1 /* 2 * Copyright (C) 2016 Red Hat, Inc. 3 * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws> 4 * 5 * Network Block Device Server Side 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; under version 2 of the License. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qapi/error.h" 22 #include "nbd-internal.h" 23 24 static int system_errno_to_nbd_errno(int err) 25 { 26 switch (err) { 27 case 0: 28 return NBD_SUCCESS; 29 case EPERM: 30 case EROFS: 31 return NBD_EPERM; 32 case EIO: 33 return NBD_EIO; 34 case ENOMEM: 35 return NBD_ENOMEM; 36 #ifdef EDQUOT 37 case EDQUOT: 38 #endif 39 case EFBIG: 40 case ENOSPC: 41 return NBD_ENOSPC; 42 case ESHUTDOWN: 43 return NBD_ESHUTDOWN; 44 case EINVAL: 45 default: 46 return NBD_EINVAL; 47 } 48 } 49 50 /* Definitions for opaque data types */ 51 52 typedef struct NBDRequestData NBDRequestData; 53 54 struct NBDRequestData { 55 QSIMPLEQ_ENTRY(NBDRequestData) entry; 56 NBDClient *client; 57 uint8_t *data; 58 bool complete; 59 }; 60 61 struct NBDExport { 62 int refcount; 63 void (*close)(NBDExport *exp); 64 65 BlockBackend *blk; 66 char *name; 67 char *description; 68 off_t dev_offset; 69 off_t size; 70 uint16_t nbdflags; 71 QTAILQ_HEAD(, NBDClient) clients; 72 QTAILQ_ENTRY(NBDExport) next; 73 74 AioContext *ctx; 75 76 BlockBackend *eject_notifier_blk; 77 Notifier eject_notifier; 78 }; 79 80 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); 81 82 struct NBDClient { 83 int refcount; 84 void (*close_fn)(NBDClient *client, bool negotiated); 85 86 bool no_zeroes; 87 NBDExport *exp; 88 QCryptoTLSCreds *tlscreds; 89 char *tlsaclname; 90 QIOChannelSocket *sioc; /* The underlying data channel */ 91 QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ 92 93 Coroutine *recv_coroutine; 94 95 CoMutex send_lock; 96 Coroutine *send_coroutine; 97 98 QTAILQ_ENTRY(NBDClient) next; 99 int nb_requests; 100 bool closing; 101 }; 102 103 /* That's all folks */ 104 105 static void nbd_client_receive_next_request(NBDClient *client); 106 107 static gboolean nbd_negotiate_continue(QIOChannel *ioc, 108 GIOCondition condition, 109 void *opaque) 110 { 111 qemu_coroutine_enter(opaque); 112 return TRUE; 113 } 114 115 static int nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size) 116 { 117 ssize_t ret; 118 guint watch; 119 120 assert(qemu_in_coroutine()); 121 /* Negotiation are always in main loop. */ 122 watch = qio_channel_add_watch(ioc, 123 G_IO_IN, 124 nbd_negotiate_continue, 125 qemu_coroutine_self(), 126 NULL); 127 ret = read_sync(ioc, buffer, size, NULL); 128 g_source_remove(watch); 129 return ret; 130 131 } 132 133 static int nbd_negotiate_write(QIOChannel *ioc, const void *buffer, size_t size) 134 { 135 ssize_t ret; 136 guint watch; 137 138 assert(qemu_in_coroutine()); 139 /* Negotiation are always in main loop. */ 140 watch = qio_channel_add_watch(ioc, 141 G_IO_OUT, 142 nbd_negotiate_continue, 143 qemu_coroutine_self(), 144 NULL); 145 ret = write_sync(ioc, buffer, size, NULL); 146 g_source_remove(watch); 147 return ret; 148 } 149 150 static int nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size) 151 { 152 ssize_t ret; 153 uint8_t *buffer = g_malloc(MIN(65536, size)); 154 155 while (size > 0) { 156 size_t count = MIN(65536, size); 157 ret = nbd_negotiate_read(ioc, buffer, count); 158 if (ret < 0) { 159 g_free(buffer); 160 return ret; 161 } 162 163 size -= count; 164 } 165 166 g_free(buffer); 167 return 0; 168 } 169 170 /* Basic flow for negotiation 171 172 Server Client 173 Negotiate 174 175 or 176 177 Server Client 178 Negotiate #1 179 Option 180 Negotiate #2 181 182 ---- 183 184 followed by 185 186 Server Client 187 Request 188 Response 189 Request 190 Response 191 ... 192 ... 193 Request (type == 2) 194 195 */ 196 197 /* Send a reply header, including length, but no payload. 198 * Return -errno on error, 0 on success. */ 199 static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type, 200 uint32_t opt, uint32_t len) 201 { 202 uint64_t magic; 203 204 TRACE("Reply opt=%" PRIx32 " type=%" PRIx32 " len=%" PRIu32, 205 type, opt, len); 206 207 magic = cpu_to_be64(NBD_REP_MAGIC); 208 if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) < 0) { 209 LOG("write failed (rep magic)"); 210 return -EINVAL; 211 } 212 opt = cpu_to_be32(opt); 213 if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) < 0) { 214 LOG("write failed (rep opt)"); 215 return -EINVAL; 216 } 217 type = cpu_to_be32(type); 218 if (nbd_negotiate_write(ioc, &type, sizeof(type)) < 0) { 219 LOG("write failed (rep type)"); 220 return -EINVAL; 221 } 222 len = cpu_to_be32(len); 223 if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) { 224 LOG("write failed (rep data length)"); 225 return -EINVAL; 226 } 227 return 0; 228 } 229 230 /* Send a reply header with default 0 length. 