2013-04-09 18:30:53 +04:00
|
|
|
/*
|
|
|
|
* Secure Shell (ssh) backend for QEMU.
|
|
|
|
*
|
|
|
|
* Copyright (C) 2013 Red Hat Inc., Richard W.M. Jones <rjones@redhat.com>
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
2016-01-18 21:01:42 +03:00
|
|
|
#include "qemu/osdep.h"
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
#include <libssh/libssh.h>
|
|
|
|
#include <libssh/sftp.h>
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
#include "block/block_int.h"
|
2018-06-14 22:14:28 +03:00
|
|
|
#include "block/qdict.h"
|
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-14 11:01:28 +03:00
|
|
|
#include "qapi/error.h"
|
2015-03-17 20:29:20 +03:00
|
|
|
#include "qemu/error-report.h"
|
2019-05-23 17:35:07 +03:00
|
|
|
#include "qemu/module.h"
|
2018-02-01 14:18:46 +03:00
|
|
|
#include "qemu/option.h"
|
2019-05-23 17:35:06 +03:00
|
|
|
#include "qemu/ctype.h"
|
2016-10-25 16:03:59 +03:00
|
|
|
#include "qemu/cutils.h"
|
2013-04-09 18:30:53 +04:00
|
|
|
#include "qemu/sockets.h"
|
|
|
|
#include "qemu/uri.h"
|
2018-02-11 12:36:01 +03:00
|
|
|
#include "qapi/qapi-visit-sockets.h"
|
2018-02-02 18:12:18 +03:00
|
|
|
#include "qapi/qapi-visit-block-core.h"
|
2018-02-01 14:18:39 +03:00
|
|
|
#include "qapi/qmp/qdict.h"
|
2015-03-17 20:29:20 +03:00
|
|
|
#include "qapi/qmp/qstring.h"
|
2016-10-25 16:03:59 +03:00
|
|
|
#include "qapi/qobject-input-visitor.h"
|
|
|
|
#include "qapi/qobject-output-visitor.h"
|
2018-12-13 19:27:24 +03:00
|
|
|
#include "trace.h"
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
/*
|
2019-06-20 23:08:40 +03:00
|
|
|
* TRACE_LIBSSH=<level> enables tracing in libssh itself.
|
|
|
|
* The meaning of <level> is described here:
|
|
|
|
* http://api.libssh.org/master/group__libssh__log.html
|
2013-04-09 18:30:53 +04:00
|
|
|
*/
|
2019-06-20 23:08:40 +03:00
|
|
|
#define TRACE_LIBSSH 0 /* see: SSH_LOG_* */
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
typedef struct BDRVSSHState {
|
|
|
|
/* Coroutine. */
|
|
|
|
CoMutex lock;
|
|
|
|
|
|
|
|
/* SSH connection. */
|
|
|
|
int sock; /* socket */
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_session session; /* ssh session */
|
|
|
|
sftp_session sftp; /* sftp session */
|
|
|
|
sftp_file sftp_handle; /* sftp remote file handle */
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/*
|
|
|
|
* File attributes at open. We try to keep the .size field
|
2013-04-09 18:30:53 +04:00
|
|
|
* updated if it changes (eg by writing at the end of the file).
|
|
|
|
*/
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_attributes attrs;
|
2013-04-09 18:30:54 +04:00
|
|
|
|
2016-10-25 16:03:59 +03:00
|
|
|
InetSocketAddress *inet;
|
|
|
|
|
2013-04-09 18:30:54 +04:00
|
|
|
/* Used to warn if 'flush' is not supported. */
|
|
|
|
bool unsafe_flush_warning;
|
2019-02-25 22:08:27 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Store the user name for ssh_refresh_filename() because the
|
|
|
|
* default depends on the system you are on -- therefore, when we
|
|
|
|
* generate a filename, it should always contain the user name we
|
|
|
|
* are actually using.
|
|
|
|
*/
|
|
|
|
char *user;
|
2013-04-09 18:30:53 +04:00
|
|
|
} BDRVSSHState;
|
|
|
|
|
|
|
|
static void ssh_state_init(BDRVSSHState *s)
|
|
|
|
{
|
|
|
|
memset(s, 0, sizeof *s);
|
|
|
|
s->sock = -1;
|
|
|
|
qemu_co_mutex_init(&s->lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh_state_free(BDRVSSHState *s)
|
|
|
|
{
|
2019-02-25 22:08:27 +03:00
|
|
|
g_free(s->user);
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (s->attrs) {
|
|
|
|
sftp_attributes_free(s->attrs);
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
if (s->sftp_handle) {
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_close(s->sftp_handle);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
if (s->sftp) {
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_free(s->sftp);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
if (s->session) {
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_disconnect(s->session);
|
|
|
|
ssh_free(s->session); /* This frees s->sock */
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-16 13:00:13 +04:00
|
|
|
static void GCC_FMT_ATTR(3, 4)
|
|
|
|
session_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...)
|
|
|
|
{
|
|
|
|
va_list args;
|
|
|
|
char *msg;
|
|
|
|
|
|
|
|
va_start(args, fs);
|
|
|
|
msg = g_strdup_vprintf(fs, args);
|
|
|
|
va_end(args);
|
|
|
|
|
|
|
|
if (s->session) {
|
2019-06-20 23:08:40 +03:00
|
|
|
const char *ssh_err;
|
2014-05-16 13:00:13 +04:00
|
|
|
int ssh_err_code;
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* This is not an errno. See <libssh/libssh.h>. */
|
|
|
|
ssh_err = ssh_get_error(s->session);
|
|
|
|
ssh_err_code = ssh_get_error_code(s->session);
|
|
|
|
error_setg(errp, "%s: %s (libssh error code: %d)",
|
2014-05-16 13:00:13 +04:00
|
|
|
msg, ssh_err, ssh_err_code);
|
|
|
|
} else {
|
|
|
|
error_setg(errp, "%s", msg);
|
|
|
|
}
|
|
|
|
g_free(msg);
|
|
|
|
}
|
|
|
|
|
2014-05-16 13:00:16 +04:00
|
|
|
static void GCC_FMT_ATTR(3, 4)
|
|
|
|
sftp_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
va_list args;
|
2014-05-16 13:00:16 +04:00
|
|
|
char *msg;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
va_start(args, fs);
|
2014-05-16 13:00:16 +04:00
|
|
|
msg = g_strdup_vprintf(fs, args);
|
|
|
|
va_end(args);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2014-05-16 13:00:16 +04:00
|
|
|
if (s->sftp) {
|
2019-06-20 23:08:40 +03:00
|
|
|
const char *ssh_err;
|
2013-04-09 18:30:53 +04:00
|
|
|
int ssh_err_code;
|
2019-06-20 23:08:40 +03:00
|
|
|
int sftp_err_code;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* This is not an errno. See <libssh/libssh.h>. */
|
|
|
|
ssh_err = ssh_get_error(s->session);
|
|
|
|
ssh_err_code = ssh_get_error_code(s->session);
|
|
|
|
/* See <libssh/sftp.h>. */
|
|
|
|
sftp_err_code = sftp_get_error(s->sftp);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2014-05-16 13:00:16 +04:00
|
|
|
error_setg(errp,
|
2019-06-20 23:08:40 +03:00
|
|
|
"%s: %s (libssh error code: %d, sftp error code: %d)",
|
2014-05-16 13:00:16 +04:00
|
|
|
msg, ssh_err, ssh_err_code, sftp_err_code);
|
|
|
|
} else {
|
|
|
|
error_setg(errp, "%s", msg);
|
|
|
|
}
|
|
|
|
g_free(msg);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2019-04-17 22:06:28 +03:00
|
|
|
static void sftp_error_trace(BDRVSSHState *s, const char *op)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
2019-06-20 23:08:40 +03:00
|
|
|
const char *ssh_err;
|
2019-04-17 22:06:28 +03:00
|
|
|
int ssh_err_code;
|
2019-06-20 23:08:40 +03:00
|
|
|
int sftp_err_code;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* This is not an errno. See <libssh/libssh.h>. */
