]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (C) 2016-2017 Red Hat, Inc. | |
3 | * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws> | |
4 | * | |
5 | * Network Block Device Client Side | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation; under version 2 of the License. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, see <http://www.gnu.org/licenses/>. | |
18 | */ | |
19 | ||
20 | #include "qemu/osdep.h" | |
21 | #include "qapi/error.h" | |
22 | #include "trace.h" | |
23 | #include "nbd-internal.h" | |
24 | ||
25 | /* Definitions for opaque data types */ | |
26 | ||
27 | static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); | |
28 | ||
29 | /* That's all folks */ | |
30 | ||
31 | /* Basic flow for negotiation | |
32 | ||
33 | Server Client | |
34 | Negotiate | |
35 | ||
36 | or | |
37 | ||
38 | Server Client | |
39 | Negotiate #1 | |
40 | Option | |
41 | Negotiate #2 | |
42 | ||
43 | ---- | |
44 | ||
45 | followed by | |
46 | ||
47 | Server Client | |
48 | Request | |
49 | Response | |
50 | Request | |
51 | Response | |
52 | ... | |
53 | ... | |
54 | Request (type == 2) | |
55 | ||
56 | */ | |
57 | ||
58 | /* Send an option request. | |
59 | * | |
60 | * The request is for option @opt, with @data containing @len bytes of | |
61 | * additional payload for the request (@len may be -1 to treat @data as | |
62 | * a C string; and @data may be NULL if @len is 0). | |
63 | * Return 0 if successful, -1 with errp set if it is impossible to | |
64 | * continue. */ | |
65 | static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt, | |
66 | uint32_t len, const char *data, | |
67 | Error **errp) | |
68 | { | |
69 | NBDOption req; | |
70 | QEMU_BUILD_BUG_ON(sizeof(req) != 16); | |
71 | ||
72 | if (len == -1) { | |
73 | req.length = len = strlen(data); | |
74 | } | |
75 | trace_nbd_send_option_request(opt, nbd_opt_lookup(opt), len); | |
76 | ||
77 | stq_be_p(&req.magic, NBD_OPTS_MAGIC); | |
78 | stl_be_p(&req.option, opt); | |
79 | stl_be_p(&req.length, len); | |
80 | ||
81 | if (nbd_write(ioc, &req, sizeof(req), errp) < 0) { | |
82 | error_prepend(errp, "Failed to send option request header: "); | |
83 | return -1; | |
84 | } | |
85 | ||
86 | if (len && nbd_write(ioc, (char *) data, len, errp) < 0) { | |
87 | error_prepend(errp, "Failed to send option request data: "); | |
88 | return -1; | |
89 | } | |
90 | ||
91 | return 0; | |
92 | } | |
93 | ||
94 | /* Send NBD_OPT_ABORT as a courtesy to let the server know that we are | |
95 | * not going to attempt further negotiation. */ | |
96 | static void nbd_send_opt_abort(QIOChannel *ioc) | |
97 | { | |
98 | /* Technically, a compliant server is supposed to reply to us; but | |
99 | * older servers disconnected instead. At any rate, we're allowed | |
100 | * to disconnect without waiting for the server reply, so we don't | |
101 | * even care if the request makes it to the server, let alone | |
102 | * waiting around for whether the server replies. */ | |
103 | nbd_send_option_request(ioc, NBD_OPT_ABORT, 0, NULL, NULL); | |
104 | } | |
105 | ||
106 | ||
107 | /* Receive the header of an option reply, which should match the given | |
108 | * opt. Read through the length field, but NOT the length bytes of | |
109 | * payload. Return 0 if successful, -1 with errp set if it is | |
110 | * impossible to continue. */ | |
111 | static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt, | |
112 | NBDOptionReply *reply, Error **errp) | |
113 | { | |
114 | QEMU_BUILD_BUG_ON(sizeof(*reply) != 20); | |
115 | if (nbd_read(ioc, reply, sizeof(*reply), errp) < 0) { | |
116 | error_prepend(errp, "failed to read option reply: "); | |
117 | nbd_send_opt_abort(ioc); | |
118 | return -1; | |
119 | } | |
120 | be64_to_cpus(&reply->magic); | |
121 | be32_to_cpus(&reply->option); | |
122 | be32_to_cpus(&reply->type); | |
123 | be32_to_cpus(&reply->length); | |
124 | ||
125 | trace_nbd_receive_option_reply(reply->option, nbd_opt_lookup(reply->option), | |
126 | reply->type, nbd_rep_lookup(reply->type), | |
127 | reply->length); | |
128 | ||
129 | if (reply->magic != NBD_REP_MAGIC) { | |
130 | error_setg(errp, "Unexpected option reply magic"); | |
131 | nbd_send_opt_abort(ioc); | |
132 | return -1; | |
133 | } | |
134 | if (reply->option != opt) { | |
135 | error_setg(errp, "Unexpected option type %x expected %x", | |
136 | reply->option, opt); | |
137 | nbd_send_opt_abort(ioc); | |
138 | return -1; | |
139 | } | |
140 | return 0; | |
141 | } | |
142 | ||
143 | /* If reply represents success, return 1 without further action. | |
144 | * If reply represents an error, consume the optional payload of | |
145 | * the packet on ioc. Then return 0 for unsupported (so the client | |
146 | * can fall back to other approaches), or -1 with errp set for other | |
147 | * errors. | |
148 | */ | |
149 | static int nbd_handle_reply_err(QIOChannel *ioc, NBDOptionReply *reply, | |
