2008-07-03 17:41:03 +04:00
|
|
|
/*
|
2017-07-07 23:30:43 +03:00
|
|
|
* Copyright (C) 2016-2017 Red Hat, Inc.
|
2008-05-28 01:13:40 +04:00
|
|
|
* Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws>
|
|
|
|
*
|
|
|
|
* Network Block Device
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; under version 2 of the License.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2009-07-17 00:47:01 +04:00
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2008-07-03 17:41:03 +04:00
|
|
|
*/
|
2008-05-28 01:13:40 +04:00
|
|
|
|
|
|
|
#ifndef NBD_H
|
|
|
|
#define NBD_H
|
|
|
|
|
|
|
|
|
2011-09-08 19:55:32 +04:00
|
|
|
#include "qemu-common.h"
|
2013-03-15 14:55:29 +04:00
|
|
|
#include "qemu/option.h"
|
2016-02-10 21:41:04 +03:00
|
|
|
#include "io/channel-socket.h"
|
2016-02-10 21:41:11 +03:00
|
|
|
#include "crypto/tlscreds.h"
|
2011-02-22 18:44:53 +03:00
|
|
|
|
2016-10-14 21:33:10 +03:00
|
|
|
/* Handshake phase structs - this struct is passed on the wire */
|
|
|
|
|
|
|
|
struct nbd_option {
|
|
|
|
uint64_t magic; /* NBD_OPTS_MAGIC */
|
|
|
|
uint32_t option; /* NBD_OPT_* */
|
|
|
|
uint32_t length;
|
|
|
|
} QEMU_PACKED;
|
|
|
|
typedef struct nbd_option nbd_option;
|
|
|
|
|
|
|
|
struct nbd_opt_reply {
|
|
|
|
uint64_t magic; /* NBD_REP_MAGIC */
|
|
|
|
uint32_t option; /* NBD_OPT_* */
|
|
|
|
uint32_t type; /* NBD_REP_* */
|
|
|
|
uint32_t length;
|
|
|
|
} QEMU_PACKED;
|
|
|
|
typedef struct nbd_opt_reply nbd_opt_reply;
|
|
|
|
|
|
|
|
/* Transmission phase structs
|
|
|
|
*
|
|
|
|
* Note: these are _NOT_ the same as the network representation of an NBD
|
2016-06-13 12:42:40 +03:00
|
|
|
* request and reply!
|
|
|
|
*/
|
2016-10-14 21:33:07 +03:00
|
|
|
struct NBDRequest {
|
2008-07-03 17:41:03 +04:00
|
|
|
uint64_t handle;
|
|
|
|
uint64_t from;
|
|
|
|
uint32_t len;
|
2016-10-14 21:33:10 +03:00
|
|
|
uint16_t flags; /* NBD_CMD_FLAG_* */
|
|
|
|
uint16_t type; /* NBD_CMD_* */
|
2016-06-13 12:42:40 +03:00
|
|
|
};
|
2016-10-14 21:33:07 +03:00
|
|
|
typedef struct NBDRequest NBDRequest;
|
2008-07-03 17:41:03 +04:00
|
|
|
|
2016-10-14 21:33:07 +03:00
|
|
|
struct NBDReply {
|
2008-07-03 17:41:03 +04:00
|
|
|
uint64_t handle;
|
2016-06-13 12:42:40 +03:00
|
|
|
uint32_t error;
|
|
|
|
};
|
2016-10-14 21:33:07 +03:00
|
|
|
typedef struct NBDReply NBDReply;
|
2008-07-03 17:41:03 +04:00
|
|
|
|
2016-10-14 21:33:04 +03:00
|
|
|
/* Transmission (export) flags: sent from server to client during handshake,
|
|
|
|
but describe what will happen during transmission */
|
2011-09-08 19:24:54 +04:00
|
|
|
#define NBD_FLAG_HAS_FLAGS (1 << 0) /* Flags are there */
|
|
|
|
#define NBD_FLAG_READ_ONLY (1 << 1) /* Device is read-only */
|
2011-09-08 19:24:55 +04:00
|
|
|
#define NBD_FLAG_SEND_FLUSH (1 << 2) /* Send FLUSH */
|
|
|
|
#define NBD_FLAG_SEND_FUA (1 << 3) /* Send FUA (Force Unit Access) */
|
|
|
|
#define NBD_FLAG_ROTATIONAL (1 << 4) /* Use elevator algorithm - rotational media */
