From patchwork Fri Mar 27 16:19:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Blake X-Patchwork-Id: 1262875 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Aanw9ows; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48pnBv4T9tz9sSL for ; Sat, 28 Mar 2020 03:20:23 +1100 (AEDT) Received: from localhost ([::1]:44008 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHriX-0005fx-DN for incoming@patchwork.ozlabs.org; Fri, 27 Mar 2020 12:20:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39441) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHrhz-0005d0-Ky for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHrhy-0004ff-95 for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:47 -0400 Received: from us-smtp-delivery-74.mimecast.com ([216.205.24.74]:39873) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jHrhx-0004dg-QU for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585325984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hl2QeRFALRUYx31zZgprkAN+eRCTvjsgpmjOsW0+nOw=; b=Aanw9ows0W3XWKpvnl5F2OTZWUivfLNQNaugh3vJs7DdYMT6lvN5sY4snS24uIC3hOyw3L R8WZN9/AIUP5exZwzK+LpwQtqDa8VBNaPCBKfjNdLGPmERke5vJauVPkwRsH231OD73M6r hquZIFy0n0pbE2epKCzwLW8/I6C21PQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-315-IfS0Au2XONWCRNQSpXqiKA-1; Fri, 27 Mar 2020 12:19:42 -0400 X-MC-Unique: IfS0Au2XONWCRNQSpXqiKA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AB4038010F6; Fri, 27 Mar 2020 16:19:41 +0000 (UTC) Received: from blue.redhat.com (ovpn-113-103.phx2.redhat.com [10.3.113.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B4395C1D8; Fri, 27 Mar 2020 16:19:39 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Subject: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown() Date: Fri, 27 Mar 2020 11:19:34 -0500 Message-Id: <20200327161936.2225989-2-eblake@redhat.com> In-Reply-To: <20200327161936.2225989-1-eblake@redhat.com> References: <20200327161936.2225989-1-eblake@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 216.205.24.74 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: berrange@redhat.com, Markus Armbruster , qemu-block@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Gnutls documents that applications that want to distinguish between a clean end-of-communication and a malicious client abruptly tearing the underlying transport out of under our feet need to use gnutls_bye(). Our channel code is already set up to allow shutdown requests, but we weren't forwarding those to gnutls. To make that work, we first need a new entry point that can isolate the rest of our code from the gnutls interface. Signed-off-by: Eric Blake --- qapi/crypto.json | 15 +++++++++++++++ include/crypto/tlssession.h | 24 ++++++++++++++++++++++++ crypto/tlssession.c | 27 +++++++++++++++++++++++++++ 3 files changed, 66 insertions(+) diff --git a/qapi/crypto.json b/qapi/crypto.json index b2a4cff683ff..1df0f4502885 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -119,6 +119,21 @@ 'prefix': 'QCRYPTO_IVGEN_ALG', 'data': ['plain', 'plain64', 'essiv']} +## +# @QCryptoShutdownMode: +# +# The supported modes for requesting shutdown of a crypto +# communication channel. +# +# @shut-wr: No more writes will be sent, but the remote end can still send +# data to be read. +# @shut-rdwr: No more reads or writes should occur. +# Since: 5.1 +## +{ 'enum': 'QCryptoShutdownMode', + 'prefix': 'QCRYPTO', + 'data': ['shut-wr', 'shut-rdwr']} + ## # @QCryptoBlockFormat: # diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 15b9cef086cc..10c670e3b6a2 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -321,4 +321,28 @@ int qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess, */ char *qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess); +/** + * qcrypto_tls_shutdown: + * @sess: the TLS session object + * @how: the desired shutdown mode + * + * Prepare to terminate the session. If @how is QCRYPTO_SHUT_WR, this + * side will no longer write data, but should still process reads + * until EOF; if @how is QCRYPTO_SHUT_RDWR, then the entire session + * should shut down. Use of this function is optional, since closing + * the session implies QCRYPTO_SHUT_RDWR. However, using this + * function prior to terminating the underlying transport layer makes + * it possible for the remote endpoint to distinguish between a + * malicious party prematurely terminating the the connection and + * normal termination. + * + * This function should only be used after a successful + * qcrypto_tls_session_handshake(). + * + * Returns: 0 for success, or -EAGAIN if more underlying I/O is + * required to finish proper session shutdown. + */ +int qcrypto_tls_session_shutdown(QCryptoTLSSession *sess, + QCryptoShutdownMode how); + #endif /* QCRYPTO_TLSSESSION_H */ diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 33203e8ca711..903301189069 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -521,6 +521,33 @@ qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session) } +int qcrypto_tls_session_shutdown(QCryptoTLSSession *session, + QCryptoShutdownMode how) +{ + gnutls_close_request_t mode; + int ret; + + assert(session->handshakeComplete); + switch (how) { + case QCRYPTO_SHUT_WR: + mode = GNUTLS_SHUT_WR; + break; + case QCRYPTO_SHUT_RDWR: + mode = GNUTLS_SHUT_RDWR; + break; + default: + abort(); + } + + ret = gnutls_bye(session->handle, mode); + if (ret == GNUTLS_E_INTERRUPTED || + ret == GNUTLS_E_AGAIN) { + return -EAGAIN; + } + return 0; +} + + int qcrypto_tls_session_get_key_size(QCryptoTLSSession *session, Error **errp) From patchwork Fri Mar 27 16:19:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Blake X-Patchwork-Id: 1262878 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=QHeGllYm; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48pnFT30Jdz9sSL for ; Sat, 28 Mar 2020 03:22:37 +1100 (AEDT) Received: from localhost ([::1]:44054 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHrkh-0007zd-CI for incoming@patchwork.ozlabs.org; Fri, 27 Mar 2020 12:22:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39483) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHri1-0005eb-DI for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHrhz-0004hd-MI for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:49 -0400 Received: from us-smtp-delivery-74.mimecast.com ([216.205.24.74]:50479) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jHrhz-0004gy-Ha for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585325987; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a2yZyuVHJ8pbFolfMbYA0T7S/y89rJCjMePE+tPwNL4=; b=QHeGllYmVcX86rLrBmJJp9HIuIEyNcxE0bLPPO6JmiuC4PUGrwaaPtvEQpjJG8wUVFkaKI WuoaZ7OBEI1RXj+6LBBMwop2pt4dix0Ie747cANkwKGCtm3EJGvhKyVLMQLBUtRWMrub7i vRgU60WcWdbayvNDMLxTvaGBCwRFlA8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-131-uPfziAzkNs6xA-sNm3jPYg-1; Fri, 27 Mar 2020 12:19:45 -0400 X-MC-Unique: uPfziAzkNs6xA-sNm3jPYg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AC407801A18; Fri, 27 Mar 2020 16:19:44 +0000 (UTC) Received: from blue.redhat.com (ovpn-113-103.phx2.redhat.com [10.3.113.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id D5B0F5C1D8; Fri, 27 Mar 2020 16:19:41 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Subject: [PATCH 2/3] io: Support shutdown of TLS channel Date: Fri, 27 Mar 2020 11:19:35 -0500 Message-Id: <20200327161936.2225989-3-eblake@redhat.com> In-Reply-To: <20200327161936.2225989-1-eblake@redhat.com> References: <20200327161936.2225989-1-eblake@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 216.205.24.74 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: berrange@redhat.com, qemu-block@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Gnutls documents that while many apps simply yank out the underlying transport at the end of communication in the name of efficiency, this is indistinguishable from a malicious actor terminating the connection prematurely. Since our channel I/O code already supports the notion of a graceful shutdown request, it is time to plumb that through to the TLS layer, and wait for TLS to give the all clear before then terminating traffic on the underlying channel. Note that channel-tls now always advertises shutdown support, regardless of whether the underlying channel also has that support. Signed-off-by: Eric Blake --- io/channel-tls.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/io/channel-tls.c b/io/channel-tls.c index 7ec8ceff2f01..f90905823e1d 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -360,10 +360,35 @@ static int qio_channel_tls_shutdown(QIOChannel *ioc, Error **errp) { QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc); + int ret = 0; tioc->shutdown |= how; - return qio_channel_shutdown(tioc->master, how, errp); + do { + switch (how) { + case QIO_CHANNEL_SHUTDOWN_READ: + /* No TLS counterpart */ + break; + case QIO_CHANNEL_SHUTDOWN_WRITE: + ret = qcrypto_tls_session_shutdown(tioc->session, QCRYPTO_SHUT_WR); + break; + case QIO_CHANNEL_SHUTDOWN_BOTH: + ret = qcrypto_tls_session_shutdown(tioc->session, + QCRYPTO_SHUT_RDWR); + break; + default: + abort(); + } + } while (ret == -EAGAIN); + if (ret < 0) { + error_setg_errno(errp, -ret, "Cannot shut down TLS channel"); + return -1; + } + + if (qio_channel_has_feature(tioc->master, QIO_CHANNEL_FEATURE_SHUTDOWN)) { + return qio_channel_shutdown(tioc->master, how, errp); + } + return 0; } static int qio_channel_tls_close(QIOChannel *ioc, From patchwork Fri Mar 27 16:19:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Blake