• Eric Blake's avatar
    nbd: Fix regression on resiliency to port scan · 0c9390d9
    Eric Blake authored
    Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
    server would not quit, regardless of how many probe connections
    came and went, until a connection actually negotiated).  But we
    broke that in commit ee7d7aab when removing the return value to
    nbd_client_new(), although that patch also introduced a bug causing
    an assertion failure on a client that fails negotiation.  We then
    made it worse during refactoring in commit 1a6245a5 (a segfault
    before we could even assert); the (masked) assertion was cleaned
    up in d3780c2d (still in 2.6), and just recently we finally fixed
    the segfault ("nbd: Fully intialize client in case of failed
    negotiation").  But that still means that ever since we added
    TLS support to qemu-nbd, we have been vulnerable to an ill-timed
    port-scan being able to cause a denial of service by taking down
    qemu-nbd before a real client has a chance to connect.
    
    Since negotiation is now handled asynchronously via coroutines,
    we no longer have a synchronous point of return by re-adding a
    return value to nbd_client_new().  So this patch instead wires
    things up to pass the negotiation status through the close_fn
    callback function.
    
    Simple test across two terminals:
    $ qemu-nbd -f raw -p 30001 file
    $ nmap 127.0.0.1 -p 30001 && \
      qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
    
    Note that this patch does not change what constitutes successful
    negotiation (thus, a client must enter transmission phase before
    that client can be considered as a reason to terminate the server
    when the connection ends).  Perhaps we may want to tweak things
    in a later patch to also treat a client that uses NBD_OPT_ABORT
    as being a 'successful' negotiation (the client correctly talked
    the NBD protocol, and informed us it was not going to use our
    export after all), but that's a discussion for another day.
    
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614Signed-off-by: 's avatarEric Blake <eblake@redhat.com>
    Message-Id: <20170608222617.20376-1-eblake@redhat.com>
    Signed-off-by: 's avatarPaolo Bonzini <pbonzini@redhat.com>
    0c9390d9
Name
Last commit
Last update
..
block Loading commit data...
chardev Loading commit data...
crypto Loading commit data...
disas Loading commit data...
exec Loading commit data...
fpu Loading commit data...
hw Loading commit data...
io Loading commit data...
libdecnumber Loading commit data...
migration Loading commit data...
monitor Loading commit data...
net Loading commit data...
qapi Loading commit data...
qemu Loading commit data...
qom Loading commit data...
standard-headers Loading commit data...
sysemu Loading commit data...
ui Loading commit data...
elf.h Loading commit data...
glib-compat.h Loading commit data...
qemu-common.h Loading commit data...
qemu-io.h Loading commit data...
trace-tcg.h Loading commit data...