2009-05-11 19:41:42 +04:00
|
|
|
/*
|
|
|
|
* QEMU Block driver for CURL images
|
|
|
|
*
|
|
|
|
* Copyright (c) 2009 Alexander Graf <agraf@suse.de>
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
2016-01-18 21:01:42 +03:00
|
|
|
#include "qemu/osdep.h"
|
2009-05-11 19:41:42 +04:00
|
|
|
#include "qemu-common.h"
|
2015-07-08 16:37:48 +03:00
|
|
|
#include "qemu/error-report.h"
|
2012-12-17 21:19:44 +04:00
|
|
|
#include "block/block_int.h"
|
2014-05-15 03:28:42 +04:00
|
|
|
#include "qapi/qmp/qbool.h"
|
2015-03-17 20:29:20 +03:00
|
|
|
#include "qapi/qmp/qstring.h"
|
2009-05-11 19:41:42 +04:00
|
|
|
#include <curl/curl.h>
|
|
|
|
|
2014-08-27 00:31:08 +04:00
|
|
|
// #define DEBUG_CURL
|
2009-05-11 19:41:42 +04:00
|
|
|
// #define DEBUG_VERBOSE
|
|
|
|
|
|
|
|
#ifdef DEBUG_CURL
|
2010-02-07 02:03:50 +03:00
|
|
|
#define DPRINTF(fmt, ...) do { printf(fmt, ## __VA_ARGS__); } while (0)
|
2009-05-11 19:41:42 +04:00
|
|
|
#else
|
2010-02-07 02:03:50 +03:00
|
|
|
#define DPRINTF(fmt, ...) do { } while (0)
|
2009-05-11 19:41:42 +04:00
|
|
|
#endif
|
|
|
|
|
2014-01-24 17:56:17 +04:00
|
|
|
#if LIBCURL_VERSION_NUM >= 0x071000
|
|
|
|
/* The multi interface timer callback was introduced in 7.16.0 */
|
|
|
|
#define NEED_CURL_TIMER_CALLBACK
|
2014-05-15 03:28:40 +04:00
|
|
|
#define HAVE_SOCKET_ACTION
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef HAVE_SOCKET_ACTION
|
|
|
|
/* If curl_multi_socket_action isn't available, define it statically here in
|
|
|
|
* terms of curl_multi_socket. Note that ev_bitmask will be ignored, which is
|
|
|
|
* less efficient but still safe. */
|
|
|
|
static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
|
|
|
curl_socket_t sockfd,
|
|
|
|
int ev_bitmask,
|
|
|
|
int *running_handles)
|
|
|
|
{
|
|
|
|
return curl_multi_socket(multi_handle, sockfd, running_handles);
|
|
|
|
}
|
|
|
|
#define curl_multi_socket_action __curl_multi_socket_action
|
2014-01-24 17:56:17 +04:00
|
|
|
#endif
|
|
|
|
|
2013-02-08 11:49:10 +04:00
|
|
|
#define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \
|
|
|
|
CURLPROTO_FTP | CURLPROTO_FTPS | \
|
|
|
|
CURLPROTO_TFTP)
|
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
#define CURL_NUM_STATES 8
|
|
|
|
#define CURL_NUM_ACB 8
|
|
|
|
#define SECTOR_SIZE 512
|
2014-05-15 03:28:41 +04:00
|
|
|
#define READ_AHEAD_DEFAULT (256 * 1024)
|
2014-08-13 19:44:27 +04:00
|
|
|
#define CURL_TIMEOUT_DEFAULT 5
|
2014-10-26 14:05:27 +03:00
|
|
|
#define CURL_TIMEOUT_MAX 10000
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
#define FIND_RET_NONE 0
|
|
|
|
#define FIND_RET_OK 1
|
|
|
|
#define FIND_RET_WAIT 2
|
|
|
|
|
2014-05-15 03:28:41 +04:00
|
|
|
#define CURL_BLOCK_OPT_URL "url"
|
|
|
|
#define CURL_BLOCK_OPT_READAHEAD "readahead"
|
2014-05-15 03:28:42 +04:00
|
|
|
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
|
2014-08-13 19:44:27 +04:00
|
|
|
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
|
2014-08-29 19:03:12 +04:00
|
|
|
#define CURL_BLOCK_OPT_COOKIE "cookie"
|
2014-05-15 03:28:41 +04:00
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
struct BDRVCURLState;
|
|
|
|
|
|
|
|
typedef struct CURLAIOCB {
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB common;
|
2011-09-21 14:55:50 +04:00
|
|
|
QEMUBH *bh;
|
2009-05-11 19:41:42 +04:00
|
|
|
QEMUIOVector *qiov;
|
2011-09-21 14:55:50 +04:00
|
|
|
|
|
|
|
int64_t sector_num;
|
|
|
|
int nb_sectors;
|
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
size_t start;
|
|
|
|
size_t end;
|
|
|
|
} CURLAIOCB;
|
|
|
|
|
|
|
|
typedef struct CURLState
|
|
|
|
{
|
|
|
|
struct BDRVCURLState *s;
|
|
|
|
CURLAIOCB *acb[CURL_NUM_ACB];
|
|
|
|
CURL *curl;
|
2014-04-29 19:03:30 +04:00
|
|
|
curl_socket_t sock_fd;
|