231 * Return -errno on error, 0 on success. */ 232 static int nbd_negotiate_send_rep(QIOChannel *ioc, uint32_t type, uint32_t opt) 233 { 234 return nbd_negotiate_send_rep_len(ioc, type, opt, 0); 235 } 236 237 /* Send an error reply. 238 * Return -errno on error, 0 on success. */ 239 static int GCC_FMT_ATTR(4, 5) 240 nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type, 241 uint32_t opt, const char *fmt, ...) 242 { 243 va_list va; 244 char *msg; 245 int ret; 246 size_t len; 247 248 va_start(va, fmt); 249 msg = g_strdup_vprintf(fmt, va); 250 va_end(va); 251 len = strlen(msg); 252 assert(len < 4096); 253 TRACE("sending error message \"%s\"", msg); 254 ret = nbd_negotiate_send_rep_len(ioc, type, opt, len); 255 if (ret < 0) { 256 goto out; 257 } 258 if (nbd_negotiate_write(ioc, msg, len) < 0) { 259 LOG("write failed (error message)"); 260 ret = -EIO; 261 } else { 262 ret = 0; 263 } 264 out: 265 g_free(msg); 266 return ret; 267 } 268 269 /* Send a single NBD_REP_SERVER reply to NBD_OPT_LIST, including payload. 270 * Return -errno on error, 0 on success. */ 271 static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp) 272 { 273 size_t name_len, desc_len; 274 uint32_t len; 275 const char *name = exp->name ? exp->name : ""; 276 const char *desc = exp->description ? exp->description : ""; 277 int rc; 278 279 TRACE("Advertising export name '%s' description '%s'", name, desc); 280 name_len = strlen(name); 281 desc_len = strlen(desc); 282 len = name_len + desc_len + sizeof(len); 283 rc = nbd_negotiate_send_rep_len(ioc, NBD_REP_SERVER, NBD_OPT_LIST, len); 284 if (rc < 0) { 285 return rc; 286 } 287 288 len = cpu_to_be32(name_len); 289 if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) { 290 LOG("write failed (name length)"); 291 return -EINVAL; 292 } 293 if (nbd_negotiate_write(ioc, name, name_len) < 0) { 294 LOG("write failed (name buffer)"); 295 return -EINVAL; 296 } 297 if (nbd_negotiate_write(ioc, desc, desc_len) < 0) { 298 LOG("write failed (description buffer)"); 299 return -EINVAL; 300 } 301 return 0; 302 } 303 304 /* Process the NBD_OPT_LIST command, with a potential series of replies. 305 * Return -errno on error, 0 on success. */ 306 static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) 307 { 308 NBDExport *exp; 309 310 if (length) { 311 if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { 312 return -EIO; 313 } 314 return nbd_negotiate_send_rep_err(client->ioc, 315 NBD_REP_ERR_INVALID, NBD_OPT_LIST, 316 "OPT_LIST should not have length"); 317 } 318 319 /* For each export, send a NBD_REP_SERVER reply. */ 320 QTAILQ_FOREACH(exp, &exports, next) { 321 if (nbd_negotiate_send_rep_list(client->ioc, exp)) { 322 return -EINVAL; 323 } 324 } 325 /* Finish with a NBD_REP_ACK. */ 326 return nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, NBD_OPT_LIST); 327 } 328 329 static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) 330 { 331 int rc = -EINVAL; 332 char name[NBD_MAX_NAME_SIZE + 1]; 333 334 /* Client sends: 335 [20 .. xx] export name (length bytes) 336 */ 337 TRACE("Checking length"); 338 if (length >= sizeof(name)) { 339 LOG("Bad length received"); 340 goto fail; 341 } 342 if (nbd_negotiate_read(client->ioc, name, length) < 0) { 343 LOG("read failed"); 344 goto fail; 345 } 346 name[length] = '\0'; 347 348 TRACE("Client requested export '%s'", name); 349 350 client->exp = nbd_export_find(name); 351 if (!client->exp) { 352 LOG("export not found"); 353 goto fail; 354 } 355 356 QTAILQ_INSERT_TAIL(&client->exp->clients, client, next); 357 nbd_export_get(client->exp); 358 rc = 0; 359 fail: 360 return rc; 361 } 362 363 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the 364 * new channel for all further (now-encrypted) communication. */ 365 static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, 366 uint32_t length) 367 { 368 QIOChannel *ioc; 369 QIOChannelTLS *tioc; 370 struct NBDTLSHandshakeData data = { 0 }; 371 372 TRACE("Setting up TLS"); 373 ioc = client->ioc; 374 if (length) { 375 if (nbd_negotiate_drop_sync(ioc, length) < 0) { 376 return NULL; 377 } 378 nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS, 379 "OPT_STARTTLS should not have length"); 380 return NULL; 381 } 382 383 if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, 384 NBD_OPT_STARTTLS) < 0) { 385 return NULL; 386 } 387 388 tioc = qio_channel_tls_new_server(ioc, 389 client->tlscreds, 390 client->tlsaclname, 391 NULL); 392 if (!tioc) { 393 return NULL; 394 } 395 396 qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-server-tls"); 397 TRACE("Starting TLS handshake"); 398 data.loop = g_main_loop_new(g_main_context_default(), FALSE); 399 qio_channel_tls_handshake(tioc, 400 nbd_tls_handshake, 401 &data, 402 NULL); 403 404 if (!data.complete) { 405 g_main_loop_run(data.loop); 406 } 407 g_main_loop_unref(data.loop); 408 if (data.error) { 409 object_unref(OBJECT(tioc)); 410 error_free(data.error); 411 return NULL; 412 } 413 414 return QIO_CHANNEL(tioc); 415 } 416 417 418 /* Process all NBD_OPT_* client option commands. 419 * Return -errno on error, 0 on success. */ 420 static int nbd_negotiate_options(NBDClient *client) 421 { 422 uint32_t flags; 423 bool fixedNewstyle = false; 424 425 /* Client sends: 426 [ 0 .. 3] client flags 427 428 [ 0 .. 7] NBD_OPTS_MAGIC 429 [ 8 .. 11] NBD option 430 [12 .. 15] Data length 431 ... Rest of request 432 433 [ 0 .. 7] NBD_OPTS_MAGIC 434 [ 8 .. 11] Second NBD option 435 [12 .. 15] Data length 436 ... Rest of request 437 */ 438 439 if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) < 0) { 440 LOG("read failed"); 441 return -EIO; 442 } 443 TRACE("Checking client flags"); 444 be32_to_cpus(&flags); 445 if (flags & NBD_FLAG_C_FIXED_NEWSTYLE) { 446 TRACE("Client supports fixed newstyle handshake"); 447 fixedNewstyle = true; 448 flags &= ~NBD_FLAG_C_FIXED_NEWSTYLE; 449 } 450 if (flags & NBD_FLAG_C_NO_ZEROES) { 451 TRACE("Client supports no zeroes at handshake end"); 452 client->no_zeroes = true; 453 flags &= ~NBD_FLAG_C_NO_ZEROES; 454 } 455 if (flags != 0) { 456 TRACE("Unknown client flags 0x%" PRIx32 " received", flags); 457 return -EIO; 458 } 459 460 while (1) { 461 int ret; 462 uint32_t clientflags, length; 463 uint64_t magic; 464 465 if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) < 0) { 466 LOG("read failed"); 467 return -EINVAL; 468 } 469 TRACE("Checking opts magic"); 470 if (magic != be64_to_cpu(NBD_OPTS_MAGIC)) { 471 LOG("Bad magic received"); 472 return -EINVAL; 473 } 474 475 if (nbd_negotiate_read(client->ioc, &clientflags, 476 sizeof(clientflags)) < 0) 477 { 478 LOG("read failed"); 479 return -EINVAL; 480 } 481 clientflags = be32_to_cpu(clientflags); 482 483 if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) < 0) { 484 LOG("read failed"); 485 return -EINVAL; 486 } 487 length = be32_to_cpu(length); 488 489 TRACE("Checking option 0x%" PRIx32, clientflags); 490 if (client->tlscreds && 491 client->ioc == (QIOChannel *)client->sioc) { 492 QIOChannel *tioc; 493 if (!fixedNewstyle) { 494 TRACE("Unsupported option 0x%" PRIx32, clientflags); 495 return -EINVAL; 496 } 497 switch (clientflags) { 498 case NBD_OPT_STARTTLS: 499 tioc = nbd_negotiate_handle_starttls(client, length); 500 if (!tioc) { 501 return -EIO; 502 } 503 object_unref(OBJECT(client->ioc)); 504 client->ioc = QIO_CHANNEL(tioc); 505 break; 506 507 case NBD_OPT_EXPORT_NAME: 508 /* No way to return an error to client, so drop connection */ 509 TRACE("Option 0x%x not permitted before TLS", clientflags); 510 return -EINVAL; 511 512 default: 513 if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { 514 return -EIO; 515 } 516 ret = nbd_negotiate_send_rep_err(client->ioc, 517 NBD_REP_ERR_TLS_REQD, 518 clientflags, 519 "Option 0x%" PRIx32 520 "not permitted before TLS", 521 clientflags); 522 if (ret < 0) { 523 return ret; 524 } 525 /* Let the client keep trying, unless they asked to quit */ 526 if (clientflags == NBD_OPT_ABORT) { 527 return -EINVAL; 528 } 529 break; 530 } 531 } else if (fixedNewstyle) { 532 switch (clientflags) { 533 case NBD_OPT_LIST: 534 ret = nbd_negotiate_handle_list(client, length); 535 if (ret < 0) { 536 return ret; 537 } 538 break; 539 540 case NBD_OPT_ABORT: 541 /* NBD spec says we must try to reply before 542 * disconnecting, but that we must also tolerate 543 * guests that don't wait for our reply. */ 544 nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, clientflags); 545 return -EINVAL; 546 547 case NBD_OPT_EXPORT_NAME: 548 return nbd_negotiate_handle_export_name(client, length); 549 550 case NBD_OPT_STARTTLS: 551 if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { 552 return -EIO; 553 } 554 if (client->tlscreds) { 555 ret = nbd_negotiate_send_rep_err(client->ioc, 