2019-05-24 10:03:47 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* Network block device - make block devices work over TCP
|
|
|
|
*
|
|
|
|
* Note that you can not swap over this thing, yet. Seems to work but
|
|
|
|
* deadlocks sometimes - you can not swap over TCP in general.
|
|
|
|
*
|
2010-07-18 12:27:13 +00:00
|
|
|
* Copyright 1997-2000, 2008 Pavel Machek <pavel@ucw.cz>
|
2005-04-16 22:20:36 +00:00
|
|
|
* Parts copyright 2001 Steven Whitehouse <steve@chygwyn.com>
|
|
|
|
*
|
2006-06-25 12:47:42 +00:00
|
|
|
* (part of code stolen from loop.c)
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
|
2022-07-23 08:24:27 +00:00
|
|
|
#define pr_fmt(fmt) "nbd: " fmt
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/major.h>
|
|
|
|
|
|
|
|
#include <linux/blkdev.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/sched.h>
|
2017-05-08 22:59:53 +00:00
|
|
|
#include <linux/sched/mm.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/bio.h>
|
|
|
|
#include <linux/stat.h>
|
|
|
|
#include <linux/errno.h>
|
|
|
|
#include <linux/file.h>
|
|
|
|
#include <linux/ioctl.h>
|
2010-06-02 12:28:52 +00:00
|
|
|
#include <linux/mutex.h>
|
2006-01-06 08:09:47 +00:00
|
|
|
#include <linux/compiler.h>
|
2019-09-17 11:56:06 +00:00
|
|
|
#include <linux/completion.h>
|
2006-01-06 08:09:47 +00:00
|
|
|
#include <linux/err.h>
|
|
|
|
#include <linux/kernel.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 08:04:11 +00:00
|
|
|
#include <linux/slab.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <net/sock.h>
|
2007-11-13 02:10:39 +00:00
|
|
|
#include <linux/net.h>
|
2008-04-29 08:02:46 +00:00
|
|
|
#include <linux/kthread.h>
|
2015-04-02 08:11:37 +00:00
|
|
|
#include <linux/types.h>
|
2015-08-17 06:20:06 +00:00
|
|
|
#include <linux/debugfs.h>
|
2016-09-08 19:33:37 +00:00
|
|
|
#include <linux/blk-mq.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2016-12-24 19:46:01 +00:00
|
|
|
#include <linux/uaccess.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <asm/types.h>
|
|
|
|
|
|
|
|
#include <linux/nbd.h>
|
2017-04-06 21:02:00 +00:00
|
|
|
#include <linux/nbd-netlink.h>
|
|
|
|
#include <net/genetlink.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2019-04-26 18:49:48 +00:00
|
|
|
#define CREATE_TRACE_POINTS
|
|
|
|
#include <trace/events/nbd.h>
|
|
|
|
|
2017-02-01 21:11:40 +00:00
|
|
|
static DEFINE_IDR(nbd_index_idr);
|
|
|
|
static DEFINE_MUTEX(nbd_index_mutex);
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
static struct workqueue_struct *nbd_del_wq;
|
2017-04-06 21:02:05 +00:00
|
|
|
static int nbd_total_devices = 0;
|
2017-02-01 21:11:40 +00:00
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
struct nbd_sock {
|
|
|
|
struct socket *sock;
|
|
|
|
struct mutex tx_lock;
|
2017-03-24 18:08:26 +00:00
|
|
|
struct request *pending;
|
|
|
|
int sent;
|
2017-04-06 21:01:57 +00:00
|
|
|
bool dead;
|
|
|
|
int fallback_index;
|
2017-04-06 21:02:02 +00:00
|
|
|
int cookie;
|
2016-11-22 19:04:40 +00:00
|
|
|
};
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
struct recv_thread_args {
|
|
|
|
struct work_struct work;
|
|
|
|
struct nbd_device *nbd;
|
2023-09-11 02:33:08 +00:00
|
|
|
struct nbd_sock *nsock;
|
2017-04-06 21:01:58 +00:00
|
|
|
int index;
|
|
|
|
};
|
|
|
|
|
2017-04-06 21:02:02 +00:00
|
|
|
struct link_dead_args {
|
|
|
|
struct work_struct work;
|
|
|
|
int index;
|
|
|
|
};
|
|
|
|
|
2019-09-17 11:56:05 +00:00
|
|
|
#define NBD_RT_TIMEDOUT 0
|
|
|
|
#define NBD_RT_DISCONNECT_REQUESTED 1
|
|
|
|
#define NBD_RT_DISCONNECTED 2
|
|
|
|
#define NBD_RT_HAS_PID_FILE 3
|
|
|
|
#define NBD_RT_HAS_CONFIG_REF 4
|
|
|
|
#define NBD_RT_BOUND 5
|
2021-02-22 20:09:53 +00:00
|
|
|
#define NBD_RT_DISCONNECT_ON_CLOSE 6
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
#define NBD_RT_HAS_BACKEND_FILE 7
|
2016-09-08 19:33:39 +00:00
|
|
|
|
2019-09-17 11:56:06 +00:00
|
|
|
#define NBD_DESTROY_ON_DISCONNECT 0
|
|
|
|
#define NBD_DISCONNECT_REQUESTED 1
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config {
|
2015-08-17 06:20:09 +00:00
|
|
|
u32 flags;
|
2016-09-08 19:33:39 +00:00
|
|
|
unsigned long runtime_flags;
|
2017-04-06 21:02:04 +00:00
|
|
|
u64 dead_conn_timeout;
|
2015-04-02 08:11:35 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_sock **socks;
|
2016-11-22 19:04:40 +00:00
|
|
|
int num_connections;
|
2017-04-06 21:02:04 +00:00
|
|
|
atomic_t live_connections;
|
|
|
|
wait_queue_head_t conn_wait;
|
2017-04-06 21:01:58 +00:00
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
atomic_t recv_threads;
|
|
|
|
wait_queue_head_t recv_wq;
|
2021-09-20 23:25:33 +00:00
|
|
|
unsigned int blksize_bits;
|
2015-04-02 08:11:37 +00:00
|
|
|
loff_t bytesize;
|
2015-08-17 06:20:06 +00:00
|
|
|
#if IS_ENABLED(CONFIG_DEBUG_FS)
|
|
|
|
struct dentry *dbg_dir;
|
|
|
|
#endif
|
2015-04-02 08:11:35 +00:00
|
|
|
};
|
|
|
|
|
2021-09-20 23:25:33 +00:00
|
|
|
static inline unsigned int nbd_blksize(struct nbd_config *config)
|
|
|
|
{
|
|
|
|
return 1u << config->blksize_bits;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_device {
|
|
|
|
struct blk_mq_tag_set tag_set;
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
int index;
|
2017-04-06 21:01:58 +00:00
|
|
|
refcount_t config_refs;
|
2017-04-06 21:02:06 +00:00
|
|
|
refcount_t refs;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config;
|
|
|
|
struct mutex config_lock;
|
|
|
|
struct gendisk *disk;
|
2019-08-04 19:10:06 +00:00
|
|
|
struct workqueue_struct *recv_workq;
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
struct work_struct remove_work;
|
2017-04-06 21:01:58 +00:00
|
|
|
|
2017-04-06 21:02:06 +00:00
|
|
|
struct list_head list;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct task_struct *task_setup;
|
2019-09-17 11:56:06 +00:00
|
|
|
|
|
|
|
unsigned long flags;
|
2021-10-20 07:39:59 +00:00
|
|
|
pid_t pid; /* pid of nbd-client, if attached */
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
|
|
|
|
char *backend;
|
2017-04-06 21:01:58 +00:00
|
|
|
};
|
|
|
|
|
2018-07-16 16:11:34 +00:00
|
|
|
#define NBD_CMD_REQUEUED 1
|
2021-09-16 09:33:44 +00:00
|
|
|
/*
|
|
|
|
* This flag will be set if nbd_queue_rq() succeed, and will be checked and
|
|
|
|
* cleared in completion. Both setting and clearing of the flag are protected
|
|
|
|
* by cmd->lock.
|
|
|
|
*/
|
|
|
|
#define NBD_CMD_INFLIGHT 2
|
2018-07-16 16:11:34 +00:00
|
|
|
|
2016-09-08 19:33:37 +00:00
|
|
|
struct nbd_cmd {
|
|
|
|
struct nbd_device *nbd;
|
2018-07-16 16:11:35 +00:00
|
|
|
struct mutex lock;
|
2017-04-06 21:01:57 +00:00
|
|
|
int index;
|
2017-04-06 21:02:02 +00:00
|
|
|
int cookie;
|
2019-08-13 16:39:52 +00:00
|
|
|
int retries;
|
2017-06-03 07:38:04 +00:00
|
|
|
blk_status_t status;
|
2018-07-16 16:11:34 +00:00
|
|
|
unsigned long flags;
|
2018-07-16 16:11:35 +00:00
|
|
|
u32 cmd_cookie;
|
2016-09-08 19:33:37 +00:00
|
|
|
};
|
|
|
|
|
2015-08-17 06:20:06 +00:00
|
|
|
#if IS_ENABLED(CONFIG_DEBUG_FS)
|
|
|
|
static struct dentry *nbd_dbg_dir;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define nbd_name(nbd) ((nbd)->disk->disk_name)
|
|
|
|
|
2021-09-20 23:25:33 +00:00
|
|
|
#define NBD_DEF_BLKSIZE_BITS 10
|
2019-05-29 20:16:05 +00:00
|
|
|
|
2006-07-01 11:36:36 +00:00
|
|
|
static unsigned int nbds_max = 16;
|
2017-08-14 18:56:16 +00:00
|
|
|
static int max_part = 16;
|
2017-02-01 21:11:40 +00:00
|
|
|
static int part_shift;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-02-07 22:10:22 +00:00
|
|
|
static int nbd_dev_dbg_init(struct nbd_device *nbd);
|
|
|
|
static void nbd_dev_dbg_close(struct nbd_device *nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
static void nbd_config_put(struct nbd_device *nbd);
|
2017-04-06 21:02:00 +00:00
|
|
|
static void nbd_connect_reply(struct genl_info *info, int index);
|
2017-04-06 21:02:05 +00:00
|
|
|
static int nbd_genl_status(struct sk_buff *skb, struct genl_info *info);
|
2017-04-06 21:02:02 +00:00
|
|
|
static void nbd_dead_link_work(struct work_struct *work);
|
2018-06-15 21:05:32 +00:00
|
|
|
static void nbd_disconnect_and_put(struct nbd_device *nbd);
|
2017-02-07 22:10:22 +00:00
|
|
|
|
2015-04-02 08:11:38 +00:00
|
|
|
static inline struct device *nbd_to_dev(struct nbd_device *nbd)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2015-04-02 08:11:38 +00:00
|
|
|
return disk_to_dev(nbd->disk);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2018-07-16 16:11:34 +00:00
|
|
|
static void nbd_requeue_cmd(struct nbd_cmd *cmd)
|
|
|
|
{
|
|
|
|
struct request *req = blk_mq_rq_from_pdu(cmd);
|
|
|
|
|
|
|
|
if (!test_and_set_bit(NBD_CMD_REQUEUED, &cmd->flags))
|
|
|
|
blk_mq_requeue_request(req, true);
|
|
|
|
}
|
|
|
|
|
2018-07-16 16:11:35 +00:00
|
|
|
#define NBD_COOKIE_BITS 32
|
|
|
|
|
|
|
|
static u64 nbd_cmd_handle(struct nbd_cmd *cmd)
|
|
|
|
{
|
|
|
|
struct request *req = blk_mq_rq_from_pdu(cmd);
|
|
|
|
u32 tag = blk_mq_unique_tag(req);
|
|
|
|
u64 cookie = cmd->cmd_cookie;
|
|
|
|
|
|
|
|
return (cookie << NBD_COOKIE_BITS) | tag;
|
|
|
|
}
|
|
|
|
|
|
|
|
static u32 nbd_handle_to_tag(u64 handle)
|
|
|
|
{
|
|
|
|
return (u32)handle;
|
|
|
|
}
|
|
|
|
|
|
|
|
static u32 nbd_handle_to_cookie(u64 handle)
|
|
|
|
{
|
|
|
|
return (u32)(handle >> NBD_COOKIE_BITS);
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
static const char *nbdcmd_to_ascii(int cmd)
|
|
|
|
{
|
|
|
|
switch (cmd) {
|
|
|
|
case NBD_CMD_READ: return "read";
|
|
|
|
case NBD_CMD_WRITE: return "write";
|
|
|
|
case NBD_CMD_DISC: return "disconnect";
|
nbd: support FLUSH requests
Currently, the NBD device does not accept flush requests from the Linux
block layer. If the NBD server opened the target with neither O_SYNC nor
O_DSYNC, however, the device will be effectively backed by a writeback
cache. Without issuing flushes properly, operation of the NBD device will
not be safe against power losses.