2009-05-11 19:41:42 +04:00
|
|
|
char *orig_buf;
|
|
|
|
size_t buf_start;
|
|
|
|
size_t buf_off;
|
|
|
|
size_t buf_len;
|
|
|
|
char range[128];
|
|
|
|
char errmsg[CURL_ERROR_SIZE];
|
|
|
|
char in_use;
|
|
|
|
} CURLState;
|
|
|
|
|
|
|
|
typedef struct BDRVCURLState {
|
|
|
|
CURLM *multi;
|
2014-01-24 17:56:17 +04:00
|
|
|
QEMUTimer timer;
|
2009-05-11 19:41:42 +04:00
|
|
|
size_t len;
|
|
|
|
CURLState states[CURL_NUM_STATES];
|
|
|
|
char *url;
|
2009-07-02 04:16:52 +04:00
|
|
|
size_t readahead_size;
|
2014-05-15 03:28:42 +04:00
|
|
|
bool sslverify;
|
2014-10-26 14:05:27 +03:00
|
|
|
uint64_t timeout;
|
2014-08-29 19:03:12 +04:00
|
|
|
char *cookie;
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
bool accept_range;
|
2014-05-08 18:34:40 +04:00
|
|
|
AioContext *aio_context;
|
2009-05-11 19:41:42 +04:00
|
|
|
} BDRVCURLState;
|
|
|
|
|
|
|
|
static void curl_clean_state(CURLState *s);
|
|
|
|
static void curl_multi_do(void *arg);
|
2014-04-29 19:03:30 +04:00
|
|
|
static void curl_multi_read(void *arg);
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-01-24 17:56:17 +04:00
|
|
|
#ifdef NEED_CURL_TIMER_CALLBACK
|
|
|
|
static int curl_timer_cb(CURLM *multi, long timeout_ms, void *opaque)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = opaque;
|
|
|
|
|
|
|
|
DPRINTF("CURL: timer callback timeout_ms %ld\n", timeout_ms);
|
|
|
|
if (timeout_ms == -1) {
|
|
|
|
timer_del(&s->timer);
|
|
|
|
} else {
|
|
|
|
int64_t timeout_ns = (int64_t)timeout_ms * 1000 * 1000;
|
|
|
|
timer_mod(&s->timer,
|
|
|
|
qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + timeout_ns);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
2014-05-08 18:34:40 +04:00
|
|
|
void *userp, void *sp)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
2014-05-08 18:34:40 +04:00
|
|
|
BDRVCURLState *s;
|
2014-04-29 19:03:30 +04:00
|
|
|
CURLState *state = NULL;
|
|
|
|
curl_easy_getinfo(curl, CURLINFO_PRIVATE, (char **)&state);
|
|
|
|
state->sock_fd = fd;
|
2014-05-08 18:34:40 +04:00
|
|
|
s = state->s;
|
2014-04-29 19:03:30 +04:00
|
|
|
|
2010-02-07 02:03:50 +03:00
|
|
|
DPRINTF("CURL (AIO): Sock action %d on fd %d\n", action, fd);
|
2009-05-11 19:41:42 +04:00
|
|
|
switch (action) {
|
|
|
|
case CURL_POLL_IN:
|
2015-10-23 06:08:05 +03:00
|
|
|
aio_set_fd_handler(s->aio_context, fd, false,
|
|
|
|
curl_multi_read, NULL, state);
|
2009-05-11 19:41:42 +04:00
|
|
|
break;
|
|
|
|
case CURL_POLL_OUT:
|
2015-10-23 06:08:05 +03:00
|
|
|
aio_set_fd_handler(s->aio_context, fd, false,
|
|
|
|
NULL, curl_multi_do, state);
|
2009-05-11 19:41:42 +04:00
|
|
|
break;
|
|
|
|
case CURL_POLL_INOUT:
|
2015-10-23 06:08:05 +03:00
|
|
|
aio_set_fd_handler(s->aio_context, fd, false,
|
|
|
|
curl_multi_read, curl_multi_do, state);
|
2009-05-11 19:41:42 +04:00
|
|
|
break;
|
|
|
|
case CURL_POLL_REMOVE:
|
2015-10-23 06:08:05 +03:00
|
|
|
aio_set_fd_handler(s->aio_context, fd, false,
|
|
|
|
NULL, NULL, NULL);
|
2009-05-11 19:41:42 +04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
static size_t curl_header_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
BDRVCURLState *s = opaque;
|
2009-05-11 19:41:42 +04:00
|
|
|
size_t realsize = size * nmemb;
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
const char *accept_line = "Accept-Ranges: bytes";
|
2009-05-11 19:41:42 +04:00
|
|
|
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
if (realsize >= strlen(accept_line)
|
|
|
|
&& strncmp((char *)ptr, accept_line, strlen(accept_line)) == 0) {
|
|
|
|
s->accept_range = true;
|
2010-05-22 12:02:12 +04:00
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
return realsize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
|
|
|
{
|
|
|
|
CURLState *s = ((CURLState*)opaque);
|
|
