Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/831189/?format=api
{ "id": 831189, "url": "http://patchwork.ozlabs.org/api/1.2/patches/831189/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20171027104037.8319-7-eblake@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.2/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20171027104037.8319-7-eblake@redhat.com>", "list_archive_url": null, "date": "2017-10-27T10:40:31", "name": "[v6,06/12] nbd/server: Refactor zero-length option check", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "667d586d7725c6ffc0214724f67314111785983c", "submitter": { "id": 6591, "url": "http://patchwork.ozlabs.org/api/1.2/people/6591/?format=api", "name": "Eric Blake", "email": "eblake@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20171027104037.8319-7-eblake@redhat.com/mbox/", "series": [ { "id": 10552, "url": "http://patchwork.ozlabs.org/api/1.2/series/10552/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=10552", "date": "2017-10-27T10:40:27", "name": "nbd minimal structured read", "version": 6, "mbox": "http://patchwork.ozlabs.org/series/10552/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/831189/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/831189/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)", "ext-mx07.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com", "ext-mx07.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=eblake@redhat.com" ], "Received": [ "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yNgVT18qdz9t2d\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 27 Oct 2017 21:44:33 +1100 (AEDT)", "from localhost ([::1]:56556 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1e827r-0003wB-7Y\n\tfor incoming@patchwork.ozlabs.org; Fri, 27 Oct 2017 06:44:31 -0400", "from eggs.gnu.org ([2001:4830:134:3::10]:57287)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <eblake@redhat.com>) id 1e824Q-0001G3-QZ\n\tfor qemu-devel@nongnu.org; Fri, 27 Oct 2017 06:40:59 -0400", "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <eblake@redhat.com>) id 1e824P-0005cK-Rf\n\tfor qemu-devel@nongnu.org; Fri, 27 Oct 2017 06:40:58 -0400", "from mx1.redhat.com ([209.132.183.28]:42746)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <eblake@redhat.com>)\n\tid 1e824M-0005Zv-Nv; Fri, 27 Oct 2017 06:40:54 -0400", "from smtp.corp.redhat.com\n\t(int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id B6217C04AC42;\n\tFri, 27 Oct 2017 10:40:53 +0000 (UTC)", "from red.redhat.com (ovpn-120-166.rdu2.redhat.com [10.10.120.166])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 4212D5C881;\n\tFri, 27 Oct 2017 10:40:52 +0000 (UTC)" ], "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com B6217C04AC42", "From": "Eric Blake <eblake@redhat.com>", "To": "qemu-devel@nongnu.org", "Date": "Fri, 27 Oct 2017 12:40:31 +0200", "Message-Id": "<20171027104037.8319-7-eblake@redhat.com>", "In-Reply-To": "<20171027104037.8319-1-eblake@redhat.com>", "References": "<20171027104037.8319-1-eblake@redhat.com>", "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.16", "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.31]);\n\tFri, 27 Oct 2017 10:40:53 +0000 (UTC)", "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]", "X-Received-From": "209.132.183.28", "Subject": "[Qemu-devel] [PATCH v6 06/12] nbd/server: Refactor zero-length\n\toption check", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Cc": "pbonzini@redhat.com, vsementsov@virtuozzo.com, qemu-block@nongnu.org", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>" }, "content": "Consolidate the response for a non-zero-length option payload\ninto a new function, nbd_reject_length(). This check will\nalso be used when introducing support for structured replies.\n\nNote that STARTTLS response differs based on time: if the connection\nis still unencrypted, we set fatal to true (a client that can't\nrequest TLS correctly may still think that we are ready to start\nthe TLS handshake, so we must disconnect); while if the connection\nis already encrypted, the client is sending a bogus request but\nis no longer at risk of being confused by continuing the connection.