2009-05-11 17:41:42 +02:00
|
|
|
/*
|
|
|
|
* QEMU Block driver for CURL images
|
|
|
|
*
|
|
|
|
* Copyright (c) 2009 Alexander Graf <agraf@suse.de>
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
2018-02-01 12:18:39 +01:00
|
|
|
|
2016-01-18 19:01:42 +01:00
|
|
|
#include "qemu/osdep.h"
|
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-14 09:01:28 +01:00
|
|
|
#include "qapi/error.h"
|
2015-07-08 15:37:48 +02:00
|
|
|
#include "qemu/error-report.h"
|
2019-05-23 16:35:07 +02:00
|
|
|
#include "qemu/module.h"
|
2018-02-01 12:18:46 +01:00
|
|
|
#include "qemu/option.h"
|
2022-12-21 14:35:49 +01:00
|
|
|
#include "block/block-io.h"
|
2012-12-17 18:19:44 +01:00
|
|
|
#include "block/block_int.h"
|
2018-02-01 12:18:39 +01:00
|
|
|
#include "qapi/qmp/qdict.h"
|
2015-03-17 18:29:20 +01:00
|
|
|
#include "qapi/qmp/qstring.h"
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
#include "crypto/secret.h"
|
2009-05-11 17:41:42 +02:00
|
|
|
#include <curl/curl.h>
|
2016-03-20 18:16:19 +01:00
|
|
|
#include "qemu/cutils.h"
|
2018-12-13 17:27:25 +01:00
|
|
|
#include "trace.h"
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
// #define DEBUG_VERBOSE
|
|
|
|
|
2023-01-23 21:14:31 +01:00
|
|
|
/* CURL 7.85.0 switches to a string based API for specifying
|
|
|
|
* the desired protocols.
|
|
|
|
*/
|
|
|
|
#if LIBCURL_VERSION_NUM >= 0x075500
|
|
|
|
#define PROTOCOLS "HTTP,HTTPS,FTP,FTPS"
|
|
|
|
#else
|
2013-02-08 08:49:10 +01:00
|
|
|
#define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \
|
block/curl: Drop TFTP "support"
Because TFTP does not support byte ranges, it was never usable with our
curl block driver. Since apparently nobody has ever complained loudly
enough for someone to take care of the issue until now, it seems
reasonable to assume that nobody has ever actually used it.
Therefore, it should be safe to just drop it from curl's protocol list.
[Jeff Cody: Below is additional summary pulled, with some rewording,
from followup emails between Max and Markus, to explain what
worked and what didn't]
TFTP would sometimes work, to a limited extent, for images <= the curl
"readahead" size, so long as reads started at offset zero. By default,
that readahead size is 256KB.
Reads starting at a non-zero offset would also have returned data from a
zero offset. It can become more complicated still, with mixed reads at
zero offset and non-zero offsets, due to data buffering.
In short, TFTP could only have worked before in very specific scenarios
with unrealistic expectations and constraints.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 20161102175539.4375-4-mreitz@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-11-02 18:55:37 +01:00
|
|
|
CURLPROTO_FTP | CURLPROTO_FTPS)
|
2023-01-23 21:14:31 +01:00
|
|
|
#endif
|
2013-02-08 08:49:10 +01:00
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
#define CURL_NUM_STATES 8
|
|
|
|
#define CURL_NUM_ACB 8
|
2014-10-26 12:05:27 +01:00
|
|
|
#define CURL_TIMEOUT_MAX 10000
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-05-15 01:28:41 +02:00
|
|
|
#define CURL_BLOCK_OPT_URL "url"
|
|
|
|
#define CURL_BLOCK_OPT_READAHEAD "readahead"
|
2014-05-15 01:28:42 +02:00
|
|
|
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
|
2014-08-13 17:44:27 +02:00
|
|
|
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
|
2014-08-29 17:03:12 +02:00
|
|
|
#define CURL_BLOCK_OPT_COOKIE "cookie"
|
2017-05-04 16:00:06 +02:00
|
|
|
#define CURL_BLOCK_OPT_COOKIE_SECRET "cookie-secret"
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
#define CURL_BLOCK_OPT_USERNAME "username"
|
|
|
|
#define CURL_BLOCK_OPT_PASSWORD_SECRET "password-secret"
|
|
|
|
#define CURL_BLOCK_OPT_PROXY_USERNAME "proxy-username"
|
|
|
|
#define CURL_BLOCK_OPT_PROXY_PASSWORD_SECRET "proxy-password-secret"
|
2014-05-15 01:28:41 +02:00
|
|
|
|
2019-02-01 20:29:31 +01:00
|
|
|
#define CURL_BLOCK_OPT_READAHEAD_DEFAULT (256 * 1024)
|
|
|
|
#define CURL_BLOCK_OPT_SSLVERIFY_DEFAULT true
|
|
|
|
#define CURL_BLOCK_OPT_TIMEOUT_DEFAULT 5
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
struct BDRVCURLState;
|
2019-09-10 14:41:30 +02:00
|
|
|
struct CURLState;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-11-07 23:27:22 +01:00
|
|
|
static bool libcurl_initialized;
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
typedef struct CURLAIOCB {
|
2017-05-15 12:00:58 +02:00
|
|
|
Coroutine *co;
|
2009-05-11 17:41:42 +02:00
|
|
|
QEMUIOVector *qiov;
|
2011-09-21 12:55:50 +02:00
|
|
|
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t offset;
|
|
|
|
uint64_t bytes;
|
2017-05-15 12:00:58 +02:00
|
|
|
int ret;
|
2011-09-21 12:55:50 +02:00
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
size_t start;
|
|
|
|
size_t end;
|
|
|
|
} CURLAIOCB;
|
|
|
|
|
2016-10-25 04:54:30 +02:00
|
|
|
typedef struct CURLSocket {
|
|
|
|
int fd;
|
2021-03-09 14:05:40 +01:00
|
|
|
struct BDRVCURLState *s;
|
2016-10-25 04:54:30 +02:00
|
|
|
} CURLSocket;
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
typedef struct CURLState
|
|
|
|
{
|
|
|
|
struct BDRVCURLState *s;
|
|
|
|
CURLAIOCB *acb[CURL_NUM_ACB];
|
|
|
|
CURL *curl;
|
|
|
|
char *orig_buf;
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t buf_start;
|
2009-05-11 17:41:42 +02:00
|
|
|
size_t buf_off;
|
|
|
|
size_t buf_len;
|
|
|
|
char range[128];
|
|
|
|
char errmsg[CURL_ERROR_SIZE];
|
|
|
|
char in_use;
|
|
|
|
} CURLState;
|
|
|
|
|
|
|
|
typedef struct BDRVCURLState {
|
|
|
|
CURLM *multi;
|
2014-01-24 14:56:17 +01:00
|
|
|
QEMUTimer timer;
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t len;
|
2009-05-11 17:41:42 +02:00
|
|
|
CURLState states[CURL_NUM_STATES];
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
GHashTable *sockets; /* GINT_TO_POINTER(fd) -> socket */
|
2009-05-11 17:41:42 +02:00
|
|
|
char *url;
|
2009-07-02 02:16:52 +02:00
|
|
|
size_t readahead_size;
|
2014-05-15 01:28:42 +02:00
|
|
|
bool sslverify;
|
2014-10-26 12:05:27 +01:00
|
|
|
uint64_t timeout;
|
2014-08-29 17:03:12 +02:00
|
|
|
char *cookie;
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 09:19:21 +02:00
|
|
|
bool accept_range;
|
2014-05-08 16:34:40 +02:00
|
|
|
AioContext *aio_context;
|
2017-02-22 19:07:23 +01:00
|
|
|
QemuMutex mutex;
|
2018-02-03 16:39:35 +01:00
|
|
|
CoQueue free_state_waitq;
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
char *username;
|
|
|
|
char *password;
|
|
|
|
char *proxyusername;
|
|
|
|
char *proxypassword;
|
2009-05-11 17:41:42 +02:00
|
|
|
} BDRVCURLState;
|
|
|
|
|
|
|
|
static void curl_clean_state(CURLState *s);
|
|
|
|
static void curl_multi_do(void *arg);
|
|
|
|
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
static gboolean curl_drop_socket(void *key, void *value, void *opaque)
|
|
|
|
{
|
|
|
|
CURLSocket *socket = value;
|
|
|
|
BDRVCURLState *s = socket->s;
|
|
|
|
|
aio: remove aio_disable_external() API
All callers now pass is_external=false to aio_set_fd_handler() and
aio_set_event_notifier(). The aio_disable_external() API that
temporarily disables fd handlers that were registered is_external=true
is therefore dead code.
Remove aio_disable_external(), aio_enable_external(), and the
is_external arguments to aio_set_fd_handler() and
aio_set_event_notifier().
The entire test-fdmon-epoll test is removed because its sole purpose was
testing aio_disable_external().
