From nobody Sat May 4 16:53:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1522678751755719.6080744376877; Mon, 2 Apr 2018 07:19:11 -0700 (PDT) Received: from localhost ([::1]:38131 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30Ig-0001rF-JI for importer@patchew.org; Mon, 02 Apr 2018 10:19:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51631) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30G3-0000LD-Tv for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f30G3-0004Q4-2p for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:27 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:49236 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f30Fy-0004KD-7w; Mon, 02 Apr 2018 10:16:22 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 17105722F1; Mon, 2 Apr 2018 14:16:20 +0000 (UTC) Received: from red.redhat.com (ovpn-122-146.rdu2.redhat.com [10.10.122.146]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8A712D7E12; Mon, 2 Apr 2018 14:16:19 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Date: Mon, 2 Apr 2018 09:16:12 -0500 Message-Id: <20180402141614.2008263-2-eblake@redhat.com> In-Reply-To: <20180402141614.2008263-1-eblake@redhat.com> References: <20180402141614.2008263-1-eblake@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 02 Apr 2018 14:16:20 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 02 Apr 2018 14:16:20 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'eblake@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 1/3] nbd: Fix 32-bit compilation on BLOCK_STATUS X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Paolo Bonzini , "open list:Network Block Dev..." , Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" iotests 123 and 209 fail on 32-bit platforms. The culprit: sizeof(extent) is wrong; we want sizeof(*extent). But since the struct is 8 bytes, it happened to work on 64-bit platforms where the pointer is also 8 bytes (nasty). Fixes: 78a33ab58 Reported-by: Max Reitz Signed-off-by: Eric Blake Message-Id: <20180327210517.1804242-1-eblake@redhat.com> Reviewed-by: Paolo Bonzini Reviewed-by: Vladimir Sementsov-Ogievskiy --- block/nbd-client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/nbd-client.c b/block/nbd-client.c index e64e346d690..e7caf49fbb4 100644 --- a/block/nbd-client.c +++ b/block/nbd-client.c @@ -239,7 +239,7 @@ static int nbd_parse_blockstatus_payload(NBDClientSessi= on *client, { uint32_t context_id; - if (chunk->length !=3D sizeof(context_id) + sizeof(extent)) { + if (chunk->length !=3D sizeof(context_id) + sizeof(*extent)) { error_setg(errp, "Protocol error: invalid payload for " "NBD_REPLY_TYPE_BLOCK_STATUS"); return -EINVAL; --=20 2.14.3 From nobody Sat May 4 16:53:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1522678749269340.4568514592846; Mon, 2 Apr 2018 07:19:09 -0700 (PDT) Received: from localhost ([::1]:38129 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30Id-0001oh-RF for importer@patchew.org; Mon, 02 Apr 2018 10:19:07 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51634) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30G4-0000Li-4c for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f30G3-0004QJ-4y for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:28 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40070 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f30Fy-0004KH-88; Mon, 02 Apr 2018 10:16:22 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 982F7406E8BD; Mon, 2 Apr 2018 14:16:20 +0000 (UTC) Received: from red.redhat.com (ovpn-122-146.rdu2.redhat.com [10.10.122.146]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D531D7DFE; Mon, 2 Apr 2018 14:16:20 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Date: Mon, 2 Apr 2018 09:16:13 -0500 Message-Id: <20180402141614.2008263-3-eblake@redhat.com> In-Reply-To: <20180402141614.2008263-1-eblake@redhat.com> References: <20180402141614.2008263-1-eblake@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 02 Apr 2018 14:16:20 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 02 Apr 2018 14:16:20 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'eblake@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 2/3] nbd/client: Correctly handle bad server REP_META_CONTEXT X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , "open list:Network Block Dev..." Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" It's never a good idea to blindly read for size bytes as returned by the server without first validating that the size is within bounds; a malicious or buggy server could cause us to hang or get out of sync from reading further messages. It may be smarter to try and teach the client to cope with unexpected context ids by silently ignoring them instead of hanging up on the server, but for now, if the server doesn't reply with exactly the one context we expect, it's easier to just give up - however, if we give up for any reason other than an I/O failure, we might as well try to politely tell the server we are quitting rather than continuing. Fix some typos in the process. Signed-off-by: Eric Blake Message-Id: <20180329231837.1914680-1-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy --- nbd/client.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index 9b9b7f0ea29..dd0174b036e 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -599,8 +599,8 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, * Set one meta context. Simple means that reply must contain zero (not * negotiated) or one (negotiated) contexts. More contexts would be consid= ered * as a protocol error. It's also implied that meta-data query equals quer= ied - * context name, so, if server replies with something different then @cont= ext, - * it considered as error too. + * context name, so, if server replies with something different than @cont= ext, + * it is considered an error too. * return 1 for successful negotiation, context_id is set * 0 if operation is unsupported, * -1 with errp set for any other error @@ -649,25 +649,33 @@ static int nbd_negotiate_simple_meta_context(QIOChann= el *ioc, if (reply.type =3D=3D NBD_REP_META_CONTEXT) { char *name; - size_t len; + + if (reply.length !=3D sizeof(received_id) + context_len) { + error_setg(errp, "Failed to negotiate meta context '%s', serve= r " + "answered with unexpected length %" PRIu32, context, + reply.length); + nbd_send_opt_abort(ioc); + return -1; + } if (nbd_read(ioc, &received_id, sizeof(received_id), errp) < 0) { return -1; } be32_to_cpus(&received_id); - len =3D reply.length - sizeof(received_id); - name =3D g_malloc(len + 1); - if (nbd_read(ioc, name, len, errp) < 0) { + reply.length -=3D sizeof(received_id); + name =3D g_malloc(reply.length + 1); + if (nbd_read(ioc, name, reply.length, errp) < 0) { g_free(name); return -1; } - name[len] =3D '\0'; + name[reply.length] =3D '\0'; if (strcmp(context, name)) { error_setg(errp, "Failed to negotiate meta context '%s', serve= r " "answered with different context '%s'", context, name); g_free(name); + nbd_send_opt_abort(ioc); return -1; } g_free(name); @@ -690,6 +698,12 @@ static int nbd_negotiate_simple_meta_context(QIOChanne= l *ioc, if (reply.type !=3D NBD_REP_ACK) { error_setg(errp, "Unexpected reply type %" PRIx32 " expected %x", reply.type, NBD_REP_ACK); + nbd_send_opt_abort(ioc); + return -1; + } + if (reply.length) { + error_setg(errp, "Unexpected length to ACK response"); + nbd_send_opt_abort(ioc); return -1; } --=20 2.14.3 From nobody Sat May 4 16:53:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1522678750479408.404069784572; Mon, 2 Apr 2018 07:19:10 -0700 (PDT) Received: from localhost ([::1]:38130 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30If-0001pu-1D for importer@patchew.org; Mon, 02 Apr 2018 10:19:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51646) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f30G4-0000MJ-Om for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f30G3-0004QQ-7s for qemu-devel@nongnu.org; Mon, 02 Apr 2018 10:16:28 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40072 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f30Fy-0004KG-8L; Mon, 02 Apr 2018 10:16:22 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 29E2B406E96B; Mon, 2 Apr 2018 14:16:21 +0000 (UTC) Received: from red.redhat.com (ovpn-122-146.rdu2.redhat.com [10.10.122.146]) by smtp.corp.redhat.com (Postfix) with ESMTP id C4FD77C45; Mon, 2 Apr 2018 14:16:20 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Date: Mon, 2 Apr 2018 09:16:14 -0500 Message-Id: <20180402141614.2008263-4-eblake@redhat.com> In-Reply-To: <20180402141614.2008263-1-eblake@redhat.com> References: <20180402141614.2008263-1-eblake@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 02 Apr 2018 14:16:21 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 02 Apr 2018 14:16:21 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'eblake@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 3/3] nbd: trace meta context negotiation X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , "open list:Network Block Dev..." Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Having a more detailed log of the interaction between client and server is invaluable in debugging how meta context negotiation actually works. Signed-off-by: Eric Blake Message-Id: <20180330130950.1931229-1-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy --- nbd/client.c | 2 ++ nbd/server.c | 8 ++++++++ nbd/trace-events | 6 ++++++ 3 files changed, 16 insertions(+) diff --git a/nbd/client.c b/nbd/client.c index dd0174b036e..b9e175d1c27 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -623,6 +623,7 @@ static int nbd_negotiate_simple_meta_context(QIOChannel= *ioc, char *data =3D g_malloc(data_len); char *p =3D data; + trace_nbd_opt_meta_request(context, export); stl_be_p(p, export_len); memcpy(p +=3D sizeof(export_len), export, export_len); stl_be_p(p +=3D export_len, 1); @@ -680,6 +681,7 @@ static int nbd_negotiate_simple_meta_context(QIOChannel= *ioc, } g_free(name); + trace_nbd_opt_meta_reply(context, received_id); received =3D true; /* receive NBD_REP_ACK */ diff --git a/nbd/server.c b/nbd/server.c index cea158913ba..9e1f2271784 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -726,6 +726,7 @@ static int nbd_negotiate_send_meta_context(NBDClient *c= lient, context_id =3D 0; } + trace_nbd_negotiate_meta_query_reply(context, context_id); set_be_option_rep(&opt.h, client->opt, NBD_REP_META_CONTEXT, sizeof(opt) - sizeof(opt.h) + iov[1].iov_len); stl_be_p(&opt.context_id, context_id); @@ -752,10 +753,12 @@ static int nbd_meta_base_query(NBDClient *client, NBD= ExportMetaContexts *meta, if (client->opt =3D=3D NBD_OPT_LIST_META_CONTEXT) { meta->base_allocation =3D true; } + trace_nbd_negotiate_meta_query_parse("base:"); return 1; } if (len !=3D alen) { + trace_nbd_negotiate_meta_query_skip("not base:allocation"); return nbd_opt_skip(client, len, errp); } @@ -768,6 +771,7 @@ static int nbd_meta_base_query(NBDClient *client, NBDEx= portMetaContexts *meta, meta->base_allocation =3D true; } + trace_nbd_negotiate_meta_query_parse("base:allocation"); return 1; } @@ -800,6 +804,7 @@ static int nbd_negotiate_meta_query(NBDClient *client, /* The only supported namespace for now is 'base'. So query should sta= rt * with 'base:'. Otherwise, we can ignore it and skip the remainder. */ if (len < baselen) { + trace_nbd_negotiate_meta_query_skip("length too short"); return nbd_opt_skip(client, len, errp); } @@ -809,6 +814,7 @@ static int nbd_negotiate_meta_query(NBDClient *client, return ret; } if (strncmp(query, "base:", baselen) !=3D 0) { + trace_nbd_negotiate_meta_query_skip("not for base: namespace"); return nbd_opt_skip(client, len, errp); } @@ -858,6 +864,8 @@ static int nbd_negotiate_meta_queries(NBDClient *client, return ret; } cpu_to_be32s(&nb_queries); + trace_nbd_negotiate_meta_context(nbd_opt_lookup(client->opt), + meta->export_name, nb_queries); if (client->opt =3D=3D NBD_OPT_LIST_META_CONTEXT && !nb_queries) { /* enable all known contexts */ diff --git a/nbd/trace-events b/nbd/trace-events index 0d03edc967d..dee081e7758 100644 --- a/nbd/trace-events +++ b/nbd/trace-events @@ -10,6 +10,8 @@ nbd_receive_query_exports_start(const char *wantname) "Qu= erying export list for nbd_receive_query_exports_success(const char *wantname) "Found desired exp= ort name '%s'" nbd_receive_starttls_new_client(void) "Setting up TLS" nbd_receive_starttls_tls_handshake(void) "Starting TLS handshake" +nbd_opt_meta_request(const char *context, const char *export) "Requesting = to set meta context %s for export %s" +nbd_opt_meta_reply(const char *context, uint32_t id) "Received mapping of = context %s to id %" PRIu32 nbd_receive_negotiate(void *tlscreds, const char *hostname) "Receiving neg= otiation tlscreds=3D%p hostname=3D%s" nbd_receive_negotiate_magic(uint64_t magic) "Magic is 0x%" PRIx64 nbd_receive_negotiate_server_flags(uint32_t globalflags) "Global flags are= 0x%" PRIx32 @@ -44,6 +46,10 @@ nbd_negotiate_handle_info_request(int request, const cha= r *name) "Client request nbd_negotiate_handle_info_block_size(uint32_t minimum, uint32_t preferred,= uint32_t maximum) "advertising minimum 0x%" PRIx32 ", preferred 0x%" PRIx3= 2 ", maximum 0x%" PRIx32 nbd_negotiate_handle_starttls(void) "Setting up TLS" nbd_negotiate_handle_starttls_handshake(void) "Starting TLS handshake" +nbd_negotiate_meta_context(const char *optname, const char *export, uint32= _t queries) "Client requested %s for export %s, with %" PRIu32 " queries" +nbd_negotiate_meta_query_skip(const char *reason) "Skipping meta query: %s" +nbd_negotiate_meta_query_parse(const char *query) "Parsed meta query '%s'" +nbd_negotiate_meta_query_reply(const char *context, uint32_t id) "Replying= with meta context '%s' id %" PRIu32 nbd_negotiate_options_flags(uint32_t flags) "Received client flags 0x%" PR= Ix32 nbd_negotiate_options_check_magic(uint64_t magic) "Checking opts magic 0x%= " PRIx64 nbd_negotiate_options_check_option(uint32_t option, const char *name) "Che= cking option %" PRIu32 " (%s)" --=20 2.14.3