|
|
|
|
ssh_err = ssh_get_error(s->session);
|
|
|
|
ssh_err_code = ssh_get_error_code(s->session);
|
|
|
|
/* See <libssh/sftp.h>. */
|
|
|
|
sftp_err_code = sftp_get_error(s->sftp);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-04-17 22:06:28 +03:00
|
|
|
trace_sftp_error(op, ssh_err, ssh_err_code, sftp_err_code);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int parse_uri(const char *filename, QDict *options, Error **errp)
|
|
|
|
{
|
|
|
|
URI *uri = NULL;
|
2015-09-14 14:12:34 +03:00
|
|
|
QueryParams *qp;
|
2016-10-25 16:04:00 +03:00
|
|
|
char *port_str;
|
2013-04-09 18:30:53 +04:00
|
|
|
int i;
|
|
|
|
|
|
|
|
uri = uri_parse(filename);
|
|
|
|
if (!uri) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2017-06-13 23:57:26 +03:00
|
|
|
if (g_strcmp0(uri->scheme, "ssh") != 0) {
|
2013-04-09 18:30:53 +04:00
|
|
|
error_setg(errp, "URI scheme must be 'ssh'");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!uri->server || strcmp(uri->server, "") == 0) {
|
|
|
|
error_setg(errp, "missing hostname in URI");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!uri->path || strcmp(uri->path, "") == 0) {
|
|
|
|
error_setg(errp, "missing remote path in URI");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
qp = query_params_parse(uri->query);
|
|
|
|
if (!qp) {
|
|
|
|
error_setg(errp, "could not parse query parameters");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(uri->user && strcmp(uri->user, "") != 0) {
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(options, "user", uri->user);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(options, "server.host", uri->server);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2016-10-25 16:04:00 +03:00
|
|
|
port_str = g_strdup_printf("%d", uri->port ?: 22);
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(options, "server.port", port_str);
|
2016-10-25 16:04:00 +03:00
|
|
|
g_free(port_str);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(options, "path", uri->path);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
/* Pick out any query parameters that we understand, and ignore
|
|
|
|
* the rest.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < qp->n; ++i) {
|
|
|
|
if (strcmp(qp->p[i].name, "host_key_check") == 0) {
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(options, "host_key_check", qp->p[i].value);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
query_params_free(qp);
|
|
|
|
uri_free(uri);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err:
|
2021-06-29 09:36:02 +03:00
|
|
|
uri_free(uri);
|
2013-04-09 18:30:53 +04:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2016-10-25 16:03:57 +03:00
|
|
|
static bool ssh_has_filename_options_conflict(QDict *options, Error **errp)
|
|
|
|
{
|
|
|
|
const QDictEntry *qe;
|
|
|
|
|
|
|
|
for (qe = qdict_first(options); qe; qe = qdict_next(options, qe)) {
|
|
|
|
if (!strcmp(qe->key, "host") ||
|
|
|
|
!strcmp(qe->key, "port") ||
|
|
|
|
!strcmp(qe->key, "path") ||
|
|
|
|
!strcmp(qe->key, "user") ||
|
2016-10-25 16:03:59 +03:00
|
|
|
!strcmp(qe->key, "host_key_check") ||
|
|
|
|
strstart(qe->key, "server.", NULL))
|
2016-10-25 16:03:57 +03:00
|
|
|
{
|
|
|
|
error_setg(errp, "Option '%s' cannot be used with a file name",
|
|
|
|
qe->key);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
static void ssh_parse_filename(const char *filename, QDict *options,
|
|
|
|
Error **errp)
|
|
|
|
{
|
2016-10-25 16:03:57 +03:00
|
|
|
if (ssh_has_filename_options_conflict(options, errp)) {
|
2013-04-09 18:30:53 +04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
parse_uri(filename, options, errp);
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
2019-06-20 23:08:40 +03:00
|
|
|
int ret;
|
|
|
|
enum ssh_known_hosts_e state;
|
|
|
|
int r;
|
|
|
|
ssh_key pubkey;
|
|
|
|
enum ssh_keytypes_e pubkey_type;
|
|
|
|
unsigned char *server_hash = NULL;
|
|
|
|
size_t server_hash_len;
|
|
|
|
char *fingerprint = NULL;
|
|
|
|
|
|
|
|
state = ssh_session_is_known_server(s->session);
|
|
|
|
trace_ssh_server_status(state);
|
|
|
|
|
|
|
|
switch (state) {
|
|
|
|
case SSH_KNOWN_HOSTS_OK:
|
|
|
|
/* OK */
|
|
|
|
trace_ssh_check_host_key_knownhosts();
|
|
|
|
break;
|
|
|
|
case SSH_KNOWN_HOSTS_CHANGED:
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
2019-06-20 23:08:40 +03:00
|
|
|
r = ssh_get_server_publickey(s->session, &pubkey);
|
|
|
|
if (r == 0) {
|
|
|
|
r = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256,
|
|
|
|
&server_hash, &server_hash_len);
|
|
|
|
pubkey_type = ssh_key_type(pubkey);
|
|
|
|
ssh_key_free(pubkey);
|
|
|
|
}
|
|
|
|
if (r == 0) {
|
|
|
|
fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA256,
|
|
|
|
server_hash,
|
|
|
|
server_hash_len);
|
|
|
|
ssh_clean_pubkey_hash(&server_hash);
|
|
|
|
}
|
|
|
|
if (fingerprint) {
|
|
|
|
error_setg(errp,
|
|
|
|
"host key (%s key with fingerprint %s) does not match "
|
|
|
|
"the one in known_hosts; this may be a possible attack",
|
|
|
|
ssh_key_type_to_char(pubkey_type), fingerprint);
|
|
|
|
ssh_string_free_char(fingerprint);
|
|
|
|
} else {
|
|
|
|
error_setg(errp,
|
|
|
|
"host key does not match the one in known_hosts; this "
|
|
|
|
"may be a possible attack");
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
2019-06-20 23:08:40 +03:00
|
|
|
case SSH_KNOWN_HOSTS_OTHER:
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
2019-06-20 23:08:40 +03:00
|
|
|
error_setg(errp,
|
|
|
|
"host key for this server not found, another type exists");
|
|
|
|
goto out;
|
|
|
|
case SSH_KNOWN_HOSTS_UNKNOWN:
|
|
|
|
ret = -EINVAL;
|
|
|
|
error_setg(errp, "no host key was found in known_hosts");
|
|
|
|
goto out;
|
|
|
|
case SSH_KNOWN_HOSTS_NOT_FOUND:
|
|
|
|
ret = -ENOENT;
|
|
|
|
error_setg(errp, "known_hosts file not found");
|
|
|
|
goto out;
|
|
|
|
case SSH_KNOWN_HOSTS_ERROR:
|
|
|
|
ret = -EINVAL;
|
|
|
|
error_setg(errp, "error while checking the host");
|
|
|
|
goto out;
|
|
|
|
default:
|
|
|
|
ret = -EINVAL;
|
|
|
|
error_setg(errp, "error while checking for known server (%d)", state);
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* known_hosts checking successful. */
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static unsigned hex2decimal(char ch)
|
|
|
|
{
|
|
|
|
if (ch >= '0' && ch <= '9') {
|
|
|
|
return (ch - '0');
|
|
|
|
} else if (ch >= 'a' && ch <= 'f') {
|
|
|
|
return 10 + (ch - 'a');
|
|
|
|
} else if (ch >= 'A' && ch <= 'F') {
|
|
|
|
return 10 + (ch - 'A');
|
|
|
|
}
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Compare the binary fingerprint (hash of host key) with the
|
|
|
|
* host_key_check parameter.