Parts of this patch were generated using the following coccinelle
(https://coccinelle.lip6.fr/) semantic patch:
@@
expression ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque;
@@
- aio_set_fd_handler(ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque)
+ aio_set_fd_handler(ctx, fd, io_read, io_write, io_poll, io_poll_ready, opaque)
@@
expression ctx, notifier, is_external, io_read, io_poll, io_poll_ready;
@@
- aio_set_event_notifier(ctx, notifier, is_external, io_read, io_poll, io_poll_ready)
+ aio_set_event_notifier(ctx, notifier, io_read, io_poll, io_poll_ready)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230516190238.8401-21-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-05-16 21:02:38 +02:00
|
|
|
aio_set_fd_handler(s->aio_context, socket->fd,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 14:23:31 +01:00
|
|
|
NULL, NULL, NULL, NULL, NULL);
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_drop_all_sockets(GHashTable *sockets)
|
|
|
|
{
|
|
|
|
g_hash_table_foreach_remove(sockets, curl_drop_socket, NULL);
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:54 +02:00
|
|
|
/* Called from curl_multi_do_locked, with s->mutex held. */
|
2014-01-24 14:56:17 +01:00
|
|
|
static int curl_timer_cb(CURLM *multi, long timeout_ms, void *opaque)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = opaque;
|
|
|
|
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_timer_cb(timeout_ms);
|
2014-01-24 14:56:17 +01:00
|
|
|
if (timeout_ms == -1) {
|
|
|
|
timer_del(&s->timer);
|
|
|
|
} else {
|
|
|
|
int64_t timeout_ns = (int64_t)timeout_ms * 1000 * 1000;
|
|
|
|
timer_mod(&s->timer,
|
|
|
|
qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + timeout_ns);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:54 +02:00
|
|
|
/* Called from curl_multi_do_locked, with s->mutex held. */
|
2009-05-11 17:41:42 +02:00
|
|
|
static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
2014-05-08 16:34:40 +02:00
|
|
|
void *userp, void *sp)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
2014-05-08 16:34:40 +02:00
|
|
|
BDRVCURLState *s;
|
2014-04-29 17:03:30 +02:00
|
|
|
CURLState *state = NULL;
|
2016-10-25 04:54:30 +02:00
|
|
|
CURLSocket *socket;
|
|
|
|
|
2014-04-29 17:03:30 +02:00
|
|
|
curl_easy_getinfo(curl, CURLINFO_PRIVATE, (char **)&state);
|
2014-05-08 16:34:40 +02:00
|
|
|
s = state->s;
|
2014-04-29 17:03:30 +02:00
|
|
|
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
socket = g_hash_table_lookup(s->sockets, GINT_TO_POINTER(fd));
|
2016-10-25 04:54:30 +02:00
|
|
|
if (!socket) {
|
|
|
|
socket = g_new0(CURLSocket, 1);
|
|
|
|
socket->fd = fd;
|
2021-03-09 14:05:40 +01:00
|
|
|
socket->s = s;
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
g_hash_table_insert(s->sockets, GINT_TO_POINTER(fd), socket);
|
2016-10-25 04:54:30 +02:00
|
|
|
}
|
|
|
|
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_sock_cb(action, (int)fd);
|
2009-05-11 17:41:42 +02:00
|
|
|
switch (action) {
|
|
|
|
case CURL_POLL_IN:
|
aio: remove aio_disable_external() API
All callers now pass is_external=false to aio_set_fd_handler() and
aio_set_event_notifier(). The aio_disable_external() API that
temporarily disables fd handlers that were registered is_external=true
is therefore dead code.
Remove aio_disable_external(), aio_enable_external(), and the
is_external arguments to aio_set_fd_handler() and
aio_set_event_notifier().
The entire test-fdmon-epoll test is removed because its sole purpose was
testing aio_disable_external().
Parts of this patch were generated using the following coccinelle
(https://coccinelle.lip6.fr/) semantic patch:
@@
expression ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque;
@@
- aio_set_fd_handler(ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque)
+ aio_set_fd_handler(ctx, fd, io_read, io_write, io_poll, io_poll_ready, opaque)
@@
expression ctx, notifier, is_external, io_read, io_poll, io_poll_ready;
@@
- aio_set_event_notifier(ctx, notifier, is_external, io_read, io_poll, io_poll_ready)
+ aio_set_event_notifier(ctx, notifier, io_read, io_poll, io_poll_ready)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230516190238.8401-21-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-05-16 21:02:38 +02:00
|
|
|
aio_set_fd_handler(s->aio_context, fd,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 14:23:31 +01:00
|
|
|
curl_multi_do, NULL, NULL, NULL, socket);
|
2009-05-11 17:41:42 +02:00
|
|
|
break;
|
|
|
|
case CURL_POLL_OUT:
|
aio: remove aio_disable_external() API
All callers now pass is_external=false to aio_set_fd_handler() and
aio_set_event_notifier(). The aio_disable_external() API that
temporarily disables fd handlers that were registered is_external=true
is therefore dead code.
Remove aio_disable_external(), aio_enable_external(), and the
is_external arguments to aio_set_fd_handler() and
aio_set_event_notifier().
The entire test-fdmon-epoll test is removed because its sole purpose was
testing aio_disable_external().
Parts of this patch were generated using the following coccinelle
(https://coccinelle.lip6.fr/) semantic patch:
@@
expression ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque;
@@
- aio_set_fd_handler(ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque)
+ aio_set_fd_handler(ctx, fd, io_read, io_write, io_poll, io_poll_ready, opaque)
@@
expression ctx, notifier, is_external, io_read, io_poll, io_poll_ready;
@@
- aio_set_event_notifier(ctx, notifier, is_external, io_read, io_poll, io_poll_ready)
+ aio_set_event_notifier(ctx, notifier, io_read, io_poll, io_poll_ready)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230516190238.8401-21-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-05-16 21:02:38 +02:00
|
|
|
aio_set_fd_handler(s->aio_context, fd,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 14:23:31 +01:00
|
|
|
NULL, curl_multi_do, NULL, NULL, socket);
|
2009-05-11 17:41:42 +02:00
|
|
|
break;
|
|
|
|
case CURL_POLL_INOUT:
|
aio: remove aio_disable_external() API
All callers now pass is_external=false to aio_set_fd_handler() and
aio_set_event_notifier(). The aio_disable_external() API that
temporarily disables fd handlers that were registered is_external=true
is therefore dead code.
Remove aio_disable_external(), aio_enable_external(), and the
is_external arguments to aio_set_fd_handler() and
aio_set_event_notifier().
The entire test-fdmon-epoll test is removed because its sole purpose was
testing aio_disable_external().
Parts of this patch were generated using the following coccinelle
(https://coccinelle.lip6.fr/) semantic patch:
@@
expression ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque;
@@
- aio_set_fd_handler(ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque)
+ aio_set_fd_handler(ctx, fd, io_read, io_write, io_poll, io_poll_ready, opaque)
@@
expression ctx, notifier, is_external, io_read, io_poll, io_poll_ready;
@@
- aio_set_event_notifier(ctx, notifier, is_external, io_read, io_poll, io_poll_ready)
+ aio_set_event_notifier(ctx, notifier, io_read, io_poll, io_poll_ready)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230516190238.8401-21-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-05-16 21:02:38 +02:00
|
|
|
aio_set_fd_handler(s->aio_context, fd,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 14:23:31 +01:00
|
|
|
curl_multi_do, curl_multi_do,
|
|
|
|
NULL, NULL, socket);
|
2009-05-11 17:41:42 +02:00
|
|
|
break;
|
|
|
|
case CURL_POLL_REMOVE:
|
aio: remove aio_disable_external() API
All callers now pass is_external=false to aio_set_fd_handler() and
aio_set_event_notifier(). The aio_disable_external() API that
temporarily disables fd handlers that were registered is_external=true
is therefore dead code.
Remove aio_disable_external(), aio_enable_external(), and the
is_external arguments to aio_set_fd_handler() and
aio_set_event_notifier().
The entire test-fdmon-epoll test is removed because its sole purpose was
testing aio_disable_external().
Parts of this patch were generated using the following coccinelle
(https://coccinelle.lip6.fr/) semantic patch:
@@
expression ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque;
@@
- aio_set_fd_handler(ctx, fd, is_external, io_read, io_write, io_poll, io_poll_ready, opaque)
+ aio_set_fd_handler(ctx, fd, io_read, io_write, io_poll, io_poll_ready, opaque)
@@
expression ctx, notifier, is_external, io_read, io_poll, io_poll_ready;
@@
- aio_set_event_notifier(ctx, notifier, is_external, io_read, io_poll, io_poll_ready)
+ aio_set_event_notifier(ctx, notifier, io_read, io_poll, io_poll_ready)
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230516190238.8401-21-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-05-16 21:02:38 +02:00
|
|
|
aio_set_fd_handler(s->aio_context, fd,
|
aio-posix: split poll check from ready handler
Adaptive polling measures the execution time of the polling check plus
handlers called when a polled event becomes ready. Handlers can take a
significant amount of time, making it look like polling was running for
a long time when in fact the event handler was running for a long time.
For example, on Linux the io_submit(2) syscall invoked when a virtio-blk
device's virtqueue becomes ready can take 10s of microseconds. This
can exceed the default polling interval (32 microseconds) and cause
adaptive polling to stop polling.