The NBD protocol has support for both a cache flush command and a FUA
command flag; the server will also pass a flag to note its support for
these features. This patch adds support for the cache flush command and
flag. In the kernel, we receive the flags via the NBD_SET_FLAGS ioctl,
and map NBD_FLAG_SEND_FLUSH to the argument of blk_queue_flush. When the
flag is active the block layer will send REQ_FLUSH requests, which we
translate to NBD_CMD_FLUSH commands.
FUA support is not included in this patch because all free software
servers implement it with a full fdatasync; thus it has no advantage over
supporting flush only. Because I [Paolo] cannot really benchmark it in a
realistic scenario, I cannot tell if it is a good idea or not. It is also
not clear if it is valid for an NBD server to support FUA but not flush.
The Linux block layer gives a warning for this combination, the NBD
protocol documentation says nothing about it.
The patch also fixes a small problem in the handling of flags: nbd->flags
must be cleared at the end of NBD_DO_IT, but the driver was not doing
that. The bug manifests itself as follows. Suppose you two different
client/server pairs to start the NBD device. Suppose also that the first
client supports NBD_SET_FLAGS, and the first server sends
NBD_FLAG_SEND_FLUSH; the second pair instead does neither of these two
things. Before this patch, the second invocation of NBD_DO_IT will use a
stale value of nbd->flags, and the second server will issue an error every
time it receives an NBD_CMD_FLUSH command.
This bug is pre-existing, but it becomes much more important after this
patch; flush failures make the device pretty much unusable, unlike
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Acked-by: Paul Clements <Paul.Clements@steeleye.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 01:05:23 +00:00
|
|
|
case NBD_CMD_FLUSH: return "flush";
|
2012-10-05 00:16:18 +00:00
|
|
|
case NBD_CMD_TRIM: return "trim/discard";
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
return "invalid";
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
static ssize_t pid_show(struct device *dev,
|
|
|
|
struct device_attribute *attr, char *buf)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = dev_to_disk(dev);
|
|
|
|
struct nbd_device *nbd = (struct nbd_device *)disk->private_data;
|
|
|
|
|
2021-10-20 07:39:59 +00:00
|
|
|
return sprintf(buf, "%d\n", nbd->pid);
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
|
|
|
|
2017-08-21 11:43:08 +00:00
|
|
|
static const struct device_attribute pid_attr = {
|
2018-05-24 19:38:59 +00:00
|
|
|
.attr = { .name = "pid", .mode = 0444},
|
2017-04-06 21:01:58 +00:00
|
|
|
.show = pid_show,
|
|
|
|
};
|
|
|
|
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
static ssize_t backend_show(struct device *dev,
|
|
|
|
struct device_attribute *attr, char *buf)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = dev_to_disk(dev);
|
|
|
|
struct nbd_device *nbd = (struct nbd_device *)disk->private_data;
|
|
|
|
|
|
|
|
return sprintf(buf, "%s\n", nbd->backend ?: "");
|
|
|
|
}
|
|
|
|
|
|
|
|
static const struct device_attribute backend_attr = {
|
|
|
|
.attr = { .name = "backend", .mode = 0444},
|
|
|
|
.show = backend_show,
|
|
|
|
};
|
|
|
|
|
2017-04-06 21:02:06 +00:00
|
|
|
static void nbd_dev_remove(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = nbd->disk;
|
2018-05-16 18:51:17 +00:00
|
|
|
|
2021-08-11 12:44:25 +00:00
|
|
|
del_gendisk(disk);
|
|
|
|
blk_mq_free_tag_set(&nbd->tag_set);
|
2019-09-17 11:56:06 +00:00
|
|
|
|
|
|
|
/*
|
2021-08-11 12:44:24 +00:00
|
|
|
* Remove from idr after del_gendisk() completes, so if the same ID is
|
|
|
|
* reused, the following add_disk() will succeed.
|
2019-09-17 11:56:06 +00:00
|
|
|
*/
|
2021-08-11 12:44:24 +00:00
|
|
|
mutex_lock(&nbd_index_mutex);
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
idr_remove(&nbd_index_idr, nbd->index);
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
destroy_workqueue(nbd->recv_workq);
|
2023-11-07 10:34:35 +00:00
|
|
|
put_disk(disk);
|
2017-04-06 21:02:06 +00:00
|
|
|
}
|
|
|
|
|
2021-08-11 12:44:24 +00:00
|
|
|
static void nbd_dev_remove_work(struct work_struct *work)
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
{
|
2021-08-11 12:44:24 +00:00
|
|
|
nbd_dev_remove(container_of(work, struct nbd_device, remove_work));
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:06 +00:00
|
|
|
static void nbd_put(struct nbd_device *nbd)
|
|
|
|
{
|
2021-08-11 12:44:24 +00:00
|
|
|
if (!refcount_dec_and_test(&nbd->refs))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* Call del_gendisk() asynchrounously to prevent deadlock */
|
|
|
|
if (test_bit(NBD_DESTROY_ON_DISCONNECT, &nbd->flags))
|
|
|
|
queue_work(nbd_del_wq, &nbd->remove_work);
|
|
|
|
else
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_dev_remove(nbd);
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:02 +00:00
|
|
|
static int nbd_disconnected(struct nbd_config *config)
|
|
|
|
{
|
2019-09-17 11:56:05 +00:00
|
|
|
return test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags) ||
|
|
|
|
test_bit(NBD_RT_DISCONNECT_REQUESTED, &config->runtime_flags);
|
2017-04-06 21:02:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_mark_nsock_dead(struct nbd_device *nbd, struct nbd_sock *nsock,
|
|
|
|
int notify)
|
2017-04-06 21:01:57 +00:00
|
|
|
{
|
2017-04-06 21:02:02 +00:00
|
|
|
if (!nsock->dead && notify && !nbd_disconnected(nbd->config)) {
|
|
|
|
struct link_dead_args *args;
|
|
|
|
args = kmalloc(sizeof(struct link_dead_args), GFP_NOIO);
|
|
|
|
if (args) {
|
|
|
|
INIT_WORK(&args->work, nbd_dead_link_work);
|
|
|
|
args->index = nbd->index;
|
|
|
|
queue_work(system_wq, &args->work);
|
|
|
|
}
|
|
|
|
}
|
2017-04-06 21:02:04 +00:00
|
|
|
if (!nsock->dead) {
|
2017-04-06 21:01:57 +00:00
|
|
|
kernel_sock_shutdown(nsock->sock, SHUT_RDWR);
|
2018-05-30 16:45:11 +00:00
|
|
|
if (atomic_dec_return(&nbd->config->live_connections) == 0) {
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_and_clear_bit(NBD_RT_DISCONNECT_REQUESTED,
|
2018-05-30 16:45:11 +00:00
|
|
|
&nbd->config->runtime_flags)) {
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_DISCONNECTED,
|
2018-05-30 16:45:11 +00:00
|
|
|
&nbd->config->runtime_flags);
|
|
|
|
dev_info(nbd_to_dev(nbd),
|
|
|
|
"Disconnected due to user request.\n");
|
|
|
|
}
|
|
|
|
}
|
2017-04-06 21:02:04 +00:00
|
|
|
}
|
2017-04-06 21:01:57 +00:00
|
|
|
nsock->dead = true;
|
|
|
|
nsock->pending = NULL;
|
|
|
|
nsock->sent = 0;
|
|
|
|
}
|
|
|
|
|
2024-02-29 14:38:45 +00:00
|
|
|
static int __nbd_set_size(struct nbd_device *nbd, loff_t bytesize,
|
2020-11-16 14:56:59 +00:00
|
|
|
loff_t blksize)
|
2015-07-27 05:36:49 +00:00
|
|
|
{
|
2024-02-29 14:38:46 +00:00
|
|
|
struct queue_limits lim;
|
|
|
|
int error;
|
|
|
|
|
2020-11-16 14:57:00 +00:00
|
|
|
if (!blksize)
|
2021-09-20 23:25:33 +00:00
|
|
|
blksize = 1u << NBD_DEF_BLKSIZE_BITS;
|
2021-10-26 14:40:13 +00:00
|
|
|
|
|
|
|
if (blk_validate_block_size(blksize))
|
2020-11-16 14:57:00 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
2023-02-06 14:58:05 +00:00
|
|
|
if (bytesize < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2020-11-16 14:56:59 +00:00
|
|
|
nbd->config->bytesize = bytesize;
|
2021-09-20 23:25:33 +00:00
|
|
|
nbd->config->blksize_bits = __ffs(blksize);
|
2020-11-16 14:56:59 +00:00
|
|
|
|
2021-10-20 07:39:59 +00:00
|
|
|
if (!nbd->pid)
|
2020-11-16 14:57:00 +00:00
|
|
|
return 0;
|
2018-05-16 18:51:19 +00:00
|
|
|
|
2024-02-29 14:38:46 +00:00
|
|
|
lim = queue_limits_start_update(nbd->disk->queue);
|
2023-12-28 07:55:41 +00:00
|
|
|
if (nbd->config->flags & NBD_FLAG_SEND_TRIM)
|
2024-02-29 14:38:46 +00:00
|
|
|
lim.max_hw_discard_sectors = UINT_MAX;
|
2024-02-29 14:38:44 +00:00
|
|
|
else
|
2024-02-29 14:38:46 +00:00
|
|
|
lim.max_hw_discard_sectors = 0;
|
|
|
|
lim.logical_block_size = blksize;
|
|
|
|
lim.physical_block_size = blksize;
|
|
|
|
error = queue_limits_commit_update(nbd->disk->queue, &lim);
|
|
|
|
if (error)
|
|
|
|
return error;
|
2020-11-16 14:56:58 +00:00
|
|
|
|
2020-12-17 08:58:47 +00:00
|
|
|
if (max_part)
|
|
|
|
set_bit(GD_NEED_PART_SCAN, &nbd->disk->state);
|
2020-11-16 14:57:01 +00:00
|
|
|
if (!set_capacity_and_notify(nbd->disk, bytesize >> 9))
|
|
|
|
kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE);
|
2020-11-16 14:57:00 +00:00
|
|
|
return 0;
|
2015-07-27 05:36:49 +00:00
|
|
|
}
|
|
|
|
|
2024-02-29 14:38:45 +00:00
|
|
|
static int nbd_set_size(struct nbd_device *nbd, loff_t bytesize,
|
|
|
|
loff_t blksize)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
blk_mq_freeze_queue(nbd->disk->queue);
|
|
|
|
error = __nbd_set_size(nbd, bytesize, blksize);
|
|
|
|
blk_mq_unfreeze_queue(nbd->disk->queue);
|
|
|
|
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2017-04-20 14:03:06 +00:00
|
|
|
static void nbd_complete_rq(struct request *req)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2017-04-20 14:03:06 +00:00
|
|
|
struct nbd_cmd *cmd = blk_mq_rq_to_pdu(req);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2018-06-04 16:40:12 +00:00