|
|
|
|
*/
|
|
|
|
static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
|
|
|
|
const char *host_key_check)
|
|
|
|
{
|
|
|
|
unsigned c;
|
|
|
|
|
|
|
|
while (len > 0) {
|
|
|
|
while (*host_key_check == ':')
|
|
|
|
host_key_check++;
|
|
|
|
if (!qemu_isxdigit(host_key_check[0]) ||
|
|
|
|
!qemu_isxdigit(host_key_check[1]))
|
|
|
|
return 1;
|
|
|
|
c = hex2decimal(host_key_check[0]) * 16 +
|
|
|
|
hex2decimal(host_key_check[1]);
|
|
|
|
if (c - *fingerprint != 0)
|
|
|
|
return c - *fingerprint;
|
|
|
|
fingerprint++;
|
|
|
|
len--;
|
|
|
|
host_key_check += 2;
|
|
|
|
}
|
|
|
|
return *host_key_check - '\0';
|
|
|
|
}
|
|
|
|
|
2021-09-13 19:59:00 +03:00
|
|
|
static char *format_fingerprint(const unsigned char *fingerprint, size_t len)
|
|
|
|
{
|
|
|
|
static const char *hex = "0123456789abcdef";
|
|
|
|
char *ret = g_new0(char, (len * 2) + 1);
|
|
|
|
for (size_t i = 0; i < len; i++) {
|
|
|
|
ret[i * 2] = hex[((fingerprint[i] >> 4) & 0xf)];
|
|
|
|
ret[(i * 2) + 1] = hex[(fingerprint[i] & 0xf)];
|
|
|
|
}
|
|
|
|
ret[len * 2] = '\0';
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
static int
|
|
|
|
check_host_key_hash(BDRVSSHState *s, const char *hash,
|
2021-09-13 19:59:00 +03:00
|
|
|
enum ssh_publickey_hash_type type, const char *typestr,
|
|
|
|
Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
2019-06-20 23:08:40 +03:00
|
|
|
int r;
|
|
|
|
ssh_key pubkey;
|
|
|
|
unsigned char *server_hash;
|
|
|
|
size_t server_hash_len;
|
2021-09-13 19:59:00 +03:00
|
|
|
const char *keytype;
|
2019-06-20 23:08:40 +03:00
|
|
|
|
|
|
|
r = ssh_get_server_publickey(s->session, &pubkey);
|
|
|
|
if (r != SSH_OK) {
|
2014-05-16 13:00:13 +04:00
|
|
|
session_error_setg(errp, s, "failed to read remote host key");
|
2013-04-09 18:30:53 +04:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2021-09-13 19:59:00 +03:00
|
|
|
keytype = ssh_key_type_to_char(ssh_key_type(pubkey));
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
r = ssh_get_publickey_hash(pubkey, type, &server_hash, &server_hash_len);
|
|
|
|
ssh_key_free(pubkey);
|
|
|
|
if (r != 0) {
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed reading the hash of the server SSH key");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = compare_fingerprint(server_hash, server_hash_len, hash);
|
|
|
|
if (r != 0) {
|
2021-09-13 19:59:00 +03:00
|
|
|
g_autofree char *server_fp = format_fingerprint(server_hash,
|
|
|
|
server_hash_len);
|
|
|
|
error_setg(errp, "remote host %s key fingerprint '%s:%s' "
|
|
|
|
"does not match host_key_check '%s:%s'",
|
|
|
|
keytype, typestr, server_fp, typestr, hash);
|
|
|
|
ssh_clean_pubkey_hash(&server_hash);
|
2013-04-09 18:30:53 +04:00
|
|
|
return -EPERM;
|
|
|
|
}
|
2021-09-13 19:59:00 +03:00
|
|
|
ssh_clean_pubkey_hash(&server_hash);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
static int check_host_key(BDRVSSHState *s, SshHostKeyCheck *hkc, Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
2018-02-05 16:59:05 +03:00
|
|
|
SshHostKeyCheckMode mode;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2018-02-05 16:59:05 +03:00
|
|
|
if (hkc) {
|
|
|
|
mode = hkc->mode;
|
|
|
|
} else {
|
|
|
|
mode = SSH_HOST_KEY_CHECK_MODE_KNOWN_HOSTS;
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2018-02-05 16:59:05 +03:00
|
|
|
switch (mode) {
|
|
|
|
case SSH_HOST_KEY_CHECK_MODE_NONE:
|
|
|
|
return 0;
|
|
|
|
case SSH_HOST_KEY_CHECK_MODE_HASH:
|
|
|
|
if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_MD5) {
|
|
|
|
return check_host_key_hash(s, hkc->u.hash.hash,
|
2021-09-13 19:59:00 +03:00
|
|
|
SSH_PUBLICKEY_HASH_MD5, "md5",
|
|
|
|
errp);
|
2018-02-05 16:59:05 +03:00
|
|
|
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) {
|
|
|
|
return check_host_key_hash(s, hkc->u.hash.hash,
|
2021-09-13 19:59:00 +03:00
|
|
|
SSH_PUBLICKEY_HASH_SHA1, "sha1",
|
|
|
|
errp);
|
2021-06-22 14:51:56 +03:00
|
|
|
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA256) {
|
|
|
|
return check_host_key_hash(s, hkc->u.hash.hash,
|
2021-09-13 19:59:00 +03:00
|
|
|
SSH_PUBLICKEY_HASH_SHA256, "sha256",
|
|
|
|
errp);
|
2018-02-05 16:59:05 +03:00
|
|
|
}
|
|
|
|
g_assert_not_reached();
|
|
|
|
break;
|
|
|
|
case SSH_HOST_KEY_CHECK_MODE_KNOWN_HOSTS:
|
2019-06-20 23:08:40 +03:00
|
|
|
return check_host_key_knownhosts(s, errp);
|
2018-02-05 16:59:05 +03:00
|
|
|
default:
|
|
|
|
g_assert_not_reached();
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
static int authenticate(BDRVSSHState *s, Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
int r, ret;
|
2019-06-20 23:08:40 +03:00
|
|
|
int method;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* Try to authenticate with the "none" method. */
|
|
|
|
r = ssh_userauth_none(s->session, NULL);
|
|
|
|
if (r == SSH_AUTH_ERROR) {
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EPERM;
|
2019-06-20 23:08:40 +03:00
|
|
|
session_error_setg(errp, s, "failed to authenticate using none "
|
|
|
|
"authentication");
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
2019-06-20 23:08:40 +03:00
|
|
|
} else if (r == SSH_AUTH_SUCCESS) {
|
|
|
|
/* Authenticated! */
|
|
|
|
ret = 0;
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
method = ssh_userauth_list(s->session, NULL);
|
|
|
|
trace_ssh_auth_methods(method);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to authenticate with publickey, using the ssh-agent
|
|
|
|
* if available.
