1 /* 2 * Copyright (C) 2016-2018 Red Hat, Inc. 3 * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws> 4 * 5 * Network Block Device Server Side 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; under version 2 of the License. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qapi/error.h" 22 #include "trace.h" 23 #include "nbd-internal.h" 24 25 #define NBD_META_ID_BASE_ALLOCATION 0 26 27 static int system_errno_to_nbd_errno(int err) 28 { 29 switch (err) { 30 case 0: 31 return NBD_SUCCESS; 32 case EPERM: 33 case EROFS: 34 return NBD_EPERM; 35 case EIO: 36 return NBD_EIO; 37 case ENOMEM: 38 return NBD_ENOMEM; 39 #ifdef EDQUOT 40 case EDQUOT: 41 #endif 42 case EFBIG: 43 case ENOSPC: 44 return NBD_ENOSPC; 45 case EOVERFLOW: 46 return NBD_EOVERFLOW; 47 case ESHUTDOWN: 48 return NBD_ESHUTDOWN; 49 case EINVAL: 50 default: 51 return NBD_EINVAL; 52 } 53 } 54 55 /* Definitions for opaque data types */ 56 57 typedef struct NBDRequestData NBDRequestData; 58 59 struct NBDRequestData { 60 QSIMPLEQ_ENTRY(NBDRequestData) entry; 61 NBDClient *client; 62 uint8_t *data; 63 bool complete; 64 }; 65 66 struct NBDExport { 67 int refcount; 68 void (*close)(NBDExport *exp); 69 70 BlockBackend *blk; 71 char *name; 72 char *description; 73 off_t dev_offset; 74 off_t size; 75 uint16_t nbdflags; 76 QTAILQ_HEAD(, NBDClient) clients; 77 QTAILQ_ENTRY(NBDExport) next; 78 79 AioContext *ctx; 80 81 BlockBackend *eject_notifier_blk; 82 Notifier eject_notifier; 83 }; 84 85 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); 86 87 /* NBDExportMetaContexts represents a list of contexts to be exported, 88 * as selected by NBD_OPT_SET_META_CONTEXT. Also used for 89 * NBD_OPT_LIST_META_CONTEXT. */ 90 typedef struct NBDExportMetaContexts { 91 char export_name[NBD_MAX_NAME_SIZE + 1]; 92 bool valid; /* means that negotiation of the option finished without 93 errors */ 94 bool base_allocation; /* export base:allocation context (block status) */ 95 } NBDExportMetaContexts; 96 97 struct NBDClient { 98 int refcount; 99 void (*close_fn)(NBDClient *client, bool negotiated); 100 101 NBDExport *exp; 102 QCryptoTLSCreds *tlscreds; 103 char *tlsaclname; 104 QIOChannelSocket *sioc; /* The underlying data channel */ 105 QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ 106 107 Coroutine *recv_coroutine; 108 109 CoMutex send_lock; 110 Coroutine *send_coroutine; 111 112 QTAILQ_ENTRY(NBDClient) next; 113 int nb_requests; 114 bool closing; 115 116 bool structured_reply; 117 NBDExportMetaContexts export_meta; 118 119 uint32_t opt; /* Current option being negotiated */ 120 uint32_t optlen; /* remaining length of data in ioc for the option being 121 negotiated now */ 122 }; 123 124 static void nbd_client_receive_next_request(NBDClient *client); 125 126 /* Basic flow for negotiation 127 128 Server Client 129 Negotiate 130 131 or 132 133 Server Client 134 Negotiate #1 135 Option 136 Negotiate #2 137 138 ---- 139 140 followed by 141 142 Server Client 143 Request 144 Response 145 Request 146 Response 147 ... 148 ... 149 Request (type == 2) 150 151 */ 152 153 static inline void set_be_option_rep(NBDOptionReply *rep, uint32_t option, 154 uint32_t type, uint32_t length) 155 { 156 stq_be_p(&rep->magic, NBD_REP_MAGIC); 157 stl_be_p(&rep->option, option); 158 stl_be_p(&rep->type, type); 159 stl_be_p(&rep->length, length); 160 } 161 162 /* Send a reply header, including length, but no payload. 163 * Return -errno on error, 0 on success. */ 164 static int nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type, 165 uint32_t len, Error **errp) 166 { 167 NBDOptionReply rep; 168 169 trace_nbd_negotiate_send_rep_len(client->opt, nbd_opt_lookup(client->opt), 170 type, nbd_rep_lookup(type), len); 171 172 assert(len < NBD_MAX_BUFFER_SIZE); 173 174 set_be_option_rep(&rep, client->opt, type, len); 175 return nbd_write(client->ioc, &rep, sizeof(rep), errp); 176 } 177 178 /* Send a reply header with default 0 length. 179 * Return -errno on error, 0 on success. */ 180 static int nbd_negotiate_send_rep(NBDClient *client, uint32_t type, 181 Error **errp) 182 { 183 return nbd_negotiate_send_rep_len(client, type, 0, errp); 184 } 185 186 /* Send an error reply. 187 * Return -errno on error, 0 on success. */ 188 static int GCC_FMT_ATTR(4, 0) 189 nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type, 190 Error **errp, const char *fmt, va_list va) 191 { 192 char *msg; 193 int ret; 194 size_t len; 195 196 msg = g_strdup_vprintf(fmt, va); 197 len = strlen(msg); 198 assert(len < 4096); 199 trace_nbd_negotiate_send_rep_err(msg); 200 ret = nbd_negotiate_send_rep_len(client, type, len, errp); 201 if (ret < 0) { 202 goto out; 203 } 204 if (nbd_write(client->ioc, msg, len, errp) < 0) { 205 error_prepend(errp, "write failed (error message): "); 206 ret = -EIO; 207 } else { 208 ret = 0; 209 } 210 211 out: 212 g_free(msg); 213 return ret; 214 } 215 216 /* Send an error reply. 217 * Return -errno on error, 0 on success. */ 218 static int GCC_FMT_ATTR(4, 5) 219 nbd_negotiate_send_rep_err(NBDClient *client, uint32_t type, 220 Error **errp, const char *fmt, ...) 221 { 222 va_list va; 223 int ret; 224 225 va_start(va, fmt); 226 ret = nbd_negotiate_send_rep_verr(client, type, errp, fmt, va); 227 va_end(va); 228 return ret; 229 } 230 231 /* Drop remainder of the current option, and send a reply with the 232 * given error type and message. Return -errno on read or write 233 * failure; or 0 if connection is still live. */ 234 static int GCC_FMT_ATTR(4, 0) 235 nbd_opt_vdrop(NBDClient *client, uint32_t type, Error **errp, 236 const char *fmt, va_list va) 237 { 238 int ret = nbd_drop(client->ioc, client->optlen, errp); 239 240 client->optlen = 0; 241 if (!ret) { 242 ret = nbd_negotiate_send_rep_verr(client, type, errp, fmt, va); 243 } 244 return ret; 245 } 246 247 static int GCC_FMT_ATTR(4, 5) 248 nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp, 249 const char *fmt, ...) 250 { 251 int ret; 252 va_list va; 253 254 va_start(va, fmt); 255 ret = nbd_opt_vdrop(client, type, errp, fmt, va); 256 va_end(va); 257 258 return ret; 259 } 260 261 static int GCC_FMT_ATTR(3, 4) 262 nbd_opt_invalid(NBDClient *client, Error **errp, const char *fmt, ...) 263 { 264 int ret; 265 va_list va; 266 267 va_start(va, fmt); 268 ret = nbd_opt_vdrop(client, NBD_REP_ERR_INVALID, errp, fmt, va); 269 va_end(va); 270 271 return ret; 272 } 273 274 /* Read size bytes from the unparsed payload of the current option. 275 * Return -errno on I/O error, 0 if option was completely handled by 276 * sending a reply about inconsistent lengths, or 1 on success. */ 277 static int nbd_opt_read(NBDClient *client, void *buffer, size_t size, 278 Error **errp) 279 { 280 if (size > client->optlen) { 281 return nbd_opt_invalid(client, errp, 282 "Inconsistent lengths in option %s", 283 nbd_opt_lookup(client->opt)); 284 } 285 client->optlen -= size; 286 return qio_channel_read_all(client->ioc, buffer, size, errp) < 0 ? -EIO : 1; 287 } 288 289 /* Drop size bytes from the unparsed payload of the current option. 290 * Return -errno on I/O error, 0 if option was completely handled by 291 * sending a reply about inconsistent lengths, or 1 on success. */ 292 static int nbd_opt_skip(NBDClient *client, size_t size, Error **errp) 293 { 294 if (size > client->optlen) { 295 return nbd_opt_invalid(client, errp, 296 "Inconsistent lengths in option %s", 297 nbd_opt_lookup(client->opt)); 298 } 299 client->optlen -= size; 300 return nbd_drop(client->ioc, size, errp) < 0 ? -EIO : 1; 301 } 302 303 /* nbd_opt_read_name 304 * 305 * Read a string with the format: 306 * uint32_t len (<= NBD_MAX_NAME_SIZE) 307 * len bytes string (not 0-terminated) 308 * 309 * @name should be enough to store NBD_MAX_NAME_SIZE+1. 