Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/806860/?format=api
{ "id": 806860, "url": "http://patchwork.ozlabs.org/api/patches/806860/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503965694-10794-60-git-send-email-mdroth@linux.vnet.ibm.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1503965694-10794-60-git-send-email-mdroth@linux.vnet.ibm.com>", "list_archive_url": null, "date": "2017-08-29T00:14:34", "name": "[59/79] nbd: Fix regression on resiliency to port scan", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "c04dae4779041916785109e0180b2ed9fac9ca72", "submitter": { "id": 5549, "url": "http://patchwork.ozlabs.org/api/people/5549/?format=api", "name": "Michael Roth", "email": "mdroth@linux.vnet.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503965694-10794-60-git-send-email-mdroth@linux.vnet.ibm.com/mbox/", "series": [ { "id": 281, "url": "http://patchwork.ozlabs.org/api/series/281/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=281", "date": "2017-08-29T00:13:45", "name": "Patch Round-up for stable 2.9.1, freeze on 2017-09-04", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/281/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/806860/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/806860/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xh99H4X8vz9s7M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 29 Aug 2017 10:53:07 +1000 (AEST)", "from localhost ([::1]:42092 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dmUm9-0000NL-Fv\n\tfor incoming@patchwork.ozlabs.org; Mon, 28 Aug 2017 20:53:05 -0400", "from eggs.gnu.org ([2001:4830:134:3::10]:48658)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <mdroth@linux.vnet.ibm.com>) id 1dmUCk-0001bD-SI\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:32 -0400", "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <mdroth@linux.vnet.ibm.com>) id 1dmUCh-0005vc-Af\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:30 -0400", "from mx0b-001b2d01.pphosted.com ([148.163.158.5]:38793\n\thelo=mx0a-001b2d01.pphosted.com)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>)\n\tid 1dmUCh-0005uP-3F\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:27 -0400", "from pps.filterd (m0098416.ppops.net [127.0.0.1])\n\tby mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv7T0EYVN065932\n\tfor <qemu-devel@nongnu.org>; Mon, 28 Aug 2017 20:16:26 -0400", "from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149])\n\tby mx0b-001b2d01.pphosted.com with ESMTP id 2cmq0jb00j-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <qemu-devel@nongnu.org>; Mon, 28 Aug 2017 20:16:26 -0400", "from localhost\n\tby e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;\n\tMon, 28 Aug 2017 18:16:25 -0600", "from b03cxnp07029.gho.boulder.ibm.com (9.17.130.16)\n\tby e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway:\n\tAuthorized Use Only! Violators will be prosecuted; \n\tMon, 28 Aug 2017 18:16:22 -0600", "from b03ledav004.gho.boulder.ibm.com\n\t(b03ledav004.gho.boulder.ibm.com [9.17.130.235])\n\tby b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with\n\tESMTP id v7T0GMtn7537104; Mon, 28 Aug 2017 17:16:22 -0700", "from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id 5F1E278043;\n\tMon, 28 Aug 2017 18:16:22 -0600 (MDT)", "from localhost (unknown [9.80.85.217])\n\tby b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 254A278047;\n\tMon, 28 Aug 2017 18:16:22 -0600 (MDT)" ], "From": "Michael Roth <mdroth@linux.vnet.ibm.com>", "To": "qemu-devel@nongnu.org", "Date": "Mon, 28 Aug 2017 19:14:34 -0500", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1503965694-10794-1-git-send-email-mdroth@linux.vnet.ibm.com>", "References": "<1503965694-10794-1-git-send-email-mdroth@linux.vnet.ibm.com>", "X-TM-AS-GCONF": "00", "x-cbid": "17082900-8235-0000-0000-00000C2FE7C6", "X-IBM-SpamModules-Scores": "", "X-IBM-SpamModules-Versions": "BY=3.00007630; HX=3.00000241; KW=3.00000007;\n\tPH=3.00000004; SC=3.00000226; SDB=6.00909028; UDB=6.00455849;\n\tIPR=6.00689279; \n\tBA=6.00005557; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;\n\tZB=6.00000000; \n\tZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016909;\n\tXFM=3.00000015; UTC=2017-08-29 00:16:24", "X-IBM-AV-DETECTION": "SAVI=unused REMOTE=unused XFE=unused", "x-cbparentid": "17082900-8236-0000-0000-00003D6C072F", "Message-Id": "<1503965694-10794-60-git-send-email-mdroth@linux.vnet.ibm.com>", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-08-28_13:, , signatures=0", "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=3\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000\n\tdefinitions=main-1708290001", "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy]", "X-Received-From": "148.163.158.5", "Subject": "[Qemu-devel] [PATCH 59/79] nbd: Fix regression on resiliency to\n\tport scan", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Cc": "Paolo Bonzini <pbonzini@redhat.com>, qemu-stable@nongnu.org", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>" }, "content": "From: Eric Blake <eblake@redhat.com>\n\nBack in qemu 2.5, qemu-nbd was immune to port probes (a transient\nserver would not quit, regardless of how many probe connections\ncame and went, until a connection actually negotiated). But we\nbroke that in commit ee7d7aa when removing the return value to\nnbd_client_new(), although that patch also introduced a bug causing\nan assertion failure on a client that fails negotiation. We then\nmade it worse during refactoring in commit 1a6245a (a segfault\nbefore we could even assert); the (masked) assertion was cleaned\nup in d3780c2 (still in 2.6), and just recently we finally fixed\nthe segfault (\"nbd: Fully intialize client in case of failed\nnegotiation\"). But that still means that ever since we added\nTLS support to qemu-nbd, we have been vulnerable to an ill-timed\nport-scan being able to cause a denial of service by taking down\nqemu-nbd before a real client has a chance to connect.\n\nSince negotiation is now handled asynchronously via coroutines,\nwe no longer have a synchronous point of return by re-adding a\nreturn value to nbd_client_new(). So this patch instead wires\nthings up to pass the negotiation status through the close_fn\ncallback function.\n\nSimple test across two terminals:\n$ qemu-nbd -f raw -p 30001 file\n$ nmap 127.0.0.1 -p 30001 && \\\n qemu-io -c 'r 0 512' -f raw nbd://localhost:30001\n\nNote that this patch does not change what constitutes successful\nnegotiation (thus, a client must enter transmission phase before\nthat client can be considered as a reason to terminate the server\nwhen the connection ends). Perhaps we may want to tweak things\nin a later patch to also treat a client that uses NBD_OPT_ABORT\nas being a 'successful' negotiation (the client correctly talked\nthe NBD protocol, and informed us it was not going to use our\nexport after all), but that's a discussion for another day.\n\nFixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614\n\nSigned-off-by: Eric Blake <eblake@redhat.com>\nMessage-Id: <20170608222617.20376-1-eblake@redhat.com>\nSigned-off-by: Paolo Bonzini <pbonzini@redhat.com>\n(cherry picked from commit 0c9390d978cbf61e8f16c9f580fa96b305c43568)\nSigned-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>\n---\n blockdev-nbd.c | 6 +++++-\n include/block/nbd.h | 2 +-\n nbd/server.c | 24 +++++++++++++++---------\n qemu-nbd.c | 4 ++--\n 4 files changed, 23 insertions(+), 13 deletions(-)", "diff": "diff --git a/blockdev-nbd.c b/blockdev-nbd.c\nindex 8a11807..8d7284a 100644\n--- a/blockdev-nbd.c\n+++ b/blockdev-nbd.c\n@@ -27,6 +27,10 @@ typedef struct NBDServerData {\n \n static NBDServerData *nbd_server;\n \n+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)\n+{\n+ nbd_client_put(client);\n+}\n \n static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,\n gpointer opaque)\n@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,\n qio_channel_set_name(QIO_CHANNEL(cioc), \"nbd-server\");\n nbd_client_new(NULL, cioc,\n nbd_server->tlscreds, NULL,\n- nbd_client_put);\n+ nbd_blockdev_client_closed);\n object_unref(OBJECT(cioc));\n return TRUE;\n }\ndiff --git a/include/block/nbd.h b/include/block/nbd.h\nindex 3e373f0..b69c30d 100644\n--- a/include/block/nbd.h\n+++ b/include/block/nbd.h\n@@ -160,7 +160,7 @@ void nbd_client_new(NBDExport *exp,\n QIOChannelSocket *sioc,\n QCryptoTLSCreds *tlscreds,\n const char *tlsaclname,\n- void (*close)(NBDClient *));\n+ void (*close_fn)(NBDClient *, bool));\n void nbd_client_get(NBDClient *client);\n void nbd_client_put(NBDClient *client);\n \ndiff --git a/nbd/server.c b/nbd/server.c\nindex edfda84..a98bb21 100644\n--- a/nbd/server.c\n+++ b/nbd/server.c\n@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);\n \n struct NBDClient {\n int refcount;\n- void (*close)(NBDClient *client);\n+ void (*close_fn)(NBDClient *client, bool negotiated);\n \n bool no_zeroes;\n NBDExport *exp;\n@@ -796,7 +796,7 @@ void nbd_client_put(NBDClient *client)\n }\n }\n \n-static void client_close(NBDClient *client)\n+static void client_close(NBDClient *client, bool negotiated)\n {\n if (client->closing) {\n return;\n@@ -811,8 +811,8 @@ static void client_close(NBDClient *client)\n NULL);\n \n /* Also tell the client, so that they release their reference. */\n- if (client->close) {\n- client->close(client);\n+ if (client->close_fn) {\n+ client->close_fn(client, negotiated);\n }\n }\n \n@@ -993,7 +993,7 @@ void nbd_export_close(NBDExport *exp)\n \n nbd_export_get(exp);\n QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {\n- client_close(client);\n+ client_close(client, true);\n }\n nbd_export_set_name(exp, NULL);\n nbd_export_set_description(exp, NULL);\n@@ -1355,7 +1355,7 @@ done:\n \n out:\n nbd_request_put(req);\n- client_close(client);\n+ client_close(client, true);\n nbd_client_put(client);\n }\n \n@@ -1381,7 +1381,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)\n qemu_co_mutex_init(&client->send_lock);\n \n if (nbd_negotiate(data)) {\n- client_close(client);\n+ client_close(client, false);\n goto out;\n }\n \n@@ -1391,11 +1391,17 @@ out:\n g_free(data);\n }\n \n+/*\n+ * Create a new client listener on the given export @exp, using the\n+ * given channel @sioc. Begin servicing it in a coroutine. When the\n+ * connection closes, call @close_fn with an indication of whether the\n+ * client completed negotiation.\n+ */\n void nbd_client_new(NBDExport *exp,\n QIOChannelSocket *sioc,\n QCryptoTLSCreds *tlscreds,\n const char *tlsaclname,\n- void (*close_fn)(NBDClient *))\n+ void (*close_fn)(NBDClient *, bool))\n {\n NBDClient *client;\n NBDClientNewData *data = g_new(NBDClientNewData, 1);\n@@ -1412,7 +1418,7 @@ void nbd_client_new(NBDExport *exp,\n object_ref(OBJECT(client->sioc));\n client->ioc = QIO_CHANNEL(sioc);\n object_ref(OBJECT(client->ioc));\n- client->close = close_fn;\n+ client->close_fn = close_fn;\n \n data->client = client;\n data->co = qemu_coroutine_create(nbd_co_client_start, data);\ndiff --git a/qemu-nbd.c b/qemu-nbd.c\nindex 14e7947..3b55ffa 100644\n--- a/qemu-nbd.c\n+++ b/qemu-nbd.c\n@@ -335,10 +335,10 @@ static void nbd_export_closed(NBDExport *exp)\n \n static void nbd_update_server_watch(void);\n \n-static void nbd_client_closed(NBDClient *client)\n+static void nbd_client_closed(NBDClient *client, bool negotiated)\n {\n nb_fds--;\n- if (nb_fds == 0 && !persistent && state == RUNNING) {\n+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {\n state = TERMINATE;\n }\n nbd_update_server_watch();\n", "prefixes": [ "59/79" ] }