150 | Error **errp) | |
151 | { | |
152 | char *msg = NULL; | |
153 | int result = -1; | |
154 | ||
155 | if (!(reply->type & (1 << 31))) { | |
156 | return 1; | |
157 | } | |
158 | ||
159 | if (reply->length) { | |
160 | if (reply->length > NBD_MAX_BUFFER_SIZE) { | |
161 | error_setg(errp, "server error %" PRIu32 | |
162 | " (%s) message is too long", | |
163 | reply->type, nbd_rep_lookup(reply->type)); | |
164 | goto cleanup; | |
165 | } | |
166 | msg = g_malloc(reply->length + 1); | |
167 | if (nbd_read(ioc, msg, reply->length, errp) < 0) { | |
168 | error_prepend(errp, "failed to read option error %" PRIu32 | |
169 | " (%s) message: ", | |
170 | reply->type, nbd_rep_lookup(reply->type)); | |
171 | goto cleanup; | |
172 | } | |
173 | msg[reply->length] = '\0'; | |
174 | } | |
175 | ||
176 | switch (reply->type) { | |
177 | case NBD_REP_ERR_UNSUP: | |
178 | trace_nbd_reply_err_unsup(reply->option, nbd_opt_lookup(reply->option)); | |
179 | result = 0; | |
180 | goto cleanup; | |
181 | ||
182 | case NBD_REP_ERR_POLICY: | |
183 | error_setg(errp, "Denied by server for option %" PRIu32 " (%s)", | |
184 | reply->option, nbd_opt_lookup(reply->option)); | |
185 | break; | |
186 | ||
187 | case NBD_REP_ERR_INVALID: | |
188 | error_setg(errp, "Invalid parameters for option %" PRIu32 " (%s)", | |
189 | reply->option, nbd_opt_lookup(reply->option)); | |
190 | break; | |
191 | ||
192 | case NBD_REP_ERR_PLATFORM: | |
193 | error_setg(errp, "Server lacks support for option %" PRIu32 " (%s)", | |
194 | reply->option, nbd_opt_lookup(reply->option)); | |
195 | break; | |
196 | ||
197 | case NBD_REP_ERR_TLS_REQD: | |
198 | error_setg(errp, "TLS negotiation required before option %" PRIu32 | |
199 | " (%s)", reply->option, nbd_opt_lookup(reply->option)); | |
200 | break; | |
201 | ||
202 | case NBD_REP_ERR_UNKNOWN: | |
203 | error_setg(errp, "Requested export not available"); | |
204 | break; | |
205 | ||
206 | case NBD_REP_ERR_SHUTDOWN: | |
207 | error_setg(errp, "Server shutting down before option %" PRIu32 " (%s)", | |
208 | reply->option, nbd_opt_lookup(reply->option)); | |
209 | break; | |
210 | ||
211 | case NBD_REP_ERR_BLOCK_SIZE_REQD: | |
212 | error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIu32 | |
213 | " (%s)", reply->option, nbd_opt_lookup(reply->option)); | |
214 | break; | |
215 | ||
216 | default: | |
217 | error_setg(errp, "Unknown error code when asking for option %" PRIu32 | |
218 | " (%s)", reply->option, nbd_opt_lookup(reply->option)); | |
219 | break; | |
220 | } | |
221 | ||
222 | if (msg) { | |
223 | error_append_hint(errp, "server reported: %s\n", msg); | |
224 | } | |
225 | ||
226 | cleanup: | |
227 | g_free(msg); | |
228 | if (result < 0) { | |
229 | nbd_send_opt_abort(ioc); | |
230 | } | |
231 | return result; | |
232 | } | |
233 | ||
234 | /* Process another portion of the NBD_OPT_LIST reply. Set *@match if | |
235 | * the current reply matches @want or if the server does not support | |
236 | * NBD_OPT_LIST, otherwise leave @match alone. Return 0 if iteration | |
237 | * is complete, positive if more replies are expected, or negative | |
238 | * with @errp set if an unrecoverable error occurred. */ | |
239 | static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, | |
240 | Error **errp) | |
241 | { | |
242 | NBDOptionReply reply; | |
243 | uint32_t len; | |
244 | uint32_t namelen; | |
245 | char name[NBD_MAX_NAME_SIZE + 1]; | |
246 | int error; | |
247 | ||
248 | if (nbd_receive_option_reply(ioc, NBD_OPT_LIST, &reply, errp) < 0) { | |
249 | return -1; | |
250 | } | |
251 | error = nbd_handle_reply_err(ioc, &reply, errp); | |
252 | if (error <= 0) { | |
253 | /* The server did not support NBD_OPT_LIST, so set *match on | |
254 | * the assumption that any name will be accepted. */ | |
255 | *match = true; | |
256 | return error; | |
257 | } | |
258 | len = reply.length; | |
259 | ||
260 | if (reply.type == NBD_REP_ACK) { | |
261 | if (len != 0) { | |
262 | error_setg(errp, "length too long for option end"); | |
263 | nbd_send_opt_abort(ioc); | |
264 | return -1; | |
265 | } | |
266 | return 0; | |
267 | } else if (reply.type != NBD_REP_SERVER) { | |
268 | error_setg(errp, "Unexpected reply type %" PRIx32 " expected %x", | |
269 | reply.type, NBD_REP_SERVER); | |
270 | nbd_send_opt_abort(ioc); | |
271 | return -1; | |
272 | } | |
273 | ||
274 | if (len < sizeof(namelen) || len > NBD_MAX_BUFFER_SIZE) { | |
275 | error_setg(errp, "incorrect option length %" PRIu32, len); | |
276 | nbd_send_opt_abort(ioc); | |
277 | return -1; | |
278 | } | |
279 | if (nbd_read(ioc, &namelen, sizeof(namelen), errp) < 0) { | |
280 | error_prepend(errp, "failed to read option name length: "); | |
281 | nbd_send_opt_abort(ioc); | |
282 | return -1; | |
283 | } | |
284 | namelen = be32_to_cpu(namelen); | |
285 | len -= sizeof(namelen); | |
286 | if (len < namelen) { | |
287 | error_setg(errp, "incorrect option name length"); | |