|
|
|
|
*/
|
|
|
|
if (method & SSH_AUTH_METHOD_PUBLICKEY) {
|
|
|
|
r = ssh_userauth_publickey_auto(s->session, NULL, NULL);
|
|
|
|
if (r == SSH_AUTH_ERROR) {
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
2019-06-20 23:08:40 +03:00
|
|
|
session_error_setg(errp, s, "failed to authenticate using "
|
|
|
|
"publickey authentication");
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
2019-06-20 23:08:40 +03:00
|
|
|
} else if (r == SSH_AUTH_SUCCESS) {
|
2013-04-09 18:30:53 +04:00
|
|
|
/* Authenticated! */
|
|
|
|
ret = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = -EPERM;
|
2014-05-16 13:00:14 +04:00
|
|
|
error_setg(errp, "failed to authenticate using publickey authentication "
|
|
|
|
"and the identities held by your ssh-agent");
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2016-08-15 16:29:23 +03:00
|
|
|
static QemuOptsList ssh_runtime_opts = {
|
|
|
|
.name = "ssh",
|
|
|
|
.head = QTAILQ_HEAD_INITIALIZER(ssh_runtime_opts.head),
|
|
|
|
.desc = {
|
|
|
|
{
|
|
|
|
.name = "host",
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Host to connect to",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = "port",
|
|
|
|
.type = QEMU_OPT_NUMBER,
|
|
|
|
.help = "Port to connect to",
|
|
|
|
},
|
2018-02-05 16:59:05 +03:00
|
|
|
{
|
|
|
|
.name = "host_key_check",
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Defines how and what to check the host key against",
|
|
|
|
},
|
2018-01-05 17:44:40 +03:00
|
|
|
{ /* end of list */ }
|
2016-08-15 16:29:23 +03:00
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2018-02-05 16:59:05 +03:00
|
|
|
static bool ssh_process_legacy_options(QDict *output_opts,
|
|
|
|
QemuOpts *legacy_opts,
|
|
|
|
Error **errp)
|
2016-10-25 16:03:59 +03:00
|
|
|
{
|
|
|
|
const char *host = qemu_opt_get(legacy_opts, "host");
|
|
|
|
const char *port = qemu_opt_get(legacy_opts, "port");
|
2018-02-05 16:59:05 +03:00
|
|
|
const char *host_key_check = qemu_opt_get(legacy_opts, "host_key_check");
|
2016-10-25 16:03:59 +03:00
|
|
|
|
|
|
|
if (!host && port) {
|
|
|
|
error_setg(errp, "port may not be used without host");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (host) {
|
2017-04-28 00:58:17 +03:00
|
|
|
qdict_put_str(output_opts, "server.host", host);
|
|
|
|
qdict_put_str(output_opts, "server.port", port ?: stringify(22));
|
2016-10-25 16:03:59 +03:00
|
|
|
}
|
|
|
|
|
2018-02-05 16:59:05 +03:00
|
|
|
if (host_key_check) {
|
|
|
|
if (strcmp(host_key_check, "no") == 0) {
|
|
|
|
qdict_put_str(output_opts, "host-key-check.mode", "none");
|
|
|
|
} else if (strncmp(host_key_check, "md5:", 4) == 0) {
|
|
|
|
qdict_put_str(output_opts, "host-key-check.mode", "hash");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.type", "md5");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.hash",
|
|
|
|
&host_key_check[4]);
|
|
|
|
} else if (strncmp(host_key_check, "sha1:", 5) == 0) {
|
|
|
|
qdict_put_str(output_opts, "host-key-check.mode", "hash");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.type", "sha1");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.hash",
|
|
|
|
&host_key_check[5]);
|
2021-09-13 19:57:34 +03:00
|
|
|
} else if (strncmp(host_key_check, "sha256:", 7) == 0) {
|
|
|
|
qdict_put_str(output_opts, "host-key-check.mode", "hash");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.type", "sha256");
|
|
|
|
qdict_put_str(output_opts, "host-key-check.hash",
|
|
|
|
&host_key_check[7]);
|
2018-02-05 16:59:05 +03:00
|
|
|
} else if (strcmp(host_key_check, "yes") == 0) {
|
|
|
|
qdict_put_str(output_opts, "host-key-check.mode", "known_hosts");
|
|
|
|
} else {
|
|
|
|
error_setg(errp, "unknown host_key_check setting (%s)",
|
|
|
|
host_key_check);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-25 16:03:59 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-02-02 18:12:18 +03:00
|
|
|
static BlockdevOptionsSsh *ssh_parse_options(QDict *options, Error **errp)
|
2016-10-25 16:03:59 +03:00
|
|
|
{
|
2018-02-02 18:12:18 +03:00
|
|
|
BlockdevOptionsSsh *result = NULL;
|
|
|
|
QemuOpts *opts = NULL;
|
|
|
|
const QDictEntry *e;
|
|
|
|
Visitor *v;
|
|
|
|
|
|
|
|
/* Translate legacy options */
|
|
|
|
opts = qemu_opts_create(&ssh_runtime_opts, NULL, 0, &error_abort);
|
2020-07-07 19:06:03 +03:00
|
|
|
if (!qemu_opts_absorb_qdict(opts, options, errp)) {
|
2018-02-02 18:12:18 +03:00
|
|
|
goto fail;
|
2016-10-25 16:03:59 +03:00
|
|
|
}
|
|
|
|
|
2018-02-05 16:59:05 +03:00
|
|
|
if (!ssh_process_legacy_options(options, opts, errp)) {
|
2018-02-02 18:12:18 +03:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create the QAPI object */
|
2018-06-14 22:14:33 +03:00
|
|
|
v = qobject_input_visitor_new_flat_confused(options, errp);
|
|
|
|
if (!v) {
|
2018-02-02 18:12:18 +03:00
|
|
|
goto fail;
|
2016-10-25 16:03:59 +03:00
|
|
|
}
|
|
|
|
|
2020-07-07 19:06:07 +03:00
|
|
|
visit_type_BlockdevOptionsSsh(v, NULL, &result, errp);
|
2018-02-02 18:12:18 +03:00
|
|
|
visit_free(v);
|
2020-07-07 19:06:07 +03:00
|
|
|
if (!result) {
|
2018-02-02 18:12:18 +03:00
|
|
|
goto fail;
|
2016-10-25 16:03:59 +03:00
|
|
|
}
|
|
|
|
|
2018-02-02 18:12:18 +03:00
|
|
|
/* Remove the processed options from the QDict (the visitor processes
|
|
|
|
* _all_ options in the QDict) */
|
|
|
|
while ((e = qdict_first(options))) {
|
|
|
|
qdict_del(options, e->key);
|
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
|
|
|
qemu_opts_del(opts);
|
|
|
|
return result;
|
2016-10-25 16:03:59 +03:00
|
|
|
}
|
|
|
|
|
2018-02-05 17:28:14 +03:00
|
|
|
static int connect_to_ssh(BDRVSSHState *s, BlockdevOptionsSsh *opts,
|
2014-05-16 13:00:15 +04:00
|
|
|
int ssh_flags, int creat_mode, Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
int r, ret;
|
2019-06-20 23:08:40 +03:00
|
|
|
unsigned int port = 0;
|
|
|
|
int new_sock = -1;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2018-02-02 18:12:18 +03:00
|
|
|
if (opts->has_user) {
|
2019-02-25 22:08:27 +03:00
|
|
|
s->user = g_strdup(opts->user);
|
2018-02-02 18:12:18 +03:00
|
|
|
} else {
|
2019-02-25 22:08:27 +03:00
|
|
|
s->user = g_strdup(g_get_user_name());
|
|
|
|
if (!s->user) {
|
2014-05-16 13:00:15 +04:00
|
|
|
error_setg_errno(errp, errno, "Can't get user name");
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -errno;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-25 16:03:59 +03:00
|
|
|
/* Pop the config into our state object, Exit if invalid */
|
2018-02-02 18:12:18 +03:00
|
|
|
s->inet = opts->server;
|
|
|
|
opts->server = NULL;
|
2016-10-25 16:03:59 +03:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (qemu_strtoui(s->inet->port, NULL, 10, &port) < 0) {
|
2016-10-25 16:03:59 +03:00
|
|
|
error_setg(errp, "Use only numeric port value");
|
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
2013-04-09 18:30:54 +04:00
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
/* Open the socket and connect. */
|
2019-06-20 23:08:40 +03:00
|
|
|
new_sock = inet_connect_saddr(s->inet, errp);
|
|
|
|
if (new_sock < 0) {
|
block/ssh: Avoid segfault if inet_connect doesn't set errno.
On some (but not all) systems:
$ qemu-img create -f qcow2 overlay -b ssh://xen/
Segmentation fault
It turns out this happens when inet_connect returns -1 in the
following code, but errno == 0.
s->sock = inet_connect(s->hostport, errp);
if (s->sock < 0) {
ret = -errno;
goto err;
}
In the test case above, no host called "xen" exists, so getaddrinfo fails.
On Fedora 22, getaddrinfo happens to set errno = ENOENT (although it
is *not* documented to do that), so it doesn't segfault.
On RHEL 7, errno is not set by the failing getaddrinfo, so ret =
-errno = 0, so the caller doesn't know there was an error and
continues with a half-initialized BDRVSSHState struct, and everything
goes south from there, eventually resulting in a segfault.