|
|
|
dev_dbg(nbd_to_dev(cmd->nbd), "request %p: %s\n", req,
|
2017-04-20 14:03:06 +00:00
|
|
|
cmd->status ? "failed" : "done");
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-04-20 14:03:06 +00:00
|
|
|
blk_mq_end_request(req, cmd->status);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2015-04-02 08:11:39 +00:00
|
|
|
/*
|
|
|
|
* Forcibly shutdown the socket causing all listeners to error
|
|
|
|
*/
|
2015-08-17 06:20:01 +00:00
|
|
|
static void sock_shutdown(struct nbd_device *nbd)
|
2007-10-17 06:27:37 +00:00
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2016-11-22 19:04:40 +00:00
|
|
|
int i;
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
if (config->num_connections == 0)
|
2016-11-22 19:04:40 +00:00
|
|
|
return;
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_and_set_bit(NBD_RT_DISCONNECTED, &config->runtime_flags))
|
2015-08-17 06:20:02 +00:00
|
|
|
return;
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
for (i = 0; i < config->num_connections; i++) {
|
|
|
|
struct nbd_sock *nsock = config->socks[i];
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_lock(&nsock->tx_lock);
|
2017-04-06 21:02:02 +00:00
|
|
|
nbd_mark_nsock_dead(nbd, nsock, 0);
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
}
|
|
|
|
dev_warn(disk_to_dev(nbd->disk), "shutting down sockets\n");
|
2007-10-17 06:27:37 +00:00
|
|
|
}
|
|
|
|
|
2019-08-13 16:39:50 +00:00
|
|
|
static u32 req_to_nbd_cmd_type(struct request *req)
|
|
|
|
{
|
|
|
|
switch (req_op(req)) {
|
|
|
|
case REQ_OP_DISCARD:
|
|
|
|
return NBD_CMD_TRIM;
|
|
|
|
case REQ_OP_FLUSH:
|
|
|
|
return NBD_CMD_FLUSH;
|
|
|
|
case REQ_OP_WRITE:
|
|
|
|
return NBD_CMD_WRITE;
|
|
|
|
case REQ_OP_READ:
|
|
|
|
return NBD_CMD_READ;
|
|
|
|
default:
|
|
|
|
return U32_MAX;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-16 16:23:15 +00:00
|
|
|
static struct nbd_config *nbd_get_config_unlocked(struct nbd_device *nbd)
|
|
|
|
{
|
2023-11-16 16:23:16 +00:00
|
|
|
if (refcount_inc_not_zero(&nbd->config_refs)) {
|
|
|
|
/*
|
|
|
|
* Add smp_mb__after_atomic to ensure that reading nbd->config_refs
|
|
|
|
* and reading nbd->config is ordered. The pair is the barrier in
|
|
|
|
* nbd_alloc_and_init_config(), avoid nbd->config_refs is set
|
|
|
|
* before nbd->config.
|
|
|
|
*/
|
|
|
|
smp_mb__after_atomic();
|
2023-11-16 16:23:15 +00:00
|
|
|
return nbd->config;
|
2023-11-16 16:23:16 +00:00
|
|
|
}
|
2023-11-16 16:23:15 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2022-07-06 12:03:51 +00:00
|
|
|
static enum blk_eh_timer_return nbd_xmit_timeout(struct request *req)
|
2007-10-17 06:27:37 +00:00
|
|
|
{
|
2016-09-08 19:33:40 +00:00
|
|
|
struct nbd_cmd *cmd = blk_mq_rq_to_pdu(req);
|
|
|
|
struct nbd_device *nbd = cmd->nbd;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config;
|
|
|
|
|
2019-10-21 19:56:27 +00:00
|
|
|
if (!mutex_trylock(&cmd->lock))
|
|
|
|
return BLK_EH_RESET_TIMER;
|
|
|
|
|
2022-05-21 07:37:46 +00:00
|
|
|
if (!test_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
|
2021-09-16 09:33:45 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
return BLK_EH_DONE;
|
|
|
|
}
|
|
|
|
|
2023-11-16 16:23:15 +00:00
|
|
|
config = nbd_get_config_unlocked(nbd);
|
|
|
|
if (!config) {
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_TIMEOUT;
|
2022-05-21 07:37:46 +00:00
|
|
|
__clear_bit(NBD_CMD_INFLIGHT, &cmd->flags);
|
2019-10-21 19:56:27 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
2018-05-29 13:52:31 +00:00
|
|
|
goto done;
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
2015-10-06 18:03:54 +00:00
|
|
|
|
2020-02-28 06:40:29 +00:00
|
|
|
if (config->num_connections > 1 ||
|
|
|
|
(config->num_connections == 1 && nbd->tag_set.timeout)) {
|
2017-04-06 21:01:57 +00:00
|
|
|
dev_err_ratelimited(nbd_to_dev(nbd),
|
2018-05-30 16:45:11 +00:00
|
|
|
"Connection timed out, retrying (%d/%d alive)\n",
|
|
|
|
atomic_read(&config->live_connections),
|
|
|
|
config->num_connections);
|
2017-04-06 21:01:57 +00:00
|
|
|
/*
|
|
|
|
* Hooray we have more connections, requeue this IO, the submit
|
2020-02-28 06:40:29 +00:00
|
|
|
* path will put it on a real connection. Or if only one
|
|
|
|
* connection is configured, the submit path will wait util
|
|
|
|
* a new connection is reconfigured or util dead timeout.
|
2017-04-06 21:01:57 +00:00
|
|
|
*/
|
2020-02-28 06:40:29 +00:00
|
|
|
if (config->socks) {
|
2017-04-06 21:01:58 +00:00
|
|
|
if (cmd->index < config->num_connections) {
|
2017-04-06 21:01:57 +00:00
|
|
|
struct nbd_sock *nsock =
|
2017-04-06 21:01:58 +00:00
|
|
|
config->socks[cmd->index];
|
2017-04-06 21:01:57 +00:00
|
|
|
mutex_lock(&nsock->tx_lock);
|
2017-04-06 21:02:02 +00:00
|
|
|
/* We can have multiple outstanding requests, so
|
|
|
|
* we don't want to mark the nsock dead if we've
|
|
|
|
* already reconnected with a new socket, so
|
|
|
|
* only mark it dead if its the same socket we
|
|
|
|
* were sent out on.
|
|
|
|
*/
|
|
|
|
if (cmd->cookie == nsock->cookie)
|
|
|
|
nbd_mark_nsock_dead(nbd, nsock, 1);
|
2017-04-06 21:01:57 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
2018-07-16 16:11:34 +00:00
|
|
|
nbd_requeue_cmd(cmd);
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd_config_put(nbd);
|
2018-05-29 13:52:29 +00:00
|
|
|
return BLK_EH_DONE;
|
2017-04-06 21:01:57 +00:00
|
|
|
}
|
|
|
|
}
|
2019-08-13 16:39:52 +00:00
|
|
|
|
|
|
|
if (!nbd->tag_set.timeout) {
|
|
|
|
/*
|
|
|
|
* Userspace sets timeout=0 to disable socket disconnection,
|
|
|
|
* so just warn and reset the timer.
|
|
|
|
*/
|
2020-02-28 06:40:30 +00:00
|
|
|
struct nbd_sock *nsock = config->socks[cmd->index];
|
2019-08-13 16:39:52 +00:00
|
|
|
cmd->retries++;
|
|
|
|
dev_info(nbd_to_dev(nbd), "Possible stuck request %p: control (%s@%llu,%uB). Runtime %u seconds\n",
|
|
|
|
req, nbdcmd_to_ascii(req_to_nbd_cmd_type(req)),
|
|
|
|
(unsigned long long)blk_rq_pos(req) << 9,
|
|
|
|
blk_rq_bytes(req), (req->timeout / HZ) * cmd->retries);
|
|
|
|
|
2020-02-28 06:40:30 +00:00
|
|
|
mutex_lock(&nsock->tx_lock);
|
|
|
|
if (cmd->cookie != nsock->cookie) {
|
|
|
|
nbd_requeue_cmd(cmd);
|
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
nbd_config_put(nbd);
|
|
|
|
return BLK_EH_DONE;
|
|
|
|
}
|
|
|
|
mutex_unlock(&nsock->tx_lock);
|
2019-08-13 16:39:52 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
nbd_config_put(nbd);
|
|
|
|
return BLK_EH_RESET_TIMER;
|
|
|
|
}
|
|
|
|
|
|
|
|
dev_err_ratelimited(nbd_to_dev(nbd), "Connection timed out\n");
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_TIMEDOUT, &config->runtime_flags);
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_IOERR;
|
2022-05-21 07:37:46 +00:00
|
|
|
__clear_bit(NBD_CMD_INFLIGHT, &cmd->flags);
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
2016-11-22 19:04:40 +00:00
|
|
|
sock_shutdown(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd_config_put(nbd);
|
2018-05-29 13:52:31 +00:00
|
|
|
done:
|
|
|
|
blk_mq_complete_request(req);
|
|
|
|
return BLK_EH_DONE;
|
2007-10-17 06:27:37 +00:00
|
|
|
}
|
|
|
|
|
2023-09-11 02:33:08 +00:00
|
|
|
static int __sock_xmit(struct nbd_device *nbd, struct socket *sock, int send,
|
|
|
|
struct iov_iter *iter, int msg_flags, int *sent)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
int result;
|
2024-01-12 13:26:57 +00:00
|
|
|
struct msghdr msg = {} ;
|
2017-05-08 22:59:53 +00:00
|
|
|
unsigned int noreclaim_flag;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2008-04-02 20:04:47 +00:00
|
|
|
if (unlikely(!sock)) {
|
2016-12-05 21:20:29 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
2011-08-19 12:48:22 +00:00
|
|
|
"Attempted %s on closed socket in sock_xmit\n",
|
|
|
|
(send ? "send" : "recv"));
|
2008-04-02 20:04:47 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2015-11-12 10:09:35 +00:00
|
|
|
msg.msg_iter = *iter;
|
2015-11-12 09:51:19 +00:00
|
|
|
|
2017-05-08 22:59:53 +00:00
|
|
|
noreclaim_flag = memalloc_noreclaim_save();
|
2005-04-16 22:20:36 +00:00
|
|
|
do {
|
2012-07-31 23:44:32 +00:00
|
|
|
sock->sk->sk_allocation = GFP_NOIO | __GFP_MEMALLOC;
|
2022-12-16 12:45:27 +00:00
|
|
|
sock->sk->sk_use_task_frag = false;
|
2005-04-16 22:20:36 +00:00
|
|
|
msg.msg_flags = msg_flags | MSG_NOSIGNAL;
|
|
|
|
|
2015-08-17 06:20:00 +00:00
|
|
|
if (send)
|
2015-11-12 09:51:19 +00:00
|
|
|
result = sock_sendmsg(sock, &msg);
|
2015-08-17 06:20:00 +00:00
|
|
|
else
|
2015-11-12 09:51:19 +00:00
|
|
|
result = sock_recvmsg(sock, &msg, msg.msg_flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
if (result <= 0) {
|
|
|
|
if (result == 0)
|
|
|
|
result = -EPIPE; /* short read */
|
|
|
|
break;
|
|
|
|
}
|
2017-03-24 18:08:26 +00:00
|
|
|
if (sent)
|
|
|
|
*sent += result;
|
2015-11-12 09:51:19 +00:00
|
|
|
} while (msg_data_left(&msg));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-05-08 22:59:53 +00:00
|
|
|
memalloc_noreclaim_restore(noreclaim_flag);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2023-09-11 02:33:08 +00:00
|
|
|
/*
|
|
|
|
* Send or receive packet. Return a positive value on success and
|
|
|
|
* negtive value on failure, and never return 0.
