nbd patches for 2017-11-17

Eric Blake - nbd: Don't crash when server reports NBD_CMD_READ failure
 Eric Blake - nbd/client: Use error_prepend() correctly
 Eric Blake - nbd/client: Don't hard-disconnect on ESHUTDOWN from server
 Eric Blake - nbd/server: Fix error reporting for bad requests
 -----BEGIN PGP SIGNATURE-----
 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
 
 iQEcBAABCAAGBQJaDvfqAAoJEKeha0olJ0NqD5sH/1+j6R/Qe8qO0Doh2cFNZzBt
 d9+4PfM2ClHDyP8hpyU/yuodAwNTgWZP6whWLl6eraDGN5+jZKF51Jhbj8lSdbgB
 x/e2iL7gZlD8ZCsWnPWMj1DOZ1HZxax/4MOiZYqCp2Fbw1oyH4HXN7S13fCP2sTS
 vaENtn2V2sLlEEN9QIMaeGPWJK4pmNurF2mKmt+N/ZOx8UGNnwfNWQ5JB+RIWo2J
 3nWap6mnRyPVlyLCHy1zAqT6L1VQa7ZjuFFuwFjsZJwzcEgUY87gJJsWKH3nQZX1
 DAh1Xjv37UXEqroAlE4I53/GTbgFbGe8XL/7eJwVMI2UjXBiwTyhBrgjUaUYx1k=
 =hzbE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-11-17' into staging

nbd patches for 2017-11-17

Eric Blake - nbd: Don't crash when server reports NBD_CMD_READ failure
Eric Blake - nbd/client: Use error_prepend() correctly
Eric Blake - nbd/client: Don't hard-disconnect on ESHUTDOWN from server
Eric Blake - nbd/server: Fix error reporting for bad requests

# gpg: Signature made Fri 17 Nov 2017 14:53:30 GMT
# gpg:                using RSA key 0xA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2017-11-17:
  nbd/server: Fix error reporting for bad requests
  nbd/client: Don't hard-disconnect on ESHUTDOWN from server
  nbd/client: Use error_prepend() correctly
  nbd: Don't crash when server reports NBD_CMD_READ failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2017-11-17 15:30:20 +00:00
commit 085ee6d282
3 changed files with 40 additions and 56 deletions

View File

@ -78,7 +78,7 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
while (!s->quit) { while (!s->quit) {
assert(s->reply.handle == 0); assert(s->reply.handle == 0);
ret = nbd_receive_reply(s->ioc, &s->reply, &local_err); ret = nbd_receive_reply(s->ioc, &s->reply, &local_err);
if (ret < 0) { if (local_err) {
error_report_err(local_err); error_report_err(local_err);
} }
if (ret <= 0) { if (ret <= 0) {
@ -691,7 +691,7 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t offset,
ret = nbd_co_receive_cmdread_reply(client, request.handle, offset, qiov, ret = nbd_co_receive_cmdread_reply(client, request.handle, offset, qiov,
&local_err); &local_err);
if (ret < 0) { if (local_err) {
error_report_err(local_err); error_report_err(local_err);
} }
return ret; return ret;