556 NBD_REP_ERR_INVALID, 557 clientflags, 558 "TLS already enabled"); 559 } else { 560 ret = nbd_negotiate_send_rep_err(client->ioc, 561 NBD_REP_ERR_POLICY, 562 clientflags, 563 "TLS not configured"); 564 } 565 if (ret < 0) { 566 return ret; 567 } 568 break; 569 default: 570 if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { 571 return -EIO; 572 } 573 ret = nbd_negotiate_send_rep_err(client->ioc, 574 NBD_REP_ERR_UNSUP, 575 clientflags, 576 "Unsupported option 0x%" 577 PRIx32, 578 clientflags); 579 if (ret < 0) { 580 return ret; 581 } 582 break; 583 } 584 } else { 585 /* 586 * If broken new-style we should drop the connection 587 * for anything except NBD_OPT_EXPORT_NAME 588 */ 589 switch (clientflags) { 590 case NBD_OPT_EXPORT_NAME: 591 return nbd_negotiate_handle_export_name(client, length); 592 593 default: 594 TRACE("Unsupported option 0x%" PRIx32, clientflags); 595 return -EINVAL; 596 } 597 } 598 } 599 } 600 601 typedef struct { 602 NBDClient *client; 603 Coroutine *co; 604 } NBDClientNewData; 605 606 static coroutine_fn int nbd_negotiate(NBDClientNewData *data) 607 { 608 NBDClient *client = data->client; 609 char buf[8 + 8 + 8 + 128]; 610 int rc; 611 const uint16_t myflags = (NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_TRIM | 612 NBD_FLAG_SEND_FLUSH | NBD_FLAG_SEND_FUA | 613 NBD_FLAG_SEND_WRITE_ZEROES); 614 bool oldStyle; 615 size_t len; 616 617 /* Old style negotiation header without options 618 [ 0 .. 7] passwd ("NBDMAGIC") 619 [ 8 .. 15] magic (NBD_CLIENT_MAGIC) 620 [16 .. 23] size 621 [24 .. 25] server flags (0) 622 [26 .. 27] export flags 623 [28 .. 151] reserved (0) 624 625 New style negotiation header with options 626 [ 0 .. 7] passwd ("NBDMAGIC") 627 [ 8 .. 15] magic (NBD_OPTS_MAGIC) 628 [16 .. 17] server flags (0) 629 ....options sent.... 630 [18 .. 25] size 631 [26 .. 27] export flags 632 [28 .. 151] reserved (0, omit if no_zeroes) 633 */ 634 635 qio_channel_set_blocking(client->ioc, false, NULL); 636 rc = -EINVAL; 637 638 TRACE("Beginning negotiation."); 639 memset(buf, 0, sizeof(buf)); 640 memcpy(buf, "NBDMAGIC", 8); 641 642 oldStyle = client->exp != NULL && !client->tlscreds; 643 if (oldStyle) { 644 TRACE("advertising size %" PRIu64 " and flags %x", 645 client->exp->size, client->exp->nbdflags | myflags); 646 stq_be_p(buf + 8, NBD_CLIENT_MAGIC); 647 stq_be_p(buf + 16, client->exp->size); 648 stw_be_p(buf + 26, client->exp->nbdflags | myflags); 649 } else { 650 stq_be_p(buf + 8, NBD_OPTS_MAGIC); 651 stw_be_p(buf + 16, NBD_FLAG_FIXED_NEWSTYLE | NBD_FLAG_NO_ZEROES); 652 } 653 654 if (oldStyle) { 655 if (client->tlscreds) { 656 TRACE("TLS cannot be enabled with oldstyle protocol"); 657 goto fail; 658 } 659 if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) < 0) { 660 LOG("write failed"); 661 goto fail; 662 } 663 } else { 664 if (nbd_negotiate_write(client->ioc, buf, 18) < 0) { 665 LOG("write failed"); 666 goto fail; 667 } 668 rc = nbd_negotiate_options(client); 669 if (rc != 0) { 670 LOG("option negotiation failed"); 671 goto fail; 672 } 673 674 TRACE("advertising size %" PRIu64 " and flags %x", 675 client->exp->size, client->exp->nbdflags | myflags); 676 stq_be_p(buf + 18, client->exp->size); 677 stw_be_p(buf + 26, client->exp->nbdflags | myflags); 678 len = client->no_zeroes ? 10 : sizeof(buf) - 18; 679 if (nbd_negotiate_write(client->ioc, buf + 18, len) < 0) { 680 LOG("write failed"); 681 goto fail; 682 } 683 } 684 685 TRACE("Negotiation succeeded."); 686 rc = 0; 687 fail: 688 return rc; 689 } 690 691 static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request) 692 { 693 uint8_t buf[NBD_REQUEST_SIZE]; 694 uint32_t magic; 695 ssize_t ret; 696 697 ret = read_sync(ioc, buf, sizeof(buf), NULL); 698 if (ret < 0) { 699 return ret; 700 } 701 702 /* Request 703 [ 0 .. 3] magic (NBD_REQUEST_MAGIC) 704 [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...) 705 [ 6 .. 7] type (NBD_CMD_READ, ...) 706 [ 8 .. 15] handle 707 [16 .. 23] from 708 [24 .. 27] len 709 */ 710 711 magic = ldl_be_p(buf); 712 request->flags = lduw_be_p(buf + 4); 713 request->type = lduw_be_p(buf + 6); 714 request->handle = ldq_be_p(buf + 8); 715 request->from = ldq_be_p(buf + 16); 716 request->len = ldl_be_p(buf + 24); 717 718 TRACE("Got request: { magic = 0x%" PRIx32 ", .flags = %" PRIx16 719 ", .type = %" PRIx16 ", from = %" PRIu64 ", len = %" PRIu32 " }", 720 magic, request->flags, request->type, request->from, request->len); 721 722 if (magic != NBD_REQUEST_MAGIC) { 723 LOG("invalid magic (got 0x%" PRIx32 ")", magic); 724 return -EINVAL; 725 } 726 return 0; 727 } 728 729 static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply) 730 { 731 uint8_t buf[NBD_REPLY_SIZE]; 732 733 reply->error = system_errno_to_nbd_errno(reply->error); 734 735 TRACE("Sending response to client: { .error = %" PRId32 736 ", handle = %" PRIu64 " }", 737 reply->error, reply->handle); 738 739 /* Reply 740 [ 0 .. 