|
|
size_t realsize = size * nmemb;
|
|
|
|
int i;
|
|
|
|
|
2010-05-22 12:02:12 +04:00
|
|
|
DPRINTF("CURL: Just reading %zd bytes\n", realsize);
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
if (!s || !s->orig_buf)
|
2014-04-29 19:03:27 +04:00
|
|
|
return 0;
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-03-26 16:05:40 +04:00
|
|
|
if (s->buf_off >= s->buf_len) {
|
|
|
|
/* buffer full, read nothing */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
realsize = MIN(realsize, s->buf_len - s->buf_off);
|
2009-05-11 19:41:42 +04:00
|
|
|
memcpy(s->orig_buf + s->buf_off, ptr, realsize);
|
|
|
|
s->buf_off += realsize;
|
|
|
|
|
|
|
|
for(i=0; i<CURL_NUM_ACB; i++) {
|
|
|
|
CURLAIOCB *acb = s->acb[i];
|
|
|
|
|
|
|
|
if (!acb)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if ((s->buf_off >= acb->end)) {
|
allow qemu_iovec_from_buffer() to specify offset from which to start copying
Similar to
qemu_iovec_memset(QEMUIOVector *qiov, size_t offset,
int c, size_t bytes);
the new prototype is:
qemu_iovec_from_buf(QEMUIOVector *qiov, size_t offset,
const void *buf, size_t bytes);
The processing starts at offset bytes within qiov.
This way, we may copy a bounce buffer directly to
a middle of qiov.
This is exactly the same function as iov_from_buf() from
iov.c, so use the existing implementation and rename it
to qemu_iovec_from_buf() to be shorter and to match the
utility function.
As with utility implementation, we now assert that the
offset is inside actual iovec. Nothing changed for
current callers, because `offset' parameter is new.
While at it, stop using "bounce-qiov" in block/qcow2.c
and copy decrypted data directly from cluster_data
instead of recreating a temp qiov for doing that.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2012-06-07 20:17:55 +04:00
|
|
|
qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
|
|
|
|
acb->end - acb->start);
|
2009-05-11 19:41:42 +04:00
|
|
|
acb->common.cb(acb->common.opaque, 0);
|
2014-09-11 09:41:28 +04:00
|
|
|
qemu_aio_unref(acb);
|
2009-05-11 19:41:42 +04:00
|
|
|
s->acb[i] = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return realsize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int curl_find_buf(BDRVCURLState *s, size_t start, size_t len,
|
|
|
|
CURLAIOCB *acb)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
size_t end = start + len;
|
|
|
|
|
|
|
|
for (i=0; i<CURL_NUM_STATES; i++) {
|
|
|
|
CURLState *state = &s->states[i];
|
|
|
|
size_t buf_end = (state->buf_start + state->buf_off);
|
|
|
|
size_t buf_fend = (state->buf_start + state->buf_len);
|
|
|
|
|
|
|
|
if (!state->orig_buf)
|
|
|
|
continue;
|
|
|
|
if (!state->buf_off)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
// Does the existing buffer cover our section?
|
|
|
|
if ((start >= state->buf_start) &&
|
|
|
|
(start <= buf_end) &&
|
|
|
|
(end >= state->buf_start) &&
|
|
|
|
(end <= buf_end))
|
|
|
|
{
|
|
|
|
char *buf = state->orig_buf + (start - state->buf_start);
|
|
|
|
|
allow qemu_iovec_from_buffer() to specify offset from which to start copying
Similar to
qemu_iovec_memset(QEMUIOVector *qiov, size_t offset,
int c, size_t bytes);
the new prototype is:
qemu_iovec_from_buf(QEMUIOVector *qiov, size_t offset,
const void *buf, size_t bytes);
The processing starts at offset bytes within qiov.
This way, we may copy a bounce buffer directly to
a middle of qiov.
This is exactly the same function as iov_from_buf() from
iov.c, so use the existing implementation and rename it
to qemu_iovec_from_buf() to be shorter and to match the
utility function.
As with utility implementation, we now assert that the
offset is inside actual iovec. Nothing changed for
current callers, because `offset' parameter is new.
While at it, stop using "bounce-qiov" in block/qcow2.c
and copy decrypted data directly from cluster_data
instead of recreating a temp qiov for doing that.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2012-06-07 20:17:55 +04:00
|
|
|
qemu_iovec_from_buf(acb->qiov, 0, buf, len);
|
2009-05-11 19:41:42 +04:00
|
|
|
acb->common.cb(acb->common.opaque, 0);
|
|
|
|
|
|
|
|
return FIND_RET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for unfinished chunks
|
2014-04-29 19:03:32 +04:00
|
|
|
if (state->in_use &&
|
|
|
|
(start >= state->buf_start) &&
|
2009-05-11 19:41:42 +04:00
|
|
|
(start <= buf_fend) &&
|
|
|
|
(end >= state->buf_start) &&
|
|
|
|
(end <= buf_fend))
|
|
|
|
{
|
|
|
|
int j;
|
|
|
|
|
|
|
|
acb->start = start - state->buf_start;
|
|
|
|
acb->end = acb->start + len;
|
|
|
|
|
|
|
|
for (j=0; j<CURL_NUM_ACB; j++) {
|
|
|
|
if (!state->acb[j]) {
|
|
|
|
state->acb[j] = acb;
|
|
|
|
return FIND_RET_WAIT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return FIND_RET_NONE;
|
|
|
|
}
|
|
|
|
|
2014-04-29 19:03:30 +04:00
|
|
|
static void curl_multi_check_completion(BDRVCURLState *s)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
|
|
|
int msgs_in_queue;
|
|
|
|
|
|
|
|
/* Try to find done transfers, so we can free the easy
|
|
|
|
* handle again. */
|
2014-04-29 19:03:31 +04:00
|
|
|
for (;;) {
|
2009-05-11 19:41:42 +04:00
|
|
|
CURLMsg *msg;
|
|
|
|
msg = curl_multi_info_read(s->multi, &msgs_in_queue);
|
|
|
|
|
2014-04-29 19:03:31 +04:00
|
|
|
/* Quit when there are no more completions */
|
2009-05-11 19:41:42 +04:00
|
|
|
if (!msg)
|
|
|
|
break;
|
|
|
|
|
2014-04-29 19:03:31 +04:00
|
|
|
if (msg->msg == CURLMSG_DONE) {
|
|
|
|
CURLState *state = NULL;
|
|
|
|
curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
|
|
|
|
(char **)&state);
|
|
|
|
|
|
|
|
/* ACBs for successful messages get completed in curl_read_cb */
|
|
|
|
if (msg->data.result != CURLE_OK) {
|
|
|
|
int i;
|
2015-07-08 16:37:48 +03:00
|
|
|
static int errcount = 100;
|
|
|
|
|
|
|
|
/* Don't lose the original error message from curl, since
|
|
|
|
* it contains extra data.
|
|
|
|
*/
|
|
|
|
if (errcount > 0) {
|
|
|
|
error_report("curl: %s", state->errmsg);
|
|
|
|
if (--errcount == 0) {
|
|
|
|
error_report("curl: further errors suppressed");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-04-29 19:03:31 +04:00
|
|
|
for (i = 0; i < CURL_NUM_ACB; i++) {
|
|
|
|
CURLAIOCB *acb = state->acb[i];
|
|
|
|
|
|
|
|
if (acb == NULL) {
|
|
|
|
continue;
|
2011-08-15 13:00:34 +04:00
|
|
|
}
|
|
|
|
|
2015-07-08 16:37:48 +03:00
|
|
|
acb->common.cb(acb->common.opaque, -EPROTO);
|
2014-09-11 09:41:28 +04:00
|
|
|
qemu_aio_unref(acb);
|
2014-04-29 19:03:31 +04:00
|
|
|
state->acb[i] = NULL;
|
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
}
|
2014-04-29 19:03:31 +04:00
|
|
|
|
|
|
|
curl_clean_state(state);
|
|
|
|
break;
|
2009-05-11 19:41:42 +04:00
|
|
|
}
|
2014-04-29 19:03:31 +04:00
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
}
|
|
|
|
|
2014-01-24 17:56:17 +04:00
|
|
|
static void curl_multi_do(void *arg)
|
|
|
|
{
|
2014-04-29 19:03:30 +04:00
|
|
|
CURLState *s = (CURLState *)arg;
|
2014-01-24 17:56:17 +04:00
|
|
|
int running;
|
|
|
|
int r;
|
|
|
|
|
2014-04-29 19:03:30 +04:00
|
|
|
if (!s->s->multi) {
|
2014-01-24 17:56:17 +04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
do {
|
2014-04-29 19:03:30 +04:00
|
|
|
r = curl_multi_socket_action(s->s->multi, s->sock_fd, 0, &running);
|
2014-01-24 17:56:17 +04:00
|
|
|
} while(r == CURLM_CALL_MULTI_PERFORM);
|
|
|
|
|
2014-04-29 19:03:30 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_multi_read(void *arg)
|
|
|
|
{
|
|
|
|
CURLState *s = (CURLState *)arg;
|
|
|
|
|
|
|
|
curl_multi_do(arg);
|
|
|
|
curl_multi_check_completion(s->s);
|
2014-01-24 17:56:17 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_multi_timeout_do(void *arg)
|
|
|
|
{
|
|
|
|
#ifdef NEED_CURL_TIMER_CALLBACK
|
|
|
|
BDRVCURLState *s = (BDRVCURLState *)arg;
|
|
|
|
int running;
|
|
|
|
|
|
|
|
if (!s->multi) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running);
|
|
|
|
|
2014-04-29 19:03:30 +04:00
|
|
|
curl_multi_check_completion(s);
|
2014-01-24 17:56:17 +04:00
|
|