288 | nbd_send_opt_abort(ioc); | |
289 | return -1; | |
290 | } | |
291 | if (namelen != strlen(want)) { | |
292 | if (nbd_drop(ioc, len, errp) < 0) { | |
293 | error_prepend(errp, | |
294 | "failed to skip export name with wrong length: "); | |
295 | nbd_send_opt_abort(ioc); | |
296 | return -1; | |
297 | } | |
298 | return 1; | |
299 | } | |
300 | ||
301 | assert(namelen < sizeof(name)); | |
302 | if (nbd_read(ioc, name, namelen, errp) < 0) { | |
303 | error_prepend(errp, "failed to read export name: "); | |
304 | nbd_send_opt_abort(ioc); | |
305 | return -1; | |
306 | } | |
307 | name[namelen] = '\0'; | |
308 | len -= namelen; | |
309 | if (nbd_drop(ioc, len, errp) < 0) { | |
310 | error_prepend(errp, "failed to read export description: "); | |
311 | nbd_send_opt_abort(ioc); | |
312 | return -1; | |
313 | } | |
314 | if (!strcmp(name, want)) { | |
315 | *match = true; | |
316 | } | |
317 | return 1; | |
318 | } | |
319 | ||
320 | ||
321 | /* Returns -1 if NBD_OPT_GO proves the export @wantname cannot be | |
322 | * used, 0 if NBD_OPT_GO is unsupported (fall back to NBD_OPT_LIST and | |
323 | * NBD_OPT_EXPORT_NAME in that case), and > 0 if the export is good to | |
324 | * go (with @info populated). */ | |
325 | static int nbd_opt_go(QIOChannel *ioc, const char *wantname, | |
326 | NBDExportInfo *info, Error **errp) | |
327 | { | |
328 | NBDOptionReply reply; | |
329 | uint32_t len = strlen(wantname); | |
330 | uint16_t type; | |
331 | int error; | |
332 | char *buf; | |
333 | ||
334 | /* The protocol requires that the server send NBD_INFO_EXPORT with | |
335 | * a non-zero flags (at least NBD_FLAG_HAS_FLAGS must be set); so | |
336 | * flags still 0 is a witness of a broken server. */ | |
337 | info->flags = 0; | |
338 | ||
339 | trace_nbd_opt_go_start(wantname); | |
340 | buf = g_malloc(4 + len + 2 + 2 * info->request_sizes + 1); | |
341 | stl_be_p(buf, len); | |
342 | memcpy(buf + 4, wantname, len); | |
343 | /* At most one request, everything else up to server */ | |
344 | stw_be_p(buf + 4 + len, info->request_sizes); | |
345 | if (info->request_sizes) { | |
346 | stw_be_p(buf + 4 + len + 2, NBD_INFO_BLOCK_SIZE); | |
347 | } | |
348 | error = nbd_send_option_request(ioc, NBD_OPT_GO, | |
349 | 4 + len + 2 + 2 * info->request_sizes, | |
350 | buf, errp); | |
351 | g_free(buf); | |
352 | if (error < 0) { | |
353 | return -1; | |
354 | } | |
355 | ||
356 | while (1) { | |
357 | if (nbd_receive_option_reply(ioc, NBD_OPT_GO, &reply, errp) < 0) { | |
358 | return -1; | |
359 | } | |
360 | error = nbd_handle_reply_err(ioc, &reply, errp); | |
361 | if (error <= 0) { | |
362 | return error; | |
363 | } | |
364 | len = reply.length; | |
365 | ||
366 | if (reply.type == NBD_REP_ACK) { | |
367 | /* Server is done sending info and moved into transmission | |
368 | phase, but make sure it sent flags */ | |
369 | if (len) { | |
370 | error_setg(errp, "server sent invalid NBD_REP_ACK"); | |
371 | return -1; | |
372 | } | |
373 | if (!info->flags) { | |
374 | error_setg(errp, "broken server omitted NBD_INFO_EXPORT"); | |
375 | return -1; | |
376 | } | |
377 | trace_nbd_opt_go_success(); | |
378 | return 1; | |
379 | } | |
380 | if (reply.type != NBD_REP_INFO) { | |
381 | error_setg(errp, "unexpected reply type %" PRIu32 | |
382 | " (%s), expected %u", | |
383 | reply.type, nbd_rep_lookup(reply.type), NBD_REP_INFO); | |
384 | nbd_send_opt_abort(ioc); | |
385 | return -1; | |
386 | } | |
387 | if (len < sizeof(type)) { | |
388 | error_setg(errp, "NBD_REP_INFO length %" PRIu32 " is too short", | |
389 | len); | |
390 | nbd_send_opt_abort(ioc); | |
391 | return -1; | |
392 | } | |
393 | if (nbd_read(ioc, &type, sizeof(type), errp) < 0) { | |
394 | error_prepend(errp, "failed to read info type: "); | |
395 | nbd_send_opt_abort(ioc); | |
396 | return -1; | |
397 | } | |
398 | len -= sizeof(type); | |
399 | be16_to_cpus(&type); | |
400 | switch (type) { | |
401 | case NBD_INFO_EXPORT: | |
402 | if (len != sizeof(info->size) + sizeof(info->flags)) { | |
403 | error_setg(errp, "remaining export info len %" PRIu32 | |
404 | " is unexpected size", len); | |
405 | nbd_send_opt_abort(ioc); | |
406 | return -1; | |
407 | } | |
408 | if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { | |
409 | error_prepend(errp, "failed to read info size: "); | |
410 | nbd_send_opt_abort(ioc); | |
411 | return -1; | |
412 | } | |
413 | be64_to_cpus(&info->size); | |
414 | if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { | |
415 | error_prepend(errp, "failed to read info flags: "); | |
416 | nbd_send_opt_abort(ioc); | |
417 | return -1; | |
418 | } | |
419 | be16_to_cpus(&info->flags); | |
420 | trace_nbd_receive_negotiate_size_flags(info->size, info->flags); | |
421 | break; | |
422 | ||
423 | case NBD_INFO_BLOCK_SIZE: | |
424 | if (len != sizeof(info->min_block) * 3) { | |
425 | error_setg(errp, "remaining export info len %" PRIu32 | |
