]> git.proxmox.com Git - qemu.git/blob - nbd.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
nbd: do not leak nbd_trip coroutines when a connection is torn down
[qemu.git] / nbd.c
1 /*
2 * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws>
3 *
4 * Network Block Device
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; under version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include "nbd.h"
20 #include "block.h"
21
22 #include "qemu-coroutine.h"
23
24 #include <errno.h>
25 #include <string.h>
26 #ifndef _WIN32
27 #include <sys/ioctl.h>
28 #endif
29 #if defined(__sun__) || defined(__HAIKU__)
30 #include <sys/ioccom.h>
31 #endif
32 #include <ctype.h>
33 #include <inttypes.h>
34
35 #ifdef __linux__
36 #include <linux/fs.h>
37 #endif
38
39 #include "qemu_socket.h"
40 #include "qemu-queue.h"
41
42 //#define DEBUG_NBD
43
44 #ifdef DEBUG_NBD
45 #define TRACE(msg, ...) do { \
46 LOG(msg, ## __VA_ARGS__); \
47 } while(0)
48 #else
49 #define TRACE(msg, ...) \
50 do { } while (0)
51 #endif
52
53 #define LOG(msg, ...) do { \
54 fprintf(stderr, "%s:%s():L%d: " msg "\n", \
55 __FILE__, __FUNCTION__, __LINE__, ## __VA_ARGS__); \
56 } while(0)
57
58 /* This is all part of the "official" NBD API */
59
60 #define NBD_REQUEST_SIZE (4 + 4 + 8 + 8 + 4)
61 #define NBD_REPLY_SIZE (4 + 4 + 8)
62 #define NBD_REQUEST_MAGIC 0x25609513
63 #define NBD_REPLY_MAGIC 0x67446698
64 #define NBD_OPTS_MAGIC 0x49484156454F5054LL
65 #define NBD_CLIENT_MAGIC 0x0000420281861253LL
66
67 #define NBD_SET_SOCK _IO(0xab, 0)
68 #define NBD_SET_BLKSIZE _IO(0xab, 1)
69 #define NBD_SET_SIZE _IO(0xab, 2)
70 #define NBD_DO_IT _IO(0xab, 3)
71 #define NBD_CLEAR_SOCK _IO(0xab, 4)
72 #define NBD_CLEAR_QUE _IO(0xab, 5)
73 #define NBD_PRINT_DEBUG _IO(0xab, 6)
74 #define NBD_SET_SIZE_BLOCKS _IO(0xab, 7)
75 #define NBD_DISCONNECT _IO(0xab, 8)
76 #define NBD_SET_TIMEOUT _IO(0xab, 9)
77 #define NBD_SET_FLAGS _IO(0xab, 10)
78
79 #define NBD_OPT_EXPORT_NAME (1 << 0)
80
81 /* Definitions for opaque data types */
82
83 typedef struct NBDRequest NBDRequest;
84
85 struct NBDRequest {
86 QSIMPLEQ_ENTRY(NBDRequest) entry;
87 NBDClient *client;
88 uint8_t *data;
89 };
90
91 struct NBDExport {
92 BlockDriverState *bs;
93 off_t dev_offset;
94 off_t size;
95 uint32_t nbdflags;
96 QSIMPLEQ_HEAD(, NBDRequest) requests;
97 };
98
99 struct NBDClient {
100 int refcount;
101 void (*close)(NBDClient *client);
102
103 NBDExport *exp;
104 int sock;
105
106 Coroutine *recv_coroutine;
107
108 CoMutex send_lock;
109 Coroutine *send_coroutine;
110
111 int nb_requests;
112 bool closing;
113 };
114
115 /* That's all folks */
116
117 ssize_t nbd_wr_sync(int fd, void *buffer, size_t size, bool do_read)
118 {
119 size_t offset = 0;
120 int err;
121
122 if (qemu_in_coroutine()) {
123 if (do_read) {
124 return qemu_co_recv(fd, buffer, size);
125 } else {
126 return qemu_co_send(fd, buffer, size);
127 }
128 }
129
130 while (offset < size) {
131 ssize_t len;
132
133 if (do_read) {
134 len = qemu_recv(fd, buffer + offset, size - offset, 0);
135 } else {
136 len = send(fd, buffer + offset, size - offset, 0);
137 }
138
139 if (len < 0) {
140 err = socket_error();
141
142 /* recoverable error */
143 if (err == EINTR || (offset > 0 && err == EAGAIN)) {
144 continue;
145 }
146
147 /* unrecoverable error */
148 return -err;
149 }
150
151 /* eof */
152 if (len == 0) {
153 break;
154 }
155
156 offset += len;
157 }
158
159 return offset;
160 }
161
162 static ssize_t read_sync(int fd, void *buffer, size_t size)
163 {
164 /* Sockets are kept in blocking mode in the negotiation phase. After
165 * that, a non-readable socket simply means that another thread stole
166 * our request/reply. Synchronization is done with recv_coroutine, so
167 * that this is coroutine-safe.
