• Eric Blake's avatar
    nbd: Fix regression on resiliency to port scan · 0c9390d9
    Eric Blake authored
    Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
    server would not quit, regardless of how many probe connections
    came and went, until a connection actually negotiated).  But we
    broke that in commit ee7d7aab when removing the return value to
    nbd_client_new(), although that patch also introduced a bug causing
    an assertion failure on a client that fails negotiation.  We then
    made it worse during refactoring in commit 1a6245a5 (a segfault
    before we could even assert); the (masked) assertion was cleaned
    up in d3780c2d (still in 2.6), and just recently we finally fixed
    the segfault ("nbd: Fully intialize client in case of failed
    negotiation").  But that still means that ever since we added
    TLS support to qemu-nbd, we have been vulnerable to an ill-timed
    port-scan being able to cause a denial of service by taking down
    qemu-nbd before a real client has a chance to connect.
    
    Since negotiation is now handled asynchronously via coroutines,
    we no longer have a synchronous point of return by re-adding a
    return value to nbd_client_new().  So this patch instead wires
    things up to pass the negotiation status through the close_fn
    callback function.
    
    Simple test across two terminals:
    $ qemu-nbd -f raw -p 30001 file
    $ nmap 127.0.0.1 -p 30001 && \
      qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
    
    Note that this patch does not change what constitutes successful
    negotiation (thus, a client must enter transmission phase before
    that client can be considered as a reason to terminate the server
    when the connection ends).  Perhaps we may want to tweak things
    in a later patch to also treat a client that uses NBD_OPT_ABORT
    as being a 'successful' negotiation (the client correctly talked
    the NBD protocol, and informed us it was not going to use our
    export after all), but that's a discussion for another day.
    
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614Signed-off-by: 's avatarEric Blake <eblake@redhat.com>
    Message-Id: <20170608222617.20376-1-eblake@redhat.com>
    Signed-off-by: 's avatarPaolo Bonzini <pbonzini@redhat.com>
    0c9390d9
Name
Last commit
Last update
..
Makefile.objs Loading commit data...
client.c Loading commit data...
common.c Loading commit data...
nbd-internal.h Loading commit data...
server.c Loading commit data...