• Eric Blake's avatar
    nbd: Fix regression on resiliency to port scan · 0c9390d9
    Eric Blake authored
    Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
    server would not quit, regardless of how many probe connections
    came and went, until a connection actually negotiated).  But we
    broke that in commit ee7d7aab when removing the return value to
    nbd_client_new(), although that patch also introduced a bug causing
    an assertion failure on a client that fails negotiation.  We then
    made it worse during refactoring in commit 1a6245a5 (a segfault
    before we could even assert); the (masked) assertion was cleaned
    up in d3780c2d (still in 2.6), and just recently we finally fixed
    the segfault ("nbd: Fully intialize client in case of failed
    negotiation").  But that still means that ever since we added
    TLS support to qemu-nbd, we have been vulnerable to an ill-timed
    port-scan being able to cause a denial of service by taking down
    qemu-nbd before a real client has a chance to connect.
    
    Since negotiation is now handled asynchronously via coroutines,
    we no longer have a synchronous point of return by re-adding a
    return value to nbd_client_new().  So this patch instead wires
    things up to pass the negotiation status through the close_fn
    callback function.
    
    Simple test across two terminals:
    $ qemu-nbd -f raw -p 30001 file
    $ nmap 127.0.0.1 -p 30001 && \
      qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
    
    Note that this patch does not change what constitutes successful
    negotiation (thus, a client must enter transmission phase before
    that client can be considered as a reason to terminate the server
    when the connection ends).  Perhaps we may want to tweak things
    in a later patch to also treat a client that uses NBD_OPT_ABORT
    as being a 'successful' negotiation (the client correctly talked
    the NBD protocol, and informed us it was not going to use our
    export after all), but that's a discussion for another day.
    
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614Signed-off-by: 's avatarEric Blake <eblake@redhat.com>
    Message-Id: <20170608222617.20376-1-eblake@redhat.com>
    Signed-off-by: 's avatarPaolo Bonzini <pbonzini@redhat.com>
    0c9390d9
Name
Last commit
Last update
audio Loading commit data...
backends Loading commit data...
block Loading commit data...
bsd-user Loading commit data...
chardev Loading commit data...
contrib Loading commit data...
crypto Loading commit data...
default-configs Loading commit data...
disas Loading commit data...
docs Loading commit data...
dtc @ 558cd81b Loading commit data...
fpu Loading commit data...
fsdev Loading commit data...
gdb-xml Loading commit data...
hw Loading commit data...
include Loading commit data...
io Loading commit data...
libdecnumber Loading commit data...
linux-headers Loading commit data...
linux-user Loading commit data...
migration Loading commit data...
nbd Loading commit data...
net Loading commit data...
pc-bios Loading commit data...
pixman @ 87eea99e Loading commit data...
po Loading commit data...
qapi Loading commit data...
qga Loading commit data...
qobject Loading commit data...
qom Loading commit data...
replay Loading commit data...
roms Loading commit data...
scripts Loading commit data...
slirp Loading commit data...
stubs Loading commit data...
target Loading commit data...
tcg Loading commit data...
tests Loading commit data...
trace Loading commit data...
ui Loading commit data...
util Loading commit data...
.dir-locals.el Loading commit data...
.exrc Loading commit data...
.gdbinit Loading commit data...
.gitignore Loading commit data...
.gitmodules Loading commit data...
.mailmap Loading commit data...
.shippable.yml Loading commit data...
.travis.yml Loading commit data...
CODING_STYLE Loading commit data...
COPYING Loading commit data...
COPYING.LIB Loading commit data...
Changelog Loading commit data...
HACKING Loading commit data...
LICENSE Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
Makefile.objs Loading commit data...
Makefile.target Loading commit data...
README Loading commit data...
VERSION Loading commit data...
accel.c Loading commit data...
arch_init.c Loading commit data...
atomic_template.h Loading commit data...
balloon.c Loading commit data...
block.c Loading commit data...
blockdev-nbd.c Loading commit data...
blockdev.c Loading commit data...
blockjob.c Loading commit data...
bootdevice.c Loading commit data...
bt-host.c Loading commit data...
bt-vhci.c Loading commit data...
configure Loading commit data...
cpu-exec-common.c Loading commit data...
cpu-exec.c Loading commit data...
cpus-common.c Loading commit data...
cpus.c Loading commit data...
cputlb.c Loading commit data...
device-hotplug.c Loading commit data...
device_tree.c Loading commit data...
disas.c Loading commit data...
dma-helpers.c Loading commit data...
dump.c Loading commit data...
exec.c Loading commit data...
gdbstub.c Loading commit data...
hax-stub.c Loading commit data...
hmp-commands-info.hx Loading commit data...
hmp-commands.hx Loading commit data...
hmp.c Loading commit data...
hmp.h Loading commit data...
ioport.c Loading commit data...
iothread.c Loading commit data...
kvm-all.c Loading commit data...
kvm-stub.c Loading commit data...
memory.c Loading commit data...
memory_ldst.inc.c Loading commit data...
memory_mapping.c Loading commit data...
module-common.c Loading commit data...
monitor.c Loading commit data...
numa.c Loading commit data...
os-posix.c Loading commit data...
os-win32.c Loading commit data...
qapi-schema.json Loading commit data...
qdev-monitor.c Loading commit data...
qdict-test-data.txt Loading commit data...
qemu-bridge-helper.c Loading commit data...
qemu-doc.texi Loading commit data...
qemu-ga.texi Loading commit data...
qemu-img-cmds.hx Loading commit data...
qemu-img.c Loading commit data...
qemu-img.texi Loading commit data...
qemu-io-cmds.c Loading commit data...
qemu-io.c Loading commit data...
qemu-nbd.c Loading commit data...
qemu-nbd.texi Loading commit data...
qemu-option-trace.texi Loading commit data...
qemu-options-wrapper.h Loading commit data...
qemu-options.h Loading commit data...
qemu-options.hx Loading commit data...
qemu-seccomp.c Loading commit data...
qemu-tech.texi Loading commit data...
qemu.nsi Loading commit data...
qemu.sasl Loading commit data...
qmp.c Loading commit data...
qtest.c Loading commit data...
replication.c Loading commit data...
replication.h Loading commit data...
rules.mak Loading commit data...
softmmu_template.h Loading commit data...
tcg-runtime.c Loading commit data...
tci.c Loading commit data...
thunk.c Loading commit data...
tpm.c Loading commit data...
trace-events Loading commit data...
translate-all.c Loading commit data...
translate-all.h Loading commit data...
translate-common.c Loading commit data...
user-exec-stub.c Loading commit data...
user-exec.c Loading commit data...
version.rc Loading commit data...
vl.c Loading commit data...