|
|
|
|
#define NBD_FLAG_SEND_TRIM (1 << 5) /* Send TRIM (discard) */
|
2016-10-14 21:33:17 +03:00
|
|
|
#define NBD_FLAG_SEND_WRITE_ZEROES (1 << 6) /* Send WRITE_ZEROES */
|
2011-09-08 19:24:55 +04:00
|
|
|
|
2016-10-14 21:33:04 +03:00
|
|
|
/* New-style handshake (global) flags, sent from server to client, and
|
|
|
|
control what will happen during handshake phase. */
|
2016-10-14 21:33:14 +03:00
|
|
|
#define NBD_FLAG_FIXED_NEWSTYLE (1 << 0) /* Fixed newstyle protocol. */
|
|
|
|
#define NBD_FLAG_NO_ZEROES (1 << 1) /* End handshake without zeroes. */
|
2014-06-07 04:32:31 +04:00
|
|
|
|
2016-10-14 21:33:04 +03:00
|
|
|
/* New-style client flags, sent from client to server to control what happens
|
|
|
|
during handshake phase. */
|
2016-10-14 21:33:14 +03:00
|
|
|
#define NBD_FLAG_C_FIXED_NEWSTYLE (1 << 0) /* Fixed newstyle protocol. */
|
|
|
|
#define NBD_FLAG_C_NO_ZEROES (1 << 1) /* End handshake without zeroes. */
|
2014-06-07 04:32:31 +04:00
|
|
|
|
2017-07-07 23:30:43 +03:00
|
|
|
/* Option requests. */
|
|
|
|
#define NBD_OPT_EXPORT_NAME (1)
|
|
|
|
#define NBD_OPT_ABORT (2)
|
|
|
|
#define NBD_OPT_LIST (3)
|
|
|
|
/* #define NBD_OPT_PEEK_EXPORT (4) not in use */
|
|
|
|
#define NBD_OPT_STARTTLS (5)
|
|
|
|
#define NBD_OPT_INFO (6)
|
|
|
|
#define NBD_OPT_GO (7)
|
|
|
|
#define NBD_OPT_STRUCTURED_REPLY (8)
|
|
|
|
|
|
|
|
/* Option reply types. */
|
2016-10-14 21:33:16 +03:00
|
|
|
#define NBD_REP_ERR(value) ((UINT32_C(1) << 31) | (value))
|
|
|
|
|
2014-06-07 04:32:32 +04:00
|
|
|
#define NBD_REP_ACK (1) /* Data sending finished. */
|
|
|
|
#define NBD_REP_SERVER (2) /* Export description. */
|
2017-07-07 23:30:43 +03:00
|
|
|
#define NBD_REP_INFO (3) /* NBD_OPT_INFO/GO. */
|
|
|
|
|
|
|
|
#define NBD_REP_ERR_UNSUP NBD_REP_ERR(1) /* Unknown option */
|
|
|
|
#define NBD_REP_ERR_POLICY NBD_REP_ERR(2) /* Server denied */
|
|
|
|
#define NBD_REP_ERR_INVALID NBD_REP_ERR(3) /* Invalid length */
|
|
|
|
#define NBD_REP_ERR_PLATFORM NBD_REP_ERR(4) /* Not compiled in */
|
|
|
|
#define NBD_REP_ERR_TLS_REQD NBD_REP_ERR(5) /* TLS required */
|
|
|
|
#define NBD_REP_ERR_UNKNOWN NBD_REP_ERR(6) /* Export unknown */
|
|
|
|
#define NBD_REP_ERR_SHUTDOWN NBD_REP_ERR(7) /* Server shutting down */
|
|
|
|
#define NBD_REP_ERR_BLOCK_SIZE_REQD NBD_REP_ERR(8) /* Need INFO_BLOCK_SIZE */
|
|
|
|
|
|
|
|
/* Info types, used during NBD_REP_INFO */
|
|
|
|
#define NBD_INFO_EXPORT 0
|
|
|
|
#define NBD_INFO_NAME 1
|
|
|
|
#define NBD_INFO_DESCRIPTION 2
|
|
|
|
#define NBD_INFO_BLOCK_SIZE 3
|
2016-02-10 21:41:11 +03:00
|
|
|
|
2016-10-14 21:33:04 +03:00
|
|
|
/* Request flags, sent from client to server during transmission phase */
|
2016-10-14 21:33:17 +03:00
|
|
|
#define NBD_CMD_FLAG_FUA (1 << 0) /* 'force unit access' during write */
|
|
|
|
#define NBD_CMD_FLAG_NO_HOLE (1 << 1) /* don't punch hole on zero run */
|
2014-06-07 04:32:31 +04:00
|
|
|
|
2016-10-14 21:33:04 +03:00
|
|
|
/* Supported request types */
