/* Receive the header of an option reply, which should match the given
* opt. Read through the length field, but NOT the length bytes of
* payload. Return 0 if successful, -1 with errp set if it is
* impossible to continue. */
static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
nbd_opt_reply *reply, Error **errp)
{
QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
if (nbd_read(ioc, reply, sizeof(*reply), errp) < 0) {
error_prepend(errp, "failed to read option reply");
nbd_send_opt_abort(ioc);
return -1;
}
be64_to_cpus(&reply->magic);
be32_to_cpus(&reply->option);
be32_to_cpus(&reply->type);
be32_to_cpus(&reply->length);
trace_nbd_receive_option_reply(reply->option, nbd_opt_lookup(reply->option),
reply->type, nbd_rep_lookup(reply->type),
reply->length);
if (reply->magic != NBD_REP_MAGIC) {
error_setg(errp, "Unexpected option reply magic");
nbd_send_opt_abort(ioc);
return -1;
}
if (reply->option != opt) {
error_setg(errp, "Unexpected option type %x expected %x",
reply->option, opt);
nbd_send_opt_abort(ioc);
return -1;
}
return 0;
}
/* nbd_request_simple_option: Send an option request, and parse the reply
* return 1 for successful negotiation,
* 0 if operation is unsupported,
* -1 with errp set for any other error
*/
static int nbd_request_simple_option(QIOChannel *ioc, int opt, Error **errp)
{
NBDOptionReply reply;
int error;
if (nbd_send_option_request(ioc, opt, 0, NULL, errp) < 0) {
return -1;
}
if (nbd_receive_option_reply(ioc, opt, &reply, errp) < 0) {
return -1;
}
error = nbd_handle_reply_err(ioc, &reply, errp);
if (error <= 0) {
return error;
}
if (reply.type != NBD_REP_ACK) {
error_setg(errp, "Server answered option %d (%s) with unexpected "
"reply %" PRIu32 " (%s)", opt, nbd_opt_lookup(opt),
reply.type, nbd_rep_lookup(reply.type));
nbd_send_opt_abort(ioc);
return -1;
}
if (reply.length != 0) {
error_setg(errp, "Option %d ('%s') response length is %" PRIu32
" (it should be zero)", opt, nbd_opt_lookup(opt),
reply.length);
nbd_send_opt_abort(ioc);
return -1;
}
return 1;
}
static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
QCryptoTLSCreds *tlscreds,
const char *hostname, Error **errp)
{
nbd_opt_reply reply;
QIOChannelTLS *tioc;
struct NBDTLSHandshakeData data = { 0 };
trace_nbd_receive_starttls_request();
if (nbd_send_option_request(ioc, NBD_OPT_STARTTLS, 0, NULL, errp) < 0) {
return NULL;
}
trace_nbd_receive_starttls_reply();
if (nbd_receive_option_reply(ioc, NBD_OPT_STARTTLS, &reply, errp) < 0) {
return NULL;
}
if (reply.type != NBD_REP_ACK) {
error_setg(errp, "Server rejected request to start TLS %" PRIx32,
reply.type);
nbd_send_opt_abort(ioc);
return NULL;
}
if (reply.length != 0) {
error_setg(errp, "Start TLS response was not zero %" PRIu32,
reply.length);
nbd_send_opt_abort(ioc);
return NULL;
}
trace_nbd_receive_starttls_new_client();
tioc = qio_channel_tls_new_client(ioc, tlscreds, hostname, errp);
if (!tioc) {
return NULL;
}
qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-client-tls");
data.loop = g_main_loop_new(g_main_context_default(), FALSE);
trace_nbd_receive_starttls_tls_handshake();
qio_channel_tls_handshake(tioc,
nbd_tls_handshake,
&data,
NULL);
if (!data.complete) {
g_main_loop_run(data.loop);
}
g_main_loop_unref(data.loop);
if (data.error) {
error_propagate(errp, data.error);
object_unref(OBJECT(tioc));
return NULL;
}
return QIO_CHANNEL(tioc);
}
/* Return -1 on failure, 0 if wantname is an available export. */
