[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detect
From: |
Eric Blake |
Subject: |
[Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected |
Date: |
Thu, 10 Aug 2017 21:37:57 -0500 |
As soon as the server is sending us garbage, we should quit
trying to send further messages to the server, and allow all
pending coroutines for any remaining replies to error out.
Failure to do so can let a malicious server cause the client
to hang, for example, if the server sends an invalid magic
number in its response.
Reported by: Vladimir Sementsov-Ogievskiy <address@hidden>
Signed-off-by: Eric Blake <address@hidden>
---
block/nbd-client.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/block/nbd-client.c b/block/nbd-client.c
index 25dd28406b..802d50b636 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -68,7 +68,8 @@ static void nbd_teardown_connection(BlockDriverState *bs)
static coroutine_fn void nbd_read_reply_entry(void *opaque)
{
- NBDClientSession *s = opaque;
+ BlockDriverState *bs = opaque;
+ NBDClientSession *s = nbd_get_client_session(bs);
uint64_t i;
int ret;
Error *local_err = NULL;
@@ -107,8 +108,12 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
qemu_coroutine_yield();
}
+ s->reply.handle = 0;
nbd_recv_coroutines_enter_all(s);
s->read_reply_co = NULL;
+ if (ret < 0) {
+ nbd_teardown_connection(bs);
+ }
}
static int nbd_co_send_request(BlockDriverState *bs,
@@ -416,7 +421,7 @@ int nbd_client_init(BlockDriverState *bs,
/* Now that we're connected, set the socket to be non-blocking and
* kick the reply mechanism. */
qio_channel_set_blocking(QIO_CHANNEL(sioc), false, NULL);
- client->read_reply_co = qemu_coroutine_create(nbd_read_reply_entry,
client);
+ client->read_reply_co = qemu_coroutine_create(nbd_read_reply_entry, bs);
nbd_client_attach_aio_context(bs, bdrv_get_aio_context(bs));
logout("Established connection with NBD server\n");
--
2.13.4
- [Qemu-devel] [PATCH for-2.10 0/2] Fix NBD client after server error, Eric Blake, 2017/08/10
- [Qemu-devel] [PATCH 2/2] HACK: define NBD_SERVER_DEBUG to force malicious server, Eric Blake, 2017/08/10
- [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected,
Eric Blake <=
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Vladimir Sementsov-Ogievskiy, 2017/08/11
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Eric Blake, 2017/08/11
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Vladimir Sementsov-Ogievskiy, 2017/08/11
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Eric Blake, 2017/08/11
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Eric Blake, 2017/08/11
- Re: [Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected, Eric Blake, 2017/08/11
Re: [Qemu-devel] [PATCH for-2.10 0/2] Fix NBD client after server error, Eric Blake, 2017/08/11