|
#else
|
|
|
|
abort();
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2014-08-28 12:04:21 +04:00
|
|
|
static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
|
|
|
CURLState *state = NULL;
|
|
|
|
int i, j;
|
|
|
|
|
|
|
|
do {
|
|
|
|
for (i=0; i<CURL_NUM_STATES; i++) {
|
|
|
|
for (j=0; j<CURL_NUM_ACB; j++)
|
|
|
|
if (s->states[i].acb[j])
|
|
|
|
continue;
|
|
|
|
if (s->states[i].in_use)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
state = &s->states[i];
|
|
|
|
state->in_use = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!state) {
|
2014-08-28 12:04:21 +04:00
|
|
|
aio_poll(bdrv_get_aio_context(bs), true);
|
2009-05-11 19:41:42 +04:00
|
|
|
}
|
|
|
|
} while(!state);
|
|
|
|
|
2014-04-29 19:03:26 +04:00
|
|
|
if (!state->curl) {
|
|
|
|
state->curl = curl_easy_init();
|
|
|
|
if (!state->curl) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
|
2014-05-15 03:28:42 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
|
|
|
(long) s->sslverify);
|
2014-08-29 19:03:12 +04:00
|
|
|
if (s->cookie) {
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
|
|
|
|
}
|
2014-10-26 14:05:27 +03:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout);
|
2014-04-29 19:03:26 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
|
|
|
(void *)curl_read_cb);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1);
|
|
|
|
|
|
|
|
/* Restrict supported protocols to avoid security issues in the more
|
|
|
|
* obscure protocols. For example, do not allow POP3/SMTP/IMAP see
|
|
|
|
* CVE-2013-0249.
|
|
|
|
*
|
|
|
|
* Restricting protocols is only supported from 7.19.4 upwards.
|
|
|
|
*/
|
2013-02-13 12:25:34 +04:00
|
|
|
#if LIBCURL_VERSION_NUM >= 0x071304
|
2014-04-29 19:03:26 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
|
2013-02-13 12:25:34 +04:00
|
|
|
#endif
|
2013-02-08 11:49:10 +04:00
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
#ifdef DEBUG_VERBOSE
|
2014-04-29 19:03:26 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);
|
2009-05-11 19:41:42 +04:00
|
|
|
#endif
|
2014-04-29 19:03:26 +04:00
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
state->s = s;
|
|
|
|
|
|
|
|
return state;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_clean_state(CURLState *s)
|
|
|
|
{
|
|
|
|
if (s->s->multi)
|
|
|
|
curl_multi_remove_handle(s->s->multi, s->curl);
|
|
|
|
s->in_use = 0;
|
|
|
|
}
|
|
|
|
|
2013-04-10 17:31:33 +04:00
|
|
|
static void curl_parse_filename(const char *filename, QDict *options,
|
|
|
|
Error **errp)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
2014-05-15 03:28:41 +04:00
|
|
|
qdict_put(options, CURL_BLOCK_OPT_URL, qstring_from_str(filename));
|
2013-04-10 17:31:33 +04:00
|
|
|
}
|
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
static void curl_detach_aio_context(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < CURL_NUM_STATES; i++) {
|
|
|
|
if (s->states[i].in_use) {
|
|
|
|
curl_clean_state(&s->states[i]);
|
|
|
|
}
|
|
|
|
if (s->states[i].curl) {
|
|
|
|
curl_easy_cleanup(s->states[i].curl);
|
|
|
|
s->states[i].curl = NULL;
|
|
|
|
}
|
2014-06-06 20:25:12 +04:00
|
|
|
g_free(s->states[i].orig_buf);
|
|
|
|
s->states[i].orig_buf = NULL;
|
2014-05-08 18:34:40 +04:00
|
|
|
}
|
|
|
|
if (s->multi) {
|
|
|
|
curl_multi_cleanup(s->multi);
|
|
|
|
s->multi = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
timer_del(&s->timer);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_attach_aio_context(BlockDriverState *bs,
|
|
|
|
AioContext *new_context)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
|
|
|
|
aio_timer_init(new_context, &s->timer,
|
|
|
|
QEMU_CLOCK_REALTIME, SCALE_NS,
|
|
|
|
curl_multi_timeout_do, s);
|
|
|
|
|
|
|
|
assert(!s->multi);
|
|
|
|
s->multi = curl_multi_init();
|
|
|
|
s->aio_context = new_context;
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb);
|
|
|
|
#ifdef NEED_CURL_TIMER_CALLBACK
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_TIMERDATA, s);
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2013-04-10 17:31:33 +04:00
|
|
|
static QemuOptsList runtime_opts = {
|
|
|
|
.name = "curl",
|
|
|
|
.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
|
|
|
|
.desc = {
|
|
|
|
{
|