310 * If @length is non-null, it will be set to the actual string length. 311 * 312 * Return -errno on I/O error, 0 if option was completely handled by 313 * sending a reply about inconsistent lengths, or 1 on success. 314 */ 315 static int nbd_opt_read_name(NBDClient *client, char *name, uint32_t *length, 316 Error **errp) 317 { 318 int ret; 319 uint32_t len; 320 321 ret = nbd_opt_read(client, &len, sizeof(len), errp); 322 if (ret <= 0) { 323 return ret; 324 } 325 cpu_to_be32s(&len); 326 327 if (len > NBD_MAX_NAME_SIZE) { 328 return nbd_opt_invalid(client, errp, 329 "Invalid name length: %" PRIu32, len); 330 } 331 332 ret = nbd_opt_read(client, name, len, errp); 333 if (ret <= 0) { 334 return ret; 335 } 336 name[len] = '\0'; 337 338 if (length) { 339 *length = len; 340 } 341 342 return 1; 343 } 344 345 /* Send a single NBD_REP_SERVER reply to NBD_OPT_LIST, including payload. 346 * Return -errno on error, 0 on success. */ 347 static int nbd_negotiate_send_rep_list(NBDClient *client, NBDExport *exp, 348 Error **errp) 349 { 350 size_t name_len, desc_len; 351 uint32_t len; 352 const char *name = exp->name ? exp->name : ""; 353 const char *desc = exp->description ? exp->description : ""; 354 QIOChannel *ioc = client->ioc; 355 int ret; 356 357 trace_nbd_negotiate_send_rep_list(name, desc); 358 name_len = strlen(name); 359 desc_len = strlen(desc); 360 len = name_len + desc_len + sizeof(len); 361 ret = nbd_negotiate_send_rep_len(client, NBD_REP_SERVER, len, errp); 362 if (ret < 0) { 363 return ret; 364 } 365 366 len = cpu_to_be32(name_len); 367 if (nbd_write(ioc, &len, sizeof(len), errp) < 0) { 368 error_prepend(errp, "write failed (name length): "); 369 return -EINVAL; 370 } 371 372 if (nbd_write(ioc, name, name_len, errp) < 0) { 373 error_prepend(errp, "write failed (name buffer): "); 374 return -EINVAL; 375 } 376 377 if (nbd_write(ioc, desc, desc_len, errp) < 0) { 378 error_prepend(errp, "write failed (description buffer): "); 379 return -EINVAL; 380 } 381 382 return 0; 383 } 384 385 /* Process the NBD_OPT_LIST command, with a potential series of replies. 386 * Return -errno on error, 0 on success. */ 387 static int nbd_negotiate_handle_list(NBDClient *client, Error **errp) 388 { 389 NBDExport *exp; 390 assert(client->opt == NBD_OPT_LIST); 391 392 /* For each export, send a NBD_REP_SERVER reply. */ 393 QTAILQ_FOREACH(exp, &exports, next) { 394 if (nbd_negotiate_send_rep_list(client, exp, errp)) { 395 return -EINVAL; 396 } 397 } 398 /* Finish with a NBD_REP_ACK. */ 399 return nbd_negotiate_send_rep(client, NBD_REP_ACK, errp); 400 } 401 402 static void nbd_check_meta_export_name(NBDClient *client) 403 { 404 client->export_meta.valid &= !strcmp(client->exp->name, 405 client->export_meta.export_name); 406 } 407 408 /* Send a reply to NBD_OPT_EXPORT_NAME. 409 * Return -errno on error, 0 on success. */ 410 static int nbd_negotiate_handle_export_name(NBDClient *client, 411 uint16_t myflags, bool no_zeroes, 412 Error **errp) 413 { 414 char name[NBD_MAX_NAME_SIZE + 1]; 415 char buf[NBD_REPLY_EXPORT_NAME_SIZE] = ""; 416 size_t len; 417 int ret; 418 419 /* Client sends: 420 [20 .. xx] export name (length bytes) 421 Server replies: 422 [ 0 .. 7] size 423 [ 8 .. 9] export flags 424 [10 .. 133] reserved (0) [unless no_zeroes] 425 */ 426 trace_nbd_negotiate_handle_export_name(); 427 if (client->optlen >= sizeof(name)) { 428 error_setg(errp, "Bad length received"); 429 return -EINVAL; 430 } 431 if (nbd_read(client->ioc, name, client->optlen, errp) < 0) { 432 error_prepend(errp, "read failed: "); 433 return -EIO; 434 } 435 name[client->optlen] = '\0'; 436 client->optlen = 0; 437 438 trace_nbd_negotiate_handle_export_name_request(name); 439 440 client->exp = nbd_export_find(name); 441 if (!client->exp) { 442 error_setg(errp, "export not found"); 443 return -EINVAL; 444 } 445 446 trace_nbd_negotiate_new_style_size_flags(client->exp->size, 447 client->exp->nbdflags | myflags); 448 stq_be_p(buf, client->exp->size); 449 stw_be_p(buf + 8, client->exp->nbdflags | myflags); 450 len = no_zeroes ? 10 : sizeof(buf); 451 ret = nbd_write(client->ioc, buf, len, errp); 452 if (ret < 0) { 453 error_prepend(errp, "write failed: "); 454 return ret; 455 } 456 457 QTAILQ_INSERT_TAIL(&client->exp->clients, client, next); 458 nbd_export_get(client->exp); 459 nbd_check_meta_export_name(client); 460 461 return 0; 462 } 463 464 /* Send a single NBD_REP_INFO, with a buffer @buf of @length bytes. 465 * The buffer does NOT include the info type prefix. 466 * Return -errno on error, 0 if ready to send more. */ 467 static int nbd_negotiate_send_info(NBDClient *client, 468 uint16_t info, uint32_t length, void *buf, 469 Error **errp) 470 { 471 int rc; 472 473 trace_nbd_negotiate_send_info(info, nbd_info_lookup(info), length); 474 rc = nbd_negotiate_send_rep_len(client, NBD_REP_INFO, 475 sizeof(info) + length, errp); 476 if (rc < 0) { 477 return rc; 478 } 479 cpu_to_be16s(&info); 480 if (nbd_write(client->ioc, &info, sizeof(info), errp) < 0) { 481 return -EIO; 482 } 483 if (nbd_write(client->ioc, buf, length, errp) < 0) { 484 return -EIO; 485 } 486 return 0; 487 } 488 489 /* nbd_reject_length: Handle any unexpected payload. 490 * @fatal requests that we quit talking to the client, even if we are able 491 * to successfully send an error reply. 492 * Return: 493 * -errno transmission error occurred or @fatal was requested, errp is set 494 * 0 error message successfully sent to client, errp is not set 495 */ 496 static int nbd_reject_length(NBDClient *client, bool fatal, Error **errp) 497 { 498 int ret; 499 500 assert(client->optlen); 501 ret = nbd_opt_invalid(client, errp, "option '%s' has unexpected length", 502 nbd_opt_lookup(client->opt)); 503 if (fatal && !ret) { 504 error_setg(errp, "option '%s' has unexpected length", 505 nbd_opt_lookup(client->opt)); 506 return -EINVAL; 507 } 508 return ret; 509 } 510 511 /* Handle NBD_OPT_INFO and NBD_OPT_GO. 512 * Return -errno on error, 0 if ready for next option, and 1 to move 513 * into transmission phase. */ 514 static int nbd_negotiate_handle_info(NBDClient *client, uint16_t myflags, 515 Error **errp) 516 { 517 int rc; 518 char name[NBD_MAX_NAME_SIZE + 1]; 519 NBDExport *exp; 520 uint16_t requests; 521 uint16_t request; 522 uint32_t namelen; 523 bool sendname = false; 524 bool blocksize = false; 525 uint32_t sizes[3]; 526 char buf[sizeof(uint64_t) + sizeof(uint16_t)]; 527 528 /* Client sends: 529 4 bytes: L, name length (can be 0) 530 L bytes: export name 531 2 bytes: N, number of requests (can be 0) 532 N * 2 bytes: N requests 533 */ 534 rc = nbd_opt_read_name(client, name, &namelen, errp); 535 if (rc <= 0) { 536 return rc; 537 } 538 trace_nbd_negotiate_handle_export_name_request(name); 539 540 rc = nbd_opt_read(client, &requests, sizeof(requests), errp); 541 if (rc <= 0) { 542 return rc; 543 } 544 be16_to_cpus(&requests); 545 trace_nbd_negotiate_handle_info_requests(requests); 546 while (requests--) { 547 rc = nbd_opt_read(client, &request, sizeof(request), errp); 548 if (rc <= 0) { 549 return rc; 550 } 551 be16_to_cpus(&request); 552 trace_nbd_negotiate_handle_info_request(request, 553 nbd_info_lookup(request)); 554 /* We care about NBD_INFO_NAME and NBD_INFO_BLOCK_SIZE; 555 * everything else is either a request we don't know or 556 * something we send regardless of request */ 557 switch (request) { 558 case NBD_INFO_NAME: 559 sendname = true; 560 break; 561 case NBD_INFO_BLOCK_SIZE: 562 blocksize = true; 563 break; 564 } 565 } 566 if (client->optlen) { 567 return nbd_reject_length(client, false, errp); 568 } 569 570 exp = nbd_export_find(name); 571 if (!exp) { 572 return nbd_negotiate_send_rep_err(client, NBD_REP_ERR_UNKNOWN, 573 errp, "export '%s' not present", 574 name); 575 } 576 577 /* Don't bother sending NBD_INFO_NAME unless client requested it */ 578 if (sendname) { 579 rc = nbd_negotiate_send_info(client, NBD_INFO_NAME, namelen, name, 580 errp); 581 if (rc < 0) { 582 return rc; 583 } 584 } 585 586 /* Send NBD_INFO_DESCRIPTION only if available, regardless of 587 * client request */ 588 if (exp->description) { 589 size_t len = strlen(exp->description); 590 591 rc = nbd_negotiate_send_info(client, NBD_INFO_DESCRIPTION, 592 len, exp->description, errp); 593 if (rc < 0) { 594 return rc; 595 } 596 } 597 598 /* Send NBD_INFO_BLOCK_SIZE always, but tweak the minimum size 599 * according to whether the client requested it, and according to 600 * whether this is OPT_INFO or OPT_GO. */ 601 /* minimum - 1 for back-compat, or 512 if client is new enough. 