Fix this by setting ret to -EIO (same as block/nbd.c and
block/sheepdog.c). The real error is saved in the Error** errp
struct, so it is printed correctly:
$ ./qemu-img create -f qcow2 overlay -b ssh://xen/
qemu-img: overlay: address resolution failed for xen:22: No address associated with hostname
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reported-by: Jun Li
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1147343
Signed-off-by: Jeff Cody <jcody@redhat.com>
2015-07-22 16:27:47 +03:00
|
|
|
ret = -EIO;
|
2013-04-09 18:30:53 +04:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/*
|
|
|
|
* Try to disable the Nagle algorithm on TCP sockets to reduce latency,
|
|
|
|
* but do not fail if it cannot be disabled.
|
|
|
|
*/
|
|
|
|
r = socket_set_nodelay(new_sock);
|
|
|
|
if (r < 0) {
|
|
|
|
warn_report("can't set TCP_NODELAY for the ssh server %s: %s",
|
|
|
|
s->inet->host, strerror(errno));
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
/* Create SSH session. */
|
2019-06-20 23:08:40 +03:00
|
|
|
s->session = ssh_new();
|
2013-04-09 18:30:53 +04:00
|
|
|
if (!s->session) {
|
|
|
|
ret = -EINVAL;
|
2019-06-20 23:08:40 +03:00
|
|
|
session_error_setg(errp, s, "failed to initialize libssh session");
|
2013-04-09 18:30:53 +04:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/*
|
|
|
|
* Make sure we are in blocking mode during the connection and
|
|
|
|
* authentication phases.
|
|
|
|
*/
|
|
|
|
ssh_set_blocking(s->session, 1);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
r = ssh_options_set(s->session, SSH_OPTIONS_USER, s->user);
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed to set the user in the libssh session");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = ssh_options_set(s->session, SSH_OPTIONS_HOST, s->inet->host);
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed to set the host in the libssh session");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (port > 0) {
|
|
|
|
r = ssh_options_set(s->session, SSH_OPTIONS_PORT, &port);
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed to set the port in the libssh session");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
r = ssh_options_set(s->session, SSH_OPTIONS_COMPRESSION, "none");
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed to disable the compression in the libssh "
|
|
|
|
"session");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Read ~/.ssh/config. */
|
|
|
|
r = ssh_options_parse_config(s->session, NULL);
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s, "failed to parse ~/.ssh/config");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = ssh_options_set(s->session, SSH_OPTIONS_FD, &new_sock);
|
|
|
|
if (r < 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
session_error_setg(errp, s,
|
|
|
|
"failed to set the socket in the libssh session");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
/* libssh took ownership of the socket. */
|
|
|
|
s->sock = new_sock;
|
|
|
|
new_sock = -1;
|
|
|
|
|
|
|
|
/* Connect. */
|
|
|
|
r = ssh_connect(s->session);
|
|
|
|
if (r != SSH_OK) {
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
2014-05-16 13:00:15 +04:00
|
|
|
session_error_setg(errp, s, "failed to establish SSH session");
|
2013-04-09 18:30:53 +04:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check the remote host's key against known_hosts. */
|
2019-06-20 23:08:40 +03:00
|
|
|
ret = check_host_key(s, opts->host_key_check, errp);
|
2013-04-09 18:30:53 +04:00
|
|
|
if (ret < 0) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Authenticate. */
|
2019-06-20 23:08:40 +03:00
|
|
|
ret = authenticate(s, errp);
|
2013-04-09 18:30:53 +04:00
|
|
|
if (ret < 0) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Start SFTP. */
|
2019-06-20 23:08:40 +03:00
|
|
|
s->sftp = sftp_new(s->session);
|
2013-04-09 18:30:53 +04:00
|
|
|
if (!s->sftp) {
|
2019-06-20 23:08:40 +03:00
|
|
|
session_error_setg(errp, s, "failed to create sftp handle");
|
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = sftp_init(s->sftp);
|
|
|
|
if (r < 0) {
|
|
|
|
sftp_error_setg(errp, s, "failed to initialize sftp handle");
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Open the remote file. */
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_connect_to_ssh(opts->path, ssh_flags, creat_mode);
|
2019-06-20 23:08:40 +03:00
|
|
|
s->sftp_handle = sftp_open(s->sftp, opts->path, ssh_flags, creat_mode);
|
2013-04-09 18:30:53 +04:00
|
|
|
if (!s->sftp_handle) {
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_error_setg(errp, s, "failed to open remote file '%s'",
|
|
|
|
opts->path);
|
2013-04-09 18:30:53 +04:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* Make sure the SFTP file is handled in blocking mode. */
|
|
|
|
sftp_file_set_blocking(s->sftp_handle);
|
|
|
|
|
|
|
|
s->attrs = sftp_fstat(s->sftp_handle);
|
|
|
|
if (!s->attrs) {
|
2014-05-16 13:00:16 +04:00
|
|
|
sftp_error_setg(errp, s, "failed to read file attributes");
|
2013-04-09 18:30:53 +04:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err:
|
2019-06-20 23:08:40 +03:00
|
|
|
if (s->attrs) {
|
|
|
|
sftp_attributes_free(s->attrs);
|
|
|
|
}
|
|
|
|
s->attrs = NULL;
|
2013-04-09 18:30:53 +04:00
|
|
|
if (s->sftp_handle) {
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_close(s->sftp_handle);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
s->sftp_handle = NULL;
|
|
|
|
if (s->sftp) {
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_free(s->sftp);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
s->sftp = NULL;
|
|
|
|
if (s->session) {
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_disconnect(s->session);
|
|
|
|
ssh_free(s->session);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
s->session = NULL;
|
2019-06-20 23:08:40 +03:00
|
|
|
s->sock = -1;
|
|
|
|
if (new_sock >= 0) {
|
|
|
|
close(new_sock);
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-09-05 16:22:29 +04:00
|
|
|
static int ssh_file_open(BlockDriverState *bs, QDict *options, int bdrv_flags,
|
|
|
|
Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
2018-02-05 17:28:14 +03:00
|
|
|
BlockdevOptionsSsh *opts;
|
2013-04-09 18:30:53 +04:00
|
|
|
int ret;
|
|
|
|
int ssh_flags;
|
|
|
|
|
|
|
|
ssh_state_init(s);
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_flags = 0;
|
2013-04-09 18:30:53 +04:00
|
|
|
if (bdrv_flags & BDRV_O_RDWR) {
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_flags |= O_RDWR;
|
|
|
|
} else {
|
|
|
|
ssh_flags |= O_RDONLY;
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2018-02-05 17:28:14 +03:00
|
|
|
opts = ssh_parse_options(options, errp);
|
|
|
|
if (opts == NULL) {
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
/* Start up SSH. */
|
2018-02-05 17:28:14 +03:00
|
|
|
ret = connect_to_ssh(s, opts, ssh_flags, 0, errp);
|
2013-04-09 18:30:53 +04:00
|
|
|
if (ret < 0) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Go non-blocking. */
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_set_blocking(s->session, 0);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2020-04-28 23:29:02 +03:00
|
|
|
if (s->attrs->type == SSH_FILEXFER_TYPE_REGULAR) {
|
|
|
|
bs->supported_truncate_flags = BDRV_REQ_ZERO_WRITE;
|
|
|
|
}
|
|
|
|
|
2018-02-05 17:28:14 +03:00
|
|
|
qapi_free_BlockdevOptionsSsh(opts);
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
err:
|
2018-02-05 17:28:14 +03:00
|
|
|
qapi_free_BlockdevOptionsSsh(opts);
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-02-14 23:49:14 +03:00
|
|
|
/* Note: This is a blocking operation */
|
2018-02-14 23:49:13 +03:00
|
|
|
static int ssh_grow_file(BDRVSSHState *s, int64_t offset, Error **errp)
|
|
|
|
{
|
|
|
|
ssize_t ret;
|
|
|
|
char c[1] = { '\0' };
|
2019-06-20 23:08:40 +03:00
|
|
|
int was_blocking = ssh_is_blocking(s->session);
|
2018-02-14 23:49:13 +03:00
|
|
|
|
|
|
|
/* offset must be strictly greater than the current size so we do
