arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
[qemu-kvm.git] / block / nbd.c
blob2bce47bf7a33e476ae860c0119e31e35a63ca5e9
1 /*
2 * QEMU Block driver for NBD
4 * Copyright (C) 2008 Bull S.A.S.
5 * Author: Laurent Vivier <Laurent.Vivier@bull.net>
7 * Some parts:
8 * Copyright (C) 2007 Anthony Liguori <anthony@codemonkey.ws>
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 * THE SOFTWARE.
29 #include "qemu-common.h"
30 #include "nbd.h"
31 #include "block_int.h"
32 #include "module.h"
33 #include "qemu_socket.h"
35 #include <sys/types.h>
36 #include <unistd.h>
38 #define EN_OPTSTR ":exportname="
40 /* #define DEBUG_NBD */
42 #if defined(DEBUG_NBD)
43 #define logout(fmt, ...) \
44 fprintf(stderr, "nbd\t%-24s" fmt, __func__, ##__VA_ARGS__)
45 #else
46 #define logout(fmt, ...) ((void)0)
47 #endif
49 #define MAX_NBD_REQUESTS 16
50 #define HANDLE_TO_INDEX(bs, handle) ((handle) ^ ((uint64_t)(intptr_t)bs))
51 #define INDEX_TO_HANDLE(bs, index) ((index) ^ ((uint64_t)(intptr_t)bs))
53 typedef struct BDRVNBDState {
54 int sock;
55 uint32_t nbdflags;
56 off_t size;
57 size_t blocksize;
58 char *export_name; /* An NBD server may export several devices */
60 CoMutex send_mutex;
61 CoMutex free_sema;
62 Coroutine *send_coroutine;
63 int in_flight;
65 Coroutine *recv_coroutine[MAX_NBD_REQUESTS];
66 struct nbd_reply reply;
68 /* If it begins with '/', this is a UNIX domain socket. Otherwise,
69 * it's a string of the form <hostname|ip4|\[ip6\]>:port
71 char *host_spec;
72 } BDRVNBDState;
74 static int nbd_config(BDRVNBDState *s, const char *filename, int flags)
76 char *file;
77 char *export_name;
78 const char *host_spec;
79 const char *unixpath;
80 int err = -EINVAL;
82 file = g_strdup(filename);
84 export_name = strstr(file, EN_OPTSTR);
85 if (export_name) {
86 if (export_name[strlen(EN_OPTSTR)] == 0) {
87 goto out;
89 export_name[0] = 0; /* truncate 'file' */
90 export_name += strlen(EN_OPTSTR);
91 s->export_name = g_strdup(export_name);
94 /* extract the host_spec - fail if it's not nbd:... */
95 if (!strstart(file, "nbd:", &host_spec)) {
96 goto out;
99 /* are we a UNIX or TCP socket? */
100 if (strstart(host_spec, "unix:", &unixpath)) {
101 if (unixpath[0] != '/') { /* We demand an absolute path*/
102 goto out;
104 s->host_spec = g_strdup(unixpath);
105 } else {
106 s->host_spec = g_strdup(host_spec);
109 err = 0;
111 out:
112 g_free(file);
113 if (err != 0) {
114 g_free(s->export_name);
115 g_free(s->host_spec);
117 return err;
120 static void nbd_coroutine_start(BDRVNBDState *s, struct nbd_request *request)
122 int i;
124 /* Poor man semaphore. The free_sema is locked when no other request
125 * can be accepted, and unlocked after receiving one reply. */
126 if (s->in_flight >= MAX_NBD_REQUESTS - 1) {
127 qemu_co_mutex_lock(&s->free_sema);
128 assert(s->in_flight < MAX_NBD_REQUESTS);
130 s->in_flight++;
132 for (i = 0; i < MAX_NBD_REQUESTS; i++) {
133 if (s->recv_coroutine[i] == NULL) {
134 s->recv_coroutine[i] = qemu_coroutine_self();
135 break;
139 assert(i < MAX_NBD_REQUESTS);
140 request->handle = INDEX_TO_HANDLE(s, i);
143 static int nbd_have_request(void *opaque)
145 BDRVNBDState *s = opaque;
147 return s->in_flight > 0;
150 static void nbd_reply_ready(void *opaque)
152 BDRVNBDState *s = opaque;
153 uint64_t i;
154 int ret;
156 if (s->reply.handle == 0) {
157 /* No reply already in flight. Fetch a header. It is possible
158 * that another thread has done the same thing in parallel, so
159 * the socket is not readable anymore.