\n\nSigned-off-by: Eric Blake <eblake@redhat.com>\n\n---\nv6: split, rework logic to avoid subtle regression on starttls [Vladimir]\nv5: new patch\n---\n nbd/server.c | 74 +++++++++++++++++++++++++++++++++++++-----------------------\n 1 file changed, 46 insertions(+), 28 deletions(-)", "diff": "diff --git a/nbd/server.c b/nbd/server.c\nindex 6af708662d..a98f5622c9 100644\n--- a/nbd/server.c\n+++ b/nbd/server.c\n@@ -253,21 +253,10 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp,\n\n /* Process the NBD_OPT_LIST command, with a potential series of replies.\n * Return -errno on error, 0 on success. */\n-static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length,\n- Error **errp)\n+static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)\n {\n NBDExport *exp;\n\n- if (length) {\n- if (nbd_drop(client->ioc, length, errp) < 0) {\n- return -EIO;\n- }\n- return nbd_negotiate_send_rep_err(client->ioc,\n- NBD_REP_ERR_INVALID, NBD_OPT_LIST,\n- errp,\n- \"OPT_LIST should not have length\");\n- }\n-\n /* For each export, send a NBD_REP_SERVER reply. */\n QTAILQ_FOREACH(exp, &exports, next) {\n if (nbd_negotiate_send_rep_list(client->ioc, exp, errp)) {\n@@ -531,7 +520,6 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length,\n /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the\n * new channel for all further (now-encrypted) communication. */\n static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,\n- uint32_t length,\n Error **errp)\n {\n QIOChannel *ioc;\n@@ -540,15 +528,6 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,\n\n trace_nbd_negotiate_handle_starttls();\n ioc = client->ioc;\n- if (length) {\n- if (nbd_drop(ioc, length, errp) < 0) {\n- return NULL;\n- }\n- nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,\n- errp,\n- \"OPT_STARTTLS should not have length\");\n- return NULL;\n- }\n\n if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,\n NBD_OPT_STARTTLS, errp) < 0) {\n@@ -584,6 +563,34 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,\n return QIO_CHANNEL(tioc);\n }\n\n+/* nbd_reject_length: Handle any unexpected payload.\n+ * @fatal requests that we quit talking to the client, even if we are able\n+ * to successfully send an error to the guest.\n+ * Return:\n+ * -errno transmission error occurred or @fatal was requested, errp is set\n+ * 0 error message successfully sent to client, errp is not set\n+ */\n+static int nbd_reject_length(NBDClient *client, uint32_t length,\n+ uint32_t option, bool fatal, Error **errp)\n+{\n+ int ret;\n+\n+ assert(length);\n+ if (nbd_drop(client->ioc, length, errp) < 0) {\n+ return -EIO;\n+ }\n+ ret = nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID,\n+ option, errp,\n+ \"option '%s' should have zero length\",\n+ nbd_opt_lookup(option));\n+ if (fatal && !ret) {\n+ error_setg(errp, \"option '%s' should have zero length\",\n+ nbd_opt_lookup(option));\n+ return -EINVAL;\n+ }\n+ return ret;\n+}\n+\n /* nbd_negotiate_options\n * Process all NBD_OPT_* client option commands, during fixed newstyle\n * negotiation.\n@@ -674,7 +681,13 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,\n }\n switch (option) {\n case NBD_OPT_STARTTLS:\n- tioc = nbd_negotiate_handle_starttls(client, length, errp);\n+ if (length) {\n+ /* Unconditionally drop the connection if the client\n+ * can't start a TLS negotiation correctly */\n+ nbd_reject_length(client, length, option, true, errp);\n+ return -EINVAL;\n+ }\n+ tioc = nbd_negotiate_handle_starttls(client, errp);\n if (!tioc) {\n return -EIO;\n }\n@@ -709,7 +722,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,\n } else if (fixedNewstyle) {\n switch (option) {\n case NBD_OPT_LIST:\n- ret = nbd_negotiate_handle_list(client, length, errp);\n+ if (length) {\n+ ret = nbd_reject_length(client, length, option, false,\n+ errp);\n+ } else {\n+ ret = nbd_negotiate_handle_list(client, errp);\n+ }\n break;\n\n case NBD_OPT_ABORT:\n@@ -735,10 +753,10 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,\n break;\n\n case NBD_OPT_STARTTLS:\n- if (nbd_drop(client->ioc, length, errp) < 0) {\n- return -EIO;\n- }\n- if (client->tlscreds) {\n+ if (length) {\n+ ret = nbd_reject_length(client, length, option, false,\n+ errp);\n+ } else if (client->tlscreds) {\n ret = nbd_negotiate_send_rep_err(client->ioc,\n NBD_REP_ERR_INVALID,\n option, errp,\n", "prefixes": [ "v6", "06/12" ] }