|
|
|
|
* not overwrite anything */
|
2019-06-20 23:08:40 +03:00
|
|
|
assert(offset > 0 && offset > s->attrs->size);
|
2018-02-14 23:49:13 +03:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_set_blocking(s->session, 1);
|
2018-02-14 23:49:14 +03:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
sftp_seek64(s->sftp_handle, offset - 1);
|
|
|
|
ret = sftp_write(s->sftp_handle, c, 1);
|
2018-02-14 23:49:14 +03:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
ssh_set_blocking(s->session, was_blocking);
|
2018-02-14 23:49:14 +03:00
|
|
|
|
2018-02-14 23:49:13 +03:00
|
|
|
if (ret < 0) {
|
|
|
|
sftp_error_setg(errp, s, "Failed to grow file");
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
s->attrs->size = offset;
|
2018-02-14 23:49:13 +03:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-06-05 13:21:06 +04:00
|
|
|
static QemuOptsList ssh_create_opts = {
|
|
|
|
.name = "ssh-create-opts",
|
|
|
|
.head = QTAILQ_HEAD_INITIALIZER(ssh_create_opts.head),
|
|
|
|
.desc = {
|
|
|
|
{
|
|
|
|
.name = BLOCK_OPT_SIZE,
|
|
|
|
.type = QEMU_OPT_SIZE,
|
|
|
|
.help = "Virtual disk size"
|
|
|
|
},
|
|
|
|
{ /* end of list */ }
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
};
|
|
|
|
|
2018-02-05 18:24:32 +03:00
|
|
|
static int ssh_co_create(BlockdevCreateOptions *options, Error **errp)
|
|
|
|
{
|
|
|
|
BlockdevCreateOptionsSsh *opts = &options->u.ssh;
|
|
|
|
BDRVSSHState s;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
assert(options->driver == BLOCKDEV_DRIVER_SSH);
|
|
|
|
|
|
|
|
ssh_state_init(&s);
|
|
|
|
|
|
|
|
ret = connect_to_ssh(&s, opts->location,
|
2019-06-20 23:08:40 +03:00
|
|
|
O_RDWR | O_CREAT | O_TRUNC,
|
2018-02-05 18:24:32 +03:00
|
|
|
0644, errp);
|
|
|
|
if (ret < 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (opts->size > 0) {
|
|
|
|
ret = ssh_grow_file(&s, opts->size, errp);
|
|
|
|
if (ret < 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
fail:
|
|
|
|
ssh_state_free(&s);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-03-26 04:12:17 +03:00
|
|
|
static int coroutine_fn ssh_co_create_opts(BlockDriver *drv,
|
|
|
|
const char *filename,
|
|
|
|
QemuOpts *opts,
|
2018-01-18 15:43:45 +03:00
|
|
|
Error **errp)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
2018-02-05 18:24:32 +03:00
|
|
|
BlockdevCreateOptions *create_options;
|
|
|
|
BlockdevCreateOptionsSsh *ssh_opts;
|
|
|
|
int ret;
|
2013-04-09 18:30:53 +04:00
|
|
|
QDict *uri_options = NULL;
|
|
|
|
|
2018-02-05 18:24:32 +03:00
|
|
|
create_options = g_new0(BlockdevCreateOptions, 1);
|
|
|
|
create_options->driver = BLOCKDEV_DRIVER_SSH;
|
|
|
|
ssh_opts = &create_options->u.ssh;
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
/* Get desired file size. */
|
2018-02-05 18:24:32 +03:00
|
|
|
ssh_opts->size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
|
|
|
|
BDRV_SECTOR_SIZE);
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_co_create_opts(ssh_opts->size);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
uri_options = qdict_new();
|
2018-02-05 18:24:32 +03:00
|
|
|
ret = parse_uri(filename, uri_options, errp);
|
|
|
|
if (ret < 0) {
|
2013-04-09 18:30:53 +04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2018-02-05 18:24:32 +03:00
|
|
|
ssh_opts->location = ssh_parse_options(uri_options, errp);
|
|
|
|
if (ssh_opts->location == NULL) {
|
2018-02-05 17:28:14 +03:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2018-02-05 18:24:32 +03:00
|
|
|
ret = ssh_co_create(create_options, errp);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
out:
|
2018-04-19 18:01:43 +03:00
|
|
|
qobject_unref(uri_options);
|
2018-02-05 18:24:32 +03:00
|
|
|
qapi_free_BlockdevCreateOptions(create_options);
|
2013-04-09 18:30:53 +04:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh_close(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
|
|
|
|
ssh_state_free(s);
|
|
|
|
}
|
|
|
|
|
2013-06-25 21:15:18 +04:00
|
|
|
static int ssh_has_zero_init(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
/* Assume false, unless we can positively prove it's true. */
|
|
|
|
int has_zero_init = 0;
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (s->attrs->type == SSH_FILEXFER_TYPE_REGULAR) {
|
|
|
|
has_zero_init = 1;
|
2013-06-25 21:15:18 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return has_zero_init;
|
|
|
|
}
|
|
|
|
|
2017-06-29 16:27:49 +03:00
|
|
|
typedef struct BDRVSSHRestart {
|
|
|
|
BlockDriverState *bs;
|
|
|
|
Coroutine *co;
|
|
|
|
} BDRVSSHRestart;
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
static void restart_coroutine(void *opaque)
|
|
|
|
{
|
2017-06-29 16:27:49 +03:00
|
|
|
BDRVSSHRestart *restart = opaque;
|
|
|
|
BlockDriverState *bs = restart->bs;
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
AioContext *ctx = bdrv_get_aio_context(bs);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_restart_coroutine(restart->co);
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 16:23:31 +03:00
|
|
|
aio_set_fd_handler(ctx, s->sock, false, NULL, NULL, NULL, NULL, NULL);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2017-06-29 16:27:49 +03:00
|
|
|
aio_co_wake(restart->co);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2017-02-13 16:52:30 +03:00
|
|
|
/* A non-blocking call returned EAGAIN, so yield, ensuring the
|
|
|
|
* handlers are set up so that we'll be rescheduled when there is an
|
|
|
|
* interesting event on the socket.
|
|
|
|
*/
|
|
|
|
static coroutine_fn void co_yield(BDRVSSHState *s, BlockDriverState *bs)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
IOHandler *rd_handler = NULL, *wr_handler = NULL;
|
2017-06-29 16:27:49 +03:00
|
|
|
BDRVSSHRestart restart = {
|
|
|
|
.bs = bs,
|
|
|
|
.co = qemu_coroutine_self()
|
|
|
|
};
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
r = ssh_get_poll_flags(s->session);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r & SSH_READ_PENDING) {
|
2013-04-09 18:30:53 +04:00
|
|
|
rd_handler = restart_coroutine;
|
|
|
|
}
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r & SSH_WRITE_PENDING) {
|
2013-04-09 18:30:53 +04:00
|
|
|
wr_handler = restart_coroutine;
|
|
|
|
}
|
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_co_yield(s->sock, rd_handler, wr_handler);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2014-05-08 18:34:53 +04:00
|
|
|
aio_set_fd_handler(bdrv_get_aio_context(bs), s->sock,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 16:23:31 +03:00
|
|
|
false, rd_handler, wr_handler, NULL, NULL, &restart);
|
2013-04-09 18:30:53 +04:00
|
|
|
qemu_coroutine_yield();
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_co_yield_back(s->sock);
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
2014-05-08 18:34:53 +04:00
|
|
|
static coroutine_fn int ssh_read(BDRVSSHState *s, BlockDriverState *bs,
|
2013-04-09 18:30:53 +04:00
|
|
|
int64_t offset, size_t size,
|
|
|
|
QEMUIOVector *qiov)
|
|
|
|
{
|
|
|
|
ssize_t r;
|
|
|
|
size_t got;
|
|
|
|
char *buf, *end_of_vec;
|
|
|
|
struct iovec *i;
|
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_read(offset, size);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
trace_ssh_seek(offset);
|
|
|
|
sftp_seek64(s->sftp_handle, offset);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
/* This keeps track of the current iovec element ('i'), where we
|
|
|
|
* will write to next ('buf'), and the end of the current iovec
|
|
|
|
* ('end_of_vec').
|
|
|
|
*/
|
|
|
|
i = &qiov->iov[0];
|
|
|
|
buf = i->iov_base;
|
|
|
|
end_of_vec = i->iov_base + i->iov_len;
|
|
|
|
|
|
|
|
for (got = 0; got < size; ) {
|
2019-06-20 23:08:40 +03:00
|
|
|
size_t request_read_size;
|
2013-04-09 18:30:53 +04:00
|
|
|
again:
|
2019-06-20 23:08:40 +03:00
|
|
|
/*
|
|
|
|
* The size of SFTP packets is limited to 32K bytes, so limit
|
|
|
|
* the amount of data requested to 16K, as libssh currently
|
|
|
|
* does not handle multiple requests on its own.