602 * TODO: consult blk_bs(blk)->bl.request_alignment? */ 603 sizes[0] = 604 (client->opt == NBD_OPT_INFO || blocksize) ? BDRV_SECTOR_SIZE : 1; 605 /* preferred - Hard-code to 4096 for now. 606 * TODO: is blk_bs(blk)->bl.opt_transfer appropriate? */ 607 sizes[1] = 4096; 608 /* maximum - At most 32M, but smaller as appropriate. */ 609 sizes[2] = MIN(blk_get_max_transfer(exp->blk), NBD_MAX_BUFFER_SIZE); 610 trace_nbd_negotiate_handle_info_block_size(sizes[0], sizes[1], sizes[2]); 611 cpu_to_be32s(&sizes[0]); 612 cpu_to_be32s(&sizes[1]); 613 cpu_to_be32s(&sizes[2]); 614 rc = nbd_negotiate_send_info(client, NBD_INFO_BLOCK_SIZE, 615 sizeof(sizes), sizes, errp); 616 if (rc < 0) { 617 return rc; 618 } 619 620 /* Send NBD_INFO_EXPORT always */ 621 trace_nbd_negotiate_new_style_size_flags(exp->size, 622 exp->nbdflags | myflags); 623 stq_be_p(buf, exp->size); 624 stw_be_p(buf + 8, exp->nbdflags | myflags); 625 rc = nbd_negotiate_send_info(client, NBD_INFO_EXPORT, 626 sizeof(buf), buf, errp); 627 if (rc < 0) { 628 return rc; 629 } 630 631 /* If the client is just asking for NBD_OPT_INFO, but forgot to 632 * request block sizes, return an error. 633 * TODO: consult blk_bs(blk)->request_align, and only error if it 634 * is not 1? */ 635 if (client->opt == NBD_OPT_INFO && !blocksize) { 636 return nbd_negotiate_send_rep_err(client, 637 NBD_REP_ERR_BLOCK_SIZE_REQD, 638 errp, 639 "request NBD_INFO_BLOCK_SIZE to " 640 "use this export"); 641 } 642 643 /* Final reply */ 644 rc = nbd_negotiate_send_rep(client, NBD_REP_ACK, errp); 645 if (rc < 0) { 646 return rc; 647 } 648 649 if (client->opt == NBD_OPT_GO) { 650 client->exp = exp; 651 QTAILQ_INSERT_TAIL(&client->exp->clients, client, next); 652 nbd_export_get(client->exp); 653 nbd_check_meta_export_name(client); 654 rc = 1; 655 } 656 return rc; 657 } 658 659 660 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the 661 * new channel for all further (now-encrypted) communication. */ 662 static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, 663 Error **errp) 664 { 665 QIOChannel *ioc; 666 QIOChannelTLS *tioc; 667 struct NBDTLSHandshakeData data = { 0 }; 668 669 assert(client->opt == NBD_OPT_STARTTLS); 670 671 trace_nbd_negotiate_handle_starttls(); 672 ioc = client->ioc; 673 674 if (nbd_negotiate_send_rep(client, NBD_REP_ACK, errp) < 0) { 675 return NULL; 676 } 677 678 tioc = qio_channel_tls_new_server(ioc, 679 client->tlscreds, 680 client->tlsaclname, 681 errp); 682 if (!tioc) { 683 return NULL; 684 } 685 686 qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-server-tls"); 687 trace_nbd_negotiate_handle_starttls_handshake(); 688 data.loop = g_main_loop_new(g_main_context_default(), FALSE); 689 qio_channel_tls_handshake(tioc, 690 nbd_tls_handshake, 691 &data, 692 NULL, 693 NULL); 694 695 if (!data.complete) { 696 g_main_loop_run(data.loop); 697 } 698 g_main_loop_unref(data.loop); 699 if (data.error) { 700 object_unref(OBJECT(tioc)); 701 error_propagate(errp, data.error); 702 return NULL; 703 } 704 705 return QIO_CHANNEL(tioc); 706 } 707 708 /* nbd_negotiate_send_meta_context 709 * 710 * Send one chunk of reply to NBD_OPT_{LIST,SET}_META_CONTEXT 711 * 712 * For NBD_OPT_LIST_META_CONTEXT @context_id is ignored, 0 is used instead. 713 */ 714 static int nbd_negotiate_send_meta_context(NBDClient *client, 715 const char *context, 716 uint32_t context_id, 717 Error **errp) 718 { 719 NBDOptionReplyMetaContext opt; 720 struct iovec iov[] = { 721 {.iov_base = &opt, .iov_len = sizeof(opt)}, 722 {.iov_base = (void *)context, .iov_len = strlen(context)} 723 }; 724 725 if (client->opt == NBD_OPT_LIST_META_CONTEXT) { 726 context_id = 0; 727 } 728 729 set_be_option_rep(&opt.h, client->opt, NBD_REP_META_CONTEXT, 730 sizeof(opt) - sizeof(opt.h) + iov[1].iov_len); 731 stl_be_p(&opt.context_id, context_id); 732 733 return qio_channel_writev_all(client->ioc, iov, 2, errp) < 0 ? -EIO : 0; 734 } 735 736 /* nbd_meta_base_query 737 * 738 * Handle query to 'base' namespace. For now, only base:allocation context is 739 * available in it. 'len' is the amount of text remaining to be read from 740 * the current name, after the 'base:' portion has been stripped. 741 * 742 * Return -errno on I/O error, 0 if option was completely handled by 743 * sending a reply about inconsistent lengths, or 1 on success. */ 744 static int nbd_meta_base_query(NBDClient *client, NBDExportMetaContexts *meta, 745 uint32_t len, Error **errp) 746 { 747 int ret; 748 char query[sizeof("allocation") - 1]; 749 size_t alen = strlen("allocation"); 750 751 if (len == 0) { 752 if (client->opt == NBD_OPT_LIST_META_CONTEXT) { 753 meta->base_allocation = true; 754 } 755 return 1; 756 } 757 758 if (len != alen) { 759 return nbd_opt_skip(client, len, errp); 760 } 761 762 ret = nbd_opt_read(client, query, len, errp); 763 if (ret <= 0) { 764 return ret; 765 } 766 767 if (strncmp(query, "allocation", alen) == 0) { 768 meta->base_allocation = true; 769 } 770 771 return 1; 772 } 773 774 /* nbd_negotiate_meta_query 775 * 776 * Parse namespace name and call corresponding function to parse body of the 777 * query. 778 * 779 * The only supported namespace now is 'base'. 780 * 781 * The function aims not wasting time and memory to read long unknown namespace 782 * names. 783 * 784 * Return -errno on I/O error, 0 if option was completely handled by 785 * sending a reply about inconsistent lengths, or 1 on success. */ 786 static int nbd_negotiate_meta_query(NBDClient *client, 787 NBDExportMetaContexts *meta, Error **errp) 788 { 789 int ret; 790 char query[sizeof("base:") - 1]; 791 size_t baselen = strlen("base:"); 792 uint32_t len; 793 794 ret = nbd_opt_read(client, &len, sizeof(len), errp); 795 if (ret <= 0) { 796 return ret; 797 } 798 cpu_to_be32s(&len); 799 800 /* The only supported namespace for now is 'base'. So query should start 801 * with 'base:'. Otherwise, we can ignore it and skip the remainder. */ 802 if (len < baselen) { 803 return nbd_opt_skip(client, len, errp); 804 } 805 806 len -= baselen; 807 ret = nbd_opt_read(client, query, baselen, errp); 808 if (ret <= 0) { 809 return ret; 810 } 811 if (strncmp(query, "base:", baselen) != 0) { 812 return nbd_opt_skip(client, len, errp); 813 } 814 815 return nbd_meta_base_query(client, meta, len, errp); 816 } 817 818 /* nbd_negotiate_meta_queries 819 * Handle NBD_OPT_LIST_META_CONTEXT and NBD_OPT_SET_META_CONTEXT 820 * 821 * Return -errno on I/O error, or 0 if option was completely handled. */ 822 static int nbd_negotiate_meta_queries(NBDClient *client, 823 NBDExportMetaContexts *meta, Error **errp) 824 { 825 int ret; 826 NBDExport *exp; 827 NBDExportMetaContexts local_meta; 828 uint32_t nb_queries; 829 int i; 830 831 if (!client->structured_reply) { 832 return