By excluding the handler's execution time from the polling check we make
the adaptive polling calculation more accurate. As a result, the event
loop now stays in polling mode where previously it would have fallen
back to file descriptor monitoring.
The following data was collected with virtio-blk num-queues=2
event_idx=off using an IOThread. Before:
168k IOPS, IOThread syscalls:
9837.115 ( 0.020 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 16, iocbpp: 0x7fcb9f937db0) = 16
9837.158 ( 0.002 ms): IO iothread1/620155 write(fd: 103, buf: 0x556a2ef71b88, count: 8) = 8
9837.161 ( 0.001 ms): IO iothread1/620155 write(fd: 104, buf: 0x556a2ef71b88, count: 8) = 8
9837.163 ( 0.001 ms): IO iothread1/620155 ppoll(ufds: 0x7fcb90002800, nfds: 4, tsp: 0x7fcb9f1342d0, sigsetsize: 8) = 3
9837.164 ( 0.001 ms): IO iothread1/620155 read(fd: 107, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.174 ( 0.001 ms): IO iothread1/620155 read(fd: 105, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.176 ( 0.001 ms): IO iothread1/620155 read(fd: 106, buf: 0x7fcb9f939cc0, count: 512) = 8
9837.209 ( 0.035 ms): IO iothread1/620155 io_submit(ctx_id: 140512552468480, nr: 32, iocbpp: 0x7fca7d0cebe0) = 32
174k IOPS (+3.6%), IOThread syscalls:
9809.566 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0cdd62be0) = 32
9809.625 ( 0.001 ms): IO iothread1/623061 write(fd: 103, buf: 0x5647cfba5f58, count: 8) = 8
9809.627 ( 0.002 ms): IO iothread1/623061 write(fd: 104, buf: 0x5647cfba5f58, count: 8) = 8
9809.663 ( 0.036 ms): IO iothread1/623061 io_submit(ctx_id: 140539805028352, nr: 32, iocbpp: 0x7fd0d0388b50) = 32
Notice that ppoll(2) and eventfd read(2) syscalls are eliminated because
the IOThread stays in polling mode instead of falling back to file
descriptor monitoring.
As usual, polling is not implemented on Windows so this patch ignores
the new io_poll_read() callback in aio-win32.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-id: 20211207132336.36627-2-stefanha@redhat.com
[Fixed up aio_set_event_notifier() calls in
tests/unit/test-fdmon-epoll.c added after this series was queued.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07 14:23:31 +01:00
|
|
|
NULL, NULL, NULL, NULL, NULL);
|
2009-05-11 17:41:42 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-09-10 14:41:31 +02:00
|
|
|
if (action == CURL_POLL_REMOVE) {
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
g_hash_table_remove(s->sockets, GINT_TO_POINTER(fd));
|
2019-09-10 14:41:31 +02:00
|
|
|
}
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:54 +02:00
|
|
|
/* Called from curl_multi_do_locked, with s->mutex held. */
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 09:19:21 +02:00
|
|
|
static size_t curl_header_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 09:19:21 +02:00
|
|
|
BDRVCURLState *s = opaque;
|
2009-05-11 17:41:42 +02:00
|
|
|
size_t realsize = size * nmemb;
|
2020-02-24 11:13:09 +01:00
|
|
|
const char *header = (char *)ptr;
|
|
|
|
const char *end = header + realsize;
|
2020-02-24 11:13:10 +01:00
|
|
|
const char *accept_ranges = "accept-ranges:";
|
2020-02-24 11:13:09 +01:00
|
|
|
const char *bytes = "bytes";
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2020-02-24 11:13:09 +01:00
|
|
|
if (realsize >= strlen(accept_ranges)
|
2020-02-24 11:13:10 +01:00
|
|
|
&& g_ascii_strncasecmp(header, accept_ranges,
|
|
|
|
strlen(accept_ranges)) == 0) {
|
2020-02-24 11:13:09 +01:00
|
|
|
|
|
|
|
char *p = strchr(header, ':') + 1;
|
|
|
|
|
|
|
|
/* Skip whitespace between the header name and value. */
|
|
|
|
while (p < end && *p && g_ascii_isspace(*p)) {
|
|
|
|
p++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (end - p >= strlen(bytes)
|
|
|
|
&& strncmp(p, bytes, strlen(bytes)) == 0) {
|
|
|
|
|
|
|
|
/* Check that there is nothing but whitespace after the value. */
|
|
|
|
p += strlen(bytes);
|
|
|
|
while (p < end && *p && g_ascii_isspace(*p)) {
|
|
|
|
p++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p == end || !*p) {
|
|
|
|
s->accept_range = true;
|
|
|
|
}
|
|
|
|
}
|
2010-05-22 10:02:12 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
return realsize;
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:54 +02:00
|
|
|
/* Called from curl_multi_do_locked, with s->mutex held. */
|
2009-05-11 17:41:42 +02:00
|
|
|
static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
|
|
|
{
|
|
|
|
CURLState *s = ((CURLState*)opaque);
|
|
|
|
size_t realsize = size * nmemb;
|
|
|
|
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_read_cb(realsize);
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2016-10-25 04:54:29 +02:00
|
|
|
if (!s || !s->orig_buf) {
|
|
|
|
goto read_end;
|
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-03-26 13:05:40 +01:00
|
|
|
if (s->buf_off >= s->buf_len) {
|
|
|
|
/* buffer full, read nothing */
|
2016-10-25 04:54:29 +02:00
|
|
|
goto read_end;
|
2014-03-26 13:05:40 +01:00
|
|
|
}
|
|
|
|
realsize = MIN(realsize, s->buf_len - s->buf_off);
|
2009-05-11 17:41:42 +02:00
|
|
|
memcpy(s->orig_buf + s->buf_off, ptr, realsize);
|
|
|
|
s->buf_off += realsize;
|
|
|
|
|
2016-10-25 04:54:29 +02:00
|
|
|
read_end:
|
|
|
|
/* curl will error out if we do not return this value */
|
|
|
|
return size * nmemb;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:55 +02:00
|
|
|
/* Called with s->mutex held. */
|
2017-05-15 12:00:58 +02:00
|
|
|
static bool curl_find_buf(BDRVCURLState *s, uint64_t start, uint64_t len,
|
|
|
|
CURLAIOCB *acb)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
int i;
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t end = start + len;
|
|
|
|
uint64_t clamped_end = MIN(end, s->len);
|
|
|
|
uint64_t clamped_len = clamped_end - start;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
for (i=0; i<CURL_NUM_STATES; i++) {
|
|
|
|
CURLState *state = &s->states[i];
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t buf_end = (state->buf_start + state->buf_off);
|
|
|
|
uint64_t buf_fend = (state->buf_start + state->buf_len);
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
if (!state->orig_buf)
|
|
|
|
continue;
|
|
|
|
if (!state->buf_off)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
// Does the existing buffer cover our section?
|
|
|
|
if ((start >= state->buf_start) &&
|
|
|
|
(start <= buf_end) &&
|
2016-10-25 04:54:31 +02:00
|
|
|
(clamped_end >= state->buf_start) &&
|
|
|
|
(clamped_end <= buf_end))
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
char *buf = state->orig_buf + (start - state->buf_start);
|
|
|
|
|
2016-10-25 04:54:31 +02:00
|
|
|
qemu_iovec_from_buf(acb->qiov, 0, buf, clamped_len);
|
|
|
|
if (clamped_len < len) {
|
|
|
|
qemu_iovec_memset(acb->qiov, clamped_len, 0, len - clamped_len);
|
|
|
|
}
|
2017-05-15 12:00:58 +02:00
|
|
|
acb->ret = 0;
|
|
|
|
return true;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for unfinished chunks
|
2014-04-29 17:03:32 +02:00
|
|
|
if (state->in_use &&
|
|
|
|
(start >= state->buf_start) &&
|
2009-05-11 17:41:42 +02:00
|
|
|
(start <= buf_fend) &&
|
2016-10-25 04:54:31 +02:00
|
|
|
(clamped_end >= state->buf_start) &&
|
|
|
|
(clamped_end <= buf_fend))
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
int j;
|
|
|
|
|
|
|
|
acb->start = start - state->buf_start;
|
2016-10-25 04:54:31 +02:00
|
|
|
acb->end = acb->start + clamped_len;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
for (j=0; j<CURL_NUM_ACB; j++) {
|
|
|
|
if (!state->acb[j]) {
|
|
|
|
state->acb[j] = acb;
|
2017-05-15 12:00:58 +02:00
|
|
|
return true;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
return false;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2017-02-22 19:07:23 +01:00
|
|
|
/* Called with s->mutex held. */
|
2014-04-29 17:03:30 +02:00
|
|
|
static void curl_multi_check_completion(BDRVCURLState *s)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
int msgs_in_queue;
|
|
|
|
|
|
|
|
/* Try to find done transfers, so we can free the easy
|
|
|
|
* handle again. */
|
2014-04-29 17:03:31 +02:00
|
|
|
for (;;) {
|
2009-05-11 17:41:42 +02:00
|
|
|
CURLMsg *msg;
|
|
|
|
msg = curl_multi_info_read(s->multi, &msgs_in_queue);
|
|
|
|
|
2014-04-29 17:03:31 +02:00
|
|
|
/* Quit when there are no more completions */
|
2009-05-11 17:41:42 +02:00
|
|
|
if (!msg)
|
|
|
|
break;
|
|
|
|
|
2014-04-29 17:03:31 +02:00
|
|
|
if (msg->msg == CURLMSG_DONE) {
|
2019-09-10 14:41:35 +02:00
|
|
|
int i;
|
2014-04-29 17:03:31 +02:00
|
|
|
CURLState *state = NULL;
|
2019-09-10 14:41:35 +02:00
|
|
|
bool error = msg->data.result != CURLE_OK;
|
|
|
|
|
2014-04-29 17:03:31 +02:00
|
|
|
curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
|
|
|
|
(char **)&state);
|
|
|
|
|
2019-09-10 14:41:35 +02:00
|
|
|
if (error) {
|
2015-07-08 15:37:48 +02:00
|
|
|
static int errcount = 100;
|
|
|
|
|
|
|
|
/* Don't lose the original error message from curl, since
|
|
|
|
* it contains extra data.
