2012-08-22 16:43:07 +02:00
|
|
|
/*
|
|
|
|
* Serving QEMU block devices via NBD
|
|
|
|
*
|
|
|
|
* Copyright (c) 2012 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* Author: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
|
*
|
|
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or
|
|
|
|
* later. See the COPYING file in the top-level directory.
|
|
|
|
*/
|
|
|
|
|
2016-01-29 18:50:05 +01:00
|
|
|
#include "qemu/osdep.h"
|
2012-12-17 18:20:04 +01:00
|
|
|
#include "sysemu/blockdev.h"
|
2014-11-18 12:21:17 +01:00
|
|
|
#include "sysemu/block-backend.h"
|
2013-02-05 17:06:20 +01:00
|
|
|
#include "hw/block/block.h"
|
2018-02-01 12:18:31 +01:00
|
|
|
#include "qapi/error.h"
|
2018-02-11 10:36:01 +01:00
|
|
|
#include "qapi/qapi-commands-block.h"
|
2012-12-17 18:19:44 +01:00
|
|
|
#include "block/nbd.h"
|
2016-02-10 19:41:03 +01:00
|
|
|
#include "io/channel-socket.h"
|
2017-12-18 11:16:42 +01:00
|
|
|
#include "io/net-listener.h"
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2016-02-10 19:41:14 +01:00
|
|
|
typedef struct NBDServerData {
|
2017-12-18 11:16:42 +01:00
|
|
|
QIONetListener *listener;
|
2016-02-10 19:41:14 +01:00
|
|
|
QCryptoTLSCreds *tlscreds;
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
char *tlsauthz;
|
2016-02-10 19:41:14 +01:00
|
|
|
} NBDServerData;
|
|
|
|
|
|
|
|
static NBDServerData *nbd_server;
|
|
|
|
|
nbd: Fix regression on resiliency to port scan
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
server would not quit, regardless of how many probe connections
came and went, until a connection actually negotiated). But we
broke that in commit ee7d7aa when removing the return value to
nbd_client_new(), although that patch also introduced a bug causing
an assertion failure on a client that fails negotiation. We then
made it worse during refactoring in commit 1a6245a (a segfault
before we could even assert); the (masked) assertion was cleaned
up in d3780c2 (still in 2.6), and just recently we finally fixed
the segfault ("nbd: Fully intialize client in case of failed
negotiation"). But that still means that ever since we added
TLS support to qemu-nbd, we have been vulnerable to an ill-timed
port-scan being able to cause a denial of service by taking down
qemu-nbd before a real client has a chance to connect.
Since negotiation is now handled asynchronously via coroutines,
we no longer have a synchronous point of return by re-adding a
return value to nbd_client_new(). So this patch instead wires
things up to pass the negotiation status through the close_fn
callback function.
Simple test across two terminals:
$ qemu-nbd -f raw -p 30001 file
$ nmap 127.0.0.1 -p 30001 && \
qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
Note that this patch does not change what constitutes successful
negotiation (thus, a client must enter transmission phase before
that client can be considered as a reason to terminate the server
when the connection ends). Perhaps we may want to tweak things
in a later patch to also treat a client that uses NBD_OPT_ABORT
as being a 'successful' negotiation (the client correctly talked
the NBD protocol, and informed us it was not going to use our
export after all), but that's a discussion for another day.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-09 00:26:17 +02:00
|
|
|
static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
|
|
|
|
{
|
|
|
|
nbd_client_put(client);
|
|
|
|
}
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2017-12-18 11:16:42 +01:00
|
|
|
static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
|
|
|
|
gpointer opaque)
|
2012-08-22 16:43:07 +02:00
|
|
|
{
|
2016-09-30 12:57:14 +02:00
|
|
|
qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz,
|
nbd: Fix regression on resiliency to port scan
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
server would not quit, regardless of how many probe connections
came and went, until a connection actually negotiated). But we
broke that in commit ee7d7aa when removing the return value to
nbd_client_new(), although that patch also introduced a bug causing
an assertion failure on a client that fails negotiation. We then
made it worse during refactoring in commit 1a6245a (a segfault
before we could even assert); the (masked) assertion was cleaned
up in d3780c2 (still in 2.6), and just recently we finally fixed
the segfault ("nbd: Fully intialize client in case of failed
negotiation"). But that still means that ever since we added
TLS support to qemu-nbd, we have been vulnerable to an ill-timed
port-scan being able to cause a denial of service by taking down
qemu-nbd before a real client has a chance to connect.
