6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; under version 2 of the License.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include <sys/ioctl.h>
26 #if defined(__sun__) || defined(__HAIKU__)
27 #include <sys/ioccom.h>
32 #include "qemu_socket.h"
37 #define TRACE(msg, ...) do { \
38 LOG(msg, ## __VA_ARGS__); \
41 #define TRACE(msg, ...) \
45 #define LOG(msg, ...) do { \
46 fprintf(stderr, "%s:%s():L%d: " msg "\n", \
47 __FILE__, __FUNCTION__, __LINE__, ## __VA_ARGS__); \
50 /* This is all part of the "official" NBD API */
52 #define NBD_REPLY_SIZE (4 + 4 + 8)
53 #define NBD_REQUEST_MAGIC 0x25609513
54 #define NBD_REPLY_MAGIC 0x67446698
56 #define NBD_SET_SOCK _IO(0xab, 0)
57 #define NBD_SET_BLKSIZE _IO(0xab, 1)
58 #define NBD_SET_SIZE _IO(0xab, 2)
59 #define NBD_DO_IT _IO(0xab, 3)
60 #define NBD_CLEAR_SOCK _IO(0xab, 4)
61 #define NBD_CLEAR_QUE _IO(0xab, 5)
62 #define NBD_PRINT_DEBUG _IO(0xab, 6)
63 #define NBD_SET_SIZE_BLOCKS _IO(0xab, 7)
64 #define NBD_DISCONNECT _IO(0xab, 8)
66 #define NBD_OPT_EXPORT_NAME (1 << 0)
68 /* That's all folks */
70 #define read_sync(fd, buffer, size) nbd_wr_sync(fd, buffer, size, true)
71 #define write_sync(fd, buffer, size) nbd_wr_sync(fd, buffer, size, false)
73 size_t nbd_wr_sync(int fd, void *buffer, size_t size, bool do_read)
77 while (offset < size) {
81 len = qemu_recv(fd, buffer + offset, size - offset, 0);
83 len = send(fd, buffer + offset, size - offset, 0);
87 errno = socket_error();
89 /* recoverable error */
90 if (len == -1 && (errno == EAGAIN || errno == EINTR)) {
99 /* unrecoverable error */
110 static void combine_addr(char *buf, size_t len, const char* address,
113 /* If the address-part contains a colon, it's an IPv6 IP so needs [] */
114 if (strstr(address, ":")) {
115 snprintf(buf, len, "[%s]:%u", address, port);
117 snprintf(buf, len, "%s:%u", address, port);
121 int tcp_socket_outgoing(const char *address, uint16_t port)
123 char address_and_port[128];
124 combine_addr(address_and_port, 128, address, port);
125 return tcp_socket_outgoing_spec(address_and_port);
128 int tcp_socket_outgoing_spec(const char *address_and_port)
130 return inet_connect(address_and_port, SOCK_STREAM);
133 int tcp_socket_incoming(const char *address, uint16_t port)
135 char address_and_port[128];
136 combine_addr(address_and_port, 128, address, port);
137 return tcp_socket_incoming_spec(address_and_port);
140 int tcp_socket_incoming_spec(const char *address_and_port)
144 return inet_listen(address_and_port, ostr, olen, SOCK_STREAM, 0);
147 int unix_socket_incoming(const char *path)
152 return unix_listen(path, ostr, olen);
155 int unix_socket_outgoing(const char *path)
157 return unix_connect(path);
174 int nbd_negotiate(int csock, off_t size)
176 char buf[8 + 8 + 8 + 128];
179 [ 0 .. 7] passwd ("NBDMAGIC")
180 [ 8 .. 15] magic (0x00420281861253)
182 [24 .. 151] reserved (0)
185 TRACE("Beginning negotiation.");
186 memcpy(buf, "NBDMAGIC", 8);
187 cpu_to_be64w((uint64_t*)(buf + 8), 0x00420281861253LL);
188 cpu_to_be64w((uint64_t*)(buf + 16), size);
189 memset(buf + 24, 0, 128);
191 if (write_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
197 TRACE("Negotation succeeded.");
202 int nbd_receive_negotiate(int csock, const char *name, uint32_t *flags,
203 off_t *size, size_t *blocksize)
209 TRACE("Receiving negotation.");
211 if (read_sync(csock, buf, 8) != 8) {
218 if (strlen(buf) == 0) {
219 LOG("server connection closed");
224 TRACE("Magic is %c%c%c%c%c%c%c%c",
225 qemu_isprint(buf[0]) ? buf[0] : '.',
226 qemu_isprint(buf[1]) ? buf[1] : '.',
227 qemu_isprint(buf[2]) ? buf[2] : '.',
228 qemu_isprint(buf[3]) ? buf[3] : '.',
229 qemu_isprint(buf[4]) ? buf[4] : '.',
230 qemu_isprint(buf[5]) ? buf[5] : '.',
231 qemu_isprint(buf[6]) ? buf[6] : '.',
232 qemu_isprint(buf[7]) ? buf[7] : '.');