168 */
169 return nbd_wr_sync(fd, buffer, size, true);
170 }
171
172 static ssize_t write_sync(int fd, void *buffer, size_t size)
173 {
174 int ret;
175 do {
176 /* For writes, we do expect the socket to be writable. */
177 ret = nbd_wr_sync(fd, buffer, size, false);
178 } while (ret == -EAGAIN);
179 return ret;
180 }
181
182 static void combine_addr(char *buf, size_t len, const char* address,
183 uint16_t port)
184 {
185 /* If the address-part contains a colon, it's an IPv6 IP so needs [] */
186 if (strstr(address, ":")) {
187 snprintf(buf, len, "[%s]:%u", address, port);
188 } else {
189 snprintf(buf, len, "%s:%u", address, port);
190 }
191 }
192
193 int tcp_socket_outgoing(const char *address, uint16_t port)
194 {
195 char address_and_port[128];
196 combine_addr(address_and_port, 128, address, port);
197 return tcp_socket_outgoing_spec(address_and_port);
198 }
199
200 int tcp_socket_outgoing_spec(const char *address_and_port)
201 {
202 return inet_connect(address_and_port, true, NULL, NULL);
203 }
204
205 int tcp_socket_incoming(const char *address, uint16_t port)
206 {
207 char address_and_port[128];
208 combine_addr(address_and_port, 128, address, port);
209 return tcp_socket_incoming_spec(address_and_port);
210 }
211
212 int tcp_socket_incoming_spec(const char *address_and_port)
213 {
214 char *ostr = NULL;
215 int olen = 0;
216 return inet_listen(address_and_port, ostr, olen, SOCK_STREAM, 0, NULL);
217 }
218
219 int unix_socket_incoming(const char *path)
220 {
221 char *ostr = NULL;
222 int olen = 0;
223
224 return unix_listen(path, ostr, olen);
225 }
226
227 int unix_socket_outgoing(const char *path)
228 {
229 return unix_connect(path);
230 }
231
232 /* Basic flow
233
234 Server Client
235
236 Negotiate
237 Request
238 Response
239 Request
240 Response
241 ...
242 ...
243 Request (type == 2)
244 */
245
246 static int nbd_send_negotiate(NBDClient *client)
247 {
248 int csock = client->sock;
249 char buf[8 + 8 + 8 + 128];
250 int rc;
251
252 /* Negotiate
253 [ 0 .. 7] passwd ("NBDMAGIC")
254 [ 8 .. 15] magic (NBD_CLIENT_MAGIC)
255 [16 .. 23] size
256 [24 .. 27] flags
257 [28 .. 151] reserved (0)
258 */
259
260 socket_set_block(csock);
261 rc = -EINVAL;
262
263 TRACE("Beginning negotiation.");
264 memcpy(buf, "NBDMAGIC", 8);
265 cpu_to_be64w((uint64_t*)(buf + 8), NBD_CLIENT_MAGIC);
266 cpu_to_be64w((uint64_t*)(buf + 16), client->exp->size);
267 cpu_to_be32w((uint32_t*)(buf + 24),
268 client->exp->nbdflags | NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_TRIM |
269 NBD_FLAG_SEND_FLUSH | NBD_FLAG_SEND_FUA);
270 memset(buf + 28, 0, 124);
271
272 if (write_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
273 LOG("write failed");
274 goto fail;
275 }
276
277 TRACE("Negotiation succeeded.");
278 rc = 0;
279 fail:
280 socket_set_nonblock(csock);
281 return rc;
282 }
283
284 int nbd_receive_negotiate(int csock, const char *name, uint32_t *flags,
285 off_t *size, size_t *blocksize)
286 {
287 char buf[256];
288 uint64_t magic, s;
289 uint16_t tmp;
290 int rc;
291
292 TRACE("Receiving negotiation.");
293
294 socket_set_block(csock);
295 rc = -EINVAL;
296
297 if (read_sync(csock, buf, 8) != 8) {
298 LOG("read failed");
299 goto fail;
300 }
301
302 buf[8] = '\0';
303 if (strlen(buf) == 0) {
304 LOG("server connection closed");
305 goto fail;
306 }
307
308 TRACE("Magic is %c%c%c%c%c%c%c%c",
309 qemu_isprint(buf[0]) ? buf[0] : '.',
310 qemu_isprint(buf[1]) ? buf[1] : '.',
311 qemu_isprint(buf[2]) ? buf[2] : '.',
312 qemu_isprint(buf[3]) ? buf[3] : '.',
313 qemu_isprint(buf[4]) ? buf[4] : '.',
314 qemu_isprint(buf[5]) ? buf[5] : '.',
315 qemu_isprint(buf[6]) ? buf[6] : '.',
316 qemu_isprint(buf[7]) ? buf[7] : '.');
317
318 if (memcmp(buf, "NBDMAGIC", 8) != 0) {
319 LOG("Invalid magic received");
320 goto fail;
321 }
322
323 if (read_sync(csock, &magic, sizeof(magic)) != sizeof(magic)) {
324 LOG("read failed");
325 goto fail;
326 }
327 magic = be64_to_cpu(magic);
328 TRACE("Magic is 0x%" PRIx64, magic);
329
330 if (name) {
331 uint32_t reserved = 0;
332 uint32_t opt;
333 uint32_t namesize;
334
335 TRACE("Checking magic (opts_magic)");
336 if (magic != NBD_OPTS_MAGIC) {
337 LOG("Bad magic received");
338 goto fail;
339 }
340 if (read_sync(csock, &tmp, sizeof(tmp)) != sizeof(tmp)) {
341 LOG("flags read failed");
342 goto fail;
343 }
344 *flags = be16_to_cpu(tmp) << 16;
345 /* reserved for future use */
346 if (write_sync(csock, &reserved, sizeof(reserved)) !=
347 sizeof(reserved)) {
348 LOG("write failed (reserved)");
349 goto fail;
350 }
351 /* write the export name */
352 magic = cpu_to_be64(magic);
353 if (write_sync(csock, &magic, sizeof(magic)) != sizeof(magic)) {
354 LOG("write failed (magic)");
355 goto fail;
356 }
357 opt = cpu_to_be32(NBD_OPT_EXPORT_NAME);
358 if (write_sync(csock, &opt, sizeof(opt)) != sizeof(opt)) {
359 LOG("write failed (opt)");
360 goto fail;
361 }
362 namesize = cpu_to_be32(strlen(name));
363 if (write_sync(csock, &namesize, sizeof(namesize)) !=
364 sizeof(namesize)) {
365 LOG("write failed (namesize)");
366 goto fail;
367 }
368 if (write_sync(csock, (char*)name, strlen(name)) != strlen(name)) {
369 LOG("write failed (name)");
370 goto fail;
371 }
372 } else {
373 TRACE("Checking magic (cli_magic)");
374
375 if (magic != NBD_CLIENT_MAGIC) {
376 LOG("Bad magic received");
377 goto fail;
378 }
379 }
380
381 if (read_sync(csock, &s, sizeof(s)) != sizeof(s)) {
382 LOG("read failed");
383 goto fail;
384 }
385 *size = be64_to_cpu(s);
386 *blocksize = 1024;
387 TRACE("Size is %" PRIu64, *size);
388
389 if (!name) {
390 if (read_sync(csock, flags, sizeof(*flags)) != sizeof(*flags)) {
391 LOG("read failed (flags)");
392 goto fail;
393 }
394 *flags = be32_to_cpup(flags);
395 } else {
396 if (read_sync(csock, &tmp, sizeof(tmp)) != sizeof(tmp)) {
397 LOG("read failed (tmp)");
398 goto fail;
399 }
400 *flags |= be32_to_cpu(tmp);
401 }
402 if (read_sync(csock, &buf, 124) != 124) {
403 LOG("read failed (buf)");
404 goto fail;
405 }
406 rc = 0;
407
408 fail:
409 socket_set_nonblock(csock);
410 return rc;
411 }
412
413 #ifdef __linux__
414 int nbd_init(int fd, int csock, uint32_t flags, off_t size, size_t blocksize)
415 {
416 TRACE("Setting NBD socket");
417
418 if (ioctl(fd, NBD_SET_SOCK, csock) < 0) {
419 int serrno = errno;
420 LOG("Failed to set NBD socket");
421 return -serrno;
422 }
423
424 TRACE("Setting block size to %lu", (unsigned long)blocksize);
425
426 if (ioctl(fd, NBD_SET_BLKSIZE, blocksize) < 0) {
427 int serrno = errno;
428 LOG("Failed setting NBD block size");
429 return -serrno;
430 }
431
432 TRACE("Setting size to %zd block(s)", (size_t)(size / blocksize));
433
434 if (ioctl(fd, NBD_SET_SIZE_BLOCKS, size / blocksize) < 0) {
435 int serrno = errno;
436 LOG("Failed setting size (in blocks)");
437 return -serrno;
438 }
439
440 if (flags & NBD_FLAG_READ_ONLY) {
441 int read_only = 1;
442 TRACE("Setting readonly attribute");
443
444 if (ioctl(fd, BLKROSET, (unsigned long) &read_only) < 0) {
445 int serrno = errno;
446 LOG("Failed setting read-only attribute");
447 return -serrno;
448 }
449 }
450
451 if (ioctl(fd, NBD_SET_FLAGS, flags) < 0
452 && errno != ENOTTY) {
453 int serrno = errno;
454 LOG("Failed setting flags");
455 return -serrno;
456 }
457
458 TRACE("Negotiation ended");
459
460 return 0;
461 }
462
463 int nbd_disconnect(int fd)
464 {
465 ioctl(fd, NBD_CLEAR_QUE);
466 ioctl(fd, NBD_DISCONNECT);
467 ioctl(fd, NBD_CLEAR_SOCK);
468 return 0;
469 }
470
471 int nbd_client(int fd)
472 {
473 int ret;
474 int serrno;
475
476 TRACE("Doing NBD loop");
477
478 ret = ioctl(fd, NBD_DO_IT);
479 if (ret < 0 && errno == EPIPE) {
480 /* NBD_DO_IT normally returns EPIPE when someone has disconnected
481 * the socket via NBD_DISCONNECT. We do not want to return 1 in
482 * that case.
483 */
484 ret = 0;
485 }
486 serrno = errno;
487
488 TRACE("NBD loop returned %d: %s", ret, strerror(serrno));
489
490 TRACE("Clearing NBD queue");
491 ioctl(fd, NBD_CLEAR_QUE);
492
493 TRACE("Clearing NBD socket");
494 ioctl(fd, NBD_CLEAR_SOCK);
495
496 errno = serrno;
497 return ret;
498 }
499 #else
500 int nbd_init(int fd, int csock, uint32_t flags, off_t size, size_t blocksize)
501 {
502 return -ENOTSUP;
503 }
504
505 int nbd_disconnect(int fd)
506 {
507 return -ENOTSUP;
508 }
509
510 int nbd_client(int fd)
511 {
512 return -ENOTSUP;
513 }
514 #endif
515
516 ssize_t nbd_send_request(int csock, struct nbd_request *request)
517 {
518 uint8_t buf[NBD_REQUEST_SIZE];
519 ssize_t ret;
520
521 cpu_to_be32w((uint32_t*)buf, NBD_REQUEST_MAGIC);
522 cpu_to_be32w((uint32_t*)(buf + 4), request->type);
523 cpu_to_be64w((uint64_t*)(buf + 8), request->handle);
524 cpu_to_be64w((uint64_t*)(buf + 16), request->from);
525 cpu_to_be32w((uint32_t*)(buf + 24), request->len);
526
527 TRACE("Sending request to client: "
528 "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}",
529 request->from, request->len, request->handle, request->type);
530
531 ret = write_sync(csock, buf, sizeof(buf));
532 if (ret < 0) {
533 return ret;
534 }
535
536 if (ret != sizeof(buf)) {
537 LOG("writing to socket failed");
538 return -EINVAL;
539 }
540 return 0;
541 }
542
543 static ssize_t nbd_receive_request(int csock, struct nbd_request *request)
544 {
545 uint8_t buf[NBD_REQUEST_SIZE];
546 uint32_t magic;
547 ssize_t ret;
548
549 ret = read_sync(csock, buf, sizeof(buf));
550 if (ret < 0) {
551 return ret;
552 }
553
554 if (ret != sizeof(buf)) {
555 LOG("read failed");
556 return -EINVAL;
557 }
558
559 /* Request
560 [ 0 .. 3] magic (NBD_REQUEST_MAGIC)
561 [ 4 .. 7] type (0 == READ, 1 == WRITE)
562 [ 8 .. 15] handle
563 [16 .. 23] from
564 [24 .. 27] len
565 */
566
567 magic = be32_to_cpup((uint32_t*)buf);
568 request->type = be32_to_cpup((uint32_t*)(buf + 4));
569 request->handle = be64_to_cpup((uint64_t*)(buf + 8));
570 request->from = be64_to_cpup((uint64_t*)(buf + 16));
571 request->len = be32_to_cpup((uint32_t*)(buf + 24));
572
573 TRACE("Got request: "
574 "{ magic = 0x%x, .type = %d, from = %" PRIu64" , len = %u }",
575 magic, request->type, request->from, request->len);
576
577 if (magic != NBD_REQUEST_MAGIC) {
578 LOG("invalid magic (got 0x%x)", magic);
579 return -EINVAL;
580 }
581 return 0;
582 }
583
584 ssize_t nbd_receive_reply(int csock, struct nbd_reply *reply)
585 {
586 uint8_t buf[NBD_REPLY_SIZE];
587 uint32_t magic;
588 ssize_t ret;
589
590 ret = read_sync(csock, buf, sizeof(buf));
591 if (ret < 0) {
592 return ret;
593 }
594
595 if (ret != sizeof(buf)) {
596 LOG("read failed");
597 return -EINVAL;
598 }
599
600 /* Reply
601 [ 0 .. 3] magic (NBD_REPLY_MAGIC)
602 [ 4 .. 7] error (0 == no error)
603 [ 7 .. 15] handle
604 */
605
606 magic = be32_to_cpup((uint32_t*)buf);
607 reply->error = be32_to_cpup((uint32_t*)(buf + 4));
608 reply->handle = be64_to_cpup((uint64_t*)(buf + 8));
609
610 TRACE("Got reply: "
611 "{ magic = 0x%x, .error = %d, handle = %" PRIu64" }",
612 magic, reply->error, reply->handle);
613
614 if (magic != NBD_REPLY_MAGIC) {
615 LOG("invalid magic (got 0x%x)", magic);
616 return -EINVAL;
617 }
618 return 0;
619 }
620
621 static ssize_t nbd_send_reply(int csock, struct nbd_reply *reply)
622 {
623 uint8_t buf[NBD_REPLY_SIZE];
624 ssize_t ret;
625
626 /* Reply
627 [ 0 .. 3] magic (NBD_REPLY_MAGIC)
628 [ 4 .. 7] error (0 == no error)
629 [ 7 .. 15] handle
630 */
631 cpu_to_be32w((uint32_t*)buf, NBD_REPLY_MAGIC);
632 cpu_to_be32w((uint32_t*)(buf + 4), reply->error);
633 cpu_to_be64w((uint64_t*)(buf + 8), reply->handle);
634
635 TRACE("Sending response to client");
636
637 ret = write_sync(csock, buf, sizeof(buf));
638 if (ret < 0) {
639 return ret;
640 }
641
642 if (ret != sizeof(buf)) {
643 LOG("writing to socket failed");
644 return -EINVAL;
645 }
646 return 0;
647 }
648
649 #define MAX_NBD_REQUESTS 16
650
651 void nbd_client_get(NBDClient *client)
652 {
653 client->refcount++;
654 }
655
656 void nbd_client_put(NBDClient *client)
657 {
658 if (--client->refcount == 0) {
659 /* The last reference should be dropped by client->close,
660 * which is called by nbd_client_close.
661 */
662 assert(client->closing);
663
664 qemu_set_fd_handler2(client->sock, NULL, NULL, NULL, NULL);
665 close(client->sock);
666 client->sock = -1;
667 g_free(client);
668 }
669 }
670
671 void nbd_client_close(NBDClient *client)
672 {
673 if (client->closing) {
674 return;
675 }
676
677 client->closing = true;
678
679 /* Force requests to finish. They will drop their own references,
680 * then we'll close the socket and free the NBDClient.
681 */
682 shutdown(client->sock, 2);
683
684 /* Also tell the client, so that they release their reference. */
685 if (client->close) {
686 client->close(client);
687 }
688 }
689
690 static NBDRequest *nbd_request_get(NBDClient *client)
691 {
692 NBDRequest *req;
693 NBDExport *exp = client->exp;
694
695 assert(client->nb_requests <= MAX_NBD_REQUESTS - 1);
696 client->nb_requests++;
697
698 if (QSIMPLEQ_EMPTY(&exp->requests)) {
699 req = g_malloc0(sizeof(NBDRequest));
700 req->data = qemu_blockalign(exp->bs, NBD_BUFFER_SIZE);
701 } else {
702 req = QSIMPLEQ_FIRST(&exp->requests);
703 QSIMPLEQ_REMOVE_HEAD(&exp->requests, entry);
704 }
705 nbd_client_get(client);
706 req->client = client;
707 return req;
708 }
709
710 static void nbd_request_put(NBDRequest *req)
711 {
712 NBDClient *client = req->client;
713 QSIMPLEQ_INSERT_HEAD(&client->exp->requests, req, entry);
714 if (client->nb_requests-- == MAX_NBD_REQUESTS) {
715 qemu_notify_event();
716 }
717 nbd_client_put(client);
718 }
719
720 NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset,
721 off_t size, uint32_t nbdflags)
722 {
723 NBDExport *exp = g_malloc0(sizeof(NBDExport));
724 QSIMPLEQ_INIT(&exp->requests);
725 exp->bs = bs;
726 exp->dev_offset = dev_offset;
727 exp->nbdflags = nbdflags;
728 exp->size = size == -1 ? bdrv_getlength(bs) : size;
729 return exp;
730 }
731
732 void nbd_export_close(NBDExport *exp)
733 {
734 while (!QSIMPLEQ_EMPTY(&exp->requests)) {
735 NBDRequest *first = QSIMPLEQ_FIRST(&exp->requests);
736 QSIMPLEQ_REMOVE_HEAD(&exp->requests, entry);
737 qemu_vfree(first->data);
738 g_free(first);
739 }
740
741 g_free(exp);
742 }
743
744 static int nbd_can_read(void *opaque);
745 static void nbd_read(void *opaque);
746 static void nbd_restart_write(void *opaque);
747
748 static ssize_t nbd_co_send_reply(NBDRequest *req, struct nbd_reply *reply,
749 int len)
750 {
751 NBDClient *client = req->client;
752 int csock = client->sock;
753 ssize_t rc, ret;
754
755 qemu_co_mutex_lock(&client->send_lock);
756 qemu_set_fd_handler2(csock, nbd_can_read, nbd_read,
757 nbd_restart_write, client);
758 client->send_coroutine = qemu_coroutine_self();
759
760 if (!len) {
761 rc = nbd_send_reply(csock, reply);
762 } else {
763 socket_set_cork(csock, 1);
764 rc = nbd_send_reply(csock, reply);
765 if (rc >= 0) {
766 ret = qemu_co_send(csock, req->data, len);
767 if (ret != len) {
768 rc = -EIO;
769 }
770 }
771 socket_set_cork(csock, 0);
772 }
773
774 client->send_coroutine = NULL;
775 qemu_set_fd_handler2(csock, nbd_can_read, nbd_read, NULL, client);
776 qemu_co_mutex_unlock(&client->send_lock);
777 return rc;
778 }
779
780 static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *request)
781 {
782 NBDClient *client = req->client;
783 int csock = client->sock;
784 ssize_t rc;
785
786 client->recv_coroutine = qemu_coroutine_self();
787 rc = nbd_receive_request(csock, request);
788 if (rc < 0) {
789 if (rc != -EAGAIN) {
790 rc = -EIO;
791 }
792 goto out;
793 }
794
795 if (request->len > NBD_BUFFER_SIZE) {
796 LOG("len (%u) is larger than max len (%u)",
797 request->len, NBD_BUFFER_SIZE);
798 rc = -EINVAL;
799 goto out;
800 }
801
802 if ((request->from + request->len) < request->from) {
803 LOG("integer overflow detected! "
804 "you're probably being attacked");
805 rc = -EINVAL;
806 goto out;
807 }
808
809 TRACE("Decoding type");
810
811 if ((request->type & NBD_CMD_MASK_COMMAND) == NBD_CMD_WRITE) {
812 TRACE("Reading %u byte(s)", request->len);
813
814 if (qemu_co_recv(csock, req->data, request->len) != request->len) {
815 LOG("reading from socket failed");
816 rc = -EIO;
817 goto out;
818 }
819 }
820 rc = 0;
821
822 out:
823 client->recv_coroutine = NULL;
824 return rc;
825 }
826
827 static void nbd_trip(void *opaque)
828 {
829 NBDClient *client = opaque;
830 NBDExport *exp = client->exp;
831 NBDRequest *req;
832 struct nbd_request request;
833 struct nbd_reply reply;
834 ssize_t ret;
835
836 TRACE("Reading request.");
837 if (client->closing) {
838 return;
839 }
840
841 req = nbd_request_get(client);
842 ret = nbd_co_receive_request(req, &request);
843 if (ret == -EAGAIN) {
844 goto done;
845 }
846 if (ret == -EIO) {
847 goto out;
848 }
849
850 reply.handle = request.handle;
851 reply.error = 0;
852
853 if (ret < 0) {
854 reply.error = -ret;
855 goto error_reply;
856 }
857
858 if ((request.from + request.len) > exp->size) {
859 LOG("From: %" PRIu64 ", Len: %u, Size: %" PRIu64
860 ", Offset: %" PRIu64 "\n",
861 request.from, request.len,
862 (uint64_t)exp->size, (uint64_t)exp->dev_offset);
863 LOG("requested operation past EOF--bad client?");
864 goto invalid_request;
865 }
866
867 switch (request.type & NBD_CMD_MASK_COMMAND) {
868 case NBD_CMD_READ:
869 TRACE("Request type is READ");
870
871 if (request.type & NBD_CMD_FLAG_FUA) {
872 ret = bdrv_co_flush(exp->bs);
873 if (ret < 0) {
874 LOG("flush failed");
875 reply.error = -ret;
876 goto error_reply;
877 }
878 }
879
880 ret = bdrv_read(exp->bs, (request.from + exp->dev_offset) / 512,
881 req->data, request.len / 512);
882 if (ret < 0) {
883 LOG("reading from file failed");
884 reply.error = -ret;
885 goto error_reply;
886 }
887
888 TRACE("Read %u byte(s)", request.len);
889 if (nbd_co_send_reply(req, &reply, request.len) < 0)
890 goto out;
891 break;
892 case NBD_CMD_WRITE:
893 TRACE("Request type is WRITE");
894
895 if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
896 TRACE("Server is read-only, return error");
897 reply.error = EROFS;
898 goto error_reply;
899 }
900
901 TRACE("Writing to device");
902
903 ret = bdrv_write(exp->bs, (request.from + exp->dev_offset) / 512,
904 req->data, request.len / 512);
905 if (ret < 0) {
906 LOG("writing to file failed");
907 reply.error = -ret;
908 goto error_reply;
909 }
910
911 if (request.type & NBD_CMD_FLAG_FUA) {
912 ret = bdrv_co_flush(exp->bs);
913 if (ret < 0) {
914 LOG("flush failed");
915 reply.error = -ret;
916 goto error_reply;
917 }
918 }
919
920 if (nbd_co_send_reply(req, &reply, 0) < 0) {
921 goto out;
922 }
923 break;
924 case NBD_CMD_DISC:
925 TRACE("Request type is DISCONNECT");
926 errno = 0;
927 goto out;
928 case NBD_CMD_FLUSH:
929 TRACE("Request type is FLUSH");
930
931 ret = bdrv_co_flush(exp->bs);
932 if (ret < 0) {
933 LOG("flush failed");
934 reply.error = -ret;
935 }
936 if (nbd_co_send_reply(req, &reply, 0) < 0) {
937 goto out;
938 }
939 break;
940 case NBD_CMD_TRIM:
941 TRACE("Request type is TRIM");
942 ret = bdrv_co_discard(exp->bs, (request.from + exp->dev_offset) / 512,
943 request.len / 512);
944 if (ret < 0) {
945 LOG("discard failed");
946 reply.error = -ret;
947 }
948 if (nbd_co_send_reply(req, &reply, 0) < 0) {
949 goto out;
950 }
951 break;
952 default:
953 LOG("invalid request type (%u) received", request.type);
954 invalid_request:
955 reply.error = -EINVAL;
956 error_reply:
957 if (nbd_co_send_reply(req, &reply, 0) < 0) {
958 goto out;
959 }
960 break;
961 }
962
963 TRACE("Request/Reply complete");
964
965 done:
966 nbd_request_put(req);
967 return;
968
969 out:
970 nbd_request_put(req);
971 nbd_client_close(client);
972 }
973
974 static int nbd_can_read(void *opaque)
975 {
976 NBDClient *client = opaque;
977
978 return client->recv_coroutine || client->nb_requests < MAX_NBD_REQUESTS;
979 }
980
981 static void nbd_read(void *opaque)
982 {
983 NBDClient *client = opaque;
984
985 if (client->recv_coroutine) {
986 qemu_coroutine_enter(client->recv_coroutine, NULL);
987 } else {
988 qemu_coroutine_enter(qemu_coroutine_create(nbd_trip), client);
989 }
990 }
991
992 static void nbd_restart_write(void *opaque)
993 {
994 NBDClient *client = opaque;
995
996 qemu_coroutine_enter(client->send_coroutine, NULL);
997 }
998
999 NBDClient *nbd_client_new(NBDExport *exp, int csock,
1000 void (*close)(NBDClient *))
1001 {
1002 NBDClient *client;
1003 client = g_malloc0(sizeof(NBDClient));
1004 client->refcount = 1;
1005 client->exp = exp;
1006 client->sock = csock;
1007 if (nbd_send_negotiate(client) < 0) {
1008 g_free(client);
1009 return NULL;
1010 }
1011 client->close = close;
1012 qemu_co_mutex_init(&client->send_lock);
1013 qemu_set_fd_handler2(csock, nbd_can_read, nbd_read, NULL, client);
1014 return client;
1015 }
Qemu copy for testing