|
|
|
|
*/
|
|
|
|
if (errcount > 0) {
|
|
|
|
error_report("curl: %s", state->errmsg);
|
|
|
|
if (--errcount == 0) {
|
|
|
|
error_report("curl: further errors suppressed");
|
|
|
|
}
|
|
|
|
}
|
2019-09-10 14:41:35 +02:00
|
|
|
}
|
2015-07-08 15:37:48 +02:00
|
|
|
|
2019-09-10 14:41:35 +02:00
|
|
|
for (i = 0; i < CURL_NUM_ACB; i++) {
|
|
|
|
CURLAIOCB *acb = state->acb[i];
|
2014-04-29 17:03:31 +02:00
|
|
|
|
2019-09-10 14:41:35 +02:00
|
|
|
if (acb == NULL) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!error) {
|
|
|
|
/* Assert that we have read all data */
|
|
|
|
assert(state->buf_off >= acb->end);
|
|
|
|
|
|
|
|
qemu_iovec_from_buf(acb->qiov, 0,
|
|
|
|
state->orig_buf + acb->start,
|
|
|
|
acb->end - acb->start);
|
2011-08-15 11:00:34 +02:00
|
|
|
|
2019-09-10 14:41:35 +02:00
|
|
|
if (acb->end - acb->start < acb->bytes) {
|
|
|
|
size_t offset = acb->end - acb->start;
|
|
|
|
qemu_iovec_memset(acb->qiov, offset, 0,
|
|
|
|
acb->bytes - offset);
|
|
|
|
}
|
2014-04-29 17:03:31 +02:00
|
|
|
}
|
2019-09-10 14:41:35 +02:00
|
|
|
|
|
|
|
acb->ret = error ? -EIO : 0;
|
|
|
|
state->acb[i] = NULL;
|
|
|
|
qemu_mutex_unlock(&s->mutex);
|
|
|
|
aio_co_wake(acb->co);
|
|
|
|
qemu_mutex_lock(&s->mutex);
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
2014-04-29 17:03:31 +02:00
|
|
|
|
|
|
|
curl_clean_state(state);
|
|
|
|
break;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
2014-04-29 17:03:31 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2017-02-22 19:07:23 +01:00
|
|
|
/* Called with s->mutex held. */
|
2019-09-10 14:41:34 +02:00
|
|
|
static void curl_multi_do_locked(CURLSocket *socket)
|
2014-01-24 14:56:17 +01:00
|
|
|
{
|
2021-03-09 14:05:40 +01:00
|
|
|
BDRVCURLState *s = socket->s;
|
2014-01-24 14:56:17 +01:00
|
|
|
int running;
|
|
|
|
int r;
|
|
|
|
|
2019-09-10 14:41:34 +02:00
|
|
|
if (!s->multi) {
|
2014-01-24 14:56:17 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-09-10 14:41:34 +02:00
|
|
|
do {
|
|
|
|
r = curl_multi_socket_action(s->multi, socket->fd, 0, &running);
|
|
|
|
} while (r == CURLM_CALL_MULTI_PERFORM);
|
2014-04-29 17:03:30 +02:00
|
|
|
}
|
|
|
|
|
2017-02-13 14:52:30 +01:00
|
|
|
static void curl_multi_do(void *arg)
|
|
|
|
{
|
2019-09-10 14:41:33 +02:00
|
|
|
CURLSocket *socket = arg;
|
2021-03-09 14:05:40 +01:00
|
|
|
BDRVCURLState *s = socket->s;
|
2017-02-13 14:52:30 +01:00
|
|
|
|
2019-09-10 14:41:33 +02:00
|
|
|
qemu_mutex_lock(&s->mutex);
|
|
|
|
curl_multi_do_locked(socket);
|
|
|
|
curl_multi_check_completion(s);
|
|
|
|
qemu_mutex_unlock(&s->mutex);
|
2014-01-24 14:56:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_multi_timeout_do(void *arg)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = (BDRVCURLState *)arg;
|
|
|
|
int running;
|
|
|
|
|
|
|
|
if (!s->multi) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-02-22 19:07:23 +01:00
|
|
|
qemu_mutex_lock(&s->mutex);
|
2014-01-24 14:56:17 +01:00
|
|
|
curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running);
|
|
|
|
|
2014-04-29 17:03:30 +02:00
|
|
|
curl_multi_check_completion(s);
|
2017-02-22 19:07:23 +01:00
|
|
|
qemu_mutex_unlock(&s->mutex);
|
2014-01-24 14:56:17 +01:00
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:55 +02:00
|
|
|
/* Called with s->mutex held. */
|
2017-05-15 12:00:56 +02:00
|
|
|
static CURLState *curl_find_state(BDRVCURLState *s)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
CURLState *state = NULL;
|
2017-05-15 12:00:56 +02:00
|
|
|
int i;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:56 +02:00
|
|
|
for (i = 0; i < CURL_NUM_STATES; i++) {
|
|
|
|
if (!s->states[i].in_use) {
|
2009-05-11 17:41:42 +02:00
|
|
|
state = &s->states[i];
|
|
|
|
state->in_use = 1;
|
|
|
|
break;
|
|
|
|
}
|
2017-05-15 12:00:56 +02:00
|
|
|
}
|
|
|
|
return state;
|
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:56 +02:00
|
|
|
static int curl_init_state(BDRVCURLState *s, CURLState *state)
|
|
|
|
{
|
2014-04-29 17:03:26 +02:00
|
|
|
if (!state->curl) {
|
|
|
|
state->curl = curl_easy_init();
|
|
|
|
if (!state->curl) {
|
2017-05-15 12:00:56 +02:00
|
|
|
return -EIO;
|
2014-04-29 17:03:26 +02:00
|
|
|
}
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_URL, s->url) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
|
|
|
(long) s->sslverify) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYHOST,
|
|
|
|
s->sslverify ? 2L : 0L)) {
|
|
|
|
goto err;
|
|
|
|
}
|
2014-08-29 17:03:12 +02:00
|
|
|
if (s->cookie) {
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie)) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, (long)s->timeout) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
|
|
|
(void *)curl_read_cb) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_PRIVATE, (void *)state) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_FOLLOWLOCATION, 1) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1)) {
|
|
|
|
goto err;
|
2014-08-29 17:03:12 +02:00
|
|
|
}
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
if (s->username) {
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_USERNAME, s->username)) {
|
|
|
|
goto err;
|
|
|
|
}
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
}
|
|
|
|
if (s->password) {
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_PASSWORD, s->password)) {
|
|
|
|
goto err;
|
|
|
|
}
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
}
|
|
|
|
if (s->proxyusername) {
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl,
|
|
|
|
CURLOPT_PROXYUSERNAME, s->proxyusername)) {
|
|
|
|
goto err;
|
|
|
|
}
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
}
|
|
|
|
if (s->proxypassword) {
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl,
|
|
|
|
CURLOPT_PROXYPASSWORD, s->proxypassword)) {
|
|
|
|
goto err;
|
|
|
|
}
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
}
|
|
|
|
|
2014-04-29 17:03:26 +02:00
|
|
|
/* Restrict supported protocols to avoid security issues in the more
|
|
|
|
* obscure protocols. For example, do not allow POP3/SMTP/IMAP see
|
|
|
|
* CVE-2013-0249.
|
|
|
|
*
|
2023-01-23 21:14:31 +01:00
|
|
|
* Restricting protocols is only supported from 7.19.4 upwards. Note:
|
|
|
|
* version 7.85.0 deprecates CURLOPT_*PROTOCOLS in favour of a string
|
|
|
|
* based CURLOPT_*PROTOCOLS_STR API.