nbd_opt_invalid(client, errp, 833 "request option '%s' when structured reply " 834 "is not negotiated", 835 nbd_opt_lookup(client->opt)); 836 } 837 838 if (client->opt == NBD_OPT_LIST_META_CONTEXT) { 839 /* Only change the caller's meta on SET. */ 840 meta = &local_meta; 841 } 842 843 memset(meta, 0, sizeof(*meta)); 844 845 ret = nbd_opt_read_name(client, meta->export_name, NULL, errp); 846 if (ret <= 0) { 847 return ret; 848 } 849 850 exp = nbd_export_find(meta->export_name); 851 if (exp == NULL) { 852 return nbd_opt_drop(client, NBD_REP_ERR_UNKNOWN, errp, 853 "export '%s' not present", meta->export_name); 854 } 855 856 ret = nbd_opt_read(client, &nb_queries, sizeof(nb_queries), errp); 857 if (ret <= 0) { 858 return ret; 859 } 860 cpu_to_be32s(&nb_queries); 861 862 if (client->opt == NBD_OPT_LIST_META_CONTEXT && !nb_queries) { 863 /* enable all known contexts */ 864 meta->base_allocation = true; 865 } else { 866 for (i = 0; i < nb_queries; ++i) { 867 ret = nbd_negotiate_meta_query(client, meta, errp); 868 if (ret <= 0) { 869 return ret; 870 } 871 } 872 } 873 874 if (meta->base_allocation) { 875 ret = nbd_negotiate_send_meta_context(client, "base:allocation", 876 NBD_META_ID_BASE_ALLOCATION, 877 errp); 878 if (ret < 0) { 879 return ret; 880 } 881 } 882 883 ret = nbd_negotiate_send_rep(client, NBD_REP_ACK, errp); 884 if (ret == 0) { 885 meta->valid = true; 886 } 887 888 return ret; 889 } 890 891 /* nbd_negotiate_options 892 * Process all NBD_OPT_* client option commands, during fixed newstyle 893 * negotiation. 894 * Return: 895 * -errno on error, errp is set 896 * 0 on successful negotiation, errp is not set 897 * 1 if client sent NBD_OPT_ABORT, i.e. on valid disconnect, 898 * errp is not set 899 */ 900 static int nbd_negotiate_options(NBDClient *client, uint16_t myflags, 901 Error **errp) 902 { 903 uint32_t flags; 904 bool fixedNewstyle = false; 905 bool no_zeroes = false; 906 907 /* Client sends: 908 [ 0 .. 3] client flags 909 910 Then we loop until NBD_OPT_EXPORT_NAME or NBD_OPT_GO: 911 [ 0 .. 7] NBD_OPTS_MAGIC 912 [ 8 .. 11] NBD option 913 [12 .. 15] Data length 914 ... Rest of request 915 916 [ 0 .. 7] NBD_OPTS_MAGIC 917 [ 8 .. 11] Second NBD option 918 [12 .. 15] Data length 919 ... Rest of request 920 */ 921 922 if (nbd_read(client->ioc, &flags, sizeof(flags), errp) < 0) { 923 error_prepend(errp, "read failed: "); 924 return -EIO; 925 } 926 be32_to_cpus(&flags); 927 trace_nbd_negotiate_options_flags(flags); 928 if (flags & NBD_FLAG_C_FIXED_NEWSTYLE) { 929 fixedNewstyle = true; 930 flags &= ~NBD_FLAG_C_FIXED_NEWSTYLE; 931 } 932 if (flags & NBD_FLAG_C_NO_ZEROES) { 933 no_zeroes = true; 934 flags &= ~NBD_FLAG_C_NO_ZEROES; 935 } 936 if (flags != 0) { 937 error_setg(errp, "Unknown client flags 0x%" PRIx32 " received", flags); 938 return -EINVAL; 939 } 940 941 while (1) { 942 int ret; 943 uint32_t option, length; 944 uint64_t magic; 945 946 if (nbd_read(client->ioc, &magic, sizeof(magic), errp) < 0) { 947 error_prepend(errp, "read failed: "); 948 return -EINVAL; 949 } 950 magic = be64_to_cpu(magic); 951 trace_nbd_negotiate_options_check_magic(magic); 952 if (magic != NBD_OPTS_MAGIC) { 953 error_setg(errp, "Bad magic received"); 954 return -EINVAL; 955 } 956 957 if (nbd_read(client->ioc, &option, 958 sizeof(option), errp) < 0) { 959 error_prepend(errp, "read failed: "); 960 return -EINVAL; 961 } 962 option = be32_to_cpu(option); 963 client->opt = option; 964 965 if (nbd_read(client->ioc, &length, sizeof(length), errp) < 0) { 966 error_prepend(errp, "read failed: "); 967 return -EINVAL; 968 } 969 length = be32_to_cpu(length); 970 assert(!client->optlen); 971 client->optlen = length; 972 973 if (length > NBD_MAX_BUFFER_SIZE) { 974 error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", 975 length, NBD_MAX_BUFFER_SIZE); 976 return -EINVAL; 977 } 978 979 trace_nbd_negotiate_options_check_option(option, 980 nbd_opt_lookup(option)); 981 if (client->tlscreds && 982 client->ioc == (QIOChannel *)client->sioc) { 983 QIOChannel *tioc; 984 if (!fixedNewstyle) { 985 error_setg(errp, "Unsupported option 0x%" PRIx32, option); 986 return -EINVAL; 987 } 988 switch (option) { 989 case NBD_OPT_STARTTLS: 990 if (length) { 991 /* Unconditionally drop the connection if the client 992 * can't start a TLS negotiation correctly */ 993 return nbd_reject_length(client, true, errp); 994 } 995 tioc = nbd_negotiate_handle_starttls(client, errp); 996 if (!tioc) { 997 return -EIO; 998 } 999 ret = 0; 1000 object_unref(OBJECT(client->ioc)); 1001 client->ioc = QIO_CHANNEL(tioc); 1002 break; 1003 1004 case NBD_OPT_EXPORT_NAME: 1005 /* No way to return an error to client, so drop connection */ 1006 error_setg(errp, "Option 0x%x not permitted before TLS", 1007 option); 1008 return -EINVAL; 1009 1010 default: 1011 ret = nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD, errp, 1012 "Option 0x%" PRIx32 1013 "not permitted before TLS", option); 1014 /* Let the client keep trying, unless they asked to 1015 * quit. In this mode, we've already sent an error, so 1016 * we can't ack the abort. */ 1017 if (option == NBD_OPT_ABORT) { 1018 return 1; 1019 } 1020 break; 1021 } 1022 } else if (fixedNewstyle) { 1023 switch (option) { 1024 case NBD_OPT_LIST: 1025 if (length) { 1026 ret = nbd_reject_length(client, false, errp); 1027 } else { 1028 ret = nbd_negotiate_handle_list(client, errp); 1029 } 1030 break; 1031 1032 case NBD_OPT_ABORT: 1033 /* NBD spec says we must try to reply before 1034 * disconnecting, but that we must also tolerate 1035 * guests that don't wait for our reply. */ 1036 nbd_negotiate_send_rep(client, NBD_REP_ACK, NULL); 1037 return 1; 1038 1039 case NBD_OPT_EXPORT_NAME: 1040 return nbd_negotiate_handle_export_name(client, 1041 myflags, no_zeroes, 1042 errp); 1043 1044 case NBD_OPT_INFO: 1045 case NBD_OPT_GO: 1046 ret = nbd_negotiate_handle_info(client, myflags, errp); 1047 if (ret == 1) { 1048 assert(option == NBD_OPT_GO); 1049 return 0; 1050 } 1051 break; 1052 1053 case NBD_OPT_STARTTLS: 1054 if (length) { 1055 ret = nbd_reject_length(client, false, errp); 1056 } else if (client->tlscreds) { 1057 ret = nbd_negotiate_send_rep_err(client, 1058 NBD_REP_ERR_INVALID, errp, 1059 "TLS already enabled"); 1060 } else { 1061 ret = nbd_negotiate_send_rep_err(client, 1062 NBD_REP_ERR_POLICY, errp, 1063 "TLS not configured"); 1064 } 1065 break; 1066 1067 case NBD_OPT_STRUCTURED_REPLY: 1068 if (length) { 1069 ret = nbd_reject_length(client, false, errp); 1070 } else if (client->structured_reply) { 1071 ret = nbd_negotiate_send_rep_err( 1072 client, NBD_REP_ERR_INVALID, errp, 1073 "structured reply already negotiated"); 1074 } else { 1075 ret = nbd_negotiate_send_rep(client, NBD_REP_ACK, errp); 1076 client->structured_reply = true; 1077 myflags |= NBD_FLAG_SEND_DF; 1078 } 1079 break; 1080 1081 case NBD_OPT_LIST_META_CONTEXT: 1082 case NBD_OPT_SET_META_CONTEXT: 1083 ret = nbd_negotiate_meta_queries(client, &client->export_meta, 1084 errp); 1085 break; 1086 1087 default: 1088 ret = nbd_opt_drop(client, NBD_REP_ERR_UNSUP, errp, 1089 "Unsupported option %" PRIu32 " (%s)", 1090 option, nbd_opt_lookup(option)); 1091 break; 1092 } 1093 } else { 1094 /* 1095 * If broken new-style we should drop the connection 1096 * for anything except NBD_OPT_EXPORT_NAME 1097 */ 1098 switch (option) { 1099 case NBD_OPT_EXPORT_NAME: 1100 return nbd_negotiate_handle_export_name(client, 1101 myflags, no_zeroes, 1102 errp); 1103 1104 default: 1105 error_setg(errp, "Unsupported option %" PRIu32 " (%s)", 1106 option, nbd_opt_lookup(option)); 1107 return -EINVAL; 1108 } 1109 } 1110 if (ret < 0) { 1111 return ret; 1112 } 1113 } 1114 } 1115 1116 /* nbd_negotiate 1117 * Return: 1118 * -errno on error, errp is set 1119 * 0 on successful negotiation, errp is not set 1120 * 1 if client sent NBD_OPT_ABORT, i.e. on valid disconnect, 1121 * errp is not set 1122 */ 1123 static coroutine_fn int nbd_negotiate(NBDClient *client, Error **errp) 1124 { 1125 char buf[NBD_OLDSTYLE_NEGOTIATE_SIZE] = ""; 1126 int ret; 1127 const uint16_t myflags = (NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_TRIM | 1128 NBD_FLAG_SEND_FLUSH | NBD_FLAG_SEND_FUA | 1129 NBD_FLAG_SEND_WRITE_ZEROES); 1130 bool oldStyle; 1131 1132 /* Old style negotiation header, no room for options 1133 [ 0 .. 