234 if (memcmp(buf, "NBDMAGIC", 8) != 0) {
235 LOG("Invalid magic received");
240 if (read_sync(csock, &magic, sizeof(magic)) != sizeof(magic)) {
245 magic = be64_to_cpu(magic);
246 TRACE("Magic is 0x%" PRIx64, magic);
249 uint32_t reserved = 0;
253 TRACE("Checking magic (opts_magic)");
254 if (magic != 0x49484156454F5054LL) {
255 LOG("Bad magic received");
259 if (read_sync(csock, &tmp, sizeof(tmp)) != sizeof(tmp)) {
260 LOG("flags read failed");
264 *flags = be16_to_cpu(tmp) << 16;
265 /* reserved for future use */
266 if (write_sync(csock, &reserved, sizeof(reserved)) !=
268 LOG("write failed (reserved)");
272 /* write the export name */
273 magic = cpu_to_be64(magic);
274 if (write_sync(csock, &magic, sizeof(magic)) != sizeof(magic)) {
275 LOG("write failed (magic)");
279 opt = cpu_to_be32(NBD_OPT_EXPORT_NAME);
280 if (write_sync(csock, &opt, sizeof(opt)) != sizeof(opt)) {
281 LOG("write failed (opt)");
285 namesize = cpu_to_be32(strlen(name));
286 if (write_sync(csock, &namesize, sizeof(namesize)) !=
288 LOG("write failed (namesize)");
292 if (write_sync(csock, (char*)name, strlen(name)) != strlen(name)) {
293 LOG("write failed (name)");
298 TRACE("Checking magic (cli_magic)");
300 if (magic != 0x00420281861253LL) {
301 LOG("Bad magic received");
307 if (read_sync(csock, &s, sizeof(s)) != sizeof(s)) {
312 *size = be64_to_cpu(s);
314 TRACE("Size is %" PRIu64, *size);
317 if (read_sync(csock, flags, sizeof(*flags)) != sizeof(*flags)) {
318 LOG("read failed (flags)");
322 *flags = be32_to_cpup(flags);
324 if (read_sync(csock, &tmp, sizeof(tmp)) != sizeof(tmp)) {
325 LOG("read failed (tmp)");
329 *flags |= be32_to_cpu(tmp);
331 if (read_sync(csock, &buf, 124) != 124) {
332 LOG("read failed (buf)");
340 int nbd_init(int fd, int csock, off_t size, size_t blocksize)
342 TRACE("Setting block size to %lu", (unsigned long)blocksize);
344 if (ioctl(fd, NBD_SET_BLKSIZE, blocksize) == -1) {
346 LOG("Failed setting NBD block size");
351 TRACE("Setting size to %zd block(s)", (size_t)(size / blocksize));
353 if (ioctl(fd, NBD_SET_SIZE_BLOCKS, size / blocksize) == -1) {
355 LOG("Failed setting size (in blocks)");
360 TRACE("Clearing NBD socket");
362 if (ioctl(fd, NBD_CLEAR_SOCK) == -1) {
364 LOG("Failed clearing NBD socket");
369 TRACE("Setting NBD socket");
371 if (ioctl(fd, NBD_SET_SOCK, csock) == -1) {
373 LOG("Failed to set NBD socket");
378 TRACE("Negotiation ended");
383 int nbd_disconnect(int fd)
385 ioctl(fd, NBD_CLEAR_QUE);
386 ioctl(fd, NBD_DISCONNECT);
387 ioctl(fd, NBD_CLEAR_SOCK);
391 int nbd_client(int fd)
396 TRACE("Doing NBD loop");
398 ret = ioctl(fd, NBD_DO_IT);
401 TRACE("NBD loop returned %d: %s", ret, strerror(serrno));
403 TRACE("Clearing NBD queue");
404 ioctl(fd, NBD_CLEAR_QUE);
406 TRACE("Clearing NBD socket");
407 ioctl(fd, NBD_CLEAR_SOCK);
413 int nbd_init(int fd, int csock, off_t size, size_t blocksize)
419 int nbd_disconnect(int fd)
425 int nbd_client(int fd)
432 int nbd_send_request(int csock, struct nbd_request *request)
434 uint8_t buf[4 + 4 + 8 + 8 + 4];
436 cpu_to_be32w((uint32_t*)buf, NBD_REQUEST_MAGIC);
437 cpu_to_be32w((uint32_t*)(buf + 4), request->type);
438 cpu_to_be64w((uint64_t*)(buf + 8), request->handle);
439 cpu_to_be64w((uint64_t*)(buf + 16), request->from);
440 cpu_to_be32w((uint32_t*)(buf + 24), request->len);
442 TRACE("Sending request to client: "
443 "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}",
444 request->from, request->len, request->handle, request->type);
446 if (write_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
447 LOG("writing to socket failed");
454 static int nbd_receive_request(int csock, struct nbd_request *request)
456 uint8_t buf[4 + 4 + 8 + 8 + 4];
459 if (read_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
466 [ 0 .. 3] magic (NBD_REQUEST_MAGIC)