|
|
|
|
*/
|
|
|
|
static int sock_xmit(struct nbd_device *nbd, int index, int send,
|
|
|
|
struct iov_iter *iter, int msg_flags, int *sent)
|
|
|
|
{
|
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
struct socket *sock = config->socks[index]->sock;
|
|
|
|
|
|
|
|
return __sock_xmit(nbd, sock, send, iter, msg_flags, sent);
|
|
|
|
}
|
|
|
|
|
2017-10-24 19:57:18 +00:00
|
|
|
/*
|
|
|
|
* Different settings for sk->sk_sndtimeo can result in different return values
|
|
|
|
* if there is a signal pending when we enter sendmsg, because reasons?
|
|
|
|
*/
|
|
|
|
static inline int was_interrupted(int result)
|
|
|
|
{
|
|
|
|
return result == -ERESTARTSYS || result == -EINTR;
|
|
|
|
}
|
|
|
|
|
2007-10-17 06:27:37 +00:00
|
|
|
/* always call with the tx_lock held */
|
2016-11-22 19:04:40 +00:00
|
|
|
static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2016-09-08 19:33:37 +00:00
|
|
|
struct request *req = blk_mq_rq_from_pdu(cmd);
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
struct nbd_sock *nsock = config->socks[index];
|
2017-01-19 21:08:49 +00:00
|
|
|
int result;
|
2015-11-12 10:09:35 +00:00
|
|
|
struct nbd_request request = {.magic = htonl(NBD_REQUEST_MAGIC)};
|
|
|
|
struct kvec iov = {.iov_base = &request, .iov_len = sizeof(request)};
|
|
|
|
struct iov_iter from;
|
2009-05-07 13:24:45 +00:00
|
|
|
unsigned long size = blk_rq_bytes(req);
|
2016-11-17 19:30:37 +00:00
|
|
|
struct bio *bio;
|
2018-07-16 16:11:35 +00:00
|
|
|
u64 handle;
|
2015-04-17 20:37:21 +00:00
|
|
|
u32 type;
|
2017-05-26 03:55:54 +00:00
|
|
|
u32 nbd_cmd_flags = 0;
|
2017-03-24 18:08:26 +00:00
|
|
|
int sent = nsock->sent, skip = 0;
|
2015-04-17 20:37:21 +00:00
|
|
|
|
2022-09-16 00:25:47 +00:00
|
|
|
iov_iter_kvec(&from, ITER_SOURCE, &iov, 1, sizeof(request));
|
2015-11-12 10:09:35 +00:00
|
|
|
|
2019-08-13 16:39:50 +00:00
|
|
|
type = req_to_nbd_cmd_type(req);
|
|
|
|
if (type == U32_MAX)
|
2017-01-31 15:57:31 +00:00
|
|
|
return -EIO;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-01-31 15:57:28 +00:00
|
|
|
if (rq_data_dir(req) == WRITE &&
|
2017-04-06 21:01:58 +00:00
|
|
|
(config->flags & NBD_FLAG_READ_ONLY)) {
|
2017-01-31 15:57:28 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
|
|
|
"Write on read-only\n");
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2017-05-26 03:55:54 +00:00
|
|
|
if (req->cmd_flags & REQ_FUA)
|
|
|
|
nbd_cmd_flags |= NBD_CMD_FLAG_FUA;
|
|
|
|
|
2017-03-24 18:08:26 +00:00
|
|
|
/* We did a partial send previously, and we at least sent the whole
|
|
|
|
* request struct, so just go and send the rest of the pages in the
|
|
|
|
* request.
|
|
|
|
*/
|
|
|
|
if (sent) {
|
|
|
|
if (sent >= sizeof(request)) {
|
|
|
|
skip = sent - sizeof(request);
|
2019-04-26 18:49:49 +00:00
|
|
|
|
|
|
|
/* initialize handle for tracing purposes */
|
|
|
|
handle = nbd_cmd_handle(cmd);
|
|
|
|
|
2017-03-24 18:08:26 +00:00
|
|
|
goto send_pages;
|
|
|
|
}
|
|
|
|
iov_iter_advance(&from, sent);
|
2018-07-16 16:11:35 +00:00
|
|
|
} else {
|
|
|
|
cmd->cmd_cookie++;
|
2017-03-24 18:08:26 +00:00
|
|
|
}
|
2017-04-06 21:01:57 +00:00
|
|
|
cmd->index = index;
|
2017-04-06 21:02:02 +00:00
|
|
|
cmd->cookie = nsock->cookie;
|
2019-08-13 16:39:52 +00:00
|
|
|
cmd->retries = 0;
|
2017-05-26 03:55:54 +00:00
|
|
|
request.type = htonl(type | nbd_cmd_flags);
|
2016-11-22 19:04:40 +00:00
|
|
|
if (type != NBD_CMD_FLUSH) {
|
nbd: support FLUSH requests
Currently, the NBD device does not accept flush requests from the Linux
block layer. If the NBD server opened the target with neither O_SYNC nor
O_DSYNC, however, the device will be effectively backed by a writeback
cache. Without issuing flushes properly, operation of the NBD device will
not be safe against power losses.
The NBD protocol has support for both a cache flush command and a FUA
command flag; the server will also pass a flag to note its support for
these features. This patch adds support for the cache flush command and
flag. In the kernel, we receive the flags via the NBD_SET_FLAGS ioctl,
and map NBD_FLAG_SEND_FLUSH to the argument of blk_queue_flush. When the
flag is active the block layer will send REQ_FLUSH requests, which we
translate to NBD_CMD_FLUSH commands.
FUA support is not included in this patch because all free software
servers implement it with a full fdatasync; thus it has no advantage over
supporting flush only. Because I [Paolo] cannot really benchmark it in a
realistic scenario, I cannot tell if it is a good idea or not. It is also
not clear if it is valid for an NBD server to support FUA but not flush.
The Linux block layer gives a warning for this combination, the NBD
protocol documentation says nothing about it.
The patch also fixes a small problem in the handling of flags: nbd->flags
must be cleared at the end of NBD_DO_IT, but the driver was not doing
that. The bug manifests itself as follows. Suppose you two different
client/server pairs to start the NBD device. Suppose also that the first
client supports NBD_SET_FLAGS, and the first server sends
NBD_FLAG_SEND_FLUSH; the second pair instead does neither of these two
things. Before this patch, the second invocation of NBD_DO_IT will use a
stale value of nbd->flags, and the second server will issue an error every
time it receives an NBD_CMD_FLUSH command.
This bug is pre-existing, but it becomes much more important after this
patch; flush failures make the device pretty much unusable, unlike
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Acked-by: Paul Clements <Paul.Clements@steeleye.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 01:05:23 +00:00
|
|
|
request.from = cpu_to_be64((u64)blk_rq_pos(req) << 9);
|
|
|
|
request.len = htonl(size);
|
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
handle = nbd_cmd_handle(cmd);
|
block nbd: use req.cookie instead of req.handle
The NBD spec was recently changed [1] to refer to the opaque client
identifier as a 'cookie' rather than a 'handle', but has for a much
longer time listed it as a 64-bit value, and declares that all values
in the NBD protocol are sent in network byte order (big-endian).
Because the value is opaque to the server, it doesn't usually matter
what endianness we send as the client - as long as we are consistent
that either we byte-swap on both write and read, or on neither, then
we can match server replies back to our requests. That said, our
internal use of the cookie is as a 64-bit number (well, as two 32-bit
numbers concatenated together), rather than as 8 individual bytes; so
prior to this commit, we ARE leaking the native endianness of our
internals as a client out to the server. We don't know of any server
that will actually inspect the opaque value and behave differently
depending on whether a little-endian or big-endian client is sending
requests, but since we DO log the cookie value, a wireshark capture of
the network traffic is easier to correlate back to the kernel traffic
of a big-endian host (where the u64 and char[8] representations are
the same) than of a little-endian host (where if wireshark honors the
NBD spec and displays a u64 in network byte order, it is byte-swapped
from what the kernel logged).
The fix in this patch is thus two-part: it now consistently uses
network byte order for the opaque value (no difference to a big-endian
machine, but an extra byteswap on a little-endian machine; probably in
the noise compared to the overhead of network traffic in general), and
now uses a 64-bit integer instead of char[8] as its preferred access
to the opaque value (direct assignment instead of memcpy()).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20230410180611.1051618-4-eblake@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-04-10 18:06:10 +00:00
|
|
|
request.cookie = cpu_to_be64(handle);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2019-04-26 18:49:48 +00:00
|
|
|
trace_nbd_send_request(&request, nbd->index, blk_mq_rq_from_pdu(cmd));
|
|
|
|
|
2015-04-02 08:11:38 +00:00
|
|
|
dev_dbg(nbd_to_dev(nbd), "request %p: sending control (%s@%llu,%uB)\n",
|
2018-06-04 16:40:12 +00:00
|
|
|
req, nbdcmd_to_ascii(type),
|
2015-04-02 08:11:38 +00:00
|
|
|
(unsigned long long)blk_rq_pos(req) << 9, blk_rq_bytes(req));
|
2015-11-12 10:09:35 +00:00
|
|
|
result = sock_xmit(nbd, index, 1, &from,
|
2017-03-24 18:08:26 +00:00
|
|
|
(type == NBD_CMD_WRITE) ? MSG_MORE : 0, &sent);
|
2019-04-26 18:49:49 +00:00
|
|
|
trace_nbd_header_sent(req, handle);
|
2021-09-16 09:33:48 +00:00
|
|
|
if (result < 0) {
|
2017-10-24 19:57:18 +00:00
|
|
|
if (was_interrupted(result)) {
|
block nbd: use req.cookie instead of req.handle
The NBD spec was recently changed [1] to refer to the opaque client
identifier as a 'cookie' rather than a 'handle', but has for a much
longer time listed it as a 64-bit value, and declares that all values
in the NBD protocol are sent in network byte order (big-endian).