View File

@ -79,12 +79,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt,
stl_be_p(&req.length, len); stl_be_p(&req.length, len);
if (nbd_write(ioc, &req, sizeof(req), errp) < 0) { if (nbd_write(ioc, &req, sizeof(req), errp) < 0) {
error_prepend(errp, "Failed to send option request header"); error_prepend(errp, "Failed to send option request header: ");
return -1; return -1;
} }
if (len && nbd_write(ioc, (char *) data, len, errp) < 0) { if (len && nbd_write(ioc, (char *) data, len, errp) < 0) {
error_prepend(errp, "Failed to send option request data"); error_prepend(errp, "Failed to send option request data: ");
return -1; return -1;
} }
@ -113,7 +113,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
{ {
QEMU_BUILD_BUG_ON(sizeof(*reply) != 20); QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
if (nbd_read(ioc, reply, sizeof(*reply), errp) < 0) { if (nbd_read(ioc, reply, sizeof(*reply), errp) < 0) {
error_prepend(errp, "failed to read option reply"); error_prepend(errp, "failed to read option reply: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -166,7 +166,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
msg = g_malloc(reply->length + 1); msg = g_malloc(reply->length + 1);
if (nbd_read(ioc, msg, reply->length, errp) < 0) { if (nbd_read(ioc, msg, reply->length, errp) < 0) {
error_prepend(errp, "failed to read option error 0x%" PRIx32 error_prepend(errp, "failed to read option error 0x%" PRIx32
" (%s) message", " (%s) message: ",
reply->type, nbd_rep_lookup(reply->type)); reply->type, nbd_rep_lookup(reply->type));
goto cleanup; goto cleanup;
} }
@ -277,7 +277,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
return -1; return -1;
} }
if (nbd_read(ioc, &namelen, sizeof(namelen), errp) < 0) { if (nbd_read(ioc, &namelen, sizeof(namelen), errp) < 0) {
error_prepend(errp, "failed to read option name length"); error_prepend(errp, "failed to read option name length: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -290,7 +290,8 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
} }
if (namelen != strlen(want)) { if (namelen != strlen(want)) {
if (nbd_drop(ioc, len, errp) < 0) { if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "failed to skip export name with wrong length"); error_prepend(errp,
"failed to skip export name with wrong length: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -299,14 +300,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
assert(namelen < sizeof(name)); assert(namelen < sizeof(name));
if (nbd_read(ioc, name, namelen, errp) < 0) { if (nbd_read(ioc, name, namelen, errp) < 0) {
error_prepend(errp, "failed to read export name"); error_prepend(errp, "failed to read export name: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
name[namelen] = '\0'; name[namelen] = '\0';
len -= namelen; len -= namelen;
if (nbd_drop(ioc, len, errp) < 0) { if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "failed to read export description"); error_prepend(errp, "failed to read export description: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -390,7 +391,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
return -1; return -1;
} }
if (nbd_read(ioc, &type, sizeof(type), errp) < 0) { if (nbd_read(ioc, &type, sizeof(type), errp) < 0) {
error_prepend(errp, "failed to read info type"); error_prepend(errp, "failed to read info type: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -405,13 +406,13 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
return -1; return -1;
} }
if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) {
error_prepend(errp, "failed to read info size"); error_prepend(errp, "failed to read info size: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
be64_to_cpus(&info->size); be64_to_cpus(&info->size);
if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) {
error_prepend(errp, "failed to read info flags"); error_prepend(errp, "failed to read info flags: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -428,7 +429,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
} }
if (nbd_read(ioc, &info->min_block, sizeof(info->min_block), if (nbd_read(ioc, &info->min_block, sizeof(info->min_block),
errp) < 0) { errp) < 0) {
error_prepend(errp, "failed to read info minimum block size"); error_prepend(errp, "failed to read info minimum block size: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -441,7 +442,8 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
} }
if (nbd_read(ioc, &info->opt_block, sizeof(info->opt_block), if (nbd_read(ioc, &info->opt_block, sizeof(info->opt_block),
errp) < 0) { errp) < 0) {
error_prepend(errp, "failed to read info preferred block size"); error_prepend(errp,
"failed to read info preferred block size: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -455,7 +457,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