467 [ 4 .. 7] type (0 == READ, 1 == WRITE)
473 magic = be32_to_cpup((uint32_t*)buf);
474 request->type = be32_to_cpup((uint32_t*)(buf + 4));
475 request->handle = be64_to_cpup((uint64_t*)(buf + 8));
476 request->from = be64_to_cpup((uint64_t*)(buf + 16));
477 request->len = be32_to_cpup((uint32_t*)(buf + 24));
479 TRACE("Got request: "
480 "{ magic = 0x%x, .type = %d, from = %" PRIu64" , len = %u }",
481 magic, request->type, request->from, request->len);
483 if (magic != NBD_REQUEST_MAGIC) {
484 LOG("invalid magic (got 0x%x)", magic);
491 int nbd_receive_reply(int csock, struct nbd_reply *reply)
493 uint8_t buf[NBD_REPLY_SIZE];
496 memset(buf, 0xAA, sizeof(buf));
498 if (read_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
505 [ 0 .. 3] magic (NBD_REPLY_MAGIC)
506 [ 4 .. 7] error (0 == no error)
510 magic = be32_to_cpup((uint32_t*)buf);
511 reply->error = be32_to_cpup((uint32_t*)(buf + 4));
512 reply->handle = be64_to_cpup((uint64_t*)(buf + 8));
515 "{ magic = 0x%x, .error = %d, handle = %" PRIu64" }",
516 magic, reply->error, reply->handle);
518 if (magic != NBD_REPLY_MAGIC) {
519 LOG("invalid magic (got 0x%x)", magic);
526 static int nbd_send_reply(int csock, struct nbd_reply *reply)
528 uint8_t buf[4 + 4 + 8];
531 [ 0 .. 3] magic (NBD_REPLY_MAGIC)
532 [ 4 .. 7] error (0 == no error)
535 cpu_to_be32w((uint32_t*)buf, NBD_REPLY_MAGIC);
536 cpu_to_be32w((uint32_t*)(buf + 4), reply->error);
537 cpu_to_be64w((uint64_t*)(buf + 8), reply->handle);
539 TRACE("Sending response to client");
541 if (write_sync(csock, buf, sizeof(buf)) != sizeof(buf)) {
542 LOG("writing to socket failed");
549 int nbd_trip(BlockDriverState *bs, int csock, off_t size, uint64_t dev_offset,
550 off_t *offset, bool readonly, uint8_t *data, int data_size)
552 struct nbd_request request;
553 struct nbd_reply reply;
555 TRACE("Reading request.");
557 if (nbd_receive_request(csock, &request) == -1)
560 if (request.len + NBD_REPLY_SIZE > data_size) {
561 LOG("len (%u) is larger than max len (%u)",
562 request.len + NBD_REPLY_SIZE, data_size);
567 if ((request.from + request.len) < request.from) {
568 LOG("integer overflow detected! "
569 "you're probably being attacked");
574 if ((request.from + request.len) > size) {
575 LOG("From: %" PRIu64 ", Len: %u, Size: %" PRIu64
576 ", Offset: %" PRIu64 "\n",
577 request.from, request.len, (uint64_t)size, dev_offset);
578 LOG("requested operation past EOF--bad client?");
583 TRACE("Decoding type");
585 reply.handle = request.handle;
588 switch (request.type) {
590 TRACE("Request type is READ");
592 if (bdrv_read(bs, (request.from + dev_offset) / 512,
593 data + NBD_REPLY_SIZE,
594 request.len / 512) == -1) {
595 LOG("reading from file failed");
599 *offset += request.len;
601 TRACE("Read %u byte(s)", request.len);
604 [ 0 .. 3] magic (NBD_REPLY_MAGIC)
605 [ 4 .. 7] error (0 == no error)
609 cpu_to_be32w((uint32_t*)data, NBD_REPLY_MAGIC);
610 cpu_to_be32w((uint32_t*)(data + 4), reply.error);
611 cpu_to_be64w((uint64_t*)(data + 8), reply.handle);
613 TRACE("Sending data to client");
615 if (write_sync(csock, data,
616 request.len + NBD_REPLY_SIZE) !=
617 request.len + NBD_REPLY_SIZE) {
618 LOG("writing to socket failed");
624 TRACE("Request type is WRITE");
626 TRACE("Reading %u byte(s)", request.len);
628 if (read_sync(csock, data, request.len) != request.len) {
629 LOG("reading from socket failed");
635 TRACE("Server is read-only, return error");
638 TRACE("Writing to device");
640 if (bdrv_write(bs, (request.from + dev_offset) / 512,
641 data, request.len / 512) == -1) {
642 LOG("writing to file failed");
647 *offset += request.len;
650 if (nbd_send_reply(csock, &reply) == -1)
654 TRACE("Request type is DISCONNECT");
658 LOG("invalid request type (%u) received", request.type);
663 TRACE("Request/Reply complete");
projects / qemu.git / blob