|
2014-04-29 17:03:26 +02:00
|
|
|
*/
|
2023-01-23 21:14:31 +01:00
|
|
|
#if LIBCURL_VERSION_NUM >= 0x075500
|
|
|
|
if (curl_easy_setopt(state->curl,
|
|
|
|
CURLOPT_PROTOCOLS_STR, PROTOCOLS) ||
|
|
|
|
curl_easy_setopt(state->curl,
|
|
|
|
CURLOPT_REDIR_PROTOCOLS_STR, PROTOCOLS)) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
#elif LIBCURL_VERSION_NUM >= 0x071304
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS)) {
|
|
|
|
goto err;
|
|
|
|
}
|
2013-02-13 09:25:34 +01:00
|
|
|
#endif
|
2013-02-08 08:49:10 +01:00
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
#ifdef DEBUG_VERBOSE
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1)) {
|
|
|
|
goto err;
|
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
#endif
|
2014-04-29 17:03:26 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
state->s = s;
|
|
|
|
|
2017-05-15 12:00:56 +02:00
|
|
|
return 0;
|
2022-02-22 16:23:41 +01:00
|
|
|
|
|
|
|
err:
|
|
|
|
curl_easy_cleanup(state->curl);
|
|
|
|
state->curl = NULL;
|
|
|
|
return -EIO;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:55 +02:00
|
|
|
/* Called with s->mutex held. */
|
2009-05-11 17:41:42 +02:00
|
|
|
static void curl_clean_state(CURLState *s)
|
|
|
|
{
|
2017-05-15 12:00:53 +02:00
|
|
|
int j;
|
|
|
|
for (j = 0; j < CURL_NUM_ACB; j++) {
|
|
|
|
assert(!s->acb[j]);
|
|
|
|
}
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
if (s->s->multi)
|
|
|
|
curl_multi_remove_handle(s->s->multi, s->curl);
|
2016-10-25 04:54:30 +02:00
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
s->in_use = 0;
|
2017-05-15 12:00:59 +02:00
|
|
|
|
2018-02-03 16:39:35 +01:00
|
|
|
qemu_co_enter_next(&s->s->free_state_waitq, &s->s->mutex);
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2013-04-10 15:31:33 +02:00
|
|
|
static void curl_parse_filename(const char *filename, QDict *options,
|
|
|
|
Error **errp)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
2017-04-27 23:58:17 +02:00
|
|
|
qdict_put_str(options, CURL_BLOCK_OPT_URL, filename);
|
2013-04-10 15:31:33 +02:00
|
|
|
}
|
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
static void curl_detach_aio_context(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
int i;
|
|
|
|
|
2020-12-03 08:50:53 +01:00
|
|
|
WITH_QEMU_LOCK_GUARD(&s->mutex) {
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
curl_drop_all_sockets(s->sockets);
|
2020-12-03 08:50:53 +01:00
|
|
|
for (i = 0; i < CURL_NUM_STATES; i++) {
|
|
|
|
if (s->states[i].in_use) {
|
|
|
|
curl_clean_state(&s->states[i]);
|
|
|
|
}
|
|
|
|
if (s->states[i].curl) {
|
|
|
|
curl_easy_cleanup(s->states[i].curl);
|
|
|
|
s->states[i].curl = NULL;
|
|
|
|
}
|
|
|
|
g_free(s->states[i].orig_buf);
|
|
|
|
s->states[i].orig_buf = NULL;
|
2014-05-08 16:34:40 +02:00
|
|
|
}
|
2020-12-03 08:50:53 +01:00
|
|
|
if (s->multi) {
|
|
|
|
curl_multi_cleanup(s->multi);
|
|
|
|
s->multi = NULL;
|
2014-05-08 16:34:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
timer_del(&s->timer);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_attach_aio_context(BlockDriverState *bs,
|
|
|
|
AioContext *new_context)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
|
|
|
|
aio_timer_init(new_context, &s->timer,
|
|
|
|
QEMU_CLOCK_REALTIME, SCALE_NS,
|
|
|
|
curl_multi_timeout_do, s);
|
|
|
|
|
|
|
|
assert(!s->multi);
|
|
|
|
s->multi = curl_multi_init();
|
|
|
|
s->aio_context = new_context;
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb);
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_TIMERDATA, s);
|
|
|
|
curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb);
|
|
|
|
}
|
|
|
|
|
2013-04-10 15:31:33 +02:00
|
|
|
static QemuOptsList runtime_opts = {
|
|
|
|
.name = "curl",
|
|
|
|
.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
|
|
|
|
.desc = {
|
|
|
|
{
|
2014-05-15 01:28:41 +02:00
|
|
|
.name = CURL_BLOCK_OPT_URL,
|
2013-04-10 15:31:33 +02:00
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "URL to open",
|
|
|
|
},
|
|
|
|
{
|
2014-05-15 01:28:41 +02:00
|
|
|
.name = CURL_BLOCK_OPT_READAHEAD,
|
2013-04-10 15:31:33 +02:00
|
|
|
.type = QEMU_OPT_SIZE,
|
|
|
|
.help = "Readahead size",
|
|
|
|
},
|
2014-05-15 01:28:42 +02:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_SSLVERIFY,
|
|
|
|
.type = QEMU_OPT_BOOL,
|
|
|
|
.help = "Verify SSL certificate"
|
|
|
|
},
|
2014-08-13 17:44:27 +02:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_TIMEOUT,
|
|
|
|
.type = QEMU_OPT_NUMBER,
|
|
|
|
.help = "Curl timeout"
|
|
|
|
},
|
2014-08-29 17:03:12 +02:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_COOKIE,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Pass the cookie or list of cookies with each request"
|
|
|
|
},
|
2017-05-04 16:00:06 +02:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_COOKIE_SECRET,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "ID of secret used as cookie passed with each request"
|
|
|
|
},
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_USERNAME,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Username for HTTP auth"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_PASSWORD_SECRET,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "ID of secret used as password for HTTP auth",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_PROXY_USERNAME,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "Username for HTTP proxy auth"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = CURL_BLOCK_OPT_PROXY_PASSWORD_SECRET,
|
|
|
|
.type = QEMU_OPT_STRING,
|
|
|
|
.help = "ID of secret used as password for HTTP proxy auth",
|
|
|
|
},
|
2013-04-10 15:31:33 +02:00
|
|
|
{ /* end of list */ }
|
|
|
|
},
|
|
|
|
};
|
|
|
|
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
|
2013-09-05 14:22:29 +02:00
|
|
|
static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
|
|
|
Error **errp)
|
2013-04-10 15:31:33 +02:00
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
CURLState *state = NULL;
|
|
|
|
QemuOpts *opts;
|
|
|
|
const char *file;
|
2014-08-29 17:03:12 +02:00
|
|
|
const char *cookie;
|
2017-05-04 16:00:06 +02:00
|
|
|
const char *cookie_secret;
|
2023-01-23 21:14:31 +01:00
|
|
|
/* CURL >= 7.55.0 uses curl_off_t for content length instead of a double */
|
|
|
|
#if LIBCURL_VERSION_NUM >= 0x073700
|
|
|
|
curl_off_t cl;
|
|
|
|
#else
|
|
|
|
double cl;
|
|
|
|
#endif
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
const char *secretid;
|
2017-03-31 14:04:31 +02:00
|
|
|
const char *protocol_delimiter;
|
2017-11-07 23:27:22 +01:00
|
|
|
int ret;
|
2013-04-10 15:31:33 +02:00
|
|
|
|
2018-10-08 17:27:18 +02:00
|
|
|
ret = bdrv_apply_auto_read_only(bs, "curl driver does not support writes",
|
|
|
|
errp);
|
|
|
|
if (ret < 0) {
|
|
|
|
return ret;
|
2013-06-10 13:38:43 +02:00
|
|
|
}
|
|
|
|
|
2017-11-07 23:27:22 +01:00
|
|
|
if (!libcurl_initialized) {
|
|
|
|
ret = curl_global_init(CURL_GLOBAL_ALL);
|
|
|
|
if (ret) {
|
|
|
|
error_setg(errp, "libcurl initialization failed with %d", ret);
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
libcurl_initialized = true;
|
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_init(&s->mutex);
|
2014-01-02 03:49:17 +01:00
|
|
|
opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
|
error: Eliminate error_propagate() with Coccinelle, part 1
When all we do with an Error we receive into a local variable is
propagating to somewhere else, we can just as well receive it there
right away. Convert
if (!foo(..., &err)) {
...
error_propagate(errp, err);
...
return ...
}
to
if (!foo(..., errp)) {
...
...
return ...
}
where nothing else needs @err. Coccinelle script:
@rule1 forall@
identifier fun, err, errp, lbl;
expression list args, args2;
binary operator op;
constant c1, c2;
symbol false;
@@
if (
(
- fun(args, &err, args2)
+ fun(args, errp, args2)
|
- !fun(args, &err, args2)
+ !fun(args, errp, args2)
|
- fun(args, &err, args2) op c1
+ fun(args, errp, args2) op c1
)
)
{
... when != err
when != lbl:
when strict
- error_propagate(errp, err);
... when != err
(
return;
|
return c2;
|
return false;
)
}
@rule2 forall@
identifier fun, err, errp, lbl;
expression list args, args2;
expression var;
binary operator op;
constant c1, c2;
symbol false;
@@
- var = fun(args, &err, args2);
+ var = fun(args, errp, args2);
... when != err
if (
(
var
|
!var
|
var op c1
)
)
{
... when != err
when != lbl:
when strict
- error_propagate(errp, err);
... when != err
(
return;
|
return c2;
|
return false;
|
return var;
)
}
@depends on rule1 || rule2@
identifier err;
@@
- Error *err = NULL;
... when != err
Not exactly elegant, I'm afraid.