426 | " is unexpected size", len); | |
427 | nbd_send_opt_abort(ioc); | |
428 | return -1; | |
429 | } | |
430 | if (nbd_read(ioc, &info->min_block, sizeof(info->min_block), | |
431 | errp) < 0) { | |
432 | error_prepend(errp, "failed to read info minimum block size: "); | |
433 | nbd_send_opt_abort(ioc); | |
434 | return -1; | |
435 | } | |
436 | be32_to_cpus(&info->min_block); | |
437 | if (!is_power_of_2(info->min_block)) { | |
438 | error_setg(errp, "server minimum block size %" PRIu32 | |
439 | " is not a power of two", info->min_block); | |
440 | nbd_send_opt_abort(ioc); | |
441 | return -1; | |
442 | } | |
443 | if (nbd_read(ioc, &info->opt_block, sizeof(info->opt_block), | |
444 | errp) < 0) { | |
445 | error_prepend(errp, | |
446 | "failed to read info preferred block size: "); | |
447 | nbd_send_opt_abort(ioc); | |
448 | return -1; | |
449 | } | |
450 | be32_to_cpus(&info->opt_block); | |
451 | if (!is_power_of_2(info->opt_block) || | |
452 | info->opt_block < info->min_block) { | |
453 | error_setg(errp, "server preferred block size %" PRIu32 | |
454 | " is not valid", info->opt_block); | |
455 | nbd_send_opt_abort(ioc); | |
456 | return -1; | |
457 | } | |
458 | if (nbd_read(ioc, &info->max_block, sizeof(info->max_block), | |
459 | errp) < 0) { | |
460 | error_prepend(errp, "failed to read info maximum block size: "); | |
461 | nbd_send_opt_abort(ioc); | |
462 | return -1; | |
463 | } | |
464 | be32_to_cpus(&info->max_block); | |
465 | if (info->max_block < info->min_block) { | |
466 | error_setg(errp, "server maximum block size %" PRIu32 | |
467 | " is not valid", info->max_block); | |
468 | nbd_send_opt_abort(ioc); | |
469 | return -1; | |
470 | } | |
471 | trace_nbd_opt_go_info_block_size(info->min_block, info->opt_block, | |
472 | info->max_block); | |
473 | break; | |
474 | ||
475 | default: | |
476 | trace_nbd_opt_go_info_unknown(type, nbd_info_lookup(type)); | |
477 | if (nbd_drop(ioc, len, errp) < 0) { | |
478 | error_prepend(errp, "Failed to read info payload: "); | |
479 | nbd_send_opt_abort(ioc); | |
480 | return -1; | |
481 | } | |
482 | break; | |
483 | } | |
484 | } | |
485 | } | |
486 | ||
487 | /* Return -1 on failure, 0 if wantname is an available export. */ | |
488 | static int nbd_receive_query_exports(QIOChannel *ioc, | |
489 | const char *wantname, | |
490 | Error **errp) | |
491 | { | |
492 | bool foundExport = false; | |
493 | ||
494 | trace_nbd_receive_query_exports_start(wantname); | |
495 | if (nbd_send_option_request(ioc, NBD_OPT_LIST, 0, NULL, errp) < 0) { | |
496 | return -1; | |
497 | } | |
498 | ||
499 | while (1) { | |
500 | int ret = nbd_receive_list(ioc, wantname, &foundExport, errp); | |
501 | ||
502 | if (ret < 0) { | |
503 | /* Server gave unexpected reply */ | |
504 | return -1; | |
505 | } else if (ret == 0) { | |
506 | /* Done iterating. */ | |
507 | if (!foundExport) { | |
508 | error_setg(errp, "No export with name '%s' available", | |
509 | wantname); | |
510 | nbd_send_opt_abort(ioc); | |
511 | return -1; | |
512 | } | |
513 | trace_nbd_receive_query_exports_success(wantname); | |
514 | return 0; | |
515 | } | |
516 | } | |
517 | } | |
518 | ||
519 | /* nbd_request_simple_option: Send an option request, and parse the reply | |
520 | * return 1 for successful negotiation, | |
521 | * 0 if operation is unsupported, | |
522 | * -1 with errp set for any other error | |
523 | */ | |
524 | static int nbd_request_simple_option(QIOChannel *ioc, int opt, Error **errp) | |
525 | { | |
526 | NBDOptionReply reply; | |
527 | int error; | |
528 | ||
529 | if (nbd_send_option_request(ioc, opt, 0, NULL, errp) < 0) { | |
530 | return -1; | |
531 | } | |
532 | ||
533 | if (nbd_receive_option_reply(ioc, opt, &reply, errp) < 0) { | |
534 | return -1; | |
535 | } | |
536 | error = nbd_handle_reply_err(ioc, &reply, errp); | |
537 | if (error <= 0) { | |
538 | return error; | |
539 | } | |
540 | ||
541 | if (reply.type != NBD_REP_ACK) { | |
542 | error_setg(errp, "Server answered option %d (%s) with unexpected " | |
543 | "reply %" PRIu32 " (%s)", opt, nbd_opt_lookup(opt), | |
544 | reply.type, nbd_rep_lookup(reply.type)); | |
545 | nbd_send_opt_abort(ioc); | |
546 | return -1; | |
547 | } | |
548 | ||
549 | if (reply.length != 0) { | |
550 | error_setg(errp, "Option %d ('%s') response length is %" PRIu32 | |
551 | " (it should be zero)", opt, nbd_opt_lookup(opt), | |
552 | reply.length); | |
553 | nbd_send_opt_abort(ioc); | |
554 | return -1; | |
555 | } | |
556 | ||
557 | return 1; | |
558 | } | |
559 | ||
560 | static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, | |
561 | QCryptoTLSCreds *tlscreds, | |
562 | const char *hostname, Error **errp) | |
563 | { | |
564 | int ret; | |
565 | QIOChannelTLS *tioc; | |
566 | struct NBDTLSHandshakeData data = { 0 }; | |
567 | ||
568 | ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, errp); | |