3] magic (NBD_REPLY_MAGIC) 741 [ 4 .. 7] error (0 == no error) 742 [ 7 .. 15] handle 743 */ 744 stl_be_p(buf, NBD_REPLY_MAGIC); 745 stl_be_p(buf + 4, reply->error); 746 stq_be_p(buf + 8, reply->handle); 747 748 return write_sync(ioc, buf, sizeof(buf), NULL); 749 } 750 751 #define MAX_NBD_REQUESTS 16 752 753 void nbd_client_get(NBDClient *client) 754 { 755 client->refcount++; 756 } 757 758 void nbd_client_put(NBDClient *client) 759 { 760 if (--client->refcount == 0) { 761 /* The last reference should be dropped by client->close, 762 * which is called by client_close. 763 */ 764 assert(client->closing); 765 766 qio_channel_detach_aio_context(client->ioc); 767 object_unref(OBJECT(client->sioc)); 768 object_unref(OBJECT(client->ioc)); 769 if (client->tlscreds) { 770 object_unref(OBJECT(client->tlscreds)); 771 } 772 g_free(client->tlsaclname); 773 if (client->exp) { 774 QTAILQ_REMOVE(&client->exp->clients, client, next); 775 nbd_export_put(client->exp); 776 } 777 g_free(client); 778 } 779 } 780 781 static void client_close(NBDClient *client, bool negotiated) 782 { 783 if (client->closing) { 784 return; 785 } 786 787 client->closing = true; 788 789 /* Force requests to finish. They will drop their own references, 790 * then we'll close the socket and free the NBDClient. 791 */ 792 qio_channel_shutdown(client->ioc, QIO_CHANNEL_SHUTDOWN_BOTH, 793 NULL); 794 795 /* Also tell the client, so that they release their reference. */ 796 if (client->close_fn) { 797 client->close_fn(client, negotiated); 798 } 799 } 800 801 static NBDRequestData *nbd_request_get(NBDClient *client) 802 { 803 NBDRequestData *req; 804 805 assert(client->nb_requests <= MAX_NBD_REQUESTS - 1); 806 client->nb_requests++; 807 808 req = g_new0(NBDRequestData, 1); 809 nbd_client_get(client); 810 req->client = client; 811 return req; 812 } 813 814 static void nbd_request_put(NBDRequestData *req) 815 { 816 NBDClient *client = req->client; 817 818 if (req->data) { 819 qemu_vfree(req->data); 820 } 821 g_free(req); 822 823 client->nb_requests--; 824 nbd_client_receive_next_request(client); 825 826 nbd_client_put(client); 827 } 828 829 static void blk_aio_attached(AioContext *ctx, void *opaque) 830 { 831 NBDExport *exp = opaque; 832 NBDClient *client; 833 834 TRACE("Export %s: Attaching clients to AIO context %p\n", exp->name, ctx); 835 836 exp->ctx = ctx; 837 838 QTAILQ_FOREACH(client, &exp->clients, next) { 839 qio_channel_attach_aio_context(client->ioc, ctx); 840 if (client->recv_coroutine) { 841 aio_co_schedule(ctx, client->recv_coroutine); 842 } 843 if (client->send_coroutine) { 844 aio_co_schedule(ctx, client->send_coroutine); 845 } 846 } 847 } 848 849 static void blk_aio_detach(void *opaque) 850 { 851 NBDExport *exp = opaque; 852 NBDClient *client; 853 854 TRACE("Export %s: Detaching clients from AIO context %p\n", exp->name, exp->ctx); 855 856 QTAILQ_FOREACH(client, &exp->clients, next) { 857 qio_channel_detach_aio_context(client->ioc); 858 } 859 860 exp->ctx = NULL; 861 } 862 863 static void nbd_eject_notifier(Notifier *n, void *data) 864 { 865 NBDExport *exp = container_of(n, NBDExport, eject_notifier); 866 nbd_export_close(exp); 867 } 868 869 NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size, 870 uint16_t nbdflags, void (*close)(NBDExport *), 871 bool writethrough, BlockBackend *on_eject_blk, 872 Error **errp) 873 { 874 BlockBackend *blk; 875 NBDExport *exp = g_malloc0(sizeof(NBDExport)); 876 uint64_t perm; 877 int ret; 878 879 /* Don't allow resize while the NBD server is running, otherwise we don't 880 * care what happens with the node. */ 881 perm = BLK_PERM_CONSISTENT_READ; 882 if ((nbdflags & NBD_FLAG_READ_ONLY) == 0) { 883 perm |= BLK_PERM_WRITE; 884 } 885 blk = blk_new(perm, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED | 886 BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD); 887 ret = blk_insert_bs(blk, bs, errp); 888 if (ret < 0) { 889 goto fail; 890 } 891 blk_set_enable_write_cache(blk, !writethrough); 892 893 exp->refcount = 1; 894 QTAILQ_INIT(&exp->clients); 895 exp->blk = blk; 896 