The "when != lbl:" is necessary to avoid transforming
if (fun(args, &err)) {
goto out
}
...
out:
error_propagate(errp, err);
even though other paths to label out still need the error_propagate().
For an actual example, see sclp_realize().
Without the "when strict", Coccinelle transforms vfio_msix_setup(),
incorrectly. I don't know what exactly "when strict" does, only that
it helps here.
The match of return is narrower than what I want, but I can't figure
out how to express "return where the operand doesn't use @err". For
an example where it's too narrow, see vfio_intx_enable().
Silently fails to convert hw/arm/armsse.c, because Coccinelle gets
confused by ARMSSE being used both as typedef and function-like macro
there. Converted manually.
Line breaks tidied up manually. One nested declaration of @local_err
deleted manually. Preexisting unwanted blank line dropped in
hw/riscv/sifive_e.c.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200707160613.848843-35-armbru@redhat.com>
2020-07-07 18:06:02 +02:00
|
|
|
if (!qemu_opts_absorb_qdict(opts, options, errp)) {
|
2013-04-10 15:31:33 +02:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2014-05-15 01:28:41 +02:00
|
|
|
s->readahead_size = qemu_opt_get_size(opts, CURL_BLOCK_OPT_READAHEAD,
|
2019-02-01 20:29:31 +01:00
|
|
|
CURL_BLOCK_OPT_READAHEAD_DEFAULT);
|
2009-07-02 02:16:52 +02:00
|
|
|
if ((s->readahead_size & 0x1ff) != 0) {
|
2014-02-17 14:43:57 +01:00
|
|
|
error_setg(errp, "HTTP_READAHEAD_SIZE %zd is not a multiple of 512",
|
|
|
|
s->readahead_size);
|
2009-07-02 02:16:52 +02:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2014-08-13 17:44:27 +02:00
|
|
|
s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
|
2019-02-01 20:29:31 +01:00
|
|
|
CURL_BLOCK_OPT_TIMEOUT_DEFAULT);
|
2014-10-26 12:05:27 +01:00
|
|
|
if (s->timeout > CURL_TIMEOUT_MAX) {
|
|
|
|
error_setg(errp, "timeout parameter is too large or negative");
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
2014-08-13 17:44:27 +02:00
|
|
|
|
2019-02-01 20:29:31 +01:00
|
|
|
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY,
|
|
|
|
CURL_BLOCK_OPT_SSLVERIFY_DEFAULT);
|
2014-05-15 01:28:42 +02:00
|
|
|
|
2014-08-29 17:03:12 +02:00
|
|
|
cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
|
2017-05-04 16:00:06 +02:00
|
|
|
cookie_secret = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE_SECRET);
|
|
|
|
|
|
|
|
if (cookie && cookie_secret) {
|
|
|
|
error_setg(errp,
|
|
|
|
"curl driver cannot handle both cookie and cookie secret");
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cookie_secret) {
|
|
|
|
s->cookie = qcrypto_secret_lookup_as_utf8(cookie_secret, errp);
|
|
|
|
if (!s->cookie) {
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
s->cookie = g_strdup(cookie);
|
|
|
|
}
|
2014-08-29 17:03:12 +02:00
|
|
|
|
2014-05-15 01:28:41 +02:00
|
|
|
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
|
2013-04-10 15:31:33 +02:00
|
|
|
if (file == NULL) {
|
2014-02-17 14:43:57 +01:00
|
|
|
error_setg(errp, "curl block driver requires an 'url' option");
|
2013-04-10 15:31:33 +02:00
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
2017-03-31 14:04:31 +02:00
|
|
|
if (!strstart(file, bs->drv->protocol_name, &protocol_delimiter) ||
|
|
|
|
!strstart(protocol_delimiter, "://", NULL))
|
|
|
|
{
|
|
|
|
error_setg(errp, "%s curl driver cannot handle the URL '%s' (does not "
|
|
|
|
"start with '%s://')", bs->drv->protocol_name, file,
|
|
|
|
bs->drv->protocol_name);
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
|
curl: add support for HTTP authentication parameters
If connecting to a web server which has authentication
turned on, QEMU gets a 401 as curl has not been configured
with any authentication credentials.
This adds 4 new parameters to the curl block driver
options 'username', 'password-secret', 'proxy-username'
and 'proxy-password-secret'. Passwords are provided using
the recently added 'secret' object type
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-object secret,id=sec1,filename=/home/berrange/proxy.pw \
-drive driver=http,url=http://example.com/some.img,\
username=dan,password-secret=sec0,\
proxy-username=dan,proxy-password-secret=sec1
Of course it is possible to use the same secret for both the
proxy & server passwords if desired, or omit the proxy auth
details, or the server auth details as required.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-3-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-01-21 15:19:20 +01:00
|
|
|
s->username = g_strdup(qemu_opt_get(opts, CURL_BLOCK_OPT_USERNAME));
|
|
|
|
secretid = qemu_opt_get(opts, CURL_BLOCK_OPT_PASSWORD_SECRET);
|
|
|
|
|
|
|
|
if (secretid) {
|
|
|
|
s->password = qcrypto_secret_lookup_as_utf8(secretid, errp);
|
|
|
|
if (!s->password) {
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
s->proxyusername = g_strdup(
|
|
|
|
qemu_opt_get(opts, CURL_BLOCK_OPT_PROXY_USERNAME));
|
|
|
|
secretid = qemu_opt_get(opts, CURL_BLOCK_OPT_PROXY_PASSWORD_SECRET);
|
|
|
|
if (secretid) {
|
|
|
|
s->proxypassword = qcrypto_secret_lookup_as_utf8(secretid, errp);
|
|
|
|
if (!s->proxypassword) {
|
|
|
|
goto out_noclean;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_open(file);
|
2018-02-03 16:39:35 +01:00
|
|
|
qemu_co_queue_init(&s->free_state_waitq);
|
2014-05-08 16:34:40 +02:00
|
|
|
s->aio_context = bdrv_get_aio_context(bs);
|
2013-04-10 15:31:33 +02:00
|
|
|
s->url = g_strdup(file);
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
s->sockets = g_hash_table_new_full(NULL, NULL, NULL, g_free);
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_lock(&s->mutex);
|
2017-05-15 12:00:56 +02:00
|
|
|
state = curl_find_state(s);
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_unlock(&s->mutex);
|
2017-05-15 12:00:56 +02:00
|
|
|
if (!state) {
|
2009-05-11 17:41:42 +02:00
|
|
|
goto out_noclean;
|
2017-05-15 12:00:56 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
// Get file size
|
|
|
|
|
2017-05-15 12:00:56 +02:00
|
|
|
if (curl_init_state(s, state) < 0) {
|
2022-02-22 16:23:40 +01:00
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"curl library initialization failed.");
|
2017-05-15 12:00:56 +02:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 09:19:21 +02:00
|
|
|
s->accept_range = false;
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_NOBODY, 1) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_HEADERFUNCTION, curl_header_cb) ||
|
|
|
|
curl_easy_setopt(state->curl, CURLOPT_HEADERDATA, s)) {
|
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"curl library initialization failed.");
|
|
|
|
goto out;
|
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
if (curl_easy_perform(state->curl))
|
|
|
|
goto out;
|
2023-01-23 21:14:31 +01:00
|
|
|
/* CURL 7.55.0 deprecates CURLINFO_CONTENT_LENGTH_DOWNLOAD in favour of
|
|
|
|
* the *_T version which returns a more sensible type for content length.
|
|
|
|
*/
|
|
|
|
#if LIBCURL_VERSION_NUM >= 0x073700
|
|
|
|
if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &cl)) {
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &cl)) {
|
2009-05-11 17:41:42 +02:00
|
|
|
goto out;
|
2016-07-08 13:18:09 +02:00
|
|
|
}
|
2023-01-23 21:14:31 +01:00
|
|
|
#endif
|
2016-07-08 13:18:09 +02:00
|
|
|
/* Prior CURL 7.19.4 return value of 0 could mean that the file size is not
|
|
|
|
* know or the size is zero. From 7.19.4 CURL returns -1 if size is not
|
2018-07-12 21:51:20 +02:00
|
|
|
* known and zero if it is really zero-length file. */
|
2016-07-08 13:18:09 +02:00
|
|
|
#if LIBCURL_VERSION_NUM >= 0x071304
|
2023-01-23 21:14:31 +01:00
|
|
|
if (cl < 0) {
|
2016-07-08 13:18:09 +02:00
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"Server didn't report file size.");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
#else
|
2023-01-23 21:14:31 +01:00
|
|
|
if (cl <= 0) {
|
2016-07-08 13:18:09 +02:00
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"Unknown file size or zero-length file.");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2023-01-23 21:14:31 +01:00
|
|
|
s->len = cl;
|
2016-07-08 13:18:09 +02:00
|
|
|
|
curl: refuse to open URL from HTTP server without range support
CURL driver requests partial data from server on guest IO req. For HTTP
and HTTPS, it uses "Range: ***" in requests, and this will not work if
server not accepting range. This patch does this check when open.