X-Patchwork-Id: 1262877 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Huu+x7lj; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48pnFN3Kxsz9sSL for ; Sat, 28 Mar 2020 03:22:32 +1100 (AEDT) Received: from localhost ([::1]:44052 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHrkc-0007uD-8h for incoming@patchwork.ozlabs.org; Fri, 27 Mar 2020 12:22:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39562) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHriA-0005sj-To for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:20:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHri9-0004yk-OQ for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:58 -0400 Received: from us-smtp-delivery-74.mimecast.com ([63.128.21.74]:57275) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jHri9-0004w1-JD for qemu-devel@nongnu.org; Fri, 27 Mar 2020 12:19:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585325997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WzIgZ8XqoLLXDLEutOzkw+h9pS2LHHFl9byIIxdSFP0=; b=Huu+x7ljOEnkiu5lI+ZQV4XV9pEW6xGLX4I8JAb9LuOTukoEiZv721X1LykurcCU5D/alS H0LwiJhT9wJnhIWtWzvjx7hYxx44CDCp0t4pYNkxWkjfa7dxOhFRiqzwJUyDttwaUwSbAc gr2Ndkzfh6K1iwFOqLSe/vP6MoGxjDQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-350-32P2UKB7Me2BomMIpZ-pUg-1; Fri, 27 Mar 2020 12:19:53 -0400 X-MC-Unique: 32P2UKB7Me2BomMIpZ-pUg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7B97C80257F; Fri, 27 Mar 2020 16:19:52 +0000 (UTC) Received: from blue.redhat.com (ovpn-113-103.phx2.redhat.com [10.3.113.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id DDB025C1D8; Fri, 27 Mar 2020 16:19:44 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Subject: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent Date: Fri, 27 Mar 2020 11:19:36 -0500 Message-Id: <20200327161936.2225989-4-eblake@redhat.com> In-Reply-To: <20200327161936.2225989-1-eblake@redhat.com> References: <20200327161936.2225989-1-eblake@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 63.128.21.74 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , berrange@redhat.com, qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Although the remote end should always be tolerant of a socket being arbitrarily closed, there are situations where it is a lot easier if the remote end can be guaranteed to read EOF even before the socket has closed. In particular, when using gnutls, if we fail to inform the remote end about an impending teardown, the remote end cannot distinguish between our closing the socket as intended vs. a malicious intermediary interrupting things, and may result in spurious error messages. Or, we can end up with a deadlock where both ends are stuck on a read() from the other end but neither gets an EOF. Thus, after any time a client sends NBD_OPT_ABORT or NBD_CMD_DISC, or a server has finished replying (where appropriate) to such a request, it is worth informing the channel that we will not be transmitting anything else. Signed-off-by: Eric Blake --- block/nbd.c | 1 + nbd/client.c | 3 ++- nbd/server.c | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/block/nbd.c b/block/nbd.c index 2160859f6499..2906484390f9 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -1402,6 +1402,7 @@ static void nbd_client_close(BlockDriverState *bs) if (s->ioc) { nbd_send_request(s->ioc, &request); + qio_channel_shutdown(s->ioc, QIO_CHANNEL_SHUTDOWN_WRITE, NULL); } nbd_teardown_connection(bs); diff --git a/nbd/client.c b/nbd/client.c index ba173108baab..1b8b3a9ae3bd 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. + * Copyright (C) 2016-2020 Red Hat, Inc. * Copyright (C) 2005 Anthony Liguori * * Network Block Device Client Side @@ -103,6 +103,7 @@ static void nbd_send_opt_abort(QIOChannel *ioc) * even care if the request makes it to the server, let alone * waiting around for whether the server replies. */ nbd_send_option_request(ioc, NBD_OPT_ABORT, 0, NULL, NULL); + qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_WRITE, NULL); } diff --git a/nbd/server.c b/nbd/server.c index 02b1ed080145..e21a1f662cc2 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -1168,6 +1168,8 @@ static int nbd_negotiate_options(NBDClient *client, Error **errp) "Option 0x%" PRIx32 " not permitted before TLS", option); if (option == NBD_OPT_ABORT) { + qio_channel_shutdown(client->ioc, + QIO_CHANNEL_SHUTDOWN_WRITE, NULL); return 1; } break; @@ -1187,6 +1189,8 @@ static int nbd_negotiate_options(NBDClient *client, Error **errp) * disconnecting, but that we must also tolerate * guests that don't wait for our reply. */ nbd_negotiate_send_rep(client, NBD_REP_ACK, NULL); + qio_channel_shutdown(client->ioc, + QIO_CHANNEL_SHUTDOWN_WRITE, NULL); return 1; case NBD_OPT_EXPORT_NAME: