From nobody Tue Dec 16 16:20:32 2025 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1512590127061625.0563826808913; Wed, 6 Dec 2017 11:55:27 -0800 (PST) Received: from localhost ([::1]:57414 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfmc-00069z-4I for importer@patchew.org; Wed, 06 Dec 2017 14:55:06 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50096) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfCo-00016x-8g for qemu-devel@nongnu.org; Wed, 06 Dec 2017 14:18:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eMfCl-00017v-86 for qemu-devel@nongnu.org; Wed, 06 Dec 2017 14:18:06 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:40160) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eMfCk-000170-W4 for qemu-devel@nongnu.org; Wed, 06 Dec 2017 14:18:03 -0500 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vB6JFhSp045011 for ; Wed, 6 Dec 2017 14:18:02 -0500 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0a-001b2d01.pphosted.com with ESMTP id 2epnw5sstk-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 06 Dec 2017 14:18:01 -0500 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 6 Dec 2017 12:18:00 -0700 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 6 Dec 2017 12:17:58 -0700 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id vB6JHweB6226394; Wed, 6 Dec 2017 12:17:58 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04A8A78038; Wed, 6 Dec 2017 12:17:58 -0700 (MST) Received: from localhost (unknown [9.80.93.86]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id B933378037; Wed, 6 Dec 2017 12:17:57 -0700 (MST) From: Michael Roth To: qemu-devel@nongnu.org Date: Wed, 6 Dec 2017 13:16:45 -0600 X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171206191648.18208-1-mdroth@linux.vnet.ibm.com> References: <20171206191648.18208-1-mdroth@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17120619-0020-0000-0000-00000D1F94C1 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008161; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000244; SDB=6.00956379; UDB=6.00483442; IPR=6.00736416; BA=6.00005729; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00018387; XFM=3.00000015; UTC=2017-12-06 19:18:00 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17120619-0021-0000-0000-00005F320EEB Message-Id: <20171206191648.18208-53-mdroth@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-06_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1712060273 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH 52/55] nbd-client: Refuse read-only client with BDRV_O_RDWR X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-stable@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Eric Blake The NBD spec says that clients should not try to write/trim to an export advertised as read-only by the server. But we failed to check that, and would allow the block layer to use NBD with BDRV_O_RDWR even when the server is read-only, which meant we were depending on the server sending a proper EPERM failure for various commands, and also exposes a leaky abstraction: using qemu-io in read-write mode would succeed on 'w -z 0 0' because of local short-circuiting logic, but 'w 0 0' would send a request over the wire (where it then depends on the server, and fails at least for qemu-nbd but might pass for other NBD implementations). With this patch, a client MUST request read-only mode to access a server that is doing a read-only export, or else it will get a message like: can't open device nbd://localhost:10809/foo: request for write access confl= icts with read-only export It is no longer possible to even attempt writes over the wire (including the corner case of 0-length writes), because the block layer enforces the explicit read-only request; this matches the behavior of qcow2 when backed by a read-only POSIX file. Fix several iotests to comply with the new behavior (since qemu-nbd of an internal snapshot, as well as nbd-server-add over QMP, default to a read-only export, we must tell blockdev-add/qemu-io to set up a read-only client). CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake Message-Id: <20171108215703.9295-3-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy (cherry picked from commit 1104d83c726d2b20f9cec7b99ab3570a2fdbd46d) Signed-off-by: Michael Roth --- block/nbd-client.c | 9 +++++++++ tests/qemu-iotests/058 | 8 ++++---- tests/qemu-iotests/140 | 4 ++-- tests/qemu-iotests/147 | 1 + 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/block/nbd-client.c b/block/nbd-client.c index ea728fffc8..db9d41eb04 100644 --- a/block/nbd-client.c +++ b/block/nbd-client.c @@ -256,6 +256,7 @@ int nbd_client_co_pwritev(BlockDriverState *bs, uint64_= t offset, NBDReply reply; ssize_t ret; =20 + assert(!(client->info.flags & NBD_FLAG_READ_ONLY)); if (flags & BDRV_REQ_FUA) { assert(client->info.flags & NBD_FLAG_SEND_FUA); request.flags |=3D NBD_CMD_FLAG_FUA; @@ -284,6 +285,7 @@ int nbd_client_co_pwrite_zeroes(BlockDriverState *bs, i= nt64_t offset, }; NBDReply reply; =20 + assert(!(client->info.flags & NBD_FLAG_READ_ONLY)); if (!(client->info.flags & NBD_FLAG_SEND_WRITE_ZEROES)) { return -ENOTSUP; } @@ -339,6 +341,7 @@ int nbd_client_co_pdiscard(BlockDriverState *bs, int64_= t offset, int bytes) NBDReply reply; ssize_t ret; =20 + assert(!(client->info.flags & NBD_FLAG_READ_ONLY)); if (!(client->info.flags & NBD_FLAG_SEND_TRIM)) { return 0; } @@ -403,6 +406,12 @@ int nbd_client_init(BlockDriverState *bs, logout("Failed to negotiate with the NBD server\n"); return ret; } + if (client->info.flags & NBD_FLAG_READ_ONLY && + !bdrv_is_read_only(bs)) { + error_setg(errp, + "request for write access conflicts with read-only expo= rt"); + return -EACCES; + } if (client->info.flags & NBD_FLAG_SEND_FUA) { bs->supported_write_flags =3D BDRV_REQ_FUA; bs->supported_zero_flags |=3D BDRV_REQ_FUA; diff --git a/tests/qemu-iotests/058 b/tests/qemu-iotests/058 index 2253c6a6d1..5eb8784669 100755 --- a/tests/qemu-iotests/058 +++ b/tests/qemu-iotests/058 @@ -117,15 +117,15 @@ _export_nbd_snapshot sn1 =20 echo echo "=3D=3D verifying the exported snapshot with patterns, method 1 =3D= =3D" -$QEMU_IO_NBD -c 'read -P 0xa 0x1000 0x1000' "$nbd_snapshot_img" | _filter_= qemu_io -$QEMU_IO_NBD -c 'read -P 0xb 0x2000 0x1000' "$nbd_snapshot_img" | _filter_= qemu_io +$QEMU_IO_NBD -r -c 'read -P 0xa 0x1000 0x1000' "$nbd_snapshot_img" | _filt= er_qemu_io +$QEMU_IO_NBD -r -c 'read -P 0xb 0x2000 0x1000' "$nbd_snapshot_img" | _filt= er_qemu_io =20 _export_nbd_snapshot1 sn1 =20 echo echo "=3D=3D verifying the exported snapshot with patterns, method 2 =3D= =3D" -$QEMU_IO_NBD -c 'read -P 0xa 0x1000 0x1000' "$nbd_snapshot_img" | _filter_= qemu_io -$QEMU_IO_NBD -c 'read -P 0xb 0x2000 0x1000' "$nbd_snapshot_img" | _filter_= qemu_io +$QEMU_IO_NBD -r -c 'read -P 0xa 0x1000 0x1000' "$nbd_snapshot_img" | _filt= er_qemu_io +$QEMU_IO_NBD -r -c 'read -P 0xb 0x2000 0x1000' "$nbd_snapshot_img" | _filt= er_qemu_io =20 $QEMU_IMG convert "$TEST_IMG" -l sn1 -O qcow2 "$converted_image" =20 diff --git a/tests/qemu-iotests/140 b/tests/qemu-iotests/140 index f89d0d6789..a8fc95145c 100755 --- a/tests/qemu-iotests/140 +++ b/tests/qemu-iotests/140 @@ -78,7 +78,7 @@ _send_qemu_cmd $QEMU_HANDLE \ 'arguments': { 'device': 'drv' }}" \ 'return' =20 -$QEMU_IO_PROG -f raw -c 'read -P 42 0 64k' \ +$QEMU_IO_PROG -f raw -r -c 'read -P 42 0 64k' \ "nbd+unix:///drv?socket=3D$TEST_DIR/nbd" 2>&1 \ | _filter_qemu_io | _filter_nbd =20 @@ -87,7 +87,7 @@ _send_qemu_cmd $QEMU_HANDLE \ 'arguments': { 'device': 'drv' }}" \ 'return' =20 -$QEMU_IO_PROG -f raw -c close \ +$QEMU_IO_PROG -f raw -r -c close \ "nbd+unix:///drv?socket=3D$TEST_DIR/nbd" 2>&1 \ | _filter_qemu_io | _filter_nbd =20 diff --git a/tests/qemu-iotests/147 b/tests/qemu-iotests/147 index db34838cd0..90f40ed245 100755 --- a/tests/qemu-iotests/147 +++ b/tests/qemu-iotests/147 @@ -43,6 +43,7 @@ class NBDBlockdevAddBase(iotests.QMPTestCase): 'driver': 'raw', 'file': { 'driver': 'nbd', + 'read-only': True, 'server': address } } if export is not None: --=20 2.11.0