* Removed curl_size_cb, which is not used: On one hand it's registered to
libcurl as CURLOPT_WRITEFUNCTION, instead of CURLOPT_HEADERFUNCTION,
which will get called with *data*, not *header*. On the other hand the
s->len is assigned unconditionally later.
In this gone function, the sscanf for "Content-Length: %zd", on
(void *)ptr, which is not guaranteed to be zero-terminated, is
potentially a security bug. So this patch fixes it as a side-effect. The
bug is reported as: https://bugs.launchpad.net/qemu/+bug/1188943
(Note the bug is marked "private" so you might not be able to see it)
* Introduced curl_header_cb, which is used to parse header and mark the
server as accepting range if "Accept-Ranges: bytes" line is seen from
response header. If protocol is HTTP or HTTPS, but server response has
no not this support, refuse to open this URL.
Note that python builtin module SimpleHTTPServer is an example of not
supporting range, if you need to test this driver, get a better server
or use internet URLs.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-02 09:19:21 +02:00
|
|
|
if ((!strncasecmp(s->url, "http://", strlen("http://"))
|
|
|
|
|| !strncasecmp(s->url, "https://", strlen("https://")))
|
|
|
|
&& !s->accept_range) {
|
|
|
|
pstrcpy(state->errmsg, CURL_ERROR_SIZE,
|
|
|
|
"Server does not support 'range' (byte ranges).");
|
|
|
|
goto out;
|
|
|
|
}
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_open_size(s->len);
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_lock(&s->mutex);
|
2009-05-11 17:41:42 +02:00
|
|
|
curl_clean_state(state);
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_unlock(&s->mutex);
|
2009-05-11 17:41:42 +02:00
|
|
|
curl_easy_cleanup(state->curl);
|
|
|
|
state->curl = NULL;
|
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
curl_attach_aio_context(bs, bdrv_get_aio_context(bs));
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2013-04-10 15:31:33 +02:00
|
|
|
qemu_opts_del(opts);
|
2009-05-11 17:41:42 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
out:
|
2014-03-18 06:59:18 +01:00
|
|
|
error_setg(errp, "CURL: Error opening file: %s", state->errmsg);
|
2009-05-11 17:41:42 +02:00
|
|
|
curl_easy_cleanup(state->curl);
|
|
|
|
state->curl = NULL;
|
|
|
|
out_noclean:
|
2017-05-15 12:00:55 +02:00
|
|
|
qemu_mutex_destroy(&s->mutex);
|
2014-08-29 17:03:12 +02:00
|
|
|
g_free(s->cookie);
|
2013-04-10 15:31:33 +02:00
|
|
|
g_free(s->url);
|
2017-11-07 23:27:23 +01:00
|
|
|
g_free(s->username);
|
|
|
|
g_free(s->proxyusername);
|
|
|
|
g_free(s->proxypassword);
|
2023-02-06 14:29:49 +01:00
|
|
|
if (s->sockets) {
|
|
|
|
curl_drop_all_sockets(s->sockets);
|
|
|
|
g_hash_table_destroy(s->sockets);
|
|
|
|
}
|
2013-04-10 15:31:33 +02:00
|
|
|
qemu_opts_del(opts);
|
2009-05-11 17:41:42 +02:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2022-09-22 10:49:14 +02:00
|
|
|
static void coroutine_fn curl_setup_preadv(BlockDriverState *bs, CURLAIOCB *acb)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
CURLState *state;
|
2014-04-29 17:03:29 +02:00
|
|
|
int running;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-02-13 14:52:31 +01:00
|
|
|
BDRVCURLState *s = bs->opaque;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:57 +02:00
|
|
|
uint64_t start = acb->offset;
|
|
|
|
uint64_t end;
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-02-22 19:07:23 +01:00
|
|
|
qemu_mutex_lock(&s->mutex);
|
2017-02-13 14:52:31 +01:00
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
// In case we have the requested data already (e.g. read-ahead),
|
|
|
|
// we can just call the callback and be done.
|
2017-05-15 12:00:58 +02:00
|
|
|
if (curl_find_buf(s, start, acb->bytes, acb)) {
|
|
|
|
goto out;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// No cache found, so let's start a new request
|
2017-05-15 12:00:56 +02:00
|
|
|
for (;;) {
|
|
|
|
state = curl_find_state(s);
|
|
|
|
if (state) {
|
|
|
|
break;
|
|
|
|
}
|
2018-02-03 16:39:35 +01:00
|
|
|
qemu_co_queue_wait(&s->free_state_waitq, &s->mutex);
|
2017-05-15 12:00:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (curl_init_state(s, state) < 0) {
|
|
|
|
curl_clean_state(state);
|
2017-05-15 12:00:58 +02:00
|
|
|
acb->ret = -EIO;
|
2017-02-13 14:52:31 +01:00
|
|
|
goto out;
|
2011-09-21 12:55:50 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
acb->start = 0;
|
2017-05-15 12:00:57 +02:00
|
|
|
acb->end = MIN(acb->bytes, s->len - start);
|
2009-05-11 17:41:42 +02:00
|
|
|
|
|
|
|
state->buf_off = 0;
|
2014-06-06 18:25:12 +02:00
|
|
|
g_free(state->orig_buf);
|
2009-05-11 17:41:42 +02:00
|
|
|
state->buf_start = start;
|
2016-10-25 04:54:31 +02:00
|
|
|
state->buf_len = MIN(acb->end + s->readahead_size, s->len - start);
|
|
|
|
end = start + state->buf_len - 1;
|
2014-05-20 13:26:40 +02:00
|
|
|
state->orig_buf = g_try_malloc(state->buf_len);
|
|
|
|
if (state->buf_len && state->orig_buf == NULL) {
|
|
|
|
curl_clean_state(state);
|
2017-05-15 12:00:58 +02:00
|
|
|
acb->ret = -ENOMEM;
|
2017-02-13 14:52:31 +01:00
|
|
|
goto out;
|
2014-05-20 13:26:40 +02:00
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
state->acb[0] = acb;
|
|
|
|
|
2017-05-15 12:00:57 +02:00
|
|
|
snprintf(state->range, 127, "%" PRIu64 "-%" PRIu64, start, end);
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_setup_preadv(acb->bytes, start, state->range);
|
2022-02-22 16:23:41 +01:00
|
|
|
if (curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range) ||
|
|
|
|
curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
|
2019-09-10 14:41:36 +02:00
|
|
|
state->acb[0] = NULL;
|
|
|
|
acb->ret = -EIO;
|
|
|
|
|
|
|
|
curl_clean_state(state);
|
|
|
|
goto out;
|
|
|
|
}
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-04-29 17:03:29 +02:00
|
|
|
/* Tell curl it needs to kick things off */
|
|
|
|
curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running);
|
2017-02-13 14:52:31 +01:00
|
|
|
|
|
|
|
out:
|
2017-02-22 19:07:23 +01:00
|
|
|
qemu_mutex_unlock(&s->mutex);
|
2011-09-21 12:55:50 +02:00
|
|
|
}
|
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
static int coroutine_fn curl_co_preadv(BlockDriverState *bs,
|
block: use int64_t instead of uint64_t in driver read handlers
We are generally moving to int64_t for both offset and bytes parameters
on all io paths.
Main motivation is realization of 64-bit write_zeroes operation for
fast zeroing large disk chunks, up to the whole disk.
We chose signed type, to be consistent with off_t (which is signed) and
with possibility for signed return type (where negative value means
error).
So, convert driver read handlers parameters which are already 64bit to
signed type.
While being here, convert also flags parameter to be BdrvRequestFlags.
Now let's consider all callers. Simple
git grep '\->bdrv_\(aio\|co\)_preadv\(_part\)\?'
shows that's there three callers of driver function:
bdrv_driver_preadv() in block/io.c, passes int64_t, checked by
bdrv_check_qiov_request() to be non-negative.
qcow2_load_vmstate() does bdrv_check_qiov_request().
do_perform_cow_read() has uint64_t argument. And a lot of things in
qcow2 driver are uint64_t, so converting it is big job. But we must
not work with requests that don't satisfy bdrv_check_qiov_request(),
so let's just assert it here.
Still, the functions may be called directly, not only by drv->...