exp->dev_offset = dev_offset; 897 exp->nbdflags = nbdflags; 898 exp->size = size < 0 ? blk_getlength(blk) : size; 899 if (exp->size < 0) { 900 error_setg_errno(errp, -exp->size, 901 "Failed to determine the NBD export's length"); 902 goto fail; 903 } 904 exp->size -= exp->size % BDRV_SECTOR_SIZE; 905 906 exp->close = close; 907 exp->ctx = blk_get_aio_context(blk); 908 blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp); 909 910 if (on_eject_blk) { 911 blk_ref(on_eject_blk); 912 exp->eject_notifier_blk = on_eject_blk; 913 exp->eject_notifier.notify = nbd_eject_notifier; 914 blk_add_remove_bs_notifier(on_eject_blk, &exp->eject_notifier); 915 } 916 917 /* 918 * NBD exports are used for non-shared storage migration. Make sure 919 * that BDRV_O_INACTIVE is cleared and the image is ready for write 920 * access since the export could be available before migration handover. 921 */ 922 aio_context_acquire(exp->ctx); 923 blk_invalidate_cache(blk, NULL); 924 aio_context_release(exp->ctx); 925 return exp; 926 927 fail: 928 blk_unref(blk); 929 g_free(exp); 930 return NULL; 931 } 932 933 NBDExport *nbd_export_find(const char *name) 934 { 935 NBDExport *exp; 936 QTAILQ_FOREACH(exp, &exports, next) { 937 if (strcmp(name, exp->name) == 0) { 938 return exp; 939 } 940 } 941 942 return NULL; 943 } 944 945 void nbd_export_set_name(NBDExport *exp, const char *name) 946 { 947 if (exp->name == name) { 948 return; 949 } 950 951 nbd_export_get(exp); 952 if (exp->name != NULL) { 953 g_free(exp->name); 954 exp->name = NULL; 955 QTAILQ_REMOVE(&exports, exp, next); 956 nbd_export_put(exp); 957 } 958 if (name != NULL) { 959 nbd_export_get(exp); 960 exp->name = g_strdup(name); 961 QTAILQ_INSERT_TAIL(&exports, exp, next); 962 } 963 nbd_export_put(exp); 964 } 965 966 void nbd_export_set_description(NBDExport *exp, const char *description) 967 { 968 g_free(exp->description); 969 exp->description = g_strdup(description); 970 } 971 972 void nbd_export_close(NBDExport *exp) 973 { 974 NBDClient *client, *next; 975 976 nbd_export_get(exp); 977 QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { 978 client_close(client, true); 979 } 980 nbd_export_set_name(exp, NULL); 981 nbd_export_set_description(exp, NULL); 982 nbd_export_put(exp); 983 } 984 985 void nbd_export_get(NBDExport *exp) 986 { 987 assert(exp->refcount > 0); 988 exp->refcount++; 989 } 990 991 void nbd_export_put(NBDExport *exp) 992 { 993 assert(exp->refcount > 0); 994 if (exp->refcount == 1) { 995 nbd_export_close(exp); 996 } 997 998 if (--exp->refcount == 0) { 999 assert(exp->name == NULL); 1000 assert(exp->description == NULL); 1001 1002 if (exp->close) { 1003 exp->close(exp); 1004 } 1005 1006 if (exp->blk) { 1007 if (exp->eject_notifier_blk) { 1008 notifier_remove(&exp->eject_notifier); 1009 blk_unref(exp->eject_notifier_blk); 1010 } 1011 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, 1012 blk_aio_detach, exp); 1013 blk_unref(exp->blk); 1014 exp->blk = NULL; 1015 } 1016 1017 g_free(exp); 1018 } 1019 } 1020 1021 BlockBackend *nbd_export_get_blockdev(NBDExport *exp) 1022 { 1023 return exp->blk; 1024 } 1025 1026 void nbd_export_close_all(void) 1027 { 1028 NBDExport *exp, *next; 1029 1030 QTAILQ_FOREACH_SAFE(exp, &exports, next, next) { 1031 nbd_export_close(exp); 1032 } 1033 } 1034 1035 static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply, 1036 int len) 1037 { 1038 NBDClient *client = req->client; 1039 ssize_t rc, ret; 1040 1041 g_assert(qemu_in_coroutine()); 1042 qemu_co_mutex_lock(&client->send_lock); 1043 client->send_coroutine = qemu_coroutine_self(); 1044 1045 if (!len) { 1046 rc = nbd_send_reply(client->ioc, reply); 1047 } else { 1048 qio_channel_set_cork(client->ioc, true); 1049 rc = nbd_send_reply(client->ioc, reply); 1050 if (rc >= 0) { 1051 ret = write_sync(client->ioc, req->data, len, NULL); 1052 if (ret < 0) { 1053 rc = -EIO; 1054 } 1055 } 1056 qio_channel_set_cork(client->ioc, false); 1057 } 1058 1059 client->send_coroutine = NULL; 1060 qemu_co_mutex_unlock(&client->send_lock); 1061 return rc; 1062 } 1063 1064 /* Collect a client request. Return 0 if request looks valid, -EAGAIN 1065 * to keep trying the collection, -EIO to drop connection right away, 1066 * and any other negative value to report an error to the client 1067 * (although the caller may still need to disconnect after reporting 1068 * the error). */ 1069 static ssize_t nbd_co_receive_request(NBDRequestData *req, 1070 NBDRequest *request) 1071 { 1072 NBDClient *client = req->client; 