Because the value is opaque to the server, it doesn't usually matter
what endianness we send as the client - as long as we are consistent
that either we byte-swap on both write and read, or on neither, then
we can match server replies back to our requests. That said, our
internal use of the cookie is as a 64-bit number (well, as two 32-bit
numbers concatenated together), rather than as 8 individual bytes; so
prior to this commit, we ARE leaking the native endianness of our
internals as a client out to the server. We don't know of any server
that will actually inspect the opaque value and behave differently
depending on whether a little-endian or big-endian client is sending
requests, but since we DO log the cookie value, a wireshark capture of
the network traffic is easier to correlate back to the kernel traffic
of a big-endian host (where the u64 and char[8] representations are
the same) than of a little-endian host (where if wireshark honors the
NBD spec and displays a u64 in network byte order, it is byte-swapped
from what the kernel logged).
The fix in this patch is thus two-part: it now consistently uses
network byte order for the opaque value (no difference to a big-endian
machine, but an extra byteswap on a little-endian machine; probably in
the noise compared to the overhead of network traffic in general), and
now uses a 64-bit integer instead of char[8] as its preferred access
to the opaque value (direct assignment instead of memcpy()).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20230410180611.1051618-4-eblake@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-04-10 18:06:10 +00:00
|
|
|
/* If we haven't sent anything we can just return BUSY,
|
2017-03-24 18:08:26 +00:00
|
|
|
* however if we have sent something we need to make
|
|
|
|
* sure we only allow this req to be sent until we are
|
|
|
|
* completely done.
|
|
|
|
*/
|
|
|
|
if (sent) {
|
|
|
|
nsock->pending = req;
|
|
|
|
nsock->sent = sent;
|
|
|
|
}
|
2018-07-16 16:11:34 +00:00
|
|
|
set_bit(NBD_CMD_REQUEUED, &cmd->flags);
|
2017-06-03 07:38:05 +00:00
|
|
|
return BLK_STS_RESOURCE;
|
2017-03-24 18:08:26 +00:00
|
|
|
}
|
2016-12-05 21:20:29 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
2011-08-19 12:48:22 +00:00
|
|
|
"Send control failed (result %d)\n", result);
|
2017-04-06 21:01:57 +00:00
|
|
|
return -EAGAIN;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2017-03-24 18:08:26 +00:00
|
|
|
send_pages:
|
2016-11-17 19:30:37 +00:00
|
|
|
if (type != NBD_CMD_WRITE)
|
2017-03-24 18:08:26 +00:00
|
|
|
goto out;
|
2016-11-17 19:30:37 +00:00
|
|
|
|
|
|
|
bio = req->bio;
|
|
|
|
while (bio) {
|
|
|
|
struct bio *next = bio->bi_next;
|
|
|
|
struct bvec_iter iter;
|
2013-11-24 01:19:00 +00:00
|
|
|
struct bio_vec bvec;
|
2016-11-17 19:30:37 +00:00
|
|
|
|
|
|
|
bio_for_each_segment(bvec, bio, iter) {
|
|
|
|
bool is_last = !next && bio_iter_last(bvec, iter);
|
2017-01-19 21:08:49 +00:00
|
|
|
int flags = is_last ? 0 : MSG_MORE;
|
2016-11-17 19:30:37 +00:00
|
|
|
|
2015-04-02 08:11:38 +00:00
|
|
|
dev_dbg(nbd_to_dev(nbd), "request %p: sending %d bytes data\n",
|
2018-06-04 16:40:12 +00:00
|
|
|
req, bvec.bv_len);
|
2022-09-16 00:25:47 +00:00
|
|
|
iov_iter_bvec(&from, ITER_SOURCE, &bvec, 1, bvec.bv_len);
|
2017-03-24 18:08:26 +00:00
|
|
|
if (skip) {
|
|
|
|
if (skip >= iov_iter_count(&from)) {
|
|
|
|
skip -= iov_iter_count(&from);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
iov_iter_advance(&from, skip);
|
|
|
|
skip = 0;
|
|
|
|
}
|
|
|
|
result = sock_xmit(nbd, index, 1, &from, flags, &sent);
|
2021-09-16 09:33:48 +00:00
|
|
|
if (result < 0) {
|
2017-10-24 19:57:18 +00:00
|
|
|
if (was_interrupted(result)) {
|
2017-03-24 18:08:26 +00:00
|
|
|
/* We've already sent the header, we
|
|
|
|
* have no choice but to set pending and
|
|
|
|
* return BUSY.
|
|
|
|
*/
|
|
|
|
nsock->pending = req;
|
|
|
|
nsock->sent = sent;
|
2018-07-16 16:11:34 +00:00
|
|
|
set_bit(NBD_CMD_REQUEUED, &cmd->flags);
|
2017-06-03 07:38:05 +00:00
|
|
|
return BLK_STS_RESOURCE;
|
2017-03-24 18:08:26 +00:00
|
|
|
}
|
2012-03-28 21:42:51 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk),
|
2011-08-19 12:48:22 +00:00
|
|
|
"Send data failed (result %d)\n",
|
|
|
|
result);
|
2017-04-06 21:01:57 +00:00
|
|
|
return -EAGAIN;
|
2007-08-16 11:43:12 +00:00
|
|
|
}
|
2016-11-17 19:30:37 +00:00
|
|
|
/*
|
|
|
|
* The completion might already have come in,
|
|
|
|
* so break for the last one instead of letting
|
|
|
|
* the iterator do it. This prevents use-after-free
|
|
|
|
* of the bio.
|
|
|
|
*/
|
|
|
|
if (is_last)
|
|
|
|
break;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2016-11-17 19:30:37 +00:00
|
|
|
bio = next;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2017-03-24 18:08:26 +00:00
|
|
|
out:
|
2019-04-26 18:49:49 +00:00
|
|
|
trace_nbd_payload_sent(req, handle);
|
2017-03-24 18:08:26 +00:00
|
|
|
nsock->pending = NULL;
|
|
|
|
nsock->sent = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-09-11 02:33:08 +00:00
|
|
|
static int nbd_read_reply(struct nbd_device *nbd, struct socket *sock,
|
2021-09-16 09:33:49 +00:00
|
|
|
struct nbd_reply *reply)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2021-09-16 09:33:49 +00:00
|
|
|
struct kvec iov = {.iov_base = reply, .iov_len = sizeof(*reply)};
|
2015-11-12 10:09:35 +00:00
|
|
|
struct iov_iter to;
|
2021-09-16 09:33:49 +00:00
|
|
|
int result;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-09-16 09:33:49 +00:00
|
|
|
reply->magic = 0;
|
2022-09-16 00:25:47 +00:00
|
|
|
iov_iter_kvec(&to, ITER_DEST, &iov, 1, sizeof(*reply));
|
2023-09-11 02:33:08 +00:00
|
|
|
result = __sock_xmit(nbd, sock, 0, &to, MSG_WAITALL, NULL);
|
2021-09-16 09:33:48 +00:00
|
|
|
if (result < 0) {
|
2021-09-16 09:33:49 +00:00
|
|
|
if (!nbd_disconnected(nbd->config))
|
2016-11-22 19:04:40 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk),
|
|
|
|
"Receive control failed (result %d)\n", result);
|
2021-09-16 09:33:49 +00:00
|
|
|
return result;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2006-07-30 10:03:31 +00:00
|
|
|
|
2021-09-16 09:33:49 +00:00
|
|
|
if (ntohl(reply->magic) != NBD_REPLY_MAGIC) {
|
2012-03-28 21:42:51 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "Wrong magic (0x%lx)\n",
|
2021-09-16 09:33:49 +00:00
|
|
|
(unsigned long)ntohl(reply->magic));
|
|
|
|
return -EPROTO;
|
2006-07-30 10:03:31 +00:00
|
|
|
}
|
|
|
|
|
2021-09-16 09:33:49 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* NULL returned = something went wrong, inform userspace */
|
|
|
|
static struct nbd_cmd *nbd_handle_reply(struct nbd_device *nbd, int index,
|
|
|
|
struct nbd_reply *reply)
|
|
|
|
{
|
|
|
|
int result;
|
|
|
|
struct nbd_cmd *cmd;
|
|
|
|
struct request *req = NULL;
|
|
|
|
u64 handle;
|
|
|
|
u16 hwq;
|
|
|
|
u32 tag;
|
|
|
|
int ret = 0;
|
|
|
|
|
block nbd: use req.cookie instead of req.handle
The NBD spec was recently changed [1] to refer to the opaque client
identifier as a 'cookie' rather than a 'handle', but has for a much
longer time listed it as a 64-bit value, and declares that all values
in the NBD protocol are sent in network byte order (big-endian).
Because the value is opaque to the server, it doesn't usually matter
what endianness we send as the client - as long as we are consistent
that either we byte-swap on both write and read, or on neither, then
we can match server replies back to our requests. That said, our
internal use of the cookie is as a 64-bit number (well, as two 32-bit
numbers concatenated together), rather than as 8 individual bytes; so
prior to this commit, we ARE leaking the native endianness of our
internals as a client out to the server. We don't know of any server
that will actually inspect the opaque value and behave differently
depending on whether a little-endian or big-endian client is sending
requests, but since we DO log the cookie value, a wireshark capture of
the network traffic is easier to correlate back to the kernel traffic
of a big-endian host (where the u64 and char[8] representations are
the same) than of a little-endian host (where if wireshark honors the
NBD spec and displays a u64 in network byte order, it is byte-swapped
from what the kernel logged).
