exp); 1170 } 1171 1172 if (--exp->refcount == 0) { 1173 assert(exp->name == NULL); 1174 assert(exp->description == NULL); 1175 1176 if (exp->close) { 1177 exp->close(exp); 1178 } 1179 1180 if (exp->blk) { 1181 if (exp->eject_notifier_blk) { 1182 notifier_remove(&exp->eject_notifier); 1183 blk_unref(exp->eject_notifier_blk); 1184 } 1185 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, 1186 blk_aio_detach, exp); 1187 blk_unref(exp->blk); 1188 exp->blk = NULL; 1189 } 1190 1191 g_free(exp); 1192 } 1193 } 1194 1195 BlockBackend *nbd_export_get_blockdev(NBDExport *exp) 1196 { 1197 return exp->blk; 1198 } 1199 1200 void nbd_export_close_all(void) 1201 { 1202 NBDExport *exp, *next; 1203 1204 QTAILQ_FOREACH_SAFE(exp, &exports, next, next) { 1205 nbd_export_close(exp); 1206 } 1207 } 1208 1209 static int nbd_co_send_reply(NBDRequestData *req, NBDReply *reply, int len, 1210 Error **errp) 1211 { 1212 NBDClient *client = req->client; 1213 int ret; 1214 1215 g_assert(qemu_in_coroutine()); 1216 1217 trace_nbd_co_send_reply(reply->handle, reply->error, len); 1218 1219 qemu_co_mutex_lock(&client->send_lock); 1220 client->send_coroutine = qemu_coroutine_self(); 1221 1222 if (!len) { 1223 ret = nbd_send_reply(client->ioc, reply, errp); 1224 } else { 1225 qio_channel_set_cork(client->ioc, true); 1226 ret = nbd_send_reply(client->ioc, reply, errp); 1227 if (ret == 0) { 1228 ret = nbd_write(client->ioc, req->data, len, errp); 1229 if (ret < 0) { 1230 ret = -EIO; 1231 } 1232 } 1233 qio_channel_set_cork(client->ioc, false); 1234 } 1235 1236 client->send_coroutine = NULL; 1237 qemu_co_mutex_unlock(&client->send_lock); 1238 return ret; 1239 } 1240 1241 /* nbd_co_receive_request 1242 * Collect a client request. Return 0 if request looks valid, -EIO to drop 1243 * connection right away, and any other negative value to report an error to 1244 * the client (although the caller may still need to disconnect after reporting 1245 * the error). 1246 */ 1247 static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request, 1248 Error **errp) 1249 { 1250 NBDClient *client = req->client; 1251 1252 g_assert(qemu_in_coroutine()); 1253 assert(client->recv_coroutine == qemu_coroutine_self()); 1254 if (nbd_receive_request(client->ioc, request, errp) < 0) { 1255 return -EIO; 1256 } 1257 1258 trace_nbd_co_receive_request_decode_type(request->handle, request->type, 1259 nbd_cmd_lookup(request->type)); 1260 1261 if (request->type != NBD_CMD_WRITE) { 1262 /* No payload, we are ready to read the next request. */ 1263 req->complete = true; 1264 } 1265 1266 if (request->type == NBD_CMD_DISC) { 1267 /* Special case: we're going to disconnect without a reply, 1268 * whether or not flags, from, or len are bogus */ 1269 return -EIO; 1270 } 1271 1272 /* Check for sanity in the parameters, part 1. Defer as many 1273 * checks as possible until after reading any NBD_CMD_WRITE 1274 * payload, so we can try and keep the connection alive. */ 1275 if ((request->from + request->len) < request->from) { 1276 error_setg(errp, 1277 "integer overflow detected, you're probably being attacked"); 1278 return -EINVAL; 1279 } 1280 1281 if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) { 1282 if (request->len > NBD_MAX_BUFFER_SIZE) { 1283 error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", 1284 request->len, NBD_MAX_BUFFER_SIZE); 1285 return -EINVAL; 1286 } 1287 1288 req->data = blk_try_blockalign(client->exp->blk, request->len); 1289 if (req->data == NULL) { 1290 error_setg(errp, "No memory"); 1291 return -ENOMEM; 1292 } 1293 } 1294 if (request->type == NBD_CMD_WRITE) { 1295 if (nbd_read(client->ioc, req->data, request->len, errp) < 