|
|
|
|
*/
|
|
|
|
request_read_size = MIN(end_of_vec - buf, 16384);
|
|
|
|
trace_ssh_read_buf(buf, end_of_vec - buf, request_read_size);
|
|
|
|
r = sftp_read(s->sftp_handle, buf, request_read_size);
|
|
|
|
trace_ssh_read_return(r, sftp_get_error(s->sftp));
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r == SSH_AGAIN) {
|
2014-05-08 18:34:53 +04:00
|
|
|
co_yield(s, bs);
|
2013-04-09 18:30:53 +04:00
|
|
|
goto again;
|
|
|
|
}
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r == SSH_EOF || (r == 0 && sftp_get_error(s->sftp) == SSH_FX_EOF)) {
|
2013-04-09 18:30:53 +04:00
|
|
|
/* EOF: Short read so pad the buffer with zeroes and return it. */
|
|
|
|
qemu_iovec_memset(qiov, got, 0, size - got);
|
|
|
|
return 0;
|
|
|
|
}
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r <= 0) {
|
|
|
|
sftp_error_trace(s, "read");
|
|
|
|
return -EIO;
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
got += r;
|
|
|
|
buf += r;
|
|
|
|
if (buf >= end_of_vec && got < size) {
|
|
|
|
i++;
|
|
|
|
buf = i->iov_base;
|
|
|
|
end_of_vec = i->iov_base + i->iov_len;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static coroutine_fn int ssh_co_readv(BlockDriverState *bs,
|
|
|
|
int64_t sector_num,
|
|
|
|
int nb_sectors, QEMUIOVector *qiov)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
qemu_co_mutex_lock(&s->lock);
|
2014-05-08 18:34:53 +04:00
|
|
|
ret = ssh_read(s, bs, sector_num * BDRV_SECTOR_SIZE,
|
2013-04-09 18:30:53 +04:00
|
|
|
nb_sectors * BDRV_SECTOR_SIZE, qiov);
|
|
|
|
qemu_co_mutex_unlock(&s->lock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2014-05-08 18:34:53 +04:00
|
|
|
static int ssh_write(BDRVSSHState *s, BlockDriverState *bs,
|
2013-04-09 18:30:53 +04:00
|
|
|
int64_t offset, size_t size,
|
|
|
|
QEMUIOVector *qiov)
|
|
|
|
{
|
|
|
|
ssize_t r;
|
|
|
|
size_t written;
|
|
|
|
char *buf, *end_of_vec;
|
|
|
|
struct iovec *i;
|
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_write(offset, size);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
trace_ssh_seek(offset);
|
|
|
|
sftp_seek64(s->sftp_handle, offset);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
/* This keeps track of the current iovec element ('i'), where we
|
|
|
|
* will read from next ('buf'), and the end of the current iovec
|
|
|
|
* ('end_of_vec').
|
|
|
|
*/
|
|
|
|
i = &qiov->iov[0];
|
|
|
|
buf = i->iov_base;
|
|
|
|
end_of_vec = i->iov_base + i->iov_len;
|
|
|
|
|
|
|
|
for (written = 0; written < size; ) {
|
2019-06-20 23:08:40 +03:00
|
|
|
size_t request_write_size;
|
2013-04-09 18:30:53 +04:00
|
|
|
again:
|
2019-06-20 23:08:40 +03:00
|
|
|
/*
|
|
|
|
* Avoid too large data packets, as libssh currently does not
|
|
|
|
* handle multiple requests on its own.
|
|
|
|
*/
|
|
|
|
request_write_size = MIN(end_of_vec - buf, 131072);
|
|
|
|
trace_ssh_write_buf(buf, end_of_vec - buf, request_write_size);
|
|
|
|
r = sftp_write(s->sftp_handle, buf, request_write_size);
|
|
|
|
trace_ssh_write_return(r, sftp_get_error(s->sftp));
|
2013-04-09 18:30:53 +04:00
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (r == SSH_AGAIN) {
|
2014-05-08 18:34:53 +04:00
|
|
|
co_yield(s, bs);
|
2013-04-09 18:30:53 +04:00
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
if (r < 0) {
|
2019-04-17 22:06:28 +03:00
|
|
|
sftp_error_trace(s, "write");
|
2013-04-09 18:30:53 +04:00
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
|
|
|
written += r;
|
|
|
|
buf += r;
|
|
|
|
if (buf >= end_of_vec && written < size) {
|
|
|
|
i++;
|
|
|
|
buf = i->iov_base;
|
|
|
|
end_of_vec = i->iov_base + i->iov_len;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (offset + written > s->attrs->size) {
|
|
|
|
s->attrs->size = offset + written;
|
|
|
|
}
|
2013-04-09 18:30:53 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static coroutine_fn int ssh_co_writev(BlockDriverState *bs,
|
|
|
|
int64_t sector_num,
|
2018-04-25 01:01:57 +03:00
|
|
|
int nb_sectors, QEMUIOVector *qiov,
|
|
|
|
int flags)
|
2013-04-09 18:30:53 +04:00
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
int ret;
|
|
|
|
|
2018-04-25 01:01:57 +03:00
|
|
|
assert(!flags);
|
2013-04-09 18:30:53 +04:00
|
|
|
qemu_co_mutex_lock(&s->lock);
|
2014-05-08 18:34:53 +04:00
|
|
|
ret = ssh_write(s, bs, sector_num * BDRV_SECTOR_SIZE,
|
2013-04-09 18:30:53 +04:00
|
|
|
nb_sectors * BDRV_SECTOR_SIZE, qiov);
|
|
|
|
qemu_co_mutex_unlock(&s->lock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:54 +04:00
|
|
|
static void unsafe_flush_warning(BDRVSSHState *s, const char *what)
|
|
|
|
{
|
|
|
|
if (!s->unsafe_flush_warning) {
|
2017-07-12 16:57:41 +03:00
|
|
|
warn_report("ssh server %s does not support fsync",
|
|
|
|
s->inet->host);
|
2013-04-09 18:30:54 +04:00
|
|
|
if (what) {
|
|
|
|
error_report("to support fsync, you need %s", what);
|
|
|
|
}
|
|
|
|
s->unsafe_flush_warning = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-08 18:34:53 +04:00
|
|
|
static coroutine_fn int ssh_flush(BDRVSSHState *s, BlockDriverState *bs)
|
2013-04-09 18:30:54 +04:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_flush();
|
2019-06-20 23:08:40 +03:00
|
|
|
|
|
|
|
if (!sftp_extension_supported(s->sftp, "fsync@openssh.com", "1")) {
|
|
|
|
unsafe_flush_warning(s, "OpenSSH >= 6.3");
|
|
|
|
return 0;
|
|
|
|
}
|
2013-04-09 18:30:54 +04:00
|
|
|
again:
|
2019-06-20 23:08:40 +03:00
|
|
|
r = sftp_fsync(s->sftp_handle);
|
|
|
|
if (r == SSH_AGAIN) {
|
2014-05-08 18:34:53 +04:00
|
|
|
co_yield(s, bs);
|
2013-04-09 18:30:54 +04:00
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
if (r < 0) {
|
2019-04-17 22:06:28 +03:00
|
|
|
sftp_error_trace(s, "fsync");
|
2013-04-09 18:30:54 +04:00
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static coroutine_fn int ssh_co_flush(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
qemu_co_mutex_lock(&s->lock);
|
2014-05-08 18:34:53 +04:00
|
|
|
ret = ssh_flush(s, bs);
|
2013-04-09 18:30:54 +04:00
|
|
|
qemu_co_mutex_unlock(&s->lock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
static int64_t ssh_getlength(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
int64_t length;
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
/* Note we cannot make a libssh call here. */
|
|
|
|
length = (int64_t) s->attrs->size;
|
2018-12-13 19:27:24 +03:00
|
|
|
trace_ssh_getlength(length);
|
2013-04-09 18:30:53 +04:00
|
|
|
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
block: Convert .bdrv_truncate callback to coroutine_fn
bdrv_truncate() is an operation that can block (even for a quite long
time, depending on the PreallocMode) in I/O paths that shouldn't block.