161 ret = nbd_receive_reply(s->sock, &s->reply);
162 if (ret == -EAGAIN) {
163 return;
165 if (ret < 0) {
166 s->reply.handle = 0;
167 goto fail;
171 /* There's no need for a mutex on the receive side, because the
172 * handler acts as a synchronization point and ensures that only
173 * one coroutine is called until the reply finishes. */
174 i = HANDLE_TO_INDEX(s, s->reply.handle);
175 if (i >= MAX_NBD_REQUESTS) {
176 goto fail;
179 if (s->recv_coroutine[i]) {
180 qemu_coroutine_enter(s->recv_coroutine[i], NULL);
181 return;
184 fail:
185 for (i = 0; i < MAX_NBD_REQUESTS; i++) {
186 if (s->recv_coroutine[i]) {
187 qemu_coroutine_enter(s->recv_coroutine[i], NULL);
192 static void nbd_restart_write(void *opaque)
194 BDRVNBDState *s = opaque;
195 qemu_coroutine_enter(s->send_coroutine, NULL);
198 static int nbd_co_send_request(BDRVNBDState *s, struct nbd_request *request,
199 QEMUIOVector *qiov, int offset)
201 int rc, ret;
203 qemu_co_mutex_lock(&s->send_mutex);
204 s->send_coroutine = qemu_coroutine_self();
205 qemu_aio_set_fd_handler(s->sock, nbd_reply_ready, nbd_restart_write,
206 nbd_have_request, s);
207 rc = nbd_send_request(s->sock, request);
208 if (rc >= 0 && qiov) {
209 ret = qemu_co_sendv(s->sock, qiov->iov, qiov->niov,
210 offset, request->len);
211 if (ret != request->len) {
212 return -EIO;
215 qemu_aio_set_fd_handler(s->sock, nbd_reply_ready, NULL,
216 nbd_have_request, s);
217 s->send_coroutine = NULL;
218 qemu_co_mutex_unlock(&s->send_mutex);
219 return rc;
222 static void nbd_co_receive_reply(BDRVNBDState *s, struct nbd_request *request,
223 struct nbd_reply *reply,
224 QEMUIOVector *qiov, int offset)
226 int ret;
228 /* Wait until we're woken up by the read handler. TODO: perhaps
229 * peek at the next reply and avoid yielding if it's ours? */
230 qemu_coroutine_yield();
231 *reply = s->reply;
232 if (reply->handle != request->handle) {
233 reply->error = EIO;
234 } else {
235 if (qiov && reply->error == 0) {
236 ret = qemu_co_recvv(s->sock, qiov->iov, qiov->niov,
237 offset, request->len);
238 if (ret != request->len) {
239 reply->error = EIO;
243 /* Tell the read handler to read another header. */
244 s->reply.handle = 0;
248 static void nbd_coroutine_end(BDRVNBDState *s, struct nbd_request *request)
250 int i = HANDLE_TO_INDEX(s, request->handle);
251 s->recv_coroutine[i] = NULL;
252 if (s->in_flight-- == MAX_NBD_REQUESTS) {
253 qemu_co_mutex_unlock(&s->free_sema);
257 static int nbd_establish_connection(BlockDriverState *bs)
259 BDRVNBDState *s = bs->opaque;
260 int sock;
261 int ret;
262 off_t size;
263 size_t blocksize;
265 if (s->host_spec[0] == '/') {
266 sock = unix_socket_outgoing(s->host_spec);
267 } else {
268 sock = tcp_socket_outgoing_spec(s->host_spec);
271 /* Failed to establish connection */
272 if (sock < 0) {
273 logout("Failed to establish connection to NBD server\n");
274 return -errno;
277 /* NBD handshake */