569 | if (ret <= 0) { | |
570 | if (ret == 0) { | |
571 | error_setg(errp, "Server don't support STARTTLS option"); | |
572 | nbd_send_opt_abort(ioc); | |
573 | } | |
574 | return NULL; | |
575 | } | |
576 | ||
577 | trace_nbd_receive_starttls_new_client(); | |
578 | tioc = qio_channel_tls_new_client(ioc, tlscreds, hostname, errp); | |
579 | if (!tioc) { | |
580 | return NULL; | |
581 | } | |
582 | qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-client-tls"); | |
583 | data.loop = g_main_loop_new(g_main_context_default(), FALSE); | |
584 | trace_nbd_receive_starttls_tls_handshake(); | |
585 | qio_channel_tls_handshake(tioc, | |
586 | nbd_tls_handshake, | |
587 | &data, | |
588 | NULL, | |
589 | NULL); | |
590 | ||
591 | if (!data.complete) { | |
592 | g_main_loop_run(data.loop); | |
593 | } | |
594 | g_main_loop_unref(data.loop); | |
595 | if (data.error) { | |
596 | error_propagate(errp, data.error); | |
597 | object_unref(OBJECT(tioc)); | |
598 | return NULL; | |
599 | } | |
600 | ||
601 | return QIO_CHANNEL(tioc); | |
602 | } | |
603 | ||
604 | /* nbd_negotiate_simple_meta_context: | |
605 | * Set one meta context. Simple means that reply must contain zero (not | |
606 | * negotiated) or one (negotiated) contexts. More contexts would be considered | |
607 | * as a protocol error. It's also implied that meta-data query equals queried | |
608 | * context name, so, if server replies with something different than @context, | |
609 | * it is considered an error too. | |
610 | * return 1 for successful negotiation, context_id is set | |
611 | * 0 if operation is unsupported, | |
612 | * -1 with errp set for any other error | |
613 | */ | |
614 | static int nbd_negotiate_simple_meta_context(QIOChannel *ioc, | |
615 | const char *export, | |
616 | const char *context, | |
617 | uint32_t *context_id, | |
618 | Error **errp) | |
619 | { | |
620 | int ret; | |
621 | NBDOptionReply reply; | |
622 | uint32_t received_id = 0; | |
623 | bool received = false; | |
624 | uint32_t export_len = strlen(export); | |
625 | uint32_t context_len = strlen(context); | |
626 | uint32_t data_len = sizeof(export_len) + export_len + | |
627 | sizeof(uint32_t) + /* number of queries */ | |
628 | sizeof(context_len) + context_len; | |
629 | char *data = g_malloc(data_len); | |
630 | char *p = data; | |
631 | ||
632 | trace_nbd_opt_meta_request(context, export); | |
633 | stl_be_p(p, export_len); | |
634 | memcpy(p += sizeof(export_len), export, export_len); | |
635 | stl_be_p(p += export_len, 1); | |
636 | stl_be_p(p += sizeof(uint32_t), context_len); | |
637 | memcpy(p += sizeof(context_len), context, context_len); | |
638 | ||
639 | ret = nbd_send_option_request(ioc, NBD_OPT_SET_META_CONTEXT, data_len, data, | |
640 | errp); | |
641 | g_free(data); | |
642 | if (ret < 0) { | |
643 | return ret; | |
644 | } | |
645 | ||
646 | if (nbd_receive_option_reply(ioc, NBD_OPT_SET_META_CONTEXT, &reply, | |
647 | errp) < 0) | |
648 | { | |
649 | return -1; | |
650 | } | |
651 | ||
652 | ret = nbd_handle_reply_err(ioc, &reply, errp); | |
653 | if (ret <= 0) { | |
654 | return ret; | |
655 | } | |
656 | ||
657 | if (reply.type == NBD_REP_META_CONTEXT) { | |
658 | char *name; | |
659 | ||
660 | if (reply.length != sizeof(received_id) + context_len) { | |
661 | error_setg(errp, "Failed to negotiate meta context '%s', server " | |
662 | "answered with unexpected length %" PRIu32, context, | |
663 | reply.length); | |
664 | nbd_send_opt_abort(ioc); | |
665 | return -1; | |
666 | } | |
667 | ||
668 | if (nbd_read(ioc, &received_id, sizeof(received_id), errp) < 0) { | |
669 | return -1; | |
670 | } | |
671 | be32_to_cpus(&received_id); | |
672 | ||
673 | reply.length -= sizeof(received_id); | |
674 | name = g_malloc(reply.length + 1); | |
675 | if (nbd_read(ioc, name, reply.length, errp) < 0) { | |
676 | g_free(name); | |
677 | return -1; | |
678 | } | |
679 | name[reply.length] = '\0'; | |
680 | if (strcmp(context, name)) { | |
681 | error_setg(errp, "Failed to negotiate meta context '%s', server " | |
682 | "answered with different context '%s'", context, | |
683 | name); | |
684 | g_free(name); | |
685 | nbd_send_opt_abort(ioc); | |
686 | return -1; | |
687 | } | |
688 | g_free(name); | |
689 | ||
690 | trace_nbd_opt_meta_reply(context, received_id); | |
691 | received = true; | |
692 | ||
693 | /* receive NBD_REP_ACK */ | |
694 | if (nbd_receive_option_reply(ioc, NBD_OPT_SET_META_CONTEXT, &reply, | |
695 | errp) < 0) | |
696 | { | |
697 | return -1; | |
698 | } | |
699 | ||
700 | ret = nbd_handle_reply_err(ioc, &reply, errp); | |
701 | if (ret <= 0) { | |
702 | return ret; | |
703 | } | |
704 | } | |
705 | ||
706 | if (reply.type != NBD_REP_ACK) { | |
707 | error_setg(errp, "Unexpected reply type %" PRIx32 " expected %x", | |
708 | reply.type, NBD_REP_ACK); | |
709 | nbd_send_opt_abort(ioc); | |
710 | return -1; | |
711 | } | |
712 | if (reply.length) { | |