static int nbd_receive_query_exports(QIOChannel *ioc,
const char *wantname,
Error **errp)
{
bool foundExport = false;
trace_nbd_receive_query_exports_start(wantname);
if (nbd_send_option_request(ioc, NBD_OPT_LIST, 0, NULL, errp) < 0) {
return -1;
}
while (1) {
int ret = nbd_receive_list(ioc, wantname, &foundExport, errp);
if (ret < 0) {
/* Server gave unexpected reply */
return -1;
} else if (ret == 0) {
/* Done iterating. */
if (!foundExport) {
error_setg(errp, "No export with name '%s' available",
wantname);
nbd_send_opt_abort(ioc);
return -1;
}
trace_nbd_receive_query_exports_success(wantname);
return 0;
}
}
}
static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
QCryptoTLSCreds *tlscreds,
const char *hostname, Error **errp)
{
int ret;
QIOChannelTLS *tioc;
struct NBDTLSHandshakeData data = { 0 };
ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, errp);
if (ret <= 0) {
if (ret == 0) {
error_setg(errp, "Server don't support STARTTLS option");
nbd_send_opt_abort(ioc);
}
return NULL;
}
trace_nbd_receive_starttls_new_client();
tioc = qio_channel_tls_new_client(ioc, tlscreds, hostname, errp);
if (!tioc) {
return NULL;
}
qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-client-tls");
data.loop = g_main_loop_new(g_main_context_default(), FALSE);
trace_nbd_receive_starttls_tls_handshake();
qio_channel_tls_handshake(tioc,
nbd_tls_handshake,
&data,
NULL);
if (!data.complete) {
g_main_loop_run(data.loop);
}
g_main_loop_unref(data.loop);
if (data.error) {
error_propagate(errp, data.error);
object_unref(OBJECT(tioc));
return NULL;
}
return QIO_CHANNEL(tioc);
}
/* Returns -1 if NBD_OPT_GO proves the export @wantname cannot be
* used, 0 if NBD_OPT_GO is unsupported (fall back to NBD_OPT_LIST and
* NBD_OPT_EXPORT_NAME in that case), and > 0 if the export is good to
* go (with @info populated). */
static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
NBDExportInfo *info, Error **errp)
{
nbd_opt_reply reply;
uint32_t len = strlen(wantname);
uint16_t type;
int error;
char *buf;
/* The protocol requires that the server send NBD_INFO_EXPORT with
* a non-zero flags (at least NBD_FLAG_HAS_FLAGS must be set); so
* flags still 0 is a witness of a broken server. */
info->flags = 0;
trace_nbd_opt_go_start(wantname);
buf = g_malloc(4 + len + 2 + 2 * info->request_sizes + 1);
stl_be_p(buf, len);
memcpy(buf + 4, wantname, len);
/* At most one request, everything else up to server */
stw_be_p(buf + 4 + len, info->request_sizes);
if (info->request_sizes) {
stw_be_p(buf + 4 + len + 2, NBD_INFO_BLOCK_SIZE);
}
error = nbd_send_option_request(ioc, NBD_OPT_GO,
4 + len + 2 + 2 * info->request_sizes,
buf, errp);
g_free(buf);
if (error < 0) {
return -1;
}
while (1) {
if (nbd_receive_option_reply(ioc, NBD_OPT_GO, &reply, errp) < 0) {
return -1;
}
error = nbd_handle_reply_err(ioc, &reply, errp);
if (error <= 0) {
return error;
}
len = reply.length;
if (reply.type == NBD_REP_ACK) {
/* Server is done sending info and moved into transmission
phase, but make sure it sent flags */
if (len) {
error_setg(errp, "server sent invalid NBD_REP_ACK");
return -1;
}
if (!info->flags) {
error_setg(errp, "broken server omitted NBD_INFO_EXPORT");
return -1;
}
trace_nbd_opt_go_success();
return 1;
}
if (reply.type != NBD_REP_INFO) {
error_setg(errp, "unexpected reply type %" PRIx32
" (%s), expected %x",
reply.type, nbd_rep_lookup(reply.type), NBD_REP_INFO);
nbd_send_opt_abort(ioc);
return -1;
}
if (len < sizeof(type)) {