278 ret = nbd_receive_negotiate(sock, s->export_name, &s->nbdflags, &size,
279 &blocksize);
280 if (ret < 0) {
281 logout("Failed to negotiate with the NBD server\n");
282 closesocket(sock);
283 return ret;
286 /* Now that we're connected, set the socket to be non-blocking and
287 * kick the reply mechanism. */
288 socket_set_nonblock(sock);
289 qemu_aio_set_fd_handler(sock, nbd_reply_ready, NULL,
290 nbd_have_request, s);
292 s->sock = sock;
293 s->size = size;
294 s->blocksize = blocksize;
296 logout("Established connection with NBD server\n");
297 return 0;
300 static void nbd_teardown_connection(BlockDriverState *bs)
302 BDRVNBDState *s = bs->opaque;
303 struct nbd_request request;
305 request.type = NBD_CMD_DISC;
306 request.from = 0;
307 request.len = 0;
308 nbd_send_request(s->sock, &request);
310 qemu_aio_set_fd_handler(s->sock, NULL, NULL, NULL, NULL);
311 closesocket(s->sock);
314 static int nbd_open(BlockDriverState *bs, const char* filename, int flags)
316 BDRVNBDState *s = bs->opaque;
317 int result;
319 qemu_co_mutex_init(&s->send_mutex);
320 qemu_co_mutex_init(&s->free_sema);
322 /* Pop the config into our state object. Exit if invalid. */
323 result = nbd_config(s, filename, flags);
324 if (result != 0) {
325 return result;
328 /* establish TCP connection, return error if it fails
329 * TODO: Configurable retry-until-timeout behaviour.
331 result = nbd_establish_connection(bs);
333 return result;
336 static int nbd_co_readv_1(BlockDriverState *bs, int64_t sector_num,
337 int nb_sectors, QEMUIOVector *qiov,
338 int offset)
340 BDRVNBDState *s = bs->opaque;
341 struct nbd_request request;
342 struct nbd_reply reply;
343 ssize_t ret;
345 request.type = NBD_CMD_READ;
346 request.from = sector_num * 512;
347 request.len = nb_sectors * 512;
349 nbd_coroutine_start(s, &request);
350 ret = nbd_co_send_request(s, &request, NULL, 0);
351 if (ret < 0) {
352 reply.error = -ret;
353 } else {
354 nbd_co_receive_reply(s, &request, &reply, qiov, offset);
356 nbd_coroutine_end(s, &request);
357 return -reply.error;
361 static int nbd_co_writev_1(BlockDriverState *bs, int64_t sector_num,
362 int nb_sectors, QEMUIOVector *qiov,
363 int offset)
365 BDRVNBDState *s = bs->opaque;
366 struct nbd_request request;
367 struct nbd_reply reply;
368 ssize_t ret;
370 request.type = NBD_CMD_WRITE;
371 if (!bdrv_enable_write_cache(bs) && (s->nbdflags & NBD_FLAG_SEND_FUA)) {
372 request.type |= NBD_CMD_FLAG_FUA;
375 request.from = sector_num * 512;
376 request.len = nb_sectors * 512;
378 nbd_coroutine_start(s, &request);
379 ret = nbd_co_send_request(s, &request, qiov, offset);
380 if (ret < 0) {
381 reply.error = -ret;
382 } else {
383 nbd_co_receive_reply(s, &request, &reply, NULL, 0);
385 nbd_coroutine_end(s, &request);
386 return -reply.error;
389 /* qemu-nbd has a limit of slightly less than 1M per request. Try to
390 * remain aligned to 4K. */
391 #define NBD_MAX_SECTORS 2040
393 static int nbd_co_readv(BlockDriverState *bs, int64_t sector_num,