Since negotiation is now handled asynchronously via coroutines,
we no longer have a synchronous point of return by re-adding a
return value to nbd_client_new(). So this patch instead wires
things up to pass the negotiation status through the close_fn
callback function.
Simple test across two terminals:
$ qemu-nbd -f raw -p 30001 file
$ nmap 127.0.0.1 -p 30001 && \
qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
Note that this patch does not change what constitutes successful
negotiation (thus, a client must enter transmission phase before
that client can be considered as a reason to terminate the server
when the connection ends). Perhaps we may want to tweak things
in a later patch to also treat a client that uses NBD_OPT_ABORT
as being a 'successful' negotiation (the client correctly talked
the NBD protocol, and informed us it was not going to use our
export after all), but that's a discussion for another day.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-09 00:26:17 +02:00
|
|
|
nbd_blockdev_client_closed);
|
2012-08-22 16:43:07 +02:00
|
|
|
}
|
|
|
|
|
2016-02-10 19:41:14 +01:00
|
|
|
|
|
|
|
static void nbd_server_free(NBDServerData *server)
|
2012-08-22 16:43:07 +02:00
|
|
|
{
|
2016-02-10 19:41:14 +01:00
|
|
|
if (!server) {
|
2012-08-22 16:43:07 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-12-18 11:16:42 +01:00
|
|
|
qio_net_listener_disconnect(server->listener);
|
|
|
|
object_unref(OBJECT(server->listener));
|
2016-02-10 19:41:14 +01:00
|
|
|
if (server->tlscreds) {
|
|
|
|
object_unref(OBJECT(server->tlscreds));
|
|
|
|
}
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
g_free(server->tlsauthz);
|
2016-02-10 19:41:14 +01:00
|
|
|
|
|
|
|
g_free(server);
|
|
|
|
}
|
|
|
|
|
|
|
|
static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp)
|
|
|
|
{
|
|
|
|
Object *obj;
|
|
|
|
QCryptoTLSCreds *creds;
|
|
|
|
|
|
|
|
obj = object_resolve_path_component(
|
|
|
|
object_get_objects_root(), id);
|
|
|
|
if (!obj) {
|
|
|
|
error_setg(errp, "No TLS credentials with id '%s'",
|
|
|
|
id);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
creds = (QCryptoTLSCreds *)
|
|
|
|
object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS);
|
|
|
|
if (!creds) {
|
|
|
|
error_setg(errp, "Object with id '%s' is not TLS credentials",
|
|
|
|
id);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
|
|
|
|
error_setg(errp,
|
|
|
|
"Expecting TLS credentials with a server endpoint");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
object_ref(obj);
|
|
|
|
return creds;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-04-26 09:36:41 +02:00
|
|
|
void nbd_server_start(SocketAddress *addr, const char *tls_creds,
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
const char *tls_authz, Error **errp)
|
2016-02-10 19:41:14 +01:00
|
|
|
{
|
|
|
|
if (nbd_server) {
|
|
|
|
error_setg(errp, "NBD server already running");
|
2016-02-10 19:41:03 +01:00
|
|
|
return;
|
2012-08-22 16:43:07 +02:00
|
|
|
}
|
2016-02-10 19:41:03 +01:00
|
|
|
|
2016-02-10 19:41:14 +01:00
|
|
|
nbd_server = g_new0(NBDServerData, 1);
|
2017-12-18 11:16:42 +01:00
|
|
|
nbd_server->listener = qio_net_listener_new();
|
|
|
|
|
|
|
|
qio_net_listener_set_name(nbd_server->listener,
|
|
|
|
"nbd-listener");
|
|
|
|
|
2019-08-19 18:08:21 +02:00
|
|
|
if (qio_net_listener_open_sync(nbd_server->listener, addr, 1, errp) < 0) {
|
2016-02-10 19:41:14 +01:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:36:41 +02:00
|
|
|
if (tls_creds) {
|
2016-02-10 19:41:14 +01:00
|
|
|
nbd_server->tlscreds = nbd_get_tls_creds(tls_creds, errp);
|
|
|
|
if (!nbd_server->tlscreds) {
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:36:41 +02:00
|
|
|
/* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */
|
|
|
|