|
2008-07-03 17:41:03 +04:00
|
|
|
enum {
|
|
|
|
NBD_CMD_READ = 0,
|
|
|
|
NBD_CMD_WRITE = 1,
|
2011-09-08 19:24:55 +04:00
|
|
|
NBD_CMD_DISC = 2,
|
|
|
|
NBD_CMD_FLUSH = 3,
|
2016-10-14 21:33:17 +03:00
|
|
|
NBD_CMD_TRIM = 4,
|
|
|
|
/* 5 reserved for failed experiment NBD_CMD_CACHE */
|
|
|
|
NBD_CMD_WRITE_ZEROES = 6,
|
2008-07-03 17:41:03 +04:00
|
|
|
};
|
|
|
|
|
2010-08-26 00:48:33 +04:00
|
|
|
#define NBD_DEFAULT_PORT 10809
|
|
|
|
|
2013-05-02 16:23:08 +04:00
|
|
|
/* Maximum size of a single READ/WRITE data buffer */
|
|
|
|
#define NBD_MAX_BUFFER_SIZE (32 * 1024 * 1024)
|
2016-06-24 01:37:08 +03:00
|
|
|
|
2016-05-12 01:39:44 +03:00
|
|
|
/* Maximum size of an export name. The NBD spec requires 256 and
|
|
|
|
* suggests that servers support up to 4096, but we stick to only the
|
|
|
|
* required size so that we can stack-allocate the names, and because
|
|
|
|
* going larger would require an audit of more code to make sure we
|
|
|
|
* aren't overflowing some other buffer. */
|
|
|
|
#define NBD_MAX_NAME_SIZE 256
|
2011-10-07 16:35:58 +04:00
|
|
|
|
2017-07-07 23:30:41 +03:00
|
|
|
/* Details collected by NBD_OPT_EXPORT_NAME and NBD_OPT_GO */
|
|
|
|
struct NBDExportInfo {
|
|
|
|
uint64_t size;
|
|
|
|
uint16_t flags;
|
|
|
|
};
|
|
|
|
typedef struct NBDExportInfo NBDExportInfo;
|
|
|
|
|
2017-06-02 18:01:39 +03:00
|
|
|
ssize_t nbd_rwv(QIOChannel *ioc, struct iovec *iov, size_t niov, size_t length,
|
|
|
|
bool do_read, Error **errp);
|
2017-07-07 23:30:41 +03:00
|
|
|
int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
|
2016-02-10 21:41:11 +03:00
|
|
|
QCryptoTLSCreds *tlscreds, const char *hostname,
|
2017-07-07 23:30:41 +03:00
|
|
|
QIOChannel **outioc, NBDExportInfo *info,
|
|
|
|
Error **errp);
|
|
|
|
int nbd_init(int fd, QIOChannelSocket *sioc, NBDExportInfo *info,
|
2017-05-26 14:09:13 +03:00
|
|
|
Error **errp);
|
2016-10-14 21:33:07 +03:00
|
|
|
ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request);
|
2017-05-26 14:09:13 +03:00
|
|
|
ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp);
|
2010-08-31 11:30:33 +04:00
|
|
|
int nbd_client(int fd);
|
2008-05-28 01:13:40 +04:00
|
|
|
int nbd_disconnect(int fd);
|
|
|
|
|
2011-09-19 16:03:37 +04:00
|
|
|
typedef struct NBDExport NBDExport;
|
2011-09-19 16:33:23 +04:00
|
|
|
typedef struct NBDClient NBDClient;
|
2011-09-19 16:03:37 +04:00
|
|
|
|
2016-07-06 12:22:39 +03:00
|
|
|
NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size,
|
2016-07-21 22:34:46 +03:00
|
|
|
uint16_t nbdflags, void (*close)(NBDExport *),
|
2016-07-06 12:22:39 +03:00
|
|
|
bool writethrough, BlockBackend *on_eject_blk,
|
2015-02-25 21:08:21 +03:00
|
|
|
Error **errp);
|
2011-09-19 16:03:37 +04:00
|
|
|
void nbd_export_close(NBDExport *exp);
|
2012-09-18 15:26:25 +04:00
|
|
|
void nbd_export_get(NBDExport *exp);
|
|
|
|
void nbd_export_put(NBDExport *exp);
|
2012-09-18 15:17:52 +04:00
|
|
|
|
2014-11-18 14:21:17 +03:00