2014-05-15 03:28:41 +04:00
|
|
|
.name = CURL_BLOCK_OPT_URL,
|
2013-04-10 17:31:33 +04:00
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "URL to open",
|
|
|
|
},
|
|
|
|
{
|
2014-05-15 03:28:41 +04:00
|
|
|
.name = CURL_BLOCK_OPT_READAHEAD,
|
2013-04-10 17:31:33 +04:00
|
|
|
.type = QEMU_OPT_SIZE,
|
|
|
|
.help = "Readahead size",
|
|
|
|
},
|
2014-05-15 03:28:42 +04:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_SSLVERIFY,
|
|
|
|
.type = QEMU_OPT_BOOL,
|
|
|
|
.help = "Verify SSL certificate"
|
|
|
|
},
|
2014-08-13 19:44:27 +04:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_TIMEOUT,
|
|
|
|
.type = QEMU_OPT_NUMBER,
|
|
|
|
.help = "Curl timeout"
|
|
|
|
},
|
2014-08-29 19:03:12 +04:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_COOKIE,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Pass the cookie or list of cookies with each request"
|
|
|
|
},
|
2013-04-10 17:31:33 +04:00
|
|
|
{ /* end of list */ }
|
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2013-09-05 16:22:29 +04:00
|
|
|
static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
|
|
|
Error **errp)
|
2013-04-10 17:31:33 +04:00
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
CURLState *state = NULL;
|
|
|
|
QemuOpts *opts;
|
|
|
|
Error *local_err = NULL;
|
|
|
|
const char *file;
|
2014-08-29 19:03:12 +04:00
|
|
|
const char *cookie;
|
2013-04-10 17:31:33 +04:00
|
|
|
double d;
|
|
|
|
|
|
|
|
static int inited = 0;
|
|
|
|
|
2013-06-10 15:38:43 +04:00
|
|
|
if (flags & BDRV_O_RDWR) {
|
2014-02-17 17:43:57 +04:00
|
|
|
error_setg(errp, "curl block device does not support writes");
|
2013-06-10 15:38:43 +04:00
|
|
|
return -EROFS;
|
|
|
|
}
|
|
|
|
|
2014-01-02 06:49:17 +04:00
|
|
|
opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
|
2013-04-10 17:31:33 +04:00
|
|
|
qemu_opts_absorb_qdict(opts, options, &local_err);
|
2014-01-30 18:07:28 +04:00
|
|
|
if (local_err) {
|
2014-02-17 17:43:57 +04:00
|
|
|
error_propagate(errp, local_err);
|
2013-04-10 17:31:33 +04:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2014-05-15 03:28:41 +04:00
|
|
|
s->readahead_size = qemu_opt_get_size(opts, CURL_BLOCK_OPT_READAHEAD,
|
|
|
|
READ_AHEAD_DEFAULT);
|
2009-07-02 04:16:52 +04:00
|
|
|
if ((s->readahead_size & 0x1ff) != 0) {
|
2014-02-17 17:43:57 +04:00
|
|
|
error_setg(errp, "HTTP_READAHEAD_SIZE %zd is not a multiple of 512",
|
|
|
|
s->readahead_size);
|
2009-07-02 04:16:52 +04:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2014-08-13 19:44:27 +04:00
|
|
|
s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
|
|
|
|
CURL_TIMEOUT_DEFAULT);
|
2014-10-26 14:05:27 +03:00
|
|
|
if (s->timeout > CURL_TIMEOUT_MAX) {
|
|
|
|
error_setg(errp, "timeout parameter is too large or negative");
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
2014-08-13 19:44:27 +04:00
|
|
|
|
2014-05-15 03:28:42 +04:00
|
|
|
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
|
|
|
|
|
2014-08-29 19:03:12 +04:00
|
|
|
cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
|
|
|
|
s->cookie = g_strdup(cookie);
|
|
|
|
|
2014-05-15 03:28:41 +04:00
|
|
|
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
|
2013-04-10 17:31:33 +04:00
|
|
|
if (file == NULL) {
|
2014-02-17 17:43:57 +04:00
|
|
|
error_setg(errp, "curl block driver requires an 'url' option");
|
2013-04-10 17:31:33 +04:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2009-05-11 19:41:42 +04:00
|
|
|
if (!inited) {
|
|
|
|
curl_global_init(CURL_GLOBAL_ALL);
|
|
|
|
inited = 1;
|
|
|
|
}
|
|
|
|
|
2010-02-07 02:03:50 +03:00
|
|
|
DPRINTF("CURL: Opening %s\n", file);
|
2014-05-08 18:34:40 +04:00
|
|
|
s->aio_context = bdrv_get_aio_context(bs);
|
2013-04-10 17:31:33 +04:00
|
|
|
s->url = g_strdup(file);
|
2014-08-28 12:04:21 +04:00
|
|
|
state = curl_init_state(bs, s);
|
2009-05-11 19:41:42 +04:00
|
|
|
if (!state)
|
|
|
|
goto out_noclean;
|
|
|
|
|
|
|
|
// Get file size
|
|
|
|
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
s->accept_range = false;
|
2009-05-11 19:41:42 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1);
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION,
|
|
|
|
curl_header_cb);
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s);
|
2009-05-11 19:41:42 +04:00
|
|
|
if (curl_easy_perform(state->curl))
|
|
|
|
goto out;
|
|
|
|
curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d);
|
|
|
|
if (d)
|
|
|
|
s->len = (size_t)d;
|
|
|
|
else if(!s->len)
|
|
|
|
goto out;
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 11:19:21 +04:00
|
|
|
if ((!strncasecmp(s->url, "http://", strlen("http://"))
|
|
|
|
|| !strncasecmp(s->url, "https://", strlen("https://")))
|
|
|
|
&& !s->accept_range) {
|
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"Server does not support 'range' (byte ranges).");
|
|
|
|
goto out;
|
|
|
|
}
|
2010-05-22 12:02:12 +04:00
|
|
|
DPRINTF("CURL: Size = %zd\n", s->len);
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
curl_clean_state(state);
|
|
|
|
curl_easy_cleanup(state->curl);
|
|
|
|
state->curl = NULL;
|
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
curl_attach_aio_context(bs, bdrv_get_aio_context(bs));
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2013-04-10 17:31:33 +04:00
|
|
|
qemu_opts_del(opts);
|
2009-05-11 19:41:42 +04:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
out:
|
2014-03-18 09:59:18 +04:00
|
|
|
error_setg(errp, "CURL: Error opening file: %s", state->errmsg);
|
2009-05-11 19:41:42 +04:00
|
|
|
curl_easy_cleanup(state->curl);
|
|
|
|
state->curl = NULL;
|
|
|
|
out_noclean:
|
2014-08-29 19:03:12 +04:00
|
|
|
g_free(s->cookie);
|
2013-04-10 17:31:33 +04:00
|
|
|
g_free(s->url);
|
|
|
|
qemu_opts_del(opts);
|
2009-05-11 19:41:42 +04:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2012-10-31 19:34:37 +04:00
|
|
|
static const AIOCBInfo curl_aiocb_info = {
|
2009-05-25 14:37:32 +04:00
|
|
|
.aiocb_size = sizeof(CURLAIOCB),
|
|
|
|
};
|
|
|
|
|
2011-09-21 14:55:50 +04:00
|
|
|
|
|
|
|
static void curl_readv_bh_cb(void *p)
|
2009-05-11 19:41:42 +04:00
|
|
|
{
|
|
|
|
CURLState *state;
|
2014-04-29 19:03:29 +04:00
|
|
|
int running;
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2011-09-21 14:55:50 +04:00
|
|
|
CURLAIOCB *acb = p;
|
|
|
|
BDRVCURLState *s = acb->common.bs->opaque;
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2011-09-21 14:55:50 +04:00
|
|
|
qemu_bh_delete(acb->bh);
|
|
|
|
acb->bh = NULL;
|
|
|
|
|
|
|
|
size_t start = acb->sector_num * SECTOR_SIZE;
|
|
|
|
size_t end;
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
// In case we have the requested data already (e.g. read-ahead),
|
|
|
|
// we can just call the callback and be done.
|
2011-09-21 14:55:50 +04:00
|
|
|
switch (curl_find_buf(s, start, acb->nb_sectors * SECTOR_SIZE, acb)) {
|
2009-05-11 19:41:42 +04:00
|
|
|
case FIND_RET_OK:
|
2014-09-11 09:41:28 +04:00
|
|
|
qemu_aio_unref(acb);
|
2009-05-11 19:41:42 +04:00
|
|
|
// fall through
|
|
|
|
case FIND_RET_WAIT:
|
2011-09-21 14:55:50 +04:00
|
|
|
return;
|
2009-05-11 19:41:42 +04:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
// No cache found, so let's start a new request
|
2014-08-28 12:04:21 +04:00
|
|
|
state = curl_init_state(acb->common.bs, s);
|
2011-09-21 14:55:50 +04:00
|
|
|
if (!state) {
|
|
|
|
acb->common.cb(acb->common.opaque, -EIO);
|
2014-09-11 09:41:28 +04:00
|
|
|
qemu_aio_unref(acb);
|
2011-09-21 14:55:50 +04:00
|
|
|
return;
|
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
acb->start = 0;
|
2011-09-21 14:55:50 +04:00
|
|
|
acb->end = (acb->nb_sectors * SECTOR_SIZE);
|
2009-05-11 19:41:42 +04:00
|
|
|
|
|
|
|
state->buf_off = 0;
|
2014-06-06 20:25:12 +04:00
|
|
|
g_free(state->orig_buf);
|
2009-05-11 19:41:42 +04:00
|
|
|
state->buf_start = start;
|
2009-07-02 04:16:52 +04:00
|
|
|
state->buf_len = acb->end + s->readahead_size;
|
2009-05-11 19:41:42 +04:00
|
|
|
end = MIN(start + state->buf_len, s->len) - 1;
|
2014-05-20 15:26:40 +04:00
|
|
|
state->orig_buf = g_try_malloc(state->buf_len);
|
|
|
|
if (state->buf_len && state->orig_buf == NULL) {
|
|
|
|
curl_clean_state(state);
|
|
|
|
acb->common.cb(acb->common.opaque, -ENOMEM);
|
2014-09-11 09:41:28 +04:00
|
|
|
qemu_aio_unref(acb);
|
2014-05-20 15:26:40 +04:00
|
|
|
return;
|
|
|
|
}
|
2009-05-11 19:41:42 +04:00
|
|
|
state->acb[0] = acb;
|
|
|
|
|
2010-05-22 12:02:12 +04:00
|
|
|
snprintf(state->range, 127, "%zd-%zd", start, end);
|
|
|
|
DPRINTF("CURL (AIO): Reading %d at %zd (%s)\n",