1073 ssize_t rc; 1074 1075 g_assert(qemu_in_coroutine()); 1076 assert(client->recv_coroutine == qemu_coroutine_self()); 1077 rc = nbd_receive_request(client->ioc, request); 1078 if (rc < 0) { 1079 if (rc != -EAGAIN) { 1080 rc = -EIO; 1081 } 1082 goto out; 1083 } 1084 1085 TRACE("Decoding type"); 1086 1087 if (request->type != NBD_CMD_WRITE) { 1088 /* No payload, we are ready to read the next request. */ 1089 req->complete = true; 1090 } 1091 1092 if (request->type == NBD_CMD_DISC) { 1093 /* Special case: we're going to disconnect without a reply, 1094 * whether or not flags, from, or len are bogus */ 1095 TRACE("Request type is DISCONNECT"); 1096 rc = -EIO; 1097 goto out; 1098 } 1099 1100 /* Check for sanity in the parameters, part 1. Defer as many 1101 * checks as possible until after reading any NBD_CMD_WRITE 1102 * payload, so we can try and keep the connection alive. */ 1103 if ((request->from + request->len) < request->from) { 1104 LOG("integer overflow detected, you're probably being attacked"); 1105 rc = -EINVAL; 1106 goto out; 1107 } 1108 1109 if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) { 1110 if (request->len > NBD_MAX_BUFFER_SIZE) { 1111 LOG("len (%" PRIu32" ) is larger than max len (%u)", 1112 request->len, NBD_MAX_BUFFER_SIZE); 1113 rc = -EINVAL; 1114 goto out; 1115 } 1116 1117 req->data = blk_try_blockalign(client->exp->blk, request->len); 1118 if (req->data == NULL) { 1119 rc = -ENOMEM; 1120 goto out; 1121 } 1122 } 1123 if (request->type == NBD_CMD_WRITE) { 1124 TRACE("Reading %" PRIu32 " byte(s)", request->len); 1125 1126 if (read_sync(client->ioc, req->data, request->len, NULL) < 0) { 1127 LOG("reading from socket failed"); 1128 rc = -EIO; 1129 goto out; 1130 } 1131 req->complete = true; 1132 } 1133 1134 /* Sanity checks, part 2. */ 1135 if (request->from + request->len > client->exp->size) { 1136 LOG("operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 1137 ", Size: %" PRIu64, request->from, request->len, 1138 (uint64_t)client->exp->size); 1139 rc = request->type == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; 1140 goto out; 1141 } 1142 if (request->flags & ~(NBD_CMD_FLAG_FUA | NBD_CMD_FLAG_NO_HOLE)) { 1143 LOG("unsupported flags (got 0x%x)", request->flags); 1144 rc = -EINVAL; 1145 goto out; 1146 } 1147 if (request->type != NBD_CMD_WRITE_ZEROES && 1148 (request->flags & NBD_CMD_FLAG_NO_HOLE)) { 1149 LOG("unexpected flags (got 0x%x)", request->flags); 1150 rc = -EINVAL; 1151 goto out; 1152 } 1153 1154 rc = 0; 1155 1156 out: 1157 client->recv_coroutine = NULL; 1158 nbd_client_receive_next_request(client); 1159 1160 return rc; 1161 } 1162 1163 /* Owns a reference to the NBDClient passed as opaque. */ 1164 static coroutine_fn void nbd_trip(void *opaque) 1165 { 1166 NBDClient *client = opaque; 1167 NBDExport *exp = client->exp; 1168 NBDRequestData *req; 1169 NBDRequest request = { 0 }; /* GCC thinks it can be used uninitialized */ 1170 NBDReply reply; 1171 ssize_t ret; 1172 int flags; 1173 1174 TRACE("Reading request."); 1175 if (client->closing) { 1176 nbd_client_put(client); 1177 return; 1178 } 1179 1180 req = nbd_request_get(client); 1181 ret = nbd_co_receive_request(req, &request); 1182 if (ret == -EAGAIN) { 1183 goto done; 1184 } 1185 if (ret == -EIO) { 1186 goto out; 1187 } 1188 1189 reply.handle = request.handle; 1190 reply.error = 0; 1191 1192 if (ret < 0) { 1193 reply.error = -ret; 1194 goto error_reply; 1195 } 1196 1197 if (client->closing) { 1198 /* 1199 * The client may be closed when we are blocked in 1200 * nbd_co_receive_request() 1201 */ 1202 goto done; 1203 } 1204 1205 switch (request.type) { 1206 case NBD_CMD_READ: 1207 TRACE("Request type is READ"); 1208 1209 /* XXX: NBD Protocol only documents use of FUA with WRITE */ 1210 if (request.flags & NBD_CMD_FLAG_FUA) { 1211 ret = blk_co_flush(exp->blk); 1212 if (ret < 0) { 1213 LOG("flush failed"); 1214 reply.error = -ret; 1215 goto error_reply; 1216 } 1217 } 1218 1219 ret = blk_pread(exp->blk, request.from + exp->dev_offset, 1220 req->data, request.len); 1221 if (ret < 0) { 1222 LOG("reading from file failed"); 1223 reply.error = -ret; 1224 goto error_reply; 1225 } 1226 1227 TRACE("Read %" PRIu32" byte(s)", request.len); 1228 if (nbd_co_send_reply(req, &reply, request.len) < 0) 1229 goto out; 1230 break; 1231 case NBD_CMD_WRITE: 1232 TRACE("Request type is WRITE"); 1233 1234 if (exp->nbdflags & NBD_FLAG_READ_ONLY) { 1235 TRACE("Server is read-only, return error"); 1236 reply.error = EROFS; 