|
|
|
BlockBackend *nbd_export_get_blockdev(NBDExport *exp);
|
2012-09-18 16:31:44 +04:00
|
|
|
|
2012-08-22 17:59:23 +04:00
|
|
|
NBDExport *nbd_export_find(const char *name);
|
|
|
|
void nbd_export_set_name(NBDExport *exp, const char *name);
|
2016-10-14 21:33:03 +03:00
|
|
|
void nbd_export_set_description(NBDExport *exp, const char *description);
|
2012-08-22 17:59:23 +04:00
|
|
|
void nbd_export_close_all(void);
|
|
|
|
|
2016-02-10 21:41:04 +03:00
|
|
|
void nbd_client_new(NBDExport *exp,
|
|
|
|
QIOChannelSocket *sioc,
|
2016-02-10 21:41:11 +03:00
|
|
|
QCryptoTLSCreds *tlscreds,
|
|
|
|
const char *tlsaclname,
|
nbd: Fix regression on resiliency to port scan
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
server would not quit, regardless of how many probe connections
came and went, until a connection actually negotiated). But we
broke that in commit ee7d7aa when removing the return value to
nbd_client_new(), although that patch also introduced a bug causing
an assertion failure on a client that fails negotiation. We then
made it worse during refactoring in commit 1a6245a (a segfault
before we could even assert); the (masked) assertion was cleaned
up in d3780c2 (still in 2.6), and just recently we finally fixed
the segfault ("nbd: Fully intialize client in case of failed
negotiation"). But that still means that ever since we added
TLS support to qemu-nbd, we have been vulnerable to an ill-timed
port-scan being able to cause a denial of service by taking down
qemu-nbd before a real client has a chance to connect.
Since negotiation is now handled asynchronously via coroutines,
we no longer have a synchronous point of return by re-adding a
return value to nbd_client_new(). So this patch instead wires
things up to pass the negotiation status through the close_fn
callback function.
Simple test across two terminals:
$ qemu-nbd -f raw -p 30001 file
$ nmap 127.0.0.1 -p 30001 && \
qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
Note that this patch does not change what constitutes successful
negotiation (thus, a client must enter transmission phase before
that client can be considered as a reason to terminate the server
when the connection ends). Perhaps we may want to tweak things
in a later patch to also treat a client that uses NBD_OPT_ABORT
as being a 'successful' negotiation (the client correctly talked
the NBD protocol, and informed us it was not going to use our
export after all), but that's a discussion for another day.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-09 01:26:17 +03:00
|
|
|
void (*close_fn)(NBDClient *, bool));
|
2012-09-18 15:17:52 +04:00
|
|
|
void nbd_client_get(NBDClient *client);
|
|
|
|
void nbd_client_put(NBDClient *client);
|
2011-09-19 16:03:37 +04:00
|
|
|
|
2017-04-26 10:36:41 +03:00
|
|
|
void nbd_server_start(SocketAddress *addr, const char *tls_creds,
|
|
|
|
Error **errp);
|
|
|
|
|
2008-05-28 01:13:40 +04:00
|
|
|
#endif
|