394 int nb_sectors, QEMUIOVector *qiov)
396 int offset = 0;
397 int ret;
398 while (nb_sectors > NBD_MAX_SECTORS) {
399 ret = nbd_co_readv_1(bs, sector_num, NBD_MAX_SECTORS, qiov, offset);
400 if (ret < 0) {
401 return ret;
403 offset += NBD_MAX_SECTORS * 512;
404 sector_num += NBD_MAX_SECTORS;
405 nb_sectors -= NBD_MAX_SECTORS;
407 return nbd_co_readv_1(bs, sector_num, nb_sectors, qiov, offset);
410 static int nbd_co_writev(BlockDriverState *bs, int64_t sector_num,
411 int nb_sectors, QEMUIOVector *qiov)
413 int offset = 0;
414 int ret;
415 while (nb_sectors > NBD_MAX_SECTORS) {
416 ret = nbd_co_writev_1(bs, sector_num, NBD_MAX_SECTORS, qiov, offset);
417 if (ret < 0) {
418 return ret;
420 offset += NBD_MAX_SECTORS * 512;
421 sector_num += NBD_MAX_SECTORS;
422 nb_sectors -= NBD_MAX_SECTORS;
424 return nbd_co_writev_1(bs, sector_num, nb_sectors, qiov, offset);
427 static int nbd_co_flush(BlockDriverState *bs)
429 BDRVNBDState *s = bs->opaque;
430 struct nbd_request request;
431 struct nbd_reply reply;
432 ssize_t ret;
434 if (!(s->nbdflags & NBD_FLAG_SEND_FLUSH)) {
435 return 0;
438 request.type = NBD_CMD_FLUSH;
439 if (s->nbdflags & NBD_FLAG_SEND_FUA) {
440 request.type |= NBD_CMD_FLAG_FUA;
443 request.from = 0;
444 request.len = 0;
446 nbd_coroutine_start(s, &request);
447 ret = nbd_co_send_request(s, &request, NULL, 0);
448 if (ret < 0) {
449 reply.error = -ret;
450 } else {
451 nbd_co_receive_reply(s, &request, &reply, NULL, 0);
453 nbd_coroutine_end(s, &request);
454 return -reply.error;
457 static int nbd_co_discard(BlockDriverState *bs, int64_t sector_num,
458 int nb_sectors)
460 BDRVNBDState *s = bs->opaque;
461 struct nbd_request request;
462 struct nbd_reply reply;
463 ssize_t ret;
465 if (!(s->nbdflags & NBD_FLAG_SEND_TRIM)) {
466 return 0;
468 request.type = NBD_CMD_TRIM;
469 request.from = sector_num * 512;;
470 request.len = nb_sectors * 512;
472 nbd_coroutine_start(s, &request);
473 ret = nbd_co_send_request(s, &request, NULL, 0);
474 if (ret < 0) {
475 reply.error = -ret;
476 } else {
477 nbd_co_receive_reply(s, &request, &reply, NULL, 0);
479 nbd_coroutine_end(s, &request);
480 return -reply.error;
483 static void nbd_close(BlockDriverState *bs)
485 BDRVNBDState *s = bs->opaque;
486 g_free(s->export_name);
487 g_free(s->host_spec);
489 nbd_teardown_connection(bs);
492 static int64_t nbd_getlength(BlockDriverState *bs)
494 BDRVNBDState *s = bs->opaque;
496 return s->size;
499 static BlockDriver bdrv_nbd = {
500 .format_name = "nbd",
501 .instance_size = sizeof(BDRVNBDState),
502 .bdrv_file_open = nbd_open,
503 .bdrv_co_readv = nbd_co_readv,
504 .bdrv_co_writev = nbd_co_writev,
505 .bdrv_close = nbd_close,
506 .bdrv_co_flush_to_os = nbd_co_flush,
507 .bdrv_co_discard = nbd_co_discard,
508 .bdrv_getlength = nbd_getlength,
509 .protocol_name = "nbd",
512 static void bdrv_nbd_init(void)
514 bdrv_register(&bdrv_nbd);
517 block_init(bdrv_nbd_init);