7] passwd ("NBDMAGIC") 1134 [ 8 .. 15] magic (NBD_CLIENT_MAGIC) 1135 [16 .. 23] size 1136 [24 .. 27] export flags (zero-extended) 1137 [28 .. 151] reserved (0) 1138 1139 New style negotiation header, client can send options 1140 [ 0 .. 7] passwd ("NBDMAGIC") 1141 [ 8 .. 15] magic (NBD_OPTS_MAGIC) 1142 [16 .. 17] server flags (0) 1143 ....options sent, ending in NBD_OPT_EXPORT_NAME or NBD_OPT_GO.... 1144 */ 1145 1146 qio_channel_set_blocking(client->ioc, false, NULL); 1147 1148 trace_nbd_negotiate_begin(); 1149 memcpy(buf, "NBDMAGIC", 8); 1150 1151 oldStyle = client->exp != NULL && !client->tlscreds; 1152 if (oldStyle) { 1153 trace_nbd_negotiate_old_style(client->exp->size, 1154 client->exp->nbdflags | myflags); 1155 stq_be_p(buf + 8, NBD_CLIENT_MAGIC); 1156 stq_be_p(buf + 16, client->exp->size); 1157 stl_be_p(buf + 24, client->exp->nbdflags | myflags); 1158 1159 if (nbd_write(client->ioc, buf, sizeof(buf), errp) < 0) { 1160 error_prepend(errp, "write failed: "); 1161 return -EINVAL; 1162 } 1163 } else { 1164 stq_be_p(buf + 8, NBD_OPTS_MAGIC); 1165 stw_be_p(buf + 16, NBD_FLAG_FIXED_NEWSTYLE | NBD_FLAG_NO_ZEROES); 1166 1167 if (nbd_write(client->ioc, buf, 18, errp) < 0) { 1168 error_prepend(errp, "write failed: "); 1169 return -EINVAL; 1170 } 1171 ret = nbd_negotiate_options(client, myflags, errp); 1172 if (ret != 0) { 1173 if (ret < 0) { 1174 error_prepend(errp, "option negotiation failed: "); 1175 } 1176 return ret; 1177 } 1178 } 1179 1180 assert(!client->optlen); 1181 trace_nbd_negotiate_success(); 1182 1183 return 0; 1184 } 1185 1186 static int nbd_receive_request(QIOChannel *ioc, NBDRequest *request, 1187 Error **errp) 1188 { 1189 uint8_t buf[NBD_REQUEST_SIZE]; 1190 uint32_t magic; 1191 int ret; 1192 1193 ret = nbd_read(ioc, buf, sizeof(buf), errp); 1194 if (ret < 0) { 1195 return ret; 1196 } 1197 1198 /* Request 1199 [ 0 .. 3] magic (NBD_REQUEST_MAGIC) 1200 [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...) 1201 [ 6 .. 7] type (NBD_CMD_READ, ...) 1202 [ 8 .. 15] handle 1203 [16 .. 23] from 1204 [24 .. 27] len 1205 */ 1206 1207 magic = ldl_be_p(buf); 1208 request->flags = lduw_be_p(buf + 4); 1209 request->type = lduw_be_p(buf + 6); 1210 request->handle = ldq_be_p(buf + 8); 1211 request->from = ldq_be_p(buf + 16); 1212 request->len = ldl_be_p(buf + 24); 1213 1214 trace_nbd_receive_request(magic, request->flags, request->type, 1215 request->from, request->len); 1216 1217 if (magic != NBD_REQUEST_MAGIC) { 1218 error_setg(errp, "invalid magic (got 0x%" PRIx32 ")", magic); 1219 return -EINVAL; 1220 } 1221 return 0; 1222 } 1223 1224 #define MAX_NBD_REQUESTS 16 1225 1226 void nbd_client_get(NBDClient *client) 1227 { 1228 client->refcount++; 1229 } 1230 1231 void nbd_client_put(NBDClient *client) 1232 { 1233 if (--client->refcount == 0) { 1234 /* The last reference should be dropped by client->close, 1235 * which is called by client_close. 1236 */ 1237 assert(client->closing); 1238 1239 qio_channel_detach_aio_context(client->ioc); 1240 object_unref(OBJECT(client->sioc)); 1241 object_unref(OBJECT(client->ioc)); 1242 if (client->tlscreds) { 1243 object_unref(OBJECT(client->tlscreds)); 1244 } 1245 g_free(client->tlsaclname); 1246 if (client->exp) { 1247 QTAILQ_REMOVE(&client->exp->clients, client, next); 1248 nbd_export_put(client->exp); 1249 } 1250 g_free(client); 1251 } 1252 } 1253 1254 static void client_close(NBDClient *client, bool negotiated) 1255 { 1256 if (client->closing) { 1257 return; 1258 } 1259 1260 client->closing = true; 1261 1262 /* Force requests to finish. They will drop their own references, 1263 * then we'll close the socket and free the NBDClient. 1264 */ 1265 qio_channel_shutdown(client->ioc, QIO_CHANNEL_SHUTDOWN_BOTH, 1266 NULL); 1267 1268 /* Also tell the client, so that they release their reference. */ 1269 if (client->close_fn) { 1270 client->close_fn(client, negotiated); 1271 } 1272 } 1273 1274 static NBDRequestData *nbd_request_get(NBDClient *client) 1275 { 1276 NBDRequestData *req; 1277 1278 assert(client->nb_requests <= MAX_NBD_REQUESTS - 1); 1279 client->nb_requests++; 1280 1281 req = g_new0(NBDRequestData, 1); 1282 nbd_client_get(client); 1283 req->client = client; 1284 return req; 1285 } 1286 1287 static void nbd_request_put(NBDRequestData *req) 1288 { 1289 NBDClient *client = req->client; 1290 1291 if (req->data) { 1292 qemu_vfree(req->data); 1293 } 1294 g_free(req); 1295 1296 client->nb_requests--; 1297 nbd_client_receive_next_request(client); 1298 1299 nbd_client_put(client); 1300 } 1301 1302 static void blk_aio_attached(AioContext *ctx, void *opaque) 1303 { 1304 NBDExport *exp = opaque; 1305 NBDClient *client; 1306 1307 trace_nbd_blk_aio_attached(exp->name, ctx); 1308 1309 exp->ctx = ctx; 1310 1311 QTAILQ_FOREACH(client, &exp->clients, next) { 1312 qio_channel_attach_aio_context(client->ioc, ctx); 1313 if (client->recv_coroutine) { 1314 aio_co_schedule(ctx, client->recv_coroutine); 1315 } 1316 if (client->send_coroutine) { 1317 aio_co_schedule(ctx, client->send_coroutine); 1318 } 1319 } 1320 } 1321 1322 static void blk_aio_detach(void *opaque) 1323 { 1324 NBDExport *exp = opaque; 1325 NBDClient *client; 1326 1327 trace_nbd_blk_aio_detach(exp->name, exp->ctx); 1328 1329 QTAILQ_FOREACH(client, &exp->clients, next) { 1330 qio_channel_detach_aio_context(client->ioc); 1331 } 1332 1333 exp->ctx = NULL; 1334 } 1335 1336 static void nbd_eject_notifier(Notifier *n, void *data) 1337 { 1338 NBDExport *exp = container_of(n, NBDExport, eject_notifier); 1339 nbd_export_close(exp); 1340 } 1341 1342 NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size, 1343 uint16_t nbdflags, void (*close)(NBDExport *), 1344 bool writethrough, BlockBackend *on_eject_blk, 1345 Error **errp) 1346 { 1347 AioContext *ctx; 1348 BlockBackend *blk; 1349 NBDExport *exp = g_new0(NBDExport, 1); 1350 uint64_t perm; 1351 int ret; 1352 1353 /* 1354 * NBD exports are used for non-shared storage migration. Make sure 1355 * that BDRV_O_INACTIVE is cleared and the image is ready for write 1356 * access since the export could be available before migration handover. 