error_setg(errp, "NBD_REP_INFO length %" PRIu32 " is too short",
len);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &type, sizeof(type), errp) < 0) {
error_prepend(errp, "failed to read info type");
nbd_send_opt_abort(ioc);
return -1;
}
len -= sizeof(type);
be16_to_cpus(&type);
switch (type) {
case NBD_INFO_EXPORT:
if (len != sizeof(info->size) + sizeof(info->flags)) {
error_setg(errp, "remaining export info len %" PRIu32
" is unexpected size", len);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &info->size, sizeof(info->size), errp) < 0) {
error_prepend(errp, "failed to read info size");
nbd_send_opt_abort(ioc);
return -1;
}
be64_to_cpus(&info->size);
if (nbd_read(ioc, &info->flags, sizeof(info->flags), errp) < 0) {
error_prepend(errp, "failed to read info flags");
nbd_send_opt_abort(ioc);
return -1;
}
be16_to_cpus(&info->flags);
trace_nbd_receive_negotiate_size_flags(info->size, info->flags);
break;
case NBD_INFO_BLOCK_SIZE:
if (len != sizeof(info->min_block) * 3) {
error_setg(errp, "remaining export info len %" PRIu32
" is unexpected size", len);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &info->min_block, sizeof(info->min_block),
errp) < 0) {
error_prepend(errp, "failed to read info minimum block size");
nbd_send_opt_abort(ioc);
return -1;
}
be32_to_cpus(&info->min_block);
if (!is_power_of_2(info->min_block)) {
error_setg(errp, "server minimum block size %" PRId32
"is not a power of two", info->min_block);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &info->opt_block, sizeof(info->opt_block),
errp) < 0) {
error_prepend(errp, "failed to read info preferred block size");
nbd_send_opt_abort(ioc);
return -1;
}
be32_to_cpus(&info->opt_block);
if (!is_power_of_2(info->opt_block) ||
info->opt_block < info->min_block) {
error_setg(errp, "server preferred block size %" PRId32
"is not valid", info->opt_block);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &info->max_block, sizeof(info->max_block),
errp) < 0) {
error_prepend(errp, "failed to read info maximum block size");
nbd_send_opt_abort(ioc);
return -1;
}
be32_to_cpus(&info->max_block);
trace_nbd_opt_go_info_block_size(info->min_block, info->opt_block,
info->max_block);
break;
default:
trace_nbd_opt_go_info_unknown(type, nbd_info_lookup(type));
if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "Failed to read info payload");
nbd_send_opt_abort(ioc);
return -1;
}
break;
}
}
}
/* Process another portion of the NBD_OPT_LIST reply. Set *@match if
* the current reply matches @want or if the server does not support
* NBD_OPT_LIST, otherwise leave @match alone. Return 0 if iteration
* is complete, positive if more replies are expected, or negative
* with @errp set if an unrecoverable error occurred. */
static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
Error **errp)
{
nbd_opt_reply reply;
uint32_t len;
uint32_t namelen;
char name[NBD_MAX_NAME_SIZE + 1];
int error;
if (nbd_receive_option_reply(ioc, NBD_OPT_LIST, &reply, errp) < 0) {
return -1;
}
error = nbd_handle_reply_err(ioc, &reply, errp);
if (error <= 0) {
/* The server did not support NBD_OPT_LIST, so set *match on
* the assumption that any name will be accepted. */
*match = true;
return error;
}
len = reply.length;
if (reply.type == NBD_REP_ACK) {
if (len != 0) {
error_setg(errp, "length too long for option end");
nbd_send_opt_abort(ioc);
return -1;
}
return 0;
} else if (reply.type != NBD_REP_SERVER) {
error_setg(errp, "Unexpected reply type %" PRIx32 " expected %x",