The fix in this patch is thus two-part: it now consistently uses
network byte order for the opaque value (no difference to a big-endian
machine, but an extra byteswap on a little-endian machine; probably in
the noise compared to the overhead of network traffic in general), and
now uses a 64-bit integer instead of char[8] as its preferred access
to the opaque value (direct assignment instead of memcpy()).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20230410180611.1051618-4-eblake@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-04-10 18:06:10 +00:00
|
|
|
handle = be64_to_cpu(reply->cookie);
|
2018-07-16 16:11:35 +00:00
|
|
|
tag = nbd_handle_to_tag(handle);
|
2016-09-08 19:33:37 +00:00
|
|
|
hwq = blk_mq_unique_tag_to_hwq(tag);
|
|
|
|
if (hwq < nbd->tag_set.nr_hw_queues)
|
|
|
|
req = blk_mq_tag_to_rq(nbd->tag_set.tags[hwq],
|
|
|
|
blk_mq_unique_tag_to_tag(tag));
|
|
|
|
if (!req || !blk_mq_request_started(req)) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Unexpected reply (%d) %p\n",
|
|
|
|
tag, req);
|
|
|
|
return ERR_PTR(-ENOENT);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2019-04-26 18:49:49 +00:00
|
|
|
trace_nbd_header_received(req, handle);
|
2016-09-08 19:33:37 +00:00
|
|
|
cmd = blk_mq_rq_to_pdu(req);
|
2018-07-16 16:11:35 +00:00
|
|
|
|
|
|
|
mutex_lock(&cmd->lock);
|
2022-05-21 07:37:46 +00:00
|
|
|
if (!test_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
|
2021-09-16 09:33:44 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "Suspicious reply %d (status %u flags %lu)",
|
|
|
|
tag, cmd->status, cmd->flags);
|
|
|
|
ret = -ENOENT;
|
|
|
|
goto out;
|
|
|
|
}
|
2021-09-16 09:33:46 +00:00
|
|
|
if (cmd->index != index) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Unexpected reply %d from different sock %d (expected %d)",
|
|
|
|
tag, index, cmd->index);
|
2021-11-01 09:25:38 +00:00
|
|
|
ret = -ENOENT;
|
|
|
|
goto out;
|
2021-09-16 09:33:46 +00:00
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
if (cmd->cmd_cookie != nbd_handle_to_cookie(handle)) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Double reply on req %p, cmd_cookie %u, handle cookie %u\n",
|
|
|
|
req, cmd->cmd_cookie, nbd_handle_to_cookie(handle));
|
|
|
|
ret = -ENOENT;
|
|
|
|
goto out;
|
|
|
|
}
|
2019-10-21 19:56:28 +00:00
|
|
|
if (cmd->status != BLK_STS_OK) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Command already handled %p\n",
|
|
|
|
req);
|
|
|
|
ret = -ENOENT;
|
|
|
|
goto out;
|
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
if (test_bit(NBD_CMD_REQUEUED, &cmd->flags)) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Raced with timeout on req %p\n",
|
|
|
|
req);
|
|
|
|
ret = -ENOENT;
|
|
|
|
goto out;
|
|
|
|
}
|
2021-09-16 09:33:49 +00:00
|
|
|
if (ntohl(reply->error)) {
|
2012-03-28 21:42:51 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "Other side returned error (%d)\n",
|
2021-09-16 09:33:49 +00:00
|
|
|
ntohl(reply->error));
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_IOERR;
|
2018-07-16 16:11:35 +00:00
|
|
|
goto out;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2018-06-04 16:40:12 +00:00
|
|
|
dev_dbg(nbd_to_dev(nbd), "request %p: got reply\n", req);
|
2015-04-17 20:37:21 +00:00
|
|
|
if (rq_data_dir(req) != WRITE) {
|
2007-09-25 10:35:59 +00:00
|
|
|
struct req_iterator iter;
|
2013-11-24 01:19:00 +00:00
|
|
|
struct bio_vec bvec;
|
2021-09-16 09:33:49 +00:00
|
|
|
struct iov_iter to;
|
2007-09-25 10:35:59 +00:00
|
|
|
|
|
|
|
rq_for_each_segment(bvec, req, iter) {
|
2022-09-16 00:25:47 +00:00
|
|
|
iov_iter_bvec(&to, ITER_DEST, &bvec, 1, bvec.bv_len);
|
2017-03-24 18:08:26 +00:00
|
|
|
result = sock_xmit(nbd, index, 0, &to, MSG_WAITALL, NULL);
|
2021-09-16 09:33:48 +00:00
|
|
|
if (result < 0) {
|
2012-03-28 21:42:51 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "Receive data failed (result %d)\n",
|
2011-08-19 12:48:22 +00:00
|
|
|
result);
|
2017-04-06 21:01:57 +00:00
|
|
|
/*
|
2020-02-28 06:40:29 +00:00
|
|
|
* If we've disconnected, we need to make sure we
|
2017-04-06 21:01:57 +00:00
|
|
|
* complete this request, otherwise error out
|
|
|
|
* and let the timeout stuff handle resubmitting
|
|
|
|
* this request onto another connection.
|
|
|
|
*/
|
2021-09-16 09:33:49 +00:00
|
|
|
if (nbd_disconnected(nbd->config)) {
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_IOERR;
|
2018-07-16 16:11:35 +00:00
|
|
|
goto out;
|
2017-04-06 21:01:57 +00:00
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
ret = -EIO;
|
|
|
|
goto out;
|
2007-08-16 11:43:12 +00:00
|
|
|
}
|
2015-04-02 08:11:38 +00:00
|
|
|
dev_dbg(nbd_to_dev(nbd), "request %p: got %d bytes data\n",
|
2018-06-04 16:40:12 +00:00
|
|
|
req, bvec.bv_len);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
}
|
2018-07-16 16:11:35 +00:00
|
|
|
out:
|
2019-04-26 18:49:49 +00:00
|
|
|
trace_nbd_payload_received(req, handle);
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
return ret ? ERR_PTR(ret) : cmd;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
static void recv_work(struct work_struct *work)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2016-11-22 19:04:40 +00:00
|
|
|
struct recv_thread_args *args = container_of(work,
|
|
|
|
struct recv_thread_args,
|
|
|
|
work);
|
|
|
|
struct nbd_device *nbd = args->nbd;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2021-09-16 14:18:10 +00:00
|
|
|
struct request_queue *q = nbd->disk->queue;
|
2023-09-11 02:33:08 +00:00
|
|
|
struct nbd_sock *nsock = args->nsock;
|
2016-09-08 19:33:37 +00:00
|
|
|
struct nbd_cmd *cmd;
|
2020-06-11 06:44:47 +00:00
|
|
|
struct request *rq;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2015-08-17 06:20:03 +00:00
|
|
|
while (1) {
|
2021-09-16 09:33:49 +00:00
|
|
|
struct nbd_reply reply;
|
2017-04-06 21:01:57 +00:00
|
|
|
|
2023-09-11 02:33:08 +00:00
|
|
|
if (nbd_read_reply(nbd, nsock->sock, &reply))
|
2021-09-16 09:33:49 +00:00
|
|
|
break;
|
|
|
|
|
2021-09-16 14:18:10 +00:00
|
|
|
/*
|
|
|
|
* Grab .q_usage_counter so request pool won't go away, then no
|
|
|
|
* request use-after-free is possible during nbd_handle_reply().
|
|
|
|
* If queue is frozen, there won't be any inflight requests, we
|
|
|
|
* needn't to handle the incoming garbage message.
|
|
|
|
*/
|
|
|
|
if (!percpu_ref_tryget(&q->q_usage_counter)) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "%s: no io inflight\n",
|
|
|
|
__func__);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2021-09-16 09:33:49 +00:00
|
|
|
cmd = nbd_handle_reply(nbd, args->index, &reply);
|
2021-09-16 14:18:10 +00:00
|
|
|
if (IS_ERR(cmd)) {
|
|
|
|
percpu_ref_put(&q->q_usage_counter);
|
2015-08-17 06:20:03 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2020-06-11 06:44:47 +00:00
|
|
|
rq = blk_mq_rq_from_pdu(cmd);
|
2022-05-21 07:37:46 +00:00
|
|
|
if (likely(!blk_should_fake_timeout(rq->q))) {
|
|
|
|
bool complete;
|
|
|
|
|
|
|
|
mutex_lock(&cmd->lock);
|
|
|
|
complete = __test_and_clear_bit(NBD_CMD_INFLIGHT,
|
|
|
|
&cmd->flags);
|
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
if (complete)
|
|
|
|
blk_mq_complete_request(rq);
|
|
|
|
}
|
2021-09-16 14:18:10 +00:00
|
|
|
percpu_ref_put(&q->q_usage_counter);
|
2015-08-17 06:20:03 +00:00
|
|
|
}
|
2021-09-16 09:33:49 +00:00
|
|
|
|
|
|
|
mutex_lock(&nsock->tx_lock);
|
|
|
|
nbd_mark_nsock_dead(nbd, nsock, 1);
|
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
|
2020-10-14 02:45:14 +00:00
|
|
|
nbd_config_put(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
atomic_dec(&config->recv_threads);
|
|
|
|
wake_up(&config->recv_wq);
|
|
|
|
kfree(args);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2022-07-06 12:03:53 +00:00
|
|
|
static bool nbd_clear_req(struct request *req, void *data)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2018-05-30 16:51:00 +00:00
|
|
|
struct nbd_cmd *cmd = blk_mq_rq_to_pdu(req);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-08-13 15:13:30 +00:00
|
|
|
/* don't abort one completed request */
|
|
|
|
if (blk_mq_request_completed(req))
|
|
|
|
return true;
|
|
|
|
|
2019-10-21 19:56:27 +00:00
|
|
|
mutex_lock(&cmd->lock);
|
2021-09-16 09:33:45 +00:00
|
|
|
if (!__test_and_clear_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
|
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
return true;
|
|
|
|
}
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_IOERR;
|
2019-10-21 19:56:27 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
|
|
|
|
2017-04-20 14:03:09 +00:00
|
|
|
blk_mq_complete_request(req);
|
2018-11-08 17:24:07 +00:00
|
|
|
return true;
|
2016-09-08 19:33:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_clear_que(struct nbd_device *nbd)
|
|
|
|
{
|
2017-07-04 06:57:09 +00:00
|
|
|
blk_mq_quiesce_queue(nbd->disk->queue);
|
2016-09-08 19:33:37 +00:00
|
|
|
blk_mq_tagset_busy_iter(&nbd->tag_set, nbd_clear_req, NULL);
|
2017-07-04 06:57:09 +00:00
|
|
|
blk_mq_unquiesce_queue(nbd->disk->queue);
|
2015-08-17 06:20:04 +00:00
|
|
|
dev_dbg(disk_to_dev(nbd->disk), "queue cleared\n");
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:57 +00:00
|
|
|
static int find_fallback(struct nbd_device *nbd, int index)
|
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2017-04-06 21:01:57 +00:00
|
|
|
int new_index = -1;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_sock *nsock = config->socks[index];
|
2017-04-06 21:01:57 +00:00
|
|
|
int fallback = nsock->fallback_index;
|
|
|
|
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags))
|
2017-04-06 21:01:57 +00:00
|
|
|
return new_index;
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
if (config->num_connections <= 1) {
|
2017-04-06 21:01:57 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
2020-02-28 06:40:29 +00:00
|
|
|
"Dead connection, failed to find a fallback\n");
|
2017-04-06 21:01:57 +00:00
|
|
|
return new_index;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
if (fallback >= 0 && fallback < config->num_connections &&
|
|
|
|
!config->socks[fallback]->dead)
|
2017-04-06 21:01:57 +00:00
|
|
|
return fallback;
|
|
|
|
|
|
|
|
if (nsock->fallback_index < 0 ||
|
2017-04-06 21:01:58 +00:00
|
|
|
nsock->fallback_index >= config->num_connections ||
|
|
|
|
config->socks[nsock->fallback_index]->dead) {
|
2017-04-06 21:01:57 +00:00
|
|
|
int i;
|
2017-04-06 21:01:58 +00:00
|
|
|
for (i = 0; i < config->num_connections; i++) {
|
2017-04-06 21:01:57 +00:00
|
|
|
if (i == index)
|
|
|
|
continue;
|
2017-04-06 21:01:58 +00:00
|
|
|
if (!config->socks[i]->dead) {
|
2017-04-06 21:01:57 +00:00
|
|
|
new_index = i;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
nsock->fallback_index = new_index;
|
|
|
|
if (new_index < 0) {
|
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
|
|
|
"Dead connection, failed to find a fallback\n");
|
|
|
|
return new_index;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
new_index = nsock->fallback_index;
|
|
|
|
return new_index;
|
|
|
|
}
|
2007-10-17 06:27:37 +00:00
|
|
|
|
2017-04-06 21:02:04 +00:00
|
|
|
static int wait_for_reconnect(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
if (!config->dead_conn_timeout)
|
|
|
|
return 0;
|
2022-03-22 08:06:39 +00:00
|
|
|
|
|
|
|
if (!wait_event_timeout(config->conn_wait,
|
|
|
|
test_bit(NBD_RT_DISCONNECTED,
|
|
|
|
&config->runtime_flags) ||
|
|
|
|
atomic_read(&config->live_connections) > 0,
|
|
|
|
config->dead_conn_timeout))
|
2017-04-06 21:02:04 +00:00
|
|
|
return 0;
|
2022-03-22 08:06:39 +00:00
|
|
|
|
|
|
|
return !test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags);
|
2017-04-06 21:02:04 +00:00
|
|
|
}
|
|
|
|
|
2017-03-24 18:08:26 +00:00
|
|
|
static int nbd_handle_cmd(struct nbd_cmd *cmd, int index)
|
2008-04-29 08:02:46 +00:00
|
|
|
{
|
2016-09-08 19:33:37 +00:00
|
|
|
struct request *req = blk_mq_rq_from_pdu(cmd);
|
|
|
|
struct nbd_device *nbd = cmd->nbd;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config;
|
2016-11-22 19:04:40 +00:00
|
|
|
struct nbd_sock *nsock;
|
2017-03-24 18:08:26 +00:00
|
|
|
int ret;
|
2016-09-08 19:33:37 +00:00
|
|
|
|
2023-11-16 16:23:15 +00:00
|
|
|
config = nbd_get_config_unlocked(nbd);
|
|
|
|
if (!config) {
|
2017-04-06 21:01:58 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
|
|
|
"Socks array is empty\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (index >= config->num_connections) {
|
2016-12-05 21:20:29 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
|
|
|
"Attempted send on invalid socket\n");
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd_config_put(nbd);
|
2017-03-24 18:08:26 +00:00
|
|
|
return -EINVAL;
|
2016-11-22 19:04:40 +00:00
|
|
|
}
|
2017-06-03 07:38:04 +00:00
|
|
|
cmd->status = BLK_STS_OK;
|
2017-04-06 21:01:57 +00:00
|
|
|
again:
|
2017-04-06 21:01:58 +00:00
|
|
|
nsock = config->socks[index];
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_lock(&nsock->tx_lock);
|
2017-04-06 21:01:57 +00:00
|
|
|
if (nsock->dead) {
|
2017-04-06 21:02:04 +00:00
|
|
|
int old_index = index;
|
2017-04-06 21:01:57 +00:00
|
|
|
index = find_fallback(nbd, index);
|
2017-04-06 21:02:04 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
2017-04-06 21:01:58 +00:00
|
|
|
if (index < 0) {
|
2017-04-06 21:02:04 +00:00
|
|
|
if (wait_for_reconnect(nbd)) {
|
|
|
|
index = old_index;
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
/* All the sockets should already be down at this point,
|
|
|
|
* we just want to make sure that DISCONNECTED is set so
|
|
|
|
* any requests that come in that were queue'ed waiting
|
|
|
|
* for the reconnect timer don't trigger the timer again
|
|
|
|
* and instead just error out.