1237 goto error_reply; 1238 } 1239 1240 TRACE("Writing to device"); 1241 1242 flags = 0; 1243 if (request.flags & NBD_CMD_FLAG_FUA) { 1244 flags |= BDRV_REQ_FUA; 1245 } 1246 ret = blk_pwrite(exp->blk, request.from + exp->dev_offset, 1247 req->data, request.len, flags); 1248 if (ret < 0) { 1249 LOG("writing to file failed"); 1250 reply.error = -ret; 1251 goto error_reply; 1252 } 1253 1254 if (nbd_co_send_reply(req, &reply, 0) < 0) { 1255 goto out; 1256 } 1257 break; 1258 1259 case NBD_CMD_WRITE_ZEROES: 1260 TRACE("Request type is WRITE_ZEROES"); 1261 1262 if (exp->nbdflags & NBD_FLAG_READ_ONLY) { 1263 TRACE("Server is read-only, return error"); 1264 reply.error = EROFS; 1265 goto error_reply; 1266 } 1267 1268 TRACE("Writing to device"); 1269 1270 flags = 0; 1271 if (request.flags & NBD_CMD_FLAG_FUA) { 1272 flags |= BDRV_REQ_FUA; 1273 } 1274 if (!(request.flags & NBD_CMD_FLAG_NO_HOLE)) { 1275 flags |= BDRV_REQ_MAY_UNMAP; 1276 } 1277 ret = blk_pwrite_zeroes(exp->blk, request.from + exp->dev_offset, 1278 request.len, flags); 1279 if (ret < 0) { 1280 LOG("writing to file failed"); 1281 reply.error = -ret; 1282 goto error_reply; 1283 } 1284 1285 if (nbd_co_send_reply(req, &reply, 0) < 0) { 1286 goto out; 1287 } 1288 break; 1289 1290 case NBD_CMD_DISC: 1291 /* unreachable, thanks to special case in nbd_co_receive_request() */ 1292 abort(); 1293 1294 case NBD_CMD_FLUSH: 1295 TRACE("Request type is FLUSH"); 1296 1297 ret = blk_co_flush(exp->blk); 1298 if (ret < 0) { 1299 LOG("flush failed"); 1300 reply.error = -ret; 1301 } 1302 if (nbd_co_send_reply(req, &reply, 0) < 0) { 1303 goto out; 1304 } 1305 break; 1306 case NBD_CMD_TRIM: 1307 TRACE("Request type is TRIM"); 1308 ret = blk_co_pdiscard(exp->blk, request.from + exp->dev_offset, 1309 request.len); 1310 if (ret < 0) { 1311 LOG("discard failed"); 1312 reply.error = -ret; 1313 } 1314 if (nbd_co_send_reply(req, &reply, 0) < 0) { 1315 goto out; 1316 } 1317 break; 1318 default: 1319 LOG("invalid request type (%" PRIu32 ") received", request.type); 1320 reply.error = EINVAL; 1321 error_reply: 1322 /* We must disconnect after NBD_CMD_WRITE if we did not 1323 * read the payload. 1324 */ 1325 if (nbd_co_send_reply(req, &reply, 0) < 0 || !req->complete) { 1326 goto out; 1327 } 1328 break; 1329 } 1330 1331 TRACE("Request/Reply complete"); 1332 1333 done: 1334 nbd_request_put(req); 1335 nbd_client_put(client); 1336 return; 1337 1338 out: 1339 nbd_request_put(req); 1340 client_close(client, true); 1341 nbd_client_put(client); 1342 } 1343 1344 static void nbd_client_receive_next_request(NBDClient *client) 1345 { 1346 if (!client->recv_coroutine && client->nb_requests < MAX_NBD_REQUESTS) { 1347 nbd_client_get(client); 1348 client->recv_coroutine = qemu_coroutine_create(nbd_trip, client); 1349 aio_co_schedule(client->exp->ctx, client->recv_coroutine); 1350 } 1351 } 1352 1353 static coroutine_fn void nbd_co_client_start(void *opaque) 1354 { 1355 NBDClientNewData *data = opaque; 1356 NBDClient *client = data->client; 1357 NBDExport *exp = client->exp; 1358 1359 if (exp) { 1360 nbd_export_get(exp); 1361 QTAILQ_INSERT_TAIL(&exp->clients, client, next); 1362 } 1363 qemu_co_mutex_init(&client->send_lock); 1364 1365 if (nbd_negotiate(data)) { 1366 client_close(client, false); 1367 goto out; 1368 } 1369 1370 nbd_client_receive_next_request(client); 1371 1372 out: 1373 g_free(data); 1374 } 1375 1376 /* 1377 * Create a new client listener on the given export @exp, using the 1378 * given channel @sioc. Begin servicing it in a coroutine. When the 1379 * connection closes, call @close_fn with an indication of whether the 1380 * client completed negotiation. 1381 */ 1382 void nbd_client_new(NBDExport *exp, 1383 QIOChannelSocket *sioc, 1384 QCryptoTLSCreds *tlscreds, 1385 const char *tlsaclname, 1386 void (*close_fn)(NBDClient *, bool)) 1387 { 1388 NBDClient *client; 1389 NBDClientNewData *data = g_new(NBDClientNewData, 1); 1390 1391 client = g_malloc0(sizeof(NBDClient)); 1392 client->refcount = 1; 1393 client->exp = exp; 1394 client->tlscreds = tlscreds; 1395 if (tlscreds) { 1396 object_ref(OBJECT(client->tlscreds)); 1397 } 1398 client->tlsaclname = g_strdup(tlsaclname); 1399 client->sioc = sioc; 1400 object_ref(OBJECT(client->sioc)); 1401 client->ioc = QIO_CHANNEL(sioc); 1402 object_ref(OBJECT(client->ioc)); 1403 client->close_fn = close_fn; 1404 1405 data->client = client; 1406 data->co = qemu_coroutine_create(nbd_co_client_start, data); 1407 qemu_coroutine_enter(data->co); 1408 } 1409