713 | error_setg(errp, "Unexpected length to ACK response"); | |
714 | nbd_send_opt_abort(ioc); | |
715 | return -1; | |
716 | } | |
717 | ||
718 | if (received) { | |
719 | *context_id = received_id; | |
720 | return 1; | |
721 | } | |
722 | ||
723 | return 0; | |
724 | } | |
725 | ||
726 | int nbd_receive_negotiate(QIOChannel *ioc, const char *name, | |
727 | QCryptoTLSCreds *tlscreds, const char *hostname, | |
728 | QIOChannel **outioc, NBDExportInfo *info, | |
729 | Error **errp) | |
730 | { | |
731 | char buf[256]; | |
732 | uint64_t magic; | |
733 | int rc; | |
734 | bool zeroes = true; | |
735 | bool structured_reply = info->structured_reply; | |
736 | bool base_allocation = info->base_allocation; | |
737 | ||
738 | trace_nbd_receive_negotiate(tlscreds, hostname ? hostname : "<null>"); | |
739 | ||
740 | info->structured_reply = false; | |
741 | info->base_allocation = false; | |
742 | rc = -EINVAL; | |
743 | ||
744 | if (outioc) { | |
745 | *outioc = NULL; | |
746 | } | |
747 | if (tlscreds && !outioc) { | |
748 | error_setg(errp, "Output I/O channel required for TLS"); | |
749 | goto fail; | |
750 | } | |
751 | ||
752 | if (nbd_read(ioc, buf, 8, errp) < 0) { | |
753 | error_prepend(errp, "Failed to read data: "); | |
754 | goto fail; | |
755 | } | |
756 | ||
757 | buf[8] = '\0'; | |
758 | if (strlen(buf) == 0) { | |
759 | error_setg(errp, "Server connection closed unexpectedly"); | |
760 | goto fail; | |
761 | } | |
762 | ||
763 | magic = ldq_be_p(buf); | |
764 | trace_nbd_receive_negotiate_magic(magic); | |
765 | ||
766 | if (memcmp(buf, "NBDMAGIC", 8) != 0) { | |
767 | error_setg(errp, "Invalid magic received"); | |
768 | goto fail; | |
769 | } | |
770 | ||
771 | if (nbd_read(ioc, &magic, sizeof(magic), errp) < 0) { | |
772 | error_prepend(errp, "Failed to read magic: "); | |
773 | goto fail; | |
774 | } | |
775 | magic = be64_to_cpu(magic); | |
776 | trace_nbd_receive_negotiate_magic(magic); | |
777 | ||
778 | if (magic == NBD_OPTS_MAGIC) { | |
779 | uint32_t clientflags = 0; | |
780 | uint16_t globalflags; | |
781 | bool fixedNewStyle = false; | |
782 | ||
783 | if (nbd_read(ioc, &globalflags, sizeof(globalflags), errp) < 0) { | |
784 | error_prepend(errp, "Failed to read server flags: "); | |
785 | goto fail; | |
786 | } | |
787 | globalflags = be16_to_cpu(globalflags); | |
788 | trace_nbd_receive_negotiate_server_flags(globalflags); | |
789 | if (globalflags & NBD_FLAG_FIXED_NEWSTYLE) { | |
790 | fixedNewStyle = true; | |
791 | clientflags |= NBD_FLAG_C_FIXED_NEWSTYLE; | |
792 | } | |
793 | if (globalflags & NBD_FLAG_NO_ZEROES) { | |
794 | zeroes = false; | |
795 | clientflags |= NBD_FLAG_C_NO_ZEROES; | |
796 | } | |
797 | /* client requested flags */ | |
798 | clientflags = cpu_to_be32(clientflags); | |
799 | if (nbd_write(ioc, &clientflags, sizeof(clientflags), errp) < 0) { | |
800 | error_prepend(errp, "Failed to send clientflags field: "); | |
801 | goto fail; | |
802 | } | |
803 | if (tlscreds) { | |
804 | if (fixedNewStyle) { | |
805 | *outioc = nbd_receive_starttls(ioc, tlscreds, hostname, errp); | |
806 | if (!*outioc) { | |
807 | goto fail; | |
808 | } | |
809 | ioc = *outioc; | |
810 | } else { | |
811 | error_setg(errp, "Server does not support STARTTLS"); | |
812 | goto fail; | |
813 | } | |
814 | } | |
815 | if (!name) { | |
816 | trace_nbd_receive_negotiate_default_name(); | |
817 | name = ""; | |
818 | } | |
819 | if (fixedNewStyle) { | |
820 | int result; | |
821 | ||
822 | if (structured_reply) { | |
823 | result = nbd_request_simple_option(ioc, | |
824 | NBD_OPT_STRUCTURED_REPLY, | |
825 | errp); | |
826 | if (result < 0) { | |
827 | goto fail; | |
828 | } | |
829 | info->structured_reply = result == 1; | |
830 | } | |
831 | ||
832 | if (info->structured_reply && base_allocation) { | |
833 | result = nbd_negotiate_simple_meta_context( | |
834 | ioc, name, "base:allocation", | |
835 | &info->meta_base_allocation_id, errp); | |
836 | if (result < 0) { | |
837 | goto fail; | |
838 | } | |
839 | info->base_allocation = result == 1; | |
840 | } | |
841 | ||
842 | /* Try NBD_OPT_GO first - if it works, we are done (it | |
843 | * also gives us a good message if the server requires | |
844 | * TLS). If it is not available, fall back to | |
845 | * NBD_OPT_LIST for nicer error messages about a missing | |
846 | * export, then use NBD_OPT_EXPORT_NAME. */ | |
847 | result = nbd_opt_go(ioc, name, info, errp); | |
848 | if (result < 0) { | |
849 | goto fail; | |
850 | } | |
851 | if (result > 0) { | |
852 | return 0; | |
853 | } | |
854 | /* Check our desired export is present in the | |
855 | * server export list. Since NBD_OPT_EXPORT_NAME | |
856 | * cannot return an error message, running this | |
857 | * query gives us better error reporting if the | |
858 | * export name is not available. | |
859 | */ | |
860 | if (nbd_receive_query_exports(ioc, name, errp) < 0) { | |
861 | goto fail; | |