if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
|
2016-02-10 19:41:14 +01:00
|
|
|
error_setg(errp, "TLS is only supported with IPv4/IPv6");
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
nbd_server->tlsauthz = g_strdup(tls_authz);
|
|
|
|
|
2017-12-18 11:16:42 +01:00
|
|
|
qio_net_listener_set_client_func(nbd_server->listener,
|
|
|
|
nbd_accept,
|
|
|
|
NULL,
|
|
|
|
NULL);
|
2016-02-10 19:41:14 +01:00
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
error:
|
|
|
|
nbd_server_free(nbd_server);
|
|
|
|
nbd_server = NULL;
|
2012-08-22 16:43:07 +02:00
|
|
|
}
|
|
|
|
|
2017-04-26 09:36:41 +02:00
|
|
|
void qmp_nbd_server_start(SocketAddressLegacy *addr,
|
|
|
|
bool has_tls_creds, const char *tls_creds,
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
bool has_tls_authz, const char *tls_authz,
|
2017-04-26 09:36:41 +02:00
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
SocketAddress *addr_flat = socket_address_flatten(addr);
|
|
|
|
|
nbd: allow authorization with nbd-server-start QMP command
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add',
'arguments': {
'qom-type': 'authz-list',
'id': 'authz0',
'parameters': {
'policy': 'deny',
'rules': [
{
'match': '*CN=fred',
'policy': 'allow'
}
]
}
}
}
They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:
{
'execute': 'nbd-server-start',
'arguments': {
'addr': {
'type': 'inet',
'host': '127.0.0.1',
'port': '9000'
},
'tls-creds': 'tls0',
'tls-authz': 'authz0'
}
}
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-02-27 17:20:34 +01:00
|
|
|
nbd_server_start(addr_flat, tls_creds, tls_authz, errp);
|
2017-04-26 09:36:41 +02:00
|
|
|
qapi_free_SocketAddress(addr_flat);
|
|
|
|
}
|
|
|
|
|
2018-01-19 14:57:15 +01:00
|
|
|
void qmp_nbd_server_add(const char *device, bool has_name, const char *name,
|
nbd: Allow bitmap export during QMP nbd-server-add
With the experimental x-nbd-server-add-bitmap command, there was
a window of time where an NBD client could see the export but not
the associated dirty bitmap, which can cause a client that planned
on using the dirty bitmap to be forced to treat the entire image
as dirty as a safety fallback. Furthermore, if the QMP client
successfully exports a disk but then fails to add the bitmap, it
has to take on the burden of removing the export. Since we don't
allow changing the exposed dirty bitmap (whether to a different
bitmap, or removing advertisement of the bitmap), it is nicer to
make the bitmap tied to the export at the time the export is
created, with automatic failure to export if the bitmap is not
available.
The experimental command included an optional 'bitmap-export-name'
field for remapping the name exposed over NBD to be different from
the bitmap name stored on disk. However, my libvirt demo code
for implementing differential backups on top of persistent bitmaps
did not need to take advantage of that feature (it is instead
possible to create a new temporary bitmap with the desired name,
use block-dirty-bitmap-merge to merge one or more persistent
bitmaps into the temporary, then associate the temporary with the
NBD export, if control is needed over the exported bitmap name).
Hence, I'm not copying that part of the experiment over to the
stable addition. For more details on the libvirt demo, see
https://www.redhat.com/archives/libvir-list/2018-October/msg01254.html,
https://kvmforum2018.sched.com/event/FzuB/facilitating-incremental-backup-eric-blake-red-hat
This patch focuses on the user interface, and reduces (but does
not completely eliminate) the window where an NBD client can see
the export but not the dirty bitmap, with less work to clean up
after errors. Later patches will add further cleanups now that
this interface is declared stable via a single QMP command,
including removing the race window.