1357 */ 1358 ctx = bdrv_get_aio_context(bs); 1359 aio_context_acquire(ctx); 1360 bdrv_invalidate_cache(bs, NULL); 1361 aio_context_release(ctx); 1362 1363 /* Don't allow resize while the NBD server is running, otherwise we don't 1364 * care what happens with the node. */ 1365 perm = BLK_PERM_CONSISTENT_READ; 1366 if ((nbdflags & NBD_FLAG_READ_ONLY) == 0) { 1367 perm |= BLK_PERM_WRITE; 1368 } 1369 blk = blk_new(perm, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED | 1370 BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD); 1371 ret = blk_insert_bs(blk, bs, errp); 1372 if (ret < 0) { 1373 goto fail; 1374 } 1375 blk_set_enable_write_cache(blk, !writethrough); 1376 1377 exp->refcount = 1; 1378 QTAILQ_INIT(&exp->clients); 1379 exp->blk = blk; 1380 exp->dev_offset = dev_offset; 1381 exp->nbdflags = nbdflags; 1382 exp->size = size < 0 ? blk_getlength(blk) : size; 1383 if (exp->size < 0) { 1384 error_setg_errno(errp, -exp->size, 1385 "Failed to determine the NBD export's length"); 1386 goto fail; 1387 } 1388 exp->size -= exp->size % BDRV_SECTOR_SIZE; 1389 1390 exp->close = close; 1391 exp->ctx = blk_get_aio_context(blk); 1392 blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp); 1393 1394 if (on_eject_blk) { 1395 blk_ref(on_eject_blk); 1396 exp->eject_notifier_blk = on_eject_blk; 1397 exp->eject_notifier.notify = nbd_eject_notifier; 1398 blk_add_remove_bs_notifier(on_eject_blk, &exp->eject_notifier); 1399 } 1400 return exp; 1401 1402 fail: 1403 blk_unref(blk); 1404 g_free(exp); 1405 return NULL; 1406 } 1407 1408 NBDExport *nbd_export_find(const char *name) 1409 { 1410 NBDExport *exp; 1411 QTAILQ_FOREACH(exp, &exports, next) { 1412 if (strcmp(name, exp->name) == 0) { 1413 return exp; 1414 } 1415 } 1416 1417 return NULL; 1418 } 1419 1420 void nbd_export_set_name(NBDExport *exp, const char *name) 1421 { 1422 if (exp->name == name) { 1423 return; 1424 } 1425 1426 nbd_export_get(exp); 1427 if (exp->name != NULL) { 1428 g_free(exp->name); 1429 exp->name = NULL; 1430 QTAILQ_REMOVE(&exports, exp, next); 1431 nbd_export_put(exp); 1432 } 1433 if (name != NULL) { 1434 nbd_export_get(exp); 1435 exp->name = g_strdup(name); 1436 QTAILQ_INSERT_TAIL(&exports, exp, next); 1437 } 1438 nbd_export_put(exp); 1439 } 1440 1441 void nbd_export_set_description(NBDExport *exp, const char *description) 1442 { 1443 g_free(exp->description); 1444 exp->description = g_strdup(description); 1445 } 1446 1447 void nbd_export_close(NBDExport *exp) 1448 { 1449 NBDClient *client, *next; 1450 1451 nbd_export_get(exp); 1452 QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { 1453 client_close(client, true); 1454 } 1455 nbd_export_set_name(exp, NULL); 1456 nbd_export_set_description(exp, NULL); 1457 nbd_export_put(exp); 1458 } 1459 1460 void nbd_export_remove(NBDExport *exp, NbdServerRemoveMode mode, Error **errp) 1461 { 1462 if (mode == NBD_SERVER_REMOVE_MODE_HARD || QTAILQ_EMPTY(&exp->clients)) { 1463 nbd_export_close(exp); 1464 return; 1465 } 1466 1467 assert(mode == NBD_SERVER_REMOVE_MODE_SAFE); 1468 1469 error_setg(errp, "export '%s' still in use", exp->name); 1470 error_append_hint(errp, "Use mode='hard' to force client disconnect\n"); 1471 } 1472 1473 void nbd_export_get(NBDExport *exp) 1474 { 1475 assert(exp->refcount > 0); 1476 exp->refcount++; 1477 } 1478 1479 void nbd_export_put(NBDExport *exp) 1480 { 1481 assert(exp->refcount > 0); 1482 if (exp->refcount == 1) { 1483 nbd_export_close(exp); 1484 } 1485 1486 /* nbd_export_close() may theoretically reduce refcount to 0. It may happen 1487 * if someone calls nbd_export_put() on named export not through 1488 * nbd_export_set_name() when refcount is 1. So, let's assert that 1489 * it is > 0. 1490 */ 1491 assert(exp->refcount > 0); 1492 if (--exp->refcount == 0) { 1493 assert(exp->name == NULL); 1494 assert(exp->description == NULL); 1495 1496 if (exp->close) { 1497 exp->close(exp); 1498 } 1499 1500 if (exp->blk) { 1501 if (exp->eject_notifier_blk) { 1502 notifier_remove(&exp->eject_notifier); 1503 blk_unref(exp->eject_notifier_blk); 1504 } 1505 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, 1506 blk_aio_detach, exp); 1507 blk_unref(exp->blk); 1508 exp->blk = NULL; 1509 } 1510 1511 g_free(exp); 1512 } 1513 } 1514 1515 BlockBackend *nbd_export_get_blockdev(NBDExport *exp) 1516 { 1517 return exp->blk; 1518 } 1519 1520 void nbd_export_close_all(void) 1521 { 1522 NBDExport *exp, *next; 1523 1524 QTAILQ_FOREACH_SAFE(exp, &exports, next, next) { 1525 nbd_export_close(exp); 1526 } 1527 } 1528 1529 static int coroutine_fn nbd_co_send_iov(NBDClient *client, struct iovec *iov, 1530 unsigned niov, Error **errp) 1531 { 1532 int ret; 1533 1534 g_assert(qemu_in_coroutine()); 1535 qemu_co_mutex_lock(&client->send_lock); 1536 client->send_coroutine = qemu_coroutine_self(); 1537 1538 ret = qio_channel_writev_all(client->ioc, iov, niov, errp) < 0 ? -EIO : 0; 1539 1540 client->send_coroutine = NULL; 1541 qemu_co_mutex_unlock(&client->send_lock); 1542 1543 return ret; 1544 } 1545 1546 static inline void set_be_simple_reply(NBDSimpleReply *reply, uint64_t error, 1547 uint64_t handle) 1548 { 1549 stl_be_p(&reply->magic, NBD_SIMPLE_REPLY_MAGIC); 1550 stl_be_p(&reply->error, error); 1551 stq_be_p(&reply->handle, handle); 1552 } 1553 1554 static int nbd_co_send_simple_reply(NBDClient *client, 1555 uint64_t handle, 1556 uint32_t error, 1557 void *data, 1558 size_t len, 1559 Error **errp) 1560 { 1561 NBDSimpleReply reply; 1562 int nbd_err = system_errno_to_nbd_errno(error); 1563 struct iovec iov[] = { 1564 {.iov_base = &reply, .iov_len = sizeof(reply)}, 1565 {.iov_base = data, .iov_len = len} 1566 }; 1567 1568 trace_nbd_co_send_simple_reply(handle, nbd_err, nbd_err_lookup(nbd_err), 1569 len); 1570 set_be_simple_reply(&reply, nbd_err, handle); 1571 1572 return nbd_co_send_iov(client, iov, len ? 2 : 1, errp); 1573 } 1574 1575 static inline void set_be_chunk(NBDStructuredReplyChunk *chunk, uint16_t flags, 1576 uint16_t type, uint64_t handle, uint32_t length) 1577 { 1578 stl_be_p(&chunk->magic, NBD_STRUCTURED_REPLY_MAGIC); 1579 stw_be_p(&chunk->flags, flags); 1580 stw_be_p(&chunk->type, type); 1581 stq_be_p(&chunk->handle, handle); 1582 stl_be_p(&chunk->length, length); 1583 } 1584 1585 static int coroutine_fn nbd_co_send_structured_done(NBDClient *client, 1586 uint64_t handle, 1587 Error **errp) 1588 { 1589 NBDStructuredReplyChunk chunk; 1590 struct iovec iov[] = { 1591 {.iov_base = &chunk, .iov_len = sizeof(chunk)}, 1592 }; 1593 1594 trace_nbd_co_send_structured_done(handle); 1595 set_be_chunk(&chunk, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_NONE, handle, 0); 1596 1597 return nbd_co_send_iov(client, iov, 1, errp); 1598 } 1599 1600 static int coroutine_fn nbd_co_send_structured_read(NBDClient *client, 1601 uint64_t handle, 1602 uint64_t offset, 1603 void *data, 1604 size_t size, 1605 bool final, 1606 Error **errp) 1607 { 1608 NBDStructuredReadData chunk; 1609 struct iovec iov[] = { 1610 {.iov_base = &chunk, .iov_len = sizeof(chunk)}, 1611 {.iov_base = data, .iov_len = size} 1612 }; 1613 1614 assert(size); 1615 trace_nbd_co_send_structured_read(handle, offset, data, size); 1616 set_be_chunk(&chunk.h, final ? NBD_REPLY_FLAG_DONE : 0, 1617 NBD_REPLY_TYPE_OFFSET_DATA, handle, 1618 sizeof(chunk) - sizeof(chunk.h) + size); 1619 stq_be_p(&chunk.offset, offset); 1620 1621 return nbd_co_send_iov(client, iov, 2, errp); 1622 } 1623 1624 static int coroutine_fn nbd_co_send_structured_error(NBDClient *client, 1625 uint64_t handle, 1626 uint32_t error, 1627 const char *msg, 1628 Error **errp) 1629 { 1630 NBDStructuredError chunk; 1631 int nbd_err = system_errno_to_nbd_errno(error); 1632 struct iovec iov[] = { 1633 {.iov_base = &chunk, .iov_len = sizeof(chunk)}, 1634 {.iov_base = (char *)msg, .iov_len = msg ? strlen(msg) : 0}, 1635 }; 1636 1637 assert(nbd_err); 1638 trace_nbd_co_send_structured_error(handle, nbd_err, 1639 nbd_err_lookup(nbd_err), msg ? msg : ""); 1640 set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle, 1641 sizeof(chunk) - sizeof(chunk.h) + iov[1].iov_len); 1642 stl_be_p(&chunk.error, nbd_err); 1643 stw_be_p(&chunk.message_length, iov[1].iov_len); 1644 1645 return nbd_co_send_iov(client, iov, 1 + !!iov[1].iov_len, errp); 1646 } 1647 1648 /* Do a sparse read and send the structured reply to the client. 1649 * Returns -errno if sending fails. bdrv_block_status_above() failure is 1650 * reported to the client, at which point this function succeeds. 