862 | } | |
863 | } | |
864 | /* write the export name request */ | |
865 | if (nbd_send_option_request(ioc, NBD_OPT_EXPORT_NAME, -1, name, | |
866 | errp) < 0) { | |
867 | goto fail; | |
868 | } | |
869 | ||
870 | /* Read the response */ | |
871 | if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { | |
872 | error_prepend(errp, "Failed to read export length: "); | |
873 | goto fail; | |
874 | } | |
875 | be64_to_cpus(&info->size); | |
876 | ||
877 | if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) { | |
878 | error_prepend(errp, "Failed to read export flags: "); | |
879 | goto fail; | |
880 | } | |
881 | be16_to_cpus(&info->flags); | |
882 | } else if (magic == NBD_CLIENT_MAGIC) { | |
883 | uint32_t oldflags; | |
884 | ||
885 | if (name) { | |
886 | error_setg(errp, "Server does not support export names"); | |
887 | goto fail; | |
888 | } | |
889 | if (tlscreds) { | |
890 | error_setg(errp, "Server does not support STARTTLS"); | |
891 | goto fail; | |
892 | } | |
893 | ||
894 | if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) { | |
895 | error_prepend(errp, "Failed to read export length: "); | |
896 | goto fail; | |
897 | } | |
898 | be64_to_cpus(&info->size); | |
899 | ||
900 | if (nbd_read(ioc, &oldflags, sizeof(oldflags), errp) < 0) { | |
901 | error_prepend(errp, "Failed to read export flags: "); | |
902 | goto fail; | |
903 | } | |
904 | be32_to_cpus(&oldflags); | |
905 | if (oldflags & ~0xffff) { | |
906 | error_setg(errp, "Unexpected export flags %0x" PRIx32, oldflags); | |
907 | goto fail; | |
908 | } | |
909 | info->flags = oldflags; | |
910 | } else { | |
911 | error_setg(errp, "Bad magic received"); | |
912 | goto fail; | |
913 | } | |
914 | ||
915 | trace_nbd_receive_negotiate_size_flags(info->size, info->flags); | |
916 | if (zeroes && nbd_drop(ioc, 124, errp) < 0) { | |
917 | error_prepend(errp, "Failed to read reserved block: "); | |
918 | goto fail; | |
919 | } | |
920 | rc = 0; | |
921 | ||
922 | fail: | |
923 | return rc; | |
924 | } | |
925 | ||
926 | #ifdef __linux__ | |
927 | int nbd_init(int fd, QIOChannelSocket *sioc, NBDExportInfo *info, | |
928 | Error **errp) | |
929 | { | |
930 | unsigned long sector_size = MAX(BDRV_SECTOR_SIZE, info->min_block); | |
931 | unsigned long sectors = info->size / sector_size; | |
932 | ||
933 | /* FIXME: Once the kernel module is patched to honor block sizes, | |
934 | * and to advertise that fact to user space, we should update the | |
935 | * hand-off to the kernel to use any block sizes we learned. */ | |
936 | assert(!info->request_sizes); | |
937 | if (info->size / sector_size != sectors) { | |
938 | error_setg(errp, "Export size %" PRIu64 " too large for 32-bit kernel", | |
939 | info->size); | |
940 | return -E2BIG; | |
941 | } | |
942 | ||
943 | trace_nbd_init_set_socket(); | |
944 | ||
945 | if (ioctl(fd, NBD_SET_SOCK, (unsigned long) sioc->fd) < 0) { | |
946 | int serrno = errno; | |
947 | error_setg(errp, "Failed to set NBD socket"); | |
948 | return -serrno; | |
949 | } | |
950 | ||
951 | trace_nbd_init_set_block_size(sector_size); | |
952 | ||
953 | if (ioctl(fd, NBD_SET_BLKSIZE, sector_size) < 0) { | |
954 | int serrno = errno; | |
955 | error_setg(errp, "Failed setting NBD block size"); | |
956 | return -serrno; | |
957 | } | |
958 | ||
959 | trace_nbd_init_set_size(sectors); | |
960 | if (info->size % sector_size) { | |
961 | trace_nbd_init_trailing_bytes(info->size % sector_size); | |
962 | } | |
963 | ||
964 | if (ioctl(fd, NBD_SET_SIZE_BLOCKS, sectors) < 0) { | |
965 | int serrno = errno; | |
966 | error_setg(errp, "Failed setting size (in blocks)"); | |
967 | return -serrno; | |
968 | } | |
969 | ||
970 | if (ioctl(fd, NBD_SET_FLAGS, (unsigned long) info->flags) < 0) { | |
971 | if (errno == ENOTTY) { | |
972 | int read_only = (info->flags & NBD_FLAG_READ_ONLY) != 0; | |
973 | trace_nbd_init_set_readonly(); | |
974 | ||
975 | if (ioctl(fd, BLKROSET, (unsigned long) &read_only) < 0) { | |
976 | int serrno = errno; | |
977 | error_setg(errp, "Failed setting read-only attribute"); | |
978 | return -serrno; | |
979 | } | |
980 | } else { | |
981 | int serrno = errno; | |
982 | error_setg(errp, "Failed setting flags"); | |
983 | return -serrno; | |
984 | } | |
985 | } | |
986 | ||
987 | trace_nbd_init_finish(); | |
988 | ||
989 | return 0; | |
990 | } | |
991 | ||
992 | int nbd_client(int fd) | |
993 | { | |
994 | int ret; | |
995 | int serrno; | |
996 | ||
997 | trace_nbd_client_loop(); | |
998 | ||
999 | ret = ioctl(fd, NBD_DO_IT); | |
1000 | if (ret < 0 && errno == EPIPE) { | |
1001 | /* NBD_DO_IT normally returns EPIPE when someone has disconnected | |
1002 | * the socket via NBD_DISCONNECT. We do not want to return 1 in | |
1003 | * that case. | |
1004 | */ | |
1005 | ret = 0; | |
1006 | } | |
1007 | serrno = errno; | |
1008 | ||
1009 | trace_nbd_client_loop_ret(ret, strerror(serrno)); | |
1010 | ||