0) { 1296 error_prepend(errp, "reading from socket failed: "); 1297 return -EIO; 1298 } 1299 req->complete = true; 1300 1301 trace_nbd_co_receive_request_payload_received(request->handle, 1302 request->len); 1303 } 1304 1305 /* Sanity checks, part 2. */ 1306 if (request->from + request->len > client->exp->size) { 1307 error_setg(errp, "operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 1308 ", Size: %" PRIu64, request->from, request->len, 1309 (uint64_t)client->exp->size); 1310 return request->type == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; 1311 } 1312 if (request->flags & ~(NBD_CMD_FLAG_FUA | NBD_CMD_FLAG_NO_HOLE)) { 1313 error_setg(errp, "unsupported flags (got 0x%x)", request->flags); 1314 return -EINVAL; 1315 } 1316 if (request->type != NBD_CMD_WRITE_ZEROES && 1317 (request->flags & NBD_CMD_FLAG_NO_HOLE)) { 1318 error_setg(errp, "unexpected flags (got 0x%x)", request->flags); 1319 return -EINVAL; 1320 } 1321 1322 return 0; 1323 } 1324 1325 /* Owns a reference to the NBDClient passed as opaque. */ 1326 static coroutine_fn void nbd_trip(void *opaque) 1327 { 1328 NBDClient *client = opaque; 1329 NBDExport *exp = client->exp; 1330 NBDRequestData *req; 1331 NBDRequest request = { 0 }; /* GCC thinks it can be used uninitialized */ 1332 NBDReply reply; 1333 int ret; 1334 int flags; 1335 int reply_data_len = 0; 1336 Error *local_err = NULL; 1337 1338 trace_nbd_trip(); 1339 if (client->closing) { 1340 nbd_client_put(client); 1341 return; 1342 } 1343 1344 req = nbd_request_get(client); 1345 ret = nbd_co_receive_request(req, &request, &local_err); 1346 client->recv_coroutine = NULL; 1347 nbd_client_receive_next_request(client); 1348 if (ret == -EIO) { 1349 goto disconnect; 1350 } 1351 1352 reply.handle = request.handle; 1353 reply.error = 0; 1354 1355 if (ret < 0) { 1356 reply.error = -ret; 1357 goto reply; 1358 } 1359 1360 if (client->closing) { 1361 /* 1362 * The client may be closed when we are blocked in 1363 * nbd_co_receive_request() 1364 */ 1365 goto done; 1366 } 1367 1368 switch (request.type) { 1369 case NBD_CMD_READ: 1370 /* XXX: NBD Protocol only documents use of FUA with WRITE */ 1371 if (request.flags & NBD_CMD_FLAG_FUA) { 1372 ret = blk_co_flush(exp->blk); 1373 if (ret < 0) { 1374 error_setg_errno(&local_err, -ret, "flush failed"); 1375 reply.error = -ret; 1376 break; 1377 } 1378 } 1379 1380 ret = blk_pread(exp->blk, request.from + exp->dev_offset, 1381 req->data, request.len); 1382 if (ret < 0) { 1383 error_setg_errno(&local_err, -ret, "reading from file failed"); 1384 reply.error = -ret; 1385 break; 1386 } 1387 1388 reply_data_len = request.len; 1389 1390 break; 1391 case NBD_CMD_WRITE: 1392 if (exp->nbdflags & NBD_FLAG_READ_ONLY) { 1393 reply.error = EROFS; 1394 break; 1395 } 1396 1397 flags = 0; 1398 if (request.flags & NBD_CMD_FLAG_FUA) { 1399 flags |= BDRV_REQ_FUA; 1400 } 1401 ret = blk_pwrite(exp->blk, request.from + exp->dev_offset, 1402 req->data, request.len, flags); 1403 if (ret < 0) { 1404 error_setg_errno(&local_err, -ret, "writing to file failed"); 1405 reply.error = -ret; 1406 } 1407 1408 break; 1409 case NBD_CMD_WRITE_ZEROES: 1410 if (exp->nbdflags & NBD_FLAG_READ_ONLY) { 1411 error_setg(&local_err, "Server is read-only, return error"); 1412 reply.error = EROFS; 1413 break; 1414 } 1415 1416 flags = 0; 1417 if (request.flags & NBD_CMD_FLAG_FUA) { 1418 flags |= BDRV_REQ_FUA; 1419 } 1420 if (!