|
2011-09-21 14:55:50 +04:00
|
|
|
(acb->nb_sectors * SECTOR_SIZE), start, state->range);
|
2009-05-11 19:41:42 +04:00
|
|
|
curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range);
|
|
|
|
|
|
|
|
curl_multi_add_handle(s->multi, state->curl);
|
|
|
|
|
2014-04-29 19:03:29 +04:00
|
|
|
/* Tell curl it needs to kick things off */
|
|
|
|
curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running);
|
2011-09-21 14:55:50 +04:00
|
|
|
}
|
|
|
|
|
2014-10-07 15:59:14 +04:00
|
|
|
static BlockAIOCB *curl_aio_readv(BlockDriverState *bs,
|
2011-09-21 14:55:50 +04:00
|
|
|
int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque)
|
2011-09-21 14:55:50 +04:00
|
|
|
{
|
|
|
|
CURLAIOCB *acb;
|
|
|
|
|
2012-10-31 19:34:37 +04:00
|
|
|
acb = qemu_aio_get(&curl_aiocb_info, bs, cb, opaque);
|
2011-09-21 14:55:50 +04:00
|
|
|
|
|
|
|
acb->qiov = qiov;
|
|
|
|
acb->sector_num = sector_num;
|
|
|
|
acb->nb_sectors = nb_sectors;
|
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
acb->bh = aio_bh_new(bdrv_get_aio_context(bs), curl_readv_bh_cb, acb);
|
2011-09-21 14:55:50 +04:00
|
|
|
qemu_bh_schedule(acb->bh);
|
2009-05-11 19:41:42 +04:00
|
|
|
return &acb->common;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_close(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
|
2010-02-07 02:03:50 +03:00
|
|
|
DPRINTF("CURL: Close\n");
|
2014-05-08 18:34:40 +04:00
|
|
|
curl_detach_aio_context(bs);
|
2014-01-24 17:56:17 +04:00
|
|
|
|
2014-08-29 19:03:12 +04:00
|
|
|
g_free(s->cookie);
|
2012-09-01 13:06:45 +04:00
|
|
|
g_free(s->url);
|
2009-05-11 19:41:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int64_t curl_getlength(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
return s->len;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BlockDriver bdrv_http = {
|
2014-05-08 18:34:40 +04:00
|
|
|
.format_name = "http",
|
|
|
|
.protocol_name = "http",
|
|
|
|
|
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
|
|
|
.bdrv_getlength = curl_getlength,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_aio_readv = curl_aio_readv,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2009-05-11 19:41:42 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_https = {
|
2014-05-08 18:34:40 +04:00
|
|
|
.format_name = "https",
|
|
|
|
.protocol_name = "https",
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
|
|
|
.bdrv_getlength = curl_getlength,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_aio_readv = curl_aio_readv,
|
|
|
|
|
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2009-05-11 19:41:42 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_ftp = {
|
2014-05-08 18:34:40 +04:00
|
|
|
.format_name = "ftp",
|
|
|
|
.protocol_name = "ftp",
|
|
|
|
|
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
|
|
|
.bdrv_getlength = curl_getlength,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_aio_readv = curl_aio_readv,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2009-05-11 19:41:42 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_ftps = {
|
2014-05-08 18:34:40 +04:00
|
|
|
.format_name = "ftps",
|
|
|
|
.protocol_name = "ftps",
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
|
|
|
.bdrv_getlength = curl_getlength,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_aio_readv = curl_aio_readv,
|
|
|
|
|
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2009-05-11 19:41:42 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_tftp = {
|
2014-05-08 18:34:40 +04:00
|
|
|
.format_name = "tftp",
|
|
|
|
.protocol_name = "tftp",
|
|
|
|
|
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
|
|
|
.bdrv_getlength = curl_getlength,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_aio_readv = curl_aio_readv,
|
2009-05-11 19:41:42 +04:00
|
|
|
|
2014-05-08 18:34:40 +04:00
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2009-05-11 19:41:42 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
static void curl_block_init(void)
|
|
|
|
{
|
|
|
|
bdrv_register(&bdrv_http);
|
|
|
|
bdrv_register(&bdrv_https);
|
|
|
|
bdrv_register(&bdrv_ftp);
|
|
|
|
bdrv_register(&bdrv_ftps);
|
|
|
|
bdrv_register(&bdrv_tftp);
|
|
|
|
}
|
|
|
|
|
|
|
|
block_init(curl_block_init);
|