Let's check:
git grep '\.bdrv_\(aio\|co\)_preadv\(_part\)\?\s*=' | \
awk '{print $4}' | sed 's/,//' | sed 's/&//' | sort | uniq | \
while read func; do git grep "$func(" | \
grep -v "$func(BlockDriverState"; done
The only one such caller:
QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, &data, 1);
...
ret = bdrv_replace_test_co_preadv(bs, 0, 1, &qiov, 0);
in tests/unit/test-bdrv-drain.c, and it's OK obviously.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210903102807.27127-4-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: fix typos]
Signed-off-by: Eric Blake <eblake@redhat.com>
2021-09-03 12:27:59 +02:00
|
|
|
int64_t offset, int64_t bytes, QEMUIOVector *qiov,
|
|
|
|
BdrvRequestFlags flags)
|
2011-09-21 12:55:50 +02:00
|
|
|
{
|
2017-05-15 12:00:58 +02:00
|
|
|
CURLAIOCB acb = {
|
|
|
|
.co = qemu_coroutine_self(),
|
|
|
|
.ret = -EINPROGRESS,
|
|
|
|
.qiov = qiov,
|
|
|
|
.offset = offset,
|
|
|
|
.bytes = bytes
|
|
|
|
};
|
|
|
|
|
|
|
|
curl_setup_preadv(bs, &acb);
|
|
|
|
while (acb.ret == -EINPROGRESS) {
|
|
|
|
qemu_coroutine_yield();
|
|
|
|
}
|
|
|
|
return acb.ret;
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void curl_close(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
|
2018-12-13 17:27:25 +01:00
|
|
|
trace_curl_close();
|
2014-05-08 16:34:40 +02:00
|
|
|
curl_detach_aio_context(bs);
|
2017-02-22 19:07:23 +01:00
|
|
|
qemu_mutex_destroy(&s->mutex);
|
2014-01-24 14:56:17 +01:00
|
|
|
|
curl: Disconnect sockets from CURLState
When a curl transfer is finished, that does not mean that CURL lets go
of all the sockets it used for it. We therefore must not free a
CURLSocket object before CURL has invoked curl_sock_cb() to tell us to
remove it. Otherwise, we may get a use-after-free, as described in this
bug report: https://bugs.launchpad.net/qemu/+bug/1916501
(Reproducer from that report:
$ qemu-img convert -f qcow2 -O raw \
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \
out.img
)
(Alternatively, it might seem logical to force-drop all sockets that
have been used for a state when the respective transfer is done, kind of
like it is done now, but including unsetting the AIO handlers.
Unfortunately, doing so makes the driver just hang instead of crashing,
which seems to evidence that CURL still uses those sockets.)
Make the CURLSocket object independent of "its" CURLState by putting all
sockets into a hash table belonging to the BDRVCURLState instead of a
list that belongs to a CURLState. Do not touch any sockets in
curl_clean_state().
Testing, it seems like all sockets are indeed gone by the time the curl
BDS is closed, so it seems like there really was no point in freeing any
socket just because a transfer is done. libcurl does invoke
curl_sock_cb() with CURL_POLL_REMOVE for every socket it has.
Buglink: https://bugs.launchpad.net/qemu/+bug/1916501
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210309130541.37540-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-09 14:05:41 +01:00
|
|
|
g_hash_table_destroy(s->sockets);
|
2014-08-29 17:03:12 +02:00
|
|
|
g_free(s->cookie);
|
2012-09-01 11:06:45 +02:00
|
|
|
g_free(s->url);
|
2017-11-07 23:27:23 +01:00
|
|
|
g_free(s->username);
|
|
|
|
g_free(s->proxyusername);
|
|
|
|
g_free(s->proxypassword);
|
2009-05-11 17:41:42 +02:00
|
|
|
}
|
|
|
|
|
2023-01-13 21:42:04 +01:00
|
|
|
static int64_t coroutine_fn curl_co_getlength(BlockDriverState *bs)
|
2009-05-11 17:41:42 +02:00
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
return s->len;
|
|
|
|
}
|
|
|
|
|
2019-02-01 20:29:32 +01:00
|
|
|
static void curl_refresh_filename(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
BDRVCURLState *s = bs->opaque;
|
|
|
|
|
|
|
|
/* "readahead" and "timeout" do not change the guest-visible data,
|
|
|
|
* so ignore them */
|
|
|
|
if (s->sslverify != CURL_BLOCK_OPT_SSLVERIFY_DEFAULT ||
|
|
|
|
s->cookie || s->username || s->password || s->proxyusername ||
|
|
|
|
s->proxypassword)
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), s->url);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-02-01 20:29:25 +01:00
|
|
|
static const char *const curl_strong_runtime_opts[] = {
|
|
|
|
CURL_BLOCK_OPT_URL,
|
|
|
|
CURL_BLOCK_OPT_SSLVERIFY,
|
|
|
|
CURL_BLOCK_OPT_COOKIE,
|
|
|
|
CURL_BLOCK_OPT_COOKIE_SECRET,
|
|
|
|
CURL_BLOCK_OPT_USERNAME,
|
|
|
|
CURL_BLOCK_OPT_PASSWORD_SECRET,
|
|
|
|
CURL_BLOCK_OPT_PROXY_USERNAME,
|
|
|
|
CURL_BLOCK_OPT_PROXY_PASSWORD_SECRET,
|
|
|
|
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
|
2009-05-11 17:41:42 +02:00
|
|
|
static BlockDriver bdrv_http = {
|
2014-05-08 16:34:40 +02:00
|
|
|
.format_name = "http",
|
|
|
|
.protocol_name = "http",
|
|
|
|
|
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
2023-01-13 21:42:04 +01:00
|
|
|
.bdrv_co_getlength = curl_co_getlength,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
.bdrv_co_preadv = curl_co_preadv,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2019-02-01 20:29:25 +01:00
|
|
|
|
2019-02-01 20:29:32 +01:00
|
|
|
.bdrv_refresh_filename = curl_refresh_filename,
|
2019-02-01 20:29:25 +01:00
|
|
|
.strong_runtime_opts = curl_strong_runtime_opts,
|
2009-05-11 17:41:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_https = {
|
2014-05-08 16:34:40 +02:00
|
|
|
.format_name = "https",
|
|
|
|
.protocol_name = "https",
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
2023-01-13 21:42:04 +01:00
|
|
|
.bdrv_co_getlength = curl_co_getlength,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
.bdrv_co_preadv = curl_co_preadv,
|
2014-05-08 16:34:40 +02:00
|
|
|
|
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2019-02-01 20:29:25 +01:00
|
|
|
|
2019-02-01 20:29:32 +01:00
|
|
|
.bdrv_refresh_filename = curl_refresh_filename,
|
2019-02-01 20:29:25 +01:00
|
|
|
.strong_runtime_opts = curl_strong_runtime_opts,
|
2009-05-11 17:41:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_ftp = {
|
2014-05-08 16:34:40 +02:00
|
|
|
.format_name = "ftp",
|
|
|
|
.protocol_name = "ftp",
|
|
|
|
|
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
2023-01-13 21:42:04 +01:00
|
|
|
.bdrv_co_getlength = curl_co_getlength,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
.bdrv_co_preadv = curl_co_preadv,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2019-02-01 20:29:25 +01:00
|
|
|
|
2019-02-01 20:29:32 +01:00
|
|
|
.bdrv_refresh_filename = curl_refresh_filename,
|
2019-02-01 20:29:25 +01:00
|
|
|
.strong_runtime_opts = curl_strong_runtime_opts,
|
2009-05-11 17:41:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static BlockDriver bdrv_ftps = {
|
2014-05-08 16:34:40 +02:00
|
|
|
.format_name = "ftps",
|
|
|
|
.protocol_name = "ftps",
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2014-05-08 16:34:40 +02:00
|
|
|
.instance_size = sizeof(BDRVCURLState),
|
|
|
|
.bdrv_parse_filename = curl_parse_filename,
|
|
|
|
.bdrv_file_open = curl_open,
|
|
|
|
.bdrv_close = curl_close,
|
2023-01-13 21:42:04 +01:00
|
|
|
.bdrv_co_getlength = curl_co_getlength,
|
2009-05-11 17:41:42 +02:00
|
|
|
|
2017-05-15 12:00:58 +02:00
|
|
|
.bdrv_co_preadv = curl_co_preadv,
|
2014-05-08 16:34:40 +02:00
|
|
|
|
|
|
|
.bdrv_detach_aio_context = curl_detach_aio_context,
|
|
|
|
.bdrv_attach_aio_context = curl_attach_aio_context,
|
2019-02-01 20:29:25 +01:00
|
|
|
|
2019-02-01 20:29:32 +01:00
|
|
|
.bdrv_refresh_filename = curl_refresh_filename,
|
2019-02-01 20:29:25 +01:00
|
|
|
.strong_runtime_opts = curl_strong_runtime_opts,
|
2009-05-11 17:41:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static void curl_block_init(void)
|
|
|
|
{
|
|
|
|
bdrv_register(&bdrv_http);
|
|
|
|
bdrv_register(&bdrv_https);
|
|
|
|
bdrv_register(&bdrv_ftp);
|
|
|
|
bdrv_register(&bdrv_ftps);
|
|
|
|
}
|
|
|
|
|
|
|
|
block_init(curl_block_init);
|