1651 */ 1652 static int coroutine_fn nbd_co_send_sparse_read(NBDClient *client, 1653 uint64_t handle, 1654 uint64_t offset, 1655 uint8_t *data, 1656 size_t size, 1657 Error **errp) 1658 { 1659 int ret = 0; 1660 NBDExport *exp = client->exp; 1661 size_t progress = 0; 1662 1663 while (progress < size) { 1664 int64_t pnum; 1665 int status = bdrv_block_status_above(blk_bs(exp->blk), NULL, 1666 offset + progress, 1667 size - progress, &pnum, NULL, 1668 NULL); 1669 bool final; 1670 1671 if (status < 0) { 1672 char *msg = g_strdup_printf("unable to check for holes: %s", 1673 strerror(-status)); 1674 1675 ret = nbd_co_send_structured_error(client, handle, -status, msg, 1676 errp); 1677 g_free(msg); 1678 return ret; 1679 } 1680 assert(pnum && pnum <= size - progress); 1681 final = progress + pnum == size; 1682 if (status & BDRV_BLOCK_ZERO) { 1683 NBDStructuredReadHole chunk; 1684 struct iovec iov[] = { 1685 {.iov_base = &chunk, .iov_len = sizeof(chunk)}, 1686 }; 1687 1688 trace_nbd_co_send_structured_read_hole(handle, offset + progress, 1689 pnum); 1690 set_be_chunk(&chunk.h, final ? NBD_REPLY_FLAG_DONE : 0, 1691 NBD_REPLY_TYPE_OFFSET_HOLE, 1692 handle, sizeof(chunk) - sizeof(chunk.h)); 1693 stq_be_p(&chunk.offset, offset + progress); 1694 stl_be_p(&chunk.length, pnum); 1695 ret = nbd_co_send_iov(client, iov, 1, errp); 1696 } else { 1697 ret = blk_pread(exp->blk, offset + progress + exp->dev_offset, 1698 data + progress, pnum); 1699 if (ret < 0) { 1700 error_setg_errno(errp, -ret, "reading from file failed"); 1701 break; 1702 } 1703 ret = nbd_co_send_structured_read(client, handle, offset + progress, 1704 data + progress, pnum, final, 1705 errp); 1706 } 1707 1708 if (ret < 0) { 1709 break; 1710 } 1711 progress += pnum; 1712 } 1713 return ret; 1714 } 1715 1716 static int blockstatus_to_extent_be(BlockDriverState *bs, uint64_t offset, 1717 uint64_t bytes, NBDExtent *extent) 1718 { 1719 uint64_t remaining_bytes = bytes; 1720 1721 while (remaining_bytes) { 1722 uint32_t flags; 1723 int64_t num; 1724 int ret = bdrv_block_status_above(bs, NULL, offset, remaining_bytes, 1725 &num, NULL, NULL); 1726 if (ret < 0) { 1727 return ret; 1728 } 1729 1730 flags = (ret & BDRV_BLOCK_ALLOCATED ? 0 : NBD_STATE_HOLE) | 1731 (ret & BDRV_BLOCK_ZERO ? NBD_STATE_ZERO : 0); 1732 1733 if (remaining_bytes == bytes) { 1734 extent->flags = flags; 1735 } 1736 1737 if (flags != extent->flags) { 1738 break; 1739 } 1740 1741 offset += num; 1742 remaining_bytes -= num; 1743 } 1744 1745 cpu_to_be32s(&extent->flags); 1746 extent->length = cpu_to_be32(bytes - remaining_bytes); 1747 1748 return 0; 1749 } 1750 1751 /* nbd_co_send_extents 1752 * @extents should be in big-endian */ 1753 static int nbd_co_send_extents(NBDClient *client, uint64_t handle, 1754 NBDExtent *extents, unsigned nb_extents, 1755 uint32_t context_id, Error **errp) 1756 { 1757 NBDStructuredMeta chunk; 1758 1759 struct iovec iov[] = { 1760 {.iov_base = &chunk, .iov_len = sizeof(chunk)}, 1761 {.iov_base = extents, .iov_len = nb_extents * sizeof(extents[0])} 1762 }; 1763 1764 set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_BLOCK_STATUS, 1765 handle, sizeof(chunk) - sizeof(chunk.h) + iov[1].iov_len); 1766 stl_be_p(&chunk.context_id, context_id); 1767 1768 return nbd_co_send_iov(client, iov, 2, errp); 1769 } 1770 1771 /* Get block status from the exported device and send it to the client */ 1772 static int nbd_co_send_block_status(NBDClient *client, uint64_t handle, 1773 BlockDriverState *bs, uint64_t offset, 1774 uint64_t length, uint32_t context_id, 1775 Error **errp) 1776 { 1777 int ret; 1778 NBDExtent extent; 1779 1780 ret = blockstatus_to_extent_be(bs, offset, length, &extent); 1781 if (ret < 0) { 1782 return nbd_co_send_structured_error( 1783 client, handle, -ret, "can't get block status", errp); 1784 } 1785 1786 return nbd_co_send_extents(client, handle, &extent, 1, context_id, errp); 1787 } 1788 1789 /* nbd_co_receive_request 1790 * Collect a client request. Return 0 if request looks valid, -EIO to drop 1791 * connection right away, and any other negative value to report an error to 1792 * the client (although the caller may still need to disconnect after reporting 1793 * the error). 1794 */ 1795 static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request, 1796 Error **errp) 1797 { 1798 NBDClient *client = req->client; 1799 int valid_flags; 1800 1801 g_assert(qemu_in_coroutine()); 1802 assert(client->recv_coroutine == qemu_coroutine_self()); 1803 if (nbd_receive_request(client->ioc, request, errp) < 0) { 1804 return -EIO; 1805 } 1806 1807 trace_nbd_co_receive_request_decode_type(request->handle, request->type, 1808 nbd_cmd_lookup(request->type)); 1809 1810 if (request->type != NBD_CMD_WRITE) { 1811 /* No payload, we are ready to read the next request. */ 1812 req->complete = true; 1813 } 1814 1815 if (request->type == NBD_CMD_DISC) { 1816 /* Special case: we're going to disconnect without a reply, 1817 * whether or not flags, from, or len are bogus */ 1818 return -EIO; 1819 } 1820 1821 if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) { 1822 if (request->len > NBD_MAX_BUFFER_SIZE) { 1823 error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", 1824 request->len, NBD_MAX_BUFFER_SIZE); 1825 return -EINVAL; 1826 } 1827 1828 req->data = blk_try_blockalign(client->exp->blk, request->len); 1829 if (req->data == NULL) { 1830 error_setg(errp, "No memory"); 1831 return -ENOMEM; 1832 } 1833 } 1834 if (request->type == NBD_CMD_WRITE) { 1835 if (nbd_read(client->ioc, req->data, request->len, errp) < 0) { 1836 error_prepend(errp, "reading from socket failed: "); 1837 return -EIO; 1838 } 1839 req->complete = true; 1840 1841 trace_nbd_co_receive_request_payload_received(request->handle, 1842 request->len); 1843 } 1844 1845 /* Sanity checks. */ 1846 if (client->exp->nbdflags & NBD_FLAG_READ_ONLY && 1847 (request->type == NBD_CMD_WRITE || 1848 request->type == NBD_CMD_WRITE_ZEROES || 1849 request->type == NBD_CMD_TRIM)) { 1850 error_setg(errp, "Export is read-only"); 1851 return -EROFS; 1852 } 1853 if (request->from > client->exp->size || 1854 request->from + request->len > client->exp->size) { 1855 error_setg(errp, "operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 1856 ", Size: %" PRIu64, request->from, request->len, 1857 (uint64_t)client->exp->size); 1858 return (request->type == NBD_CMD_WRITE || 1859 request->type == NBD_CMD_WRITE_ZEROES) ? -ENOSPC : -EINVAL; 1860 } 1861 valid_flags = NBD_CMD_FLAG_FUA; 1862 if (request->type == NBD_CMD_READ && client->structured_reply) { 1863 valid_flags |= NBD_CMD_FLAG_DF; 1864 } else if (request->type == NBD_CMD_WRITE_ZEROES) { 1865 valid_flags |= NBD_CMD_FLAG_NO_HOLE; 1866 } else if (request->type == NBD_CMD_BLOCK_STATUS) { 1867 valid_flags |= NBD_CMD_FLAG_REQ_ONE; 1868 } 1869 if (request->flags & ~valid_flags) { 1870 error_setg(errp, "unsupported flags for command %s (got 0x%x)", 1871 nbd_cmd_lookup(request->type), request->flags); 1872 return -EINVAL; 1873 } 1874 1875 return 0; 1876 } 1877 1878 /* Send simple reply without a payload, or a structured error 1879 * @error_msg is ignored if @ret >= 0 1880 * Returns 0 if connection is still live, -errno on failure to talk to client 1881 */ 1882 static coroutine_fn int nbd_send_generic_reply(NBDClient *client, 1883 uint64_t handle, 1884 int ret, 1885 const char *error_msg, 1886 Error **errp) 1887 { 1888 if (client->structured_reply && ret < 0) { 1889 return nbd_co_send_structured_error(client, handle, -ret, error_msg, 1890 errp); 1891 } else { 1892 return nbd_co_send_simple_reply(client, handle, ret < 0 ? -ret : 0, 1893 NULL, 0, errp); 1894 } 1895 } 1896 1897 /* Handle NBD_CMD_READ request. 