Convert it to a coroutine_fn so that we have the infrastructure for
drivers to make their .bdrv_co_truncate implementation asynchronous.
This change could potentially introduce new race conditions because
bdrv_truncate() isn't necessarily executed atomically any more. Whether
this is a problem needs to be evaluated for each block driver that
supports truncate:
* file-posix/win32, gluster, iscsi, nfs, rbd, ssh, sheepdog: The
protocol drivers are trivially safe because they don't actually yield
yet, so there is no change in behaviour.
* copy-on-read, crypto, raw-format: Essentially just filter drivers that
pass the request to a child node, no problem.
* qcow2: The implementation modifies metadata, so it needs to hold
s->lock to be safe with concurrent I/O requests. In order to avoid
double locking, this requires pulling the locking out into
preallocate_co() and using qcow2_write_caches() instead of
bdrv_flush().
* qed: Does a single header update, this is fine without locking.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-06-21 18:54:35 +03:00
|
|
|
static int coroutine_fn ssh_co_truncate(BlockDriverState *bs, int64_t offset,
|
2019-09-18 12:51:40 +03:00
|
|
|
bool exact, PreallocMode prealloc,
|
2020-04-24 15:54:39 +03:00
|
|
|
BdrvRequestFlags flags, Error **errp)
|
2018-02-14 23:49:15 +03:00
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
|
|
|
|
if (prealloc != PREALLOC_MODE_OFF) {
|
|
|
|
error_setg(errp, "Unsupported preallocation mode '%s'",
|
|
|
|
PreallocMode_str(prealloc));
|
|
|
|
return -ENOTSUP;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (offset < s->attrs->size) {
|
2018-02-14 23:49:15 +03:00
|
|
|
error_setg(errp, "ssh driver does not support shrinking files");
|
|
|
|
return -ENOTSUP;
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
if (offset == s->attrs->size) {
|
2018-02-14 23:49:15 +03:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ssh_grow_file(s, offset, errp);
|
|
|
|
}
|
|
|
|
|
2019-02-25 22:08:27 +03:00
|
|
|
static void ssh_refresh_filename(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVSSHState *s = bs->opaque;
|
|
|
|
const char *path, *host_key_check;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* None of these options can be represented in a plain "host:port"
|
|
|
|
* format, so if any was given, we have to abort.
|
|
|
|
*/
|
|
|
|
if (s->inet->has_ipv4 || s->inet->has_ipv6 || s->inet->has_to ||
|
|
|
|
s->inet->has_numeric)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
path = qdict_get_try_str(bs->full_open_options, "path");
|
|
|
|
assert(path); /* mandatory option */
|
|
|
|
|
|
|
|
host_key_check = qdict_get_try_str(bs->full_open_options, "host_key_check");
|
|
|
|
|
|
|
|
ret = snprintf(bs->exact_filename, sizeof(bs->exact_filename),
|
|
|
|
"ssh://%s@%s:%s%s%s%s",
|
|
|
|
s->user, s->inet->host, s->inet->port, path,
|
|
|
|
host_key_check ? "?host_key_check=" : "",
|
|
|
|
host_key_check ?: "");
|
|
|
|
if (ret >= sizeof(bs->exact_filename)) {
|
|
|
|
/* An overflow makes the filename unusable, so do not report any */
|
|
|
|
bs->exact_filename[0] = '\0';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-25 22:08:28 +03:00
|
|
|
static char *ssh_bdrv_dirname(BlockDriverState *bs, Error **errp)
|
|
|
|
{
|
|
|
|
if (qdict_haskey(bs->full_open_options, "host_key_check")) {
|
|
|
|
/*
|
|
|
|
* We cannot generate a simple prefix if we would have to
|
|
|
|
* append a query string.
|
|
|
|
*/
|
|
|
|
error_setg(errp,
|
|
|
|
"Cannot generate a base directory with host_key_check set");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bs->exact_filename[0] == '\0') {
|
|
|
|
error_setg(errp, "Cannot generate a base directory for this ssh node");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return path_combine(bs->exact_filename, "");
|
|
|
|
}
|
|
|
|
|
2019-02-01 22:29:25 +03:00
|
|
|
static const char *const ssh_strong_runtime_opts[] = {
|
|
|
|
"host",
|
|
|
|
"port",
|
|
|
|
"path",
|
|
|
|
"user",
|
|
|
|
"host_key_check",
|
|
|
|
"server.",
|
|
|
|
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
static BlockDriver bdrv_ssh = {
|
|
|
|
.format_name = "ssh",
|
|
|
|
.protocol_name = "ssh",
|
|
|
|
.instance_size = sizeof(BDRVSSHState),
|
|
|
|
.bdrv_parse_filename = ssh_parse_filename,
|
|
|
|
.bdrv_file_open = ssh_file_open,
|
2018-02-05 18:24:32 +03:00
|
|
|
.bdrv_co_create = ssh_co_create,
|
2018-01-18 15:43:45 +03:00
|
|
|
.bdrv_co_create_opts = ssh_co_create_opts,
|
2013-04-09 18:30:53 +04:00
|
|
|
.bdrv_close = ssh_close,
|
2013-06-25 21:15:18 +04:00
|
|
|
.bdrv_has_zero_init = ssh_has_zero_init,
|
2013-04-09 18:30:53 +04:00
|
|
|
.bdrv_co_readv = ssh_co_readv,
|
|
|
|
.bdrv_co_writev = ssh_co_writev,
|
|
|
|
.bdrv_getlength = ssh_getlength,
|
block: Convert .bdrv_truncate callback to coroutine_fn
bdrv_truncate() is an operation that can block (even for a quite long
time, depending on the PreallocMode) in I/O paths that shouldn't block.
Convert it to a coroutine_fn so that we have the infrastructure for
drivers to make their .bdrv_co_truncate implementation asynchronous.
This change could potentially introduce new race conditions because
bdrv_truncate() isn't necessarily executed atomically any more. Whether
this is a problem needs to be evaluated for each block driver that
supports truncate:
* file-posix/win32, gluster, iscsi, nfs, rbd, ssh, sheepdog: The
protocol drivers are trivially safe because they don't actually yield
yet, so there is no change in behaviour.
* copy-on-read, crypto, raw-format: Essentially just filter drivers that
pass the request to a child node, no problem.
* qcow2: The implementation modifies metadata, so it needs to hold
s->lock to be safe with concurrent I/O requests. In order to avoid
double locking, this requires pulling the locking out into
preallocate_co() and using qcow2_write_caches() instead of
bdrv_flush().
* qed: Does a single header update, this is fine without locking.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-06-21 18:54:35 +03:00
|
|
|
.bdrv_co_truncate = ssh_co_truncate,
|
2013-04-09 18:30:54 +04:00
|
|
|
.bdrv_co_flush_to_disk = ssh_co_flush,
|
2019-02-25 22:08:27 +03:00
|
|
|
.bdrv_refresh_filename = ssh_refresh_filename,
|
2019-02-25 22:08:28 +03:00
|
|
|
.bdrv_dirname = ssh_bdrv_dirname,
|
2014-06-05 13:21:06 +04:00
|
|
|
.create_opts = &ssh_create_opts,
|
2019-02-01 22:29:25 +03:00
|
|
|
.strong_runtime_opts = ssh_strong_runtime_opts,
|
2013-04-09 18:30:53 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static void bdrv_ssh_init(void)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
r = ssh_init();
|
2013-04-09 18:30:53 +04:00
|
|
|
if (r != 0) {
|
2019-06-20 23:08:40 +03:00
|
|
|
fprintf(stderr, "libssh initialization failed, %d\n", r);
|
2013-04-09 18:30:53 +04:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2019-06-20 23:08:40 +03:00
|
|
|
#if TRACE_LIBSSH != 0
|
|
|
|
ssh_set_log_level(TRACE_LIBSSH);
|
|
|
|
#endif
|
|
|
|
|
2013-04-09 18:30:53 +04:00
|
|
|
bdrv_register(&bdrv_ssh);
|
|
|
|
}
|
|
|
|
|
|
|
|
block_init(bdrv_ssh_init);
|