} }
if (nbd_read(ioc, &info->max_block, sizeof(info->max_block), if (nbd_read(ioc, &info->max_block, sizeof(info->max_block),
errp) < 0) { errp) < 0) {
error_prepend(errp, "failed to read info maximum block size"); error_prepend(errp, "failed to read info maximum block size: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -467,7 +469,7 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
default: default:
trace_nbd_opt_go_info_unknown(type, nbd_info_lookup(type)); trace_nbd_opt_go_info_unknown(type, nbd_info_lookup(type));
if (nbd_drop(ioc, len, errp) < 0) { if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "Failed to read info payload"); error_prepend(errp, "Failed to read info payload: ");
nbd_send_opt_abort(ioc); nbd_send_opt_abort(ioc);
return -1; return -1;
} }
@ -618,7 +620,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
} }
if (nbd_read(ioc, buf, 8, errp) < 0) { if (nbd_read(ioc, buf, 8, errp) < 0) {
error_prepend(errp, "Failed to read data"); error_prepend(errp, "Failed to read data: ");
goto fail; goto fail;
} }
@ -637,7 +639,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
} }
if (nbd_read(ioc, &magic, sizeof(magic), errp) < 0) { if (nbd_read(ioc, &magic, sizeof(magic), errp) < 0) {
error_prepend(errp, "Failed to read magic"); error_prepend(errp, "Failed to read magic: ");
goto fail; goto fail;
} }
magic = be64_to_cpu(magic); magic = be64_to_cpu(magic);
@ -649,7 +651,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
bool fixedNewStyle = false; bool fixedNewStyle = false;
if (nbd_read(ioc, &globalflags, sizeof(globalflags), errp) < 0) { if (nbd_read(ioc, &globalflags, sizeof(globalflags), errp) < 0) {
error_prepend(errp, "Failed to read server flags"); error_prepend(errp, "Failed to read server flags: ");
goto fail; goto fail;
} }
globalflags = be16_to_cpu(globalflags); globalflags = be16_to_cpu(globalflags);
@ -665,7 +667,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
/* client requested flags */ /* client requested flags */
clientflags = cpu_to_be32(clientflags); clientflags = cpu_to_be32(clientflags);
if (nbd_write(ioc, &clientflags, sizeof(clientflags), errp) < 0) { if (nbd_write(ioc, &clientflags, sizeof(clientflags), errp) < 0) {
error_prepend(errp, "Failed to send clientflags field"); error_prepend(errp, "Failed to send clientflags field: ");
goto fail; goto fail;
} }
if (tlscreds) { if (tlscreds) {
@ -727,13 +729,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
/* Read the response */ /* Read the response */
if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) {
error_prepend(errp, "Failed to read export length"); error_prepend(errp, "Failed to read export length: ");
goto fail; goto fail;
} }
be64_to_cpus(&info->size); be64_to_cpus(&info->size);
if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) {
error_prepend(errp, "Failed to read export flags"); error_prepend(errp, "Failed to read export flags: ");
goto fail; goto fail;
} }
be16_to_cpus(&info->flags); be16_to_cpus(&info->flags);
@ -750,13 +752,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
} }
if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) {
error_prepend(errp, "Failed to read export length"); error_prepend(errp, "Failed to read export length: ");
goto fail; goto fail;
} }
be64_to_cpus(&info->size); be64_to_cpus(&info->size);
if (nbd_read(ioc, &oldflags, sizeof(oldflags), errp) < 0) { if (nbd_read(ioc, &oldflags, sizeof(oldflags), errp) < 0) {
error_prepend(errp, "Failed to read export flags"); error_prepend(errp, "Failed to read export flags: ");
goto fail; goto fail;
} }
be32_to_cpus(&oldflags); be32_to_cpus(&oldflags);
@ -772,7 +774,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name,
trace_nbd_receive_negotiate_size_flags(info->size, info->flags); trace_nbd_receive_negotiate_size_flags(info->size, info->flags);
if (zeroes && nbd_drop(ioc, 124, errp) < 0) { if (zeroes && nbd_drop(ioc, 124, errp) < 0) {
error_prepend(errp, "Failed to read reserved block"); error_prepend(errp, "Failed to read reserved block: ");
goto fail; goto fail;
} }
rc = 0; rc = 0;
@ -994,15 +996,9 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp)
if (ret < 0) { if (ret < 0) {
break; break;
} }
trace_nbd_receive_simple_reply(reply->simple.error, trace_nbd_receive_simple_reply(reply->simple.error,
nbd_err_lookup(reply->simple.error), nbd_err_lookup(reply->simple.error),
reply->handle); reply->handle);
if (reply->simple.error == NBD_ESHUTDOWN) {
/* This works even on mingw which lacks a native ESHUTDOWN */
error_setg(errp, "server shutting down");
return -EINVAL;
}
break; break;
case NBD_STRUCTURED_REPLY_MAGIC: case NBD_STRUCTURED_REPLY_MAGIC:
ret = nbd_receive_structured_reply_chunk(ioc, &reply->structured, errp); ret = nbd_receive_structured_reply_chunk(ioc, &reply->structured, errp);