1898 * Return -errno if sending fails. Other errors are reported directly to the 1899 * client as an error reply. */ 1900 static coroutine_fn int nbd_do_cmd_read(NBDClient *client, NBDRequest *request, 1901 uint8_t *data, Error **errp) 1902 { 1903 int ret; 1904 NBDExport *exp = client->exp; 1905 1906 assert(request->type == NBD_CMD_READ); 1907 1908 /* XXX: NBD Protocol only documents use of FUA with WRITE */ 1909 if (request->flags & NBD_CMD_FLAG_FUA) { 1910 ret = blk_co_flush(exp->blk); 1911 if (ret < 0) { 1912 return nbd_send_generic_reply(client, request->handle, ret, 1913 "flush failed", errp); 1914 } 1915 } 1916 1917 if (client->structured_reply && !(request->flags & NBD_CMD_FLAG_DF) && 1918 request->len) { 1919 return nbd_co_send_sparse_read(client, request->handle, request->from, 1920 data, request->len, errp); 1921 } 1922 1923 ret = blk_pread(exp->blk, request->from + exp->dev_offset, data, 1924 request->len); 1925 if (ret < 0) { 1926 return nbd_send_generic_reply(client, request->handle, ret, 1927 "reading from file failed", errp); 1928 } 1929 1930 if (client->structured_reply) { 1931 if (request->len) { 1932 return nbd_co_send_structured_read(client, request->handle, 1933 request->from, data, 1934 request->len, true, errp); 1935 } else { 1936 return nbd_co_send_structured_done(client, request->handle, errp); 1937 } 1938 } else { 1939 return nbd_co_send_simple_reply(client, request->handle, 0, 1940 data, request->len, errp); 1941 } 1942 } 1943 1944 /* Handle NBD request. 1945 * Return -errno if sending fails. Other errors are reported directly to the 1946 * client as an error reply. */ 1947 static coroutine_fn int nbd_handle_request(NBDClient *client, 1948 NBDRequest *request, 1949 uint8_t *data, Error **errp) 1950 { 1951 int ret; 1952 int flags; 1953 NBDExport *exp = client->exp; 1954 char *msg; 1955 1956 switch (request->type) { 1957 case NBD_CMD_READ: 1958 return nbd_do_cmd_read(client, request, data, errp); 1959 1960 case NBD_CMD_WRITE: 1961 flags = 0; 1962 if (request->flags & NBD_CMD_FLAG_FUA) { 1963 flags |= BDRV_REQ_FUA; 1964 } 1965 ret = blk_pwrite(exp->blk, request->from + exp->dev_offset, 1966 data, request->len, flags); 1967 return nbd_send_generic_reply(client, request->handle, ret, 1968 "writing to file failed", errp); 1969 1970 case NBD_CMD_WRITE_ZEROES: 1971 flags = 0; 1972 if (request->flags & NBD_CMD_FLAG_FUA) { 1973 flags |= BDRV_REQ_FUA; 1974 } 1975 if (!(request->flags & NBD_CMD_FLAG_NO_HOLE)) { 1976 flags |= BDRV_REQ_MAY_UNMAP; 1977 } 1978 ret = blk_pwrite_zeroes(exp->blk, request->from + exp->dev_offset, 1979 request->len, flags); 1980 return nbd_send_generic_reply(client, request->handle, ret, 1981 "writing to file failed", errp); 1982 1983 case NBD_CMD_DISC: 1984 /* unreachable, thanks to special case in nbd_co_receive_request() */ 1985 abort(); 1986 1987 case NBD_CMD_FLUSH: 1988 ret = blk_co_flush(exp->blk); 1989 return nbd_send_generic_reply(client, request->handle, ret, 1990 "flush failed", errp); 1991 1992 case NBD_CMD_TRIM: 1993 ret = blk_co_pdiscard(exp->blk, request->from + exp->dev_offset, 1994 request->len); 1995 if (ret == 0 && request->flags & NBD_CMD_FLAG_FUA) { 1996 ret = blk_co_flush(exp->blk); 1997 } 1998 return nbd_send_generic_reply(client, request->handle, ret, 1999 "discard failed", errp); 2000 2001 case NBD_CMD_BLOCK_STATUS: 2002 if (client->export_meta.valid && client->export_meta.base_allocation) { 2003 return nbd_co_send_block_status(client, request->handle, 2004 blk_bs(exp->blk), request->from, 2005 request->len, 2006 NBD_META_ID_BASE_ALLOCATION, errp); 2007 } else { 2008 return nbd_send_generic_reply(client, request->handle, -EINVAL, 2009 "CMD_BLOCK_STATUS not negotiated", 2010 errp); 2011 } 2012 2013 default: 2014 msg = g_strdup_printf("invalid request type (%" PRIu32 ") received", 2015 request->type); 2016 ret = nbd_send_generic_reply(client, request->handle, -EINVAL, msg, 2017 errp); 2018 g_free(msg); 2019 return ret; 2020 } 2021 } 2022 2023 /* Owns a reference to the NBDClient passed as opaque. */ 2024 static coroutine_fn void nbd_trip(void *opaque) 2025 { 2026 NBDClient *client = opaque; 2027 NBDRequestData *req; 2028 NBDRequest request = { 0 }; /* GCC thinks it can be used uninitialized */ 2029 int ret; 2030 Error *local_err = NULL; 2031 2032 trace_nbd_trip(); 2033 if (client->closing) { 2034 nbd_client_put(client); 2035 return; 2036 } 2037 2038 req = nbd_request_get(client); 2039 ret = nbd_co_receive_request(req, &request, &local_err); 2040 client->recv_coroutine = NULL; 2041 2042 if (client->closing) { 2043 /* 2044 * The client may be closed when we are blocked in 2045 * nbd_co_receive_request() 2046 */ 2047 goto done; 2048 } 2049 2050 nbd_client_receive_next_request(client); 2051 if (ret == -EIO) { 2052 goto disconnect; 2053 } 2054 2055 if (ret < 0) { 2056 /* It wans't -EIO, so, according to nbd_co_receive_request() 2057 * semantics, we should return the error to the client. */ 2058 Error *export_err = local_err; 2059 2060 local_err = NULL; 2061 ret = nbd_send_generic_reply(client, request.handle, -EINVAL, 2062 error_get_pretty(export_err), &local_err); 2063 error_free(export_err); 2064 } else { 2065 ret = nbd_handle_request(client, &request, req->data, &local_err); 2066 } 2067 if (ret < 0) { 2068 error_prepend(&local_err, "Failed to send reply: "); 2069 goto disconnect; 2070 } 2071 2072 /* We must disconnect after NBD_CMD_WRITE if we did not 2073 * read the payload. 2074 */ 2075 if (!req->complete) { 2076 error_setg(&local_err, "Request handling failed in intermediate state"); 2077 goto disconnect; 2078 } 2079 2080 done: 2081 nbd_request_put(req); 2082 nbd_client_put(client); 2083 return; 2084 2085 disconnect: 2086 if (local_err) { 2087 error_reportf_err(local_err, "Disconnect client, due to: "); 2088 } 2089 nbd_request_put(req); 2090 client_close(client, true); 2091 nbd_client_put(client); 2092 } 2093 2094 static void nbd_client_receive_next_request(NBDClient *client) 2095 { 2096 if (!client->recv_coroutine && client->nb_requests < MAX_NBD_REQUESTS) { 2097 nbd_client_get(client); 2098 client->recv_coroutine = qemu_coroutine_create(nbd_trip, client); 2099 aio_co_schedule(client->exp->ctx, client->recv_coroutine); 2100 } 2101 } 2102 2103 static coroutine_fn void nbd_co_client_start(void *opaque) 2104 { 2105 NBDClient *client = opaque; 2106 NBDExport *exp = client->exp; 2107 Error *local_err = NULL; 2108 2109 if (exp) { 2110 nbd_export_get(exp); 2111 QTAILQ_INSERT_TAIL(&exp->clients, client, next); 2112 } 2113 qemu_co_mutex_init(&client->send_lock); 2114 2115 if (nbd_negotiate(client, &local_err)) { 2116 if (local_err) { 2117 error_report_err(local_err); 2118 } 2119 client_close(client, false); 2120 return; 2121 } 2122 2123 nbd_client_receive_next_request(client); 2124 } 2125 2126 /* 2127 * Create a new client listener on the given export @exp, using the 2128 * given channel @sioc. Begin servicing it in a coroutine. When the 2129 * connection closes, call @close_fn with an indication of whether the 2130 * client completed negotiation. 2131 */ 2132 void nbd_client_new(NBDExport *exp, 2133 QIOChannelSocket *sioc, 2134 QCryptoTLSCreds *tlscreds, 2135 const char *tlsaclname, 2136 void (*close_fn)(NBDClient *, bool)) 2137 { 2138 NBDClient *client; 2139 Coroutine *co; 2140 2141 client = g_new0(NBDClient, 1); 2142 client->refcount = 1; 2143 client->exp = exp; 2144 client->tlscreds = tlscreds; 2145 if (tlscreds) { 2146 object_ref(OBJECT(client->tlscreds)); 2147 } 2148 client->tlsaclname = g_strdup(tlsaclname); 2149 client->sioc = sioc; 2150 object_ref(OBJECT(client->sioc)); 2151 client->ioc = QIO_CHANNEL(sioc); 2152 object_ref(OBJECT(client->ioc)); 2153 client->close_fn = close_fn; 2154 2155 co = qemu_coroutine_create(nbd_co_client_start, client); 2156 qemu_coroutine_enter(co); 2157 } 2158