|
|
|
|
*/
|
|
|
|
sock_shutdown(nbd);
|
|
|
|
nbd_config_put(nbd);
|
|
|
|
return -EIO;
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
2017-04-06 21:01:57 +00:00
|
|
|
goto again;
|
2008-04-29 08:02:46 +00:00
|
|
|
}
|
|
|
|
|
2017-03-24 18:08:26 +00:00
|
|
|
/* Handle the case that we have a pending request that was partially
|
|
|
|
* transmitted that _has_ to be serviced first. We need to call requeue
|
|
|
|
* here so that it gets put _after_ the request that is already on the
|
|
|
|
* dispatch list.
|
|
|
|
*/
|
2017-11-06 21:11:58 +00:00
|
|
|
blk_mq_start_request(req);
|
2017-03-24 18:08:26 +00:00
|
|
|
if (unlikely(nsock->pending && nsock->pending != req)) {
|
2018-07-16 16:11:34 +00:00
|
|
|
nbd_requeue_cmd(cmd);
|
2017-03-24 18:08:26 +00:00
|
|
|
ret = 0;
|
|
|
|
goto out;
|
2008-04-29 08:02:46 +00:00
|
|
|
}
|
2017-04-06 21:01:57 +00:00
|
|
|
/*
|
|
|
|
* Some failures are related to the link going down, so anything that
|
|
|
|
* returns EAGAIN can be retried on a different socket.
|
|
|
|
*/
|
2017-03-24 18:08:26 +00:00
|
|
|
ret = nbd_send_cmd(nbd, cmd, index);
|
2021-09-16 09:33:44 +00:00
|
|
|
/*
|
|
|
|
* Access to this flag is protected by cmd->lock, thus it's safe to set
|
|
|
|
* the flag after nbd_send_cmd() succeed to send request to server.
|
|
|
|
*/
|
|
|
|
if (!ret)
|
|
|
|
__set_bit(NBD_CMD_INFLIGHT, &cmd->flags);
|
|
|
|
else if (ret == -EAGAIN) {
|
2017-04-06 21:01:57 +00:00
|
|
|
dev_err_ratelimited(disk_to_dev(nbd->disk),
|
2017-11-06 21:11:58 +00:00
|
|
|
"Request send failed, requeueing\n");
|
2017-04-06 21:02:02 +00:00
|
|
|
nbd_mark_nsock_dead(nbd, nsock, 1);
|
2018-07-16 16:11:34 +00:00
|
|
|
nbd_requeue_cmd(cmd);
|
2017-11-06 21:11:58 +00:00
|
|
|
ret = 0;
|
2017-04-06 21:01:57 +00:00
|
|
|
}
|
2017-03-24 18:08:26 +00:00
|
|
|
out:
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd_config_put(nbd);
|
2017-03-24 18:08:26 +00:00
|
|
|
return ret;
|
2008-04-29 08:02:46 +00:00
|
|
|
}
|
|
|
|
|
2017-06-03 07:38:05 +00:00
|
|
|
static blk_status_t nbd_queue_rq(struct blk_mq_hw_ctx *hctx,
|
2016-09-08 19:33:37 +00:00
|
|
|
const struct blk_mq_queue_data *bd)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2016-09-08 19:33:37 +00:00
|
|
|
struct nbd_cmd *cmd = blk_mq_rq_to_pdu(bd->rq);
|
2017-03-24 18:08:26 +00:00
|
|
|
int ret;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
/*
|
|
|
|
* Since we look at the bio's to send the request over the network we
|
|
|
|
* need to make sure the completion work doesn't mark this request done
|
|
|
|
* before we are done doing our send. This keeps us from dereferencing
|
|
|
|
* freed data if we have particularly fast completions (ie we get the
|
|
|
|
* completion before we exit sock_xmit on the last bvec) or in the case
|
|
|
|
* that the server is misbehaving (or there was an error) before we're
|
|
|
|
* done sending everything over the wire.
|
|
|
|
*/
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_lock(&cmd->lock);
|
2018-07-16 16:11:34 +00:00
|
|
|
clear_bit(NBD_CMD_REQUEUED, &cmd->flags);
|
2017-03-24 18:08:26 +00:00
|
|
|
|
|
|
|
/* We can be called directly from the user space process, which means we
|
|
|
|
* could possibly have signals pending so our sendmsg will fail. In
|
|
|
|
* this case we need to return that we are busy, otherwise error out as
|
|
|
|
* appropriate.
|
|
|
|
*/
|
|
|
|
ret = nbd_handle_cmd(cmd, hctx->queue_num);
|
2017-10-02 20:22:08 +00:00
|
|
|
if (ret < 0)
|
|
|
|
ret = BLK_STS_IOERR;
|
|
|
|
else if (!ret)
|
|
|
|
ret = BLK_STS_OK;
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_unlock(&cmd->lock);
|
2016-11-22 19:04:40 +00:00
|
|
|
|
2017-10-02 20:22:08 +00:00
|
|
|
return ret;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2019-10-17 21:27:34 +00:00
|
|
|
static struct socket *nbd_get_socket(struct nbd_device *nbd, unsigned long fd,
|
|
|
|
int *err)
|
|
|
|
{
|
|
|
|
struct socket *sock;
|
|
|
|
|
|
|
|
*err = 0;
|
|
|
|
sock = sockfd_lookup(fd, err);
|
|
|
|
if (!sock)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (sock->ops->shutdown == sock_no_shutdown) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Unsupported socket: shutdown callout must be supported.\n");
|
|
|
|
*err = -EINVAL;
|
2019-11-19 06:09:11 +00:00
|
|
|
sockfd_put(sock);
|
2019-10-17 21:27:34 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return sock;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
|
|
|
|
bool netlink)
|
2015-10-29 10:51:16 +00:00
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2017-02-07 22:10:22 +00:00
|
|
|
struct socket *sock;
|
2016-11-22 19:04:40 +00:00
|
|
|
struct nbd_sock **socks;
|
|
|
|
struct nbd_sock *nsock;
|
2017-02-07 22:10:22 +00:00
|
|
|
int err;
|
|
|
|
|
2023-02-06 14:58:05 +00:00
|
|
|
/* Arg will be cast to int, check it to avoid overflow */
|
|
|
|
if (arg > INT_MAX)
|
|
|
|
return -EINVAL;
|
2019-10-17 21:27:34 +00:00
|
|
|
sock = nbd_get_socket(nbd, arg, &err);
|
2017-02-07 22:10:22 +00:00
|
|
|
if (!sock)
|
|
|
|
return err;
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2021-01-25 17:21:02 +00:00
|
|
|
/*
|
|
|
|
* We need to make sure we don't get any errant requests while we're
|
|
|
|
* reallocating the ->socks array.