View File

@ -1366,15 +1366,6 @@ static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request,
return -EIO; return -EIO;
} }
/* Check for sanity in the parameters, part 1. Defer as many
* checks as possible until after reading any NBD_CMD_WRITE
* payload, so we can try and keep the connection alive. */
if ((request->from + request->len) < request->from) {
error_setg(errp,
"integer overflow detected, you're probably being attacked");
return -EINVAL;
}
if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) { if (request->type == NBD_CMD_READ || request->type == NBD_CMD_WRITE) {
if (request->len > NBD_MAX_BUFFER_SIZE) { if (request->len > NBD_MAX_BUFFER_SIZE) {
error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
@ -1399,12 +1390,21 @@ static int nbd_co_receive_request(NBDRequestData *req, NBDRequest *request,
request->len); request->len);
} }
/* Sanity checks, part 2. */ /* Sanity checks. */
if (request->from + request->len > client->exp->size) { if (client->exp->nbdflags & NBD_FLAG_READ_ONLY &&
(request->type == NBD_CMD_WRITE ||
request->type == NBD_CMD_WRITE_ZEROES ||
request->type == NBD_CMD_TRIM)) {
error_setg(errp, "Export is read-only");
return -EROFS;
}
if (request->from > client->exp->size ||
request->from + request->len > client->exp->size) {
error_setg(errp, "operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 error_setg(errp, "operation past EOF; From: %" PRIu64 ", Len: %" PRIu32
", Size: %" PRIu64, request->from, request->len, ", Size: %" PRIu64, request->from, request->len,
(uint64_t)client->exp->size); (uint64_t)client->exp->size);
return request->type == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; return (request->type == NBD_CMD_WRITE ||
request->type == NBD_CMD_WRITE_ZEROES) ? -ENOSPC : -EINVAL;
} }
valid_flags = NBD_CMD_FLAG_FUA; valid_flags = NBD_CMD_FLAG_FUA;
if (request->type == NBD_CMD_READ && client->structured_reply) { if (request->type == NBD_CMD_READ && client->structured_reply) {
@ -1482,12 +1482,6 @@ static coroutine_fn void nbd_trip(void *opaque)
break; break;
case NBD_CMD_WRITE: case NBD_CMD_WRITE:
if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
error_setg(&local_err, "Export is read-only");
ret = -EROFS;
break;
}
flags = 0; flags = 0;
if (request.flags & NBD_CMD_FLAG_FUA) { if (request.flags & NBD_CMD_FLAG_FUA) {
flags |= BDRV_REQ_FUA; flags |= BDRV_REQ_FUA;
@ -1500,12 +1494,6 @@ static coroutine_fn void nbd_trip(void *opaque)
break; break;
case NBD_CMD_WRITE_ZEROES: case NBD_CMD_WRITE_ZEROES:
if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
error_setg(&local_err, "Export is read-only");
ret = -EROFS;
break;
}
flags = 0; flags = 0;
if (request.flags & NBD_CMD_FLAG_FUA) { if (request.flags & NBD_CMD_FLAG_FUA) {
flags |= BDRV_REQ_FUA; flags |= BDRV_REQ_FUA;