(request.flags & NBD_CMD_FLAG_NO_HOLE)) { 1421 flags |= BDRV_REQ_MAY_UNMAP; 1422 } 1423 ret = blk_pwrite_zeroes(exp->blk, request.from + exp->dev_offset, 1424 request.len, flags); 1425 if (ret < 0) { 1426 error_setg_errno(&local_err, -ret, "writing to file failed"); 1427 reply.error = -ret; 1428 } 1429 1430 break; 1431 case NBD_CMD_DISC: 1432 /* unreachable, thanks to special case in nbd_co_receive_request() */ 1433 abort(); 1434 1435 case NBD_CMD_FLUSH: 1436 ret = blk_co_flush(exp->blk); 1437 if (ret < 0) { 1438 error_setg_errno(&local_err, -ret, "flush failed"); 1439 reply.error = -ret; 1440 } 1441 1442 break; 1443 case NBD_CMD_TRIM: 1444 ret = blk_co_pdiscard(exp->blk, request.from + exp->dev_offset, 1445 request.len); 1446 if (ret < 0) { 1447 error_setg_errno(&local_err, -ret, "discard failed"); 1448 reply.error = -ret; 1449 } 1450 1451 break; 1452 default: 1453 error_setg(&local_err, "invalid request type (%" PRIu32 ") received", 1454 request.type); 1455 reply.error = EINVAL; 1456 } 1457 1458 reply: 1459 if (local_err) { 1460 /* If we are here local_err is not fatal error, already stored in 1461 * reply.error */ 1462 error_report_err(local_err); 1463 local_err = NULL; 1464 } 1465 1466 if (nbd_co_send_reply(req, &reply, reply_data_len, &local_err) < 0) { 1467 error_prepend(&local_err, "Failed to send reply: "); 1468 goto disconnect; 1469 } 1470 1471 /* We must disconnect after NBD_CMD_WRITE if we did not 1472 * read the payload. 1473 */ 1474 if (!req->complete) { 1475 error_setg(&local_err, "Request handling failed in intermediate state"); 1476 goto disconnect; 1477 } 1478 1479 done: 1480 nbd_request_put(req); 1481 nbd_client_put(client); 1482 return; 1483 1484 disconnect: 1485 if (local_err) { 1486 error_reportf_err(local_err, "Disconnect client, due to: "); 1487 } 1488 nbd_request_put(req); 1489 client_close(client, true); 1490 nbd_client_put(client); 1491 } 1492 1493 static void nbd_client_receive_next_request(NBDClient *client) 1494 { 1495 if (!client->recv_coroutine && client->nb_requests < MAX_NBD_REQUESTS) { 1496 nbd_client_get(client); 1497 client->recv_coroutine = qemu_coroutine_create(nbd_trip, client); 1498 aio_co_schedule(client->exp->ctx, client->recv_coroutine); 1499 } 1500 } 1501 1502 static coroutine_fn void nbd_co_client_start(void *opaque) 1503 { 1504 NBDClient *client = opaque; 1505 NBDExport *exp = client->exp; 1506 Error *local_err = NULL; 1507 1508 if (exp) { 1509 nbd_export_get(exp); 1510 QTAILQ_INSERT_TAIL(&exp->clients, client, next); 1511 } 1512 qemu_co_mutex_init(&client->send_lock); 1513 1514 if (nbd_negotiate(client, &local_err)) { 1515 if (local_err) { 1516 error_report_err(local_err); 1517 } 1518 client_close(client, false); 1519 return; 1520 } 1521 1522 nbd_client_receive_next_request(client); 1523 } 1524 1525 /* 1526 * Create a new client listener on the given export @exp, using the 1527 * given channel @sioc. Begin servicing it in a coroutine. When the 1528 * connection closes, call @close_fn with an indication of whether the 1529 * client completed negotiation. 1530 */ 1531 void nbd_client_new(NBDExport *exp, 1532 QIOChannelSocket *sioc, 1533 QCryptoTLSCreds *tlscreds, 1534 const char *tlsaclname, 1535 void (*close_fn)(NBDClient *, bool)) 1536 { 1537 NBDClient *client; 1538 Coroutine *co; 1539 1540 client = g_malloc0(sizeof(NBDClient)); 1541 client->refcount = 1; 1542 client->exp = exp; 1543 client->tlscreds = tlscreds; 1544 if (tlscreds) { 1545 object_ref(OBJECT(client->tlscreds)); 1546 } 1547 client->tlsaclname = g_strdup(tlsaclname); 1548 client->sioc = sioc; 1549 object_ref(OBJECT(client->sioc)); 1550 client->ioc = QIO_CHANNEL(sioc); 1551 object_ref(OBJECT(client->ioc)); 1552 client->close_fn = close_fn; 1553 1554 co = qemu_coroutine_create(nbd_co_client_start, client); 1555 qemu_coroutine_enter(co); 1556 } 1557