reply.type, NBD_REP_SERVER);
nbd_send_opt_abort(ioc);
return -1;
}
if (len < sizeof(namelen) || len > NBD_MAX_BUFFER_SIZE) {
error_setg(errp, "incorrect option length %" PRIu32, len);
nbd_send_opt_abort(ioc);
return -1;
}
if (nbd_read(ioc, &namelen, sizeof(namelen), errp) < 0) {
error_prepend(errp, "failed to read option name length");
nbd_send_opt_abort(ioc);
return -1;
}
namelen = be32_to_cpu(namelen);
len -= sizeof(namelen);
if (len < namelen) {
error_setg(errp, "incorrect option name length");
nbd_send_opt_abort(ioc);
return -1;
}
if (namelen != strlen(want)) {
if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "failed to skip export name with wrong length");
nbd_send_opt_abort(ioc);
return -1;
}
return 1;
}
assert(namelen < sizeof(name));
if (nbd_read(ioc, name, namelen, errp) < 0) {
error_prepend(errp, "failed to read export name");
nbd_send_opt_abort(ioc);
return -1;
}
name[namelen] = '\0';
len -= namelen;
if (nbd_drop(ioc, len, errp) < 0) {
error_prepend(errp, "failed to read export description");
nbd_send_opt_abort(ioc);
return -1;
}
if (!strcmp(name, want)) {
*match = true;
}
return 1;
}
/* If reply represents success, return 1 without further action.
* If reply represents an error, consume the optional payload of
* the packet on ioc. Then return 0 for unsupported (so the client
* can fall back to other approaches), or -1 with errp set for other
* errors.
*/
static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
Error **errp)
{
char *msg = NULL;
int result = -1;
if (!(reply->type & (1 << 31))) {
return 1;
}
if (reply->length) {
if (reply->length > NBD_MAX_BUFFER_SIZE) {
error_setg(errp, "server error 0x%" PRIx32
" (%s) message is too long",
reply->type, nbd_rep_lookup(reply->type));
goto cleanup;
}
msg = g_malloc(reply->length + 1);
if (nbd_read(ioc, msg, reply->length, errp) < 0) {
error_prepend(errp, "failed to read option error 0x%" PRIx32
" (%s) message",
reply->type, nbd_rep_lookup(reply->type));
goto cleanup;
}
msg[reply->length] = '\0';
}
switch (reply->type) {
case NBD_REP_ERR_UNSUP:
trace_nbd_reply_err_unsup(reply->option, nbd_opt_lookup(reply->option));
result = 0;
goto cleanup;
case NBD_REP_ERR_POLICY:
error_setg(errp, "Denied by server for option %" PRIx32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
break;
case NBD_REP_ERR_INVALID:
error_setg(errp, "Invalid data length for option %" PRIx32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
break;
case NBD_REP_ERR_PLATFORM:
error_setg(errp, "Server lacks support for option %" PRIx32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
break;
case NBD_REP_ERR_TLS_REQD:
error_setg(errp, "TLS negotiation required before option %" PRIx32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
break;
case NBD_REP_ERR_UNKNOWN:
error_setg(errp, "Requested export not available");
break;
case NBD_REP_ERR_SHUTDOWN:
error_setg(errp, "Server shutting down before option %" PRIx32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
break;
case NBD_REP_ERR_BLOCK_SIZE_REQD:
error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIx32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
break;
default:
error_setg(errp, "Unknown error code when asking for option %" PRIx32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
break;
}
if (msg) {
error_append_hint(errp, "server reported: %s\n", msg);
}
cleanup:
g_free(msg);
if (result < 0) {
nbd_send_opt_abort(ioc);
}
return result;
}