Update test 223 to use the new interface.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190111194720.15671-6-eblake@redhat.com>
2019-01-11 20:47:17 +01:00
|
|
|
bool has_writable, bool writable,
|
|
|
|
bool has_bitmap, const char *bitmap, Error **errp)
|
2012-08-22 16:43:07 +02:00
|
|
|
{
|
2016-07-06 14:15:51 +02:00
|
|
|
BlockDriverState *bs = NULL;
|
|
|
|
BlockBackend *on_eject_blk;
|
2012-08-22 16:43:07 +02:00
|
|
|
NBDExport *exp;
|
2019-01-17 20:36:42 +01:00
|
|
|
int64_t len;
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2016-02-10 19:41:14 +01:00
|
|
|
if (!nbd_server) {
|
2012-11-12 14:25:17 +01:00
|
|
|
error_setg(errp, "NBD server not running");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-01-19 14:57:15 +01:00
|
|
|
if (!has_name) {
|
|
|
|
name = device;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nbd_export_find(name)) {
|
|
|
|
error_setg(errp, "NBD server already has export named '%s'", name);
|
2012-08-22 16:43:07 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-07-06 14:15:51 +02:00
|
|
|
on_eject_blk = blk_by_name(device);
|
|
|
|
|
|
|
|
bs = bdrv_lookup_bs(device, device, errp);
|
|
|
|
if (!bs) {
|
2014-05-18 12:50:04 +02:00
|
|
|
return;
|
|
|
|
}
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2019-01-17 20:36:42 +01:00
|
|
|
len = bdrv_getlength(bs);
|
|
|
|
if (len < 0) {
|
|
|
|
error_setg_errno(errp, -len,
|
|
|
|
"Failed to determine the NBD export's length");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2012-11-04 12:43:37 +01:00
|
|
|
if (!has_writable) {
|
2012-11-28 11:46:39 +01:00
|
|
|
writable = false;
|
2012-11-04 12:43:37 +01:00
|
|
|
}
|
2016-07-06 14:15:51 +02:00
|
|
|
if (bdrv_is_read_only(bs)) {
|
2012-11-04 12:43:37 +01:00
|
|
|
writable = false;
|
|
|
|
}
|
|
|
|
|
nbd: Improve per-export flag handling in server
When creating a read-only image, we are still advertising support for
TRIM and WRITE_ZEROES to the client, even though the client should not
be issuing those commands. But seeing this requires looking across
multiple functions:
All callers to nbd_export_new() passed a single flag based solely on
whether the export allows writes. Later, we then pass a constant set
of flags to nbd_negotiate_options() (namely, the set of flags which we
always support, at least for writable images), which is then further
dynamically modified with NBD_FLAG_SEND_DF based on client requests
for structured options. Finally, when processing NBD_OPT_EXPORT_NAME
or NBD_OPT_EXPORT_GO we bitwise-or the original caller's flag with the
runtime set of flags we've built up over several functions.
Let's refactor things to instead compute a baseline of flags as soon
as possible which gets shared between multiple clients, in
nbd_export_new(), and changing the signature for the callers to pass
in a simpler bool rather than having to figure out flags. We can then
get rid of the 'myflags' parameter to various functions, and instead
refer to client for everything we need (we still have to perform a
bitwise-OR for NBD_FLAG_SEND_DF during NBD_OPT_EXPORT_NAME and
NBD_OPT_EXPORT_GO, but it's easier to see what is being computed).
This lets us quit advertising senseless flags for read-only images, as
well as making the next patch for exposing FAST_ZERO support easier to
write.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190823143726.27062-2-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
[eblake: improve commit message, update iotest 223]
2019-08-23 16:37:22 +02:00
|
|
|
exp = nbd_export_new(bs, 0, len, name, NULL, bitmap, !writable, !writable,
|
2016-07-06 14:15:51 +02:00
|
|
|
NULL, false, on_eject_blk, errp);
|
2015-02-25 19:08:21 +01:00
|
|
|
if (!exp) {
|
|
|
|
return;
|
|
|
|
}
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2016-01-29 16:36:06 +01:00
|
|
|
/* The list of named exports has a strong reference to this export now and
|
|
|
|
* our only way of accessing it is through nbd_export_find(), so we can drop
|
|
|
|
* the strong reference that is @exp. */
|
|
|
|
nbd_export_put(exp);
|
2012-08-22 16:43:07 +02:00
|
|
|
}
|
|
|
|
|
2018-01-19 14:57:16 +01:00
|
|
|
void qmp_nbd_server_remove(const char *name,
|
|
|
|
bool has_mode, NbdServerRemoveMode mode,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
NBDExport *exp;
|
|
|
|
|
|
|
|
if (!nbd_server) {
|
|
|
|
error_setg(errp, "NBD server not running");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
exp = nbd_export_find(name);
|
|
|
|
if (exp == NULL) {
|
|
|
|
error_setg(errp, "Export '%s' is not found", name);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!has_mode) {
|
|
|
|
mode = NBD_SERVER_REMOVE_MODE_SAFE;
|
|
|
|
}
|
|
|
|
|
|
|
|
nbd_export_remove(exp, mode, errp);
|
|
|
|
}
|
|
|
|
|
2012-08-22 16:43:07 +02:00
|
|
|
void qmp_nbd_server_stop(Error **errp)
|
|
|
|
{
|
2019-01-11 20:47:14 +01:00
|
|
|
if (!nbd_server) {
|
|
|
|
error_setg(errp, "NBD server not running");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-01-29 16:36:06 +01:00
|
|
|
nbd_export_close_all();
|
2012-08-22 16:43:07 +02:00
|
|
|
|
2016-02-10 19:41:14 +01:00
|
|
|
nbd_server_free(nbd_server);
|
|
|
|
nbd_server = NULL;
|
2012-08-22 16:43:07 +02:00
|
|
|
}
|