1011 | trace_nbd_client_clear_queue(); | |
1012 | ioctl(fd, NBD_CLEAR_QUE); | |
1013 | ||
1014 | trace_nbd_client_clear_socket(); | |
1015 | ioctl(fd, NBD_CLEAR_SOCK); | |
1016 | ||
1017 | errno = serrno; | |
1018 | return ret; | |
1019 | } | |
1020 | ||
1021 | int nbd_disconnect(int fd) | |
1022 | { | |
1023 | ioctl(fd, NBD_CLEAR_QUE); | |
1024 | ioctl(fd, NBD_DISCONNECT); | |
1025 | ioctl(fd, NBD_CLEAR_SOCK); | |
1026 | return 0; | |
1027 | } | |
1028 | ||
1029 | #else | |
1030 | int nbd_init(int fd, QIOChannelSocket *ioc, NBDExportInfo *info, | |
1031 | Error **errp) | |
1032 | { | |
1033 | error_setg(errp, "nbd_init is only supported on Linux"); | |
1034 | return -ENOTSUP; | |
1035 | } | |
1036 | ||
1037 | int nbd_client(int fd) | |
1038 | { | |
1039 | return -ENOTSUP; | |
1040 | } | |
1041 | int nbd_disconnect(int fd) | |
1042 | { | |
1043 | return -ENOTSUP; | |
1044 | } | |
1045 | #endif | |
1046 | ||
1047 | int nbd_send_request(QIOChannel *ioc, NBDRequest *request) | |
1048 | { | |
1049 | uint8_t buf[NBD_REQUEST_SIZE]; | |
1050 | ||
1051 | trace_nbd_send_request(request->from, request->len, request->handle, | |
1052 | request->flags, request->type, | |
1053 | nbd_cmd_lookup(request->type)); | |
1054 | ||
1055 | stl_be_p(buf, NBD_REQUEST_MAGIC); | |
1056 | stw_be_p(buf + 4, request->flags); | |
1057 | stw_be_p(buf + 6, request->type); | |
1058 | stq_be_p(buf + 8, request->handle); | |
1059 | stq_be_p(buf + 16, request->from); | |
1060 | stl_be_p(buf + 24, request->len); | |
1061 | ||
1062 | return nbd_write(ioc, buf, sizeof(buf), NULL); | |
1063 | } | |
1064 | ||
1065 | /* nbd_receive_simple_reply | |
1066 | * Read simple reply except magic field (which should be already read). | |
1067 | * Payload is not read (payload is possible for CMD_READ, but here we even | |
1068 | * don't know whether it take place or not). | |
1069 | */ | |
1070 | static int nbd_receive_simple_reply(QIOChannel *ioc, NBDSimpleReply *reply, | |
1071 | Error **errp) | |
1072 | { | |
1073 | int ret; | |
1074 | ||
1075 | assert(reply->magic == NBD_SIMPLE_REPLY_MAGIC); | |
1076 | ||
1077 | ret = nbd_read(ioc, (uint8_t *)reply + sizeof(reply->magic), | |
1078 | sizeof(*reply) - sizeof(reply->magic), errp); | |
1079 | if (ret < 0) { | |
1080 | return ret; | |
1081 | } | |
1082 | ||
1083 | be32_to_cpus(&reply->error); | |
1084 | be64_to_cpus(&reply->handle); | |
1085 | ||
1086 | return 0; | |
1087 | } | |
1088 | ||
1089 | /* nbd_receive_structured_reply_chunk | |
1090 | * Read structured reply chunk except magic field (which should be already | |
1091 | * read). | |
1092 | * Payload is not read. | |
1093 | */ | |
1094 | static int nbd_receive_structured_reply_chunk(QIOChannel *ioc, | |
1095 | NBDStructuredReplyChunk *chunk, | |
1096 | Error **errp) | |
1097 | { | |
1098 | int ret; | |
1099 | ||
1100 | assert(chunk->magic == NBD_STRUCTURED_REPLY_MAGIC); | |
1101 | ||
1102 | ret = nbd_read(ioc, (uint8_t *)chunk + sizeof(chunk->magic), | |
1103 | sizeof(*chunk) - sizeof(chunk->magic), errp); | |
1104 | if (ret < 0) { | |
1105 | return ret; | |
1106 | } | |
1107 | ||
1108 | be16_to_cpus(&chunk->flags); | |
1109 | be16_to_cpus(&chunk->type); | |
1110 | be64_to_cpus(&chunk->handle); | |
1111 | be32_to_cpus(&chunk->length); | |
1112 | ||
1113 | return 0; | |
1114 | } | |
1115 | ||
1116 | /* nbd_receive_reply | |
1117 | * Returns 1 on success | |
1118 | * 0 on eof, when no data was read (errp is not set) | |
1119 | * negative errno on failure (errp is set) | |
1120 | */ | |
1121 | int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp) | |
1122 | { | |
1123 | int ret; | |
1124 | const char *type; | |
1125 | ||
1126 | ret = nbd_read_eof(ioc, &reply->magic, sizeof(reply->magic), errp); | |
1127 | if (ret <= 0) { | |
1128 | return ret; | |
1129 | } | |
1130 | ||
1131 | be32_to_cpus(&reply->magic); | |
1132 | ||
1133 | switch (reply->magic) { | |
1134 | case NBD_SIMPLE_REPLY_MAGIC: | |
1135 | ret = nbd_receive_simple_reply(ioc, &reply->simple, errp); | |
1136 | if (ret < 0) { | |
1137 | break; | |
1138 | } | |
1139 | trace_nbd_receive_simple_reply(reply->simple.error, | |
1140 | nbd_err_lookup(reply->simple.error), | |
1141 | reply->handle); | |
1142 | break; | |
1143 | case NBD_STRUCTURED_REPLY_MAGIC: | |
1144 | ret = nbd_receive_structured_reply_chunk(ioc, &reply->structured, errp); | |
1145 | if (ret < 0) { | |
1146 | break; | |
1147 | } | |
1148 | type = nbd_reply_type_lookup(reply->structured.type); | |
1149 | trace_nbd_receive_structured_reply_chunk(reply->structured.flags, | |
1150 | reply->structured.type, type, | |
1151 | reply->structured.handle, | |
1152 | reply->structured.length); | |
1153 | break; | |
1154 | default: | |
1155 | error_setg(errp, "invalid magic (got 0x%" PRIx32 ")", reply->magic); | |
1156 | return -EINVAL; | |
1157 | } | |
1158 | if (ret < 0) { | |
1159 | return ret; | |
1160 | } | |
1161 | ||
1162 | return 1; | |
1163 | } | |
1164 |