|
|
|
|
*/
|
|
|
|
blk_mq_freeze_queue(nbd->disk->queue);
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
if (!netlink && !nbd->task_setup &&
|
2019-09-17 11:56:05 +00:00
|
|
|
!test_bit(NBD_RT_BOUND, &config->runtime_flags))
|
2016-11-22 19:04:40 +00:00
|
|
|
nbd->task_setup = current;
|
2017-04-06 21:02:00 +00:00
|
|
|
|
|
|
|
if (!netlink &&
|
|
|
|
(nbd->task_setup != current ||
|
2019-09-17 11:56:05 +00:00
|
|
|
test_bit(NBD_RT_BOUND, &config->runtime_flags))) {
|
2016-11-22 19:04:40 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk),
|
|
|
|
"Device being setup by another task");
|
2020-06-29 01:23:49 +00:00
|
|
|
err = -EBUSY;
|
|
|
|
goto put_socket;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsock = kzalloc(sizeof(*nsock), GFP_KERNEL);
|
|
|
|
if (!nsock) {
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto put_socket;
|
2015-10-29 10:51:16 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
socks = krealloc(config->socks, (config->num_connections + 1) *
|
2016-11-22 19:04:40 +00:00
|
|
|
sizeof(struct nbd_sock *), GFP_KERNEL);
|
2017-04-06 21:01:56 +00:00
|
|
|
if (!socks) {
|
2020-06-29 01:23:49 +00:00
|
|
|
kfree(nsock);
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto put_socket;
|
2017-04-06 21:01:56 +00:00
|
|
|
}
|
2019-09-23 20:09:58 +00:00
|
|
|
|
|
|
|
config->socks = socks;
|
|
|
|
|
2017-04-06 21:01:57 +00:00
|
|
|
nsock->fallback_index = -1;
|
|
|
|
nsock->dead = false;
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_init(&nsock->tx_lock);
|
|
|
|
nsock->sock = sock;
|
2017-03-24 18:08:26 +00:00
|
|
|
nsock->pending = NULL;
|
|
|
|
nsock->sent = 0;
|
2017-04-06 21:02:02 +00:00
|
|
|
nsock->cookie = 0;
|
2017-04-06 21:01:58 +00:00
|
|
|
socks[config->num_connections++] = nsock;
|
2017-04-06 21:02:04 +00:00
|
|
|
atomic_inc(&config->live_connections);
|
2021-01-25 17:21:02 +00:00
|
|
|
blk_mq_unfreeze_queue(nbd->disk->queue);
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
return 0;
|
2020-06-29 01:23:49 +00:00
|
|
|
|
|
|
|
put_socket:
|
2021-01-25 17:21:02 +00:00
|
|
|
blk_mq_unfreeze_queue(nbd->disk->queue);
|
2020-06-29 01:23:49 +00:00
|
|
|
sockfd_put(sock);
|
|
|
|
return err;
|
2015-10-29 10:51:16 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:01 +00:00
|
|
|
static int nbd_reconnect_socket(struct nbd_device *nbd, unsigned long arg)
|
|
|
|
{
|
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
struct socket *sock, *old;
|
|
|
|
struct recv_thread_args *args;
|
|
|
|
int i;
|
|
|
|
int err;
|
|
|
|
|
2019-10-17 21:27:34 +00:00
|
|
|
sock = nbd_get_socket(nbd, arg, &err);
|
2017-04-06 21:02:01 +00:00
|
|
|
if (!sock)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
args = kzalloc(sizeof(*args), GFP_KERNEL);
|
|
|
|
if (!args) {
|
|
|
|
sockfd_put(sock);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < config->num_connections; i++) {
|
|
|
|
struct nbd_sock *nsock = config->socks[i];
|
|
|
|
|
|
|
|
if (!nsock->dead)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
mutex_lock(&nsock->tx_lock);
|
|
|
|
if (!nsock->dead) {
|
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
sk_set_memalloc(sock->sk);
|
2017-07-21 14:48:15 +00:00
|
|
|
if (nbd->tag_set.timeout)
|
|
|
|
sock->sk->sk_sndtimeo = nbd->tag_set.timeout;
|
2017-04-06 21:02:01 +00:00
|
|
|
atomic_inc(&config->recv_threads);
|
|
|
|
refcount_inc(&nbd->config_refs);
|
|
|
|
old = nsock->sock;
|
|
|
|
nsock->fallback_index = -1;
|
|
|
|
nsock->sock = sock;
|
|
|
|
nsock->dead = false;
|
|
|
|
INIT_WORK(&args->work, recv_work);
|
|
|
|
args->index = i;
|
|
|
|
args->nbd = nbd;
|
2023-09-11 02:33:08 +00:00
|
|
|
args->nsock = nsock;
|
2017-04-06 21:02:02 +00:00
|
|
|
nsock->cookie++;
|
2017-04-06 21:02:01 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
|
|
|
sockfd_put(old);
|
|
|
|
|
2019-09-17 11:56:05 +00:00
|
|
|
clear_bit(NBD_RT_DISCONNECTED, &config->runtime_flags);
|
2017-07-25 17:31:19 +00:00
|
|
|
|
2017-04-06 21:02:01 +00:00
|
|
|
/* We take the tx_mutex in an error path in the recv_work, so we
|
|
|
|
* need to queue_work outside of the tx_mutex.
|
|
|
|
*/
|
2019-08-04 19:10:06 +00:00
|
|
|
queue_work(nbd->recv_workq, &args->work);
|
2017-04-06 21:02:04 +00:00
|
|
|
|
|
|
|
atomic_inc(&config->live_connections);
|
|
|
|
wake_up(&config->conn_wait);
|
2017-04-06 21:02:01 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
sockfd_put(sock);
|
|
|
|
kfree(args);
|
|
|
|
return -ENOSPC;
|
|
|
|
}
|
|
|
|
|
2022-03-30 05:29:03 +00:00
|
|
|
static void nbd_bdev_reset(struct nbd_device *nbd)
|
2015-10-29 11:04:51 +00:00
|
|
|
{
|
2022-03-30 05:29:06 +00:00
|
|
|
if (disk_openers(nbd->disk) > 1)
|
2017-03-24 18:08:29 +00:00
|
|
|
return;
|
2022-03-30 05:29:03 +00:00
|
|
|
set_capacity(nbd->disk, 0);
|
2015-10-29 11:04:51 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:59 +00:00
|
|
|
static void nbd_parse_flags(struct nbd_device *nbd)
|
2015-10-29 11:06:15 +00:00
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
if (config->flags & NBD_FLAG_READ_ONLY)
|
2017-04-06 21:01:59 +00:00
|
|
|
set_disk_ro(nbd->disk, true);
|
|
|
|
else
|
|
|
|
set_disk_ro(nbd->disk, false);
|
2017-05-26 03:55:54 +00:00
|
|
|
if (config->flags & NBD_FLAG_SEND_FLUSH) {
|
|
|
|
if (config->flags & NBD_FLAG_SEND_FUA)
|
|
|
|
blk_queue_write_cache(nbd->disk->queue, true, true);
|
|
|
|
else
|
|
|
|
blk_queue_write_cache(nbd->disk->queue, true, false);
|
|
|
|
}
|
2015-10-29 11:06:15 +00:00
|
|
|
else
|
2016-03-30 16:10:53 +00:00
|
|
|
blk_queue_write_cache(nbd->disk->queue, false, false);
|
2015-10-29 11:06:15 +00:00
|
|
|
}
|
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
static void send_disconnects(struct nbd_device *nbd)
|
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2015-11-12 10:09:35 +00:00
|
|
|
struct nbd_request request = {
|
|
|
|
.magic = htonl(NBD_REQUEST_MAGIC),
|
|
|
|
.type = htonl(NBD_CMD_DISC),
|
|
|
|
};
|
|
|
|
struct kvec iov = {.iov_base = &request, .iov_len = sizeof(request)};
|
|
|
|
struct iov_iter from;
|
2016-11-22 19:04:40 +00:00
|
|
|
int i, ret;
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
for (i = 0; i < config->num_connections; i++) {
|
2017-07-21 14:48:14 +00:00
|
|
|
struct nbd_sock *nsock = config->socks[i];
|
|
|
|
|
2022-09-16 00:25:47 +00:00
|
|
|
iov_iter_kvec(&from, ITER_SOURCE, &iov, 1, sizeof(request));
|
2017-07-21 14:48:14 +00:00
|
|
|
mutex_lock(&nsock->tx_lock);
|
2017-03-24 18:08:26 +00:00
|
|
|
ret = sock_xmit(nbd, i, 1, &from, 0, NULL);
|
2021-09-16 09:33:48 +00:00
|
|
|
if (ret < 0)
|
2016-11-22 19:04:40 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk),
|
|
|
|
"Send disconnect failed %d\n", ret);
|
2017-07-21 14:48:14 +00:00
|
|
|
mutex_unlock(&nsock->tx_lock);
|
2016-11-22 19:04:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:59 +00:00
|
|
|
static int nbd_disconnect(struct nbd_device *nbd)
|
2017-02-07 22:10:22 +00:00
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2015-08-17 06:20:06 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
dev_info(disk_to_dev(nbd->disk), "NBD_DISCONNECT\n");
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_DISCONNECT_REQUESTED, &config->runtime_flags);
|
2019-09-17 11:56:06 +00:00
|
|
|
set_bit(NBD_DISCONNECT_REQUESTED, &nbd->flags);
|
2017-07-21 14:48:13 +00:00
|
|
|
send_disconnects(nbd);
|
2017-02-07 22:10:22 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:59 +00:00
|
|
|
static void nbd_clear_sock(struct nbd_device *nbd)
|
2009-04-02 23:58:41 +00:00
|
|
|
{
|
2017-02-07 22:10:22 +00:00
|
|
|
sock_shutdown(nbd);
|
|
|
|
nbd_clear_que(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd->task_setup = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_config_put(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
if (refcount_dec_and_mutex_lock(&nbd->config_refs,
|
|
|
|
&nbd->config_lock)) {
|
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
nbd_dev_dbg_close(nbd);
|
2021-09-22 12:37:11 +00:00
|
|
|
invalidate_disk(nbd->disk);
|
|
|
|
if (nbd->config->bytesize)
|
|
|
|
kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE);
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_and_clear_bit(NBD_RT_HAS_PID_FILE,
|
2017-04-06 21:01:58 +00:00
|
|
|
&config->runtime_flags))
|
|
|
|
device_remove_file(disk_to_dev(nbd->disk), &pid_attr);
|
2021-10-20 07:39:59 +00:00
|
|
|
nbd->pid = 0;
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
if (test_and_clear_bit(NBD_RT_HAS_BACKEND_FILE,
|
|
|
|
&config->runtime_flags)) {
|
|
|
|
device_remove_file(disk_to_dev(nbd->disk), &backend_attr);
|
|
|
|
kfree(nbd->backend);
|
|
|
|
nbd->backend = NULL;
|
|
|
|
}
|
2017-04-06 21:01:59 +00:00
|
|
|
nbd_clear_sock(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
if (config->num_connections) {
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < config->num_connections; i++) {
|
|
|
|
sockfd_put(config->socks[i]->sock);
|
|
|
|
kfree(config->socks[i]);
|
|
|
|
}
|
|
|
|
kfree(config->socks);
|
|
|
|
}
|
2017-05-23 15:49:55 +00:00
|
|
|
kfree(nbd->config);
|
2017-05-23 15:49:54 +00:00
|
|
|
nbd->config = NULL;
|
|
|
|
|
|
|
|
nbd->tag_set.timeout = 0;
|
2017-04-06 21:02:07 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
module_put(THIS_MODULE);
|
|
|
|
}
|
2017-02-07 22:10:22 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static int nbd_start_device(struct nbd_device *nbd)
|
2017-02-07 22:10:22 +00:00
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
int num_connections = config->num_connections;
|
2017-02-07 22:10:22 +00:00
|
|
|
int error = 0, i;
|
2009-04-02 23:58:41 +00:00
|
|
|
|
2021-10-20 07:39:59 +00:00
|
|
|
if (nbd->pid)
|
2017-02-07 22:10:22 +00:00
|
|
|
return -EBUSY;
|
2017-04-06 21:01:58 +00:00
|
|
|
if (!config->socks)
|
2017-02-07 22:10:22 +00:00
|
|
|
return -EINVAL;
|
|
|
|
if (num_connections > 1 &&
|
2017-04-06 21:01:58 +00:00
|
|
|
!(config->flags & NBD_FLAG_CAN_MULTI_CONN)) {
|
2017-02-07 22:10:22 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "server does not support multiple connections per device.\n");
|
2017-04-06 21:01:58 +00:00
|
|
|
return -EINVAL;
|
2017-02-07 22:10:22 +00:00
|
|
|
}
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
blk_mq_update_nr_hw_queues(&nbd->tag_set, config->num_connections);
|
2021-10-20 07:39:59 +00:00
|
|
|
nbd->pid = task_pid_nr(current);
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2017-04-06 21:01:59 +00:00
|
|
|
nbd_parse_flags(nbd);
|
2015-10-29 10:51:16 +00:00
|
|
|
|
2017-02-07 22:10:22 +00:00
|
|
|
error = device_create_file(disk_to_dev(nbd->disk), &pid_attr);
|
|
|
|
if (error) {
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
dev_err(disk_to_dev(nbd->disk), "device_create_file failed for pid!\n");
|
2017-04-06 21:01:58 +00:00
|
|
|
return error;
|
2009-04-02 23:58:41 +00:00
|
|
|
}
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_HAS_PID_FILE, &config->runtime_flags);
|
2015-07-27 05:36:49 +00:00
|
|
|
|
2017-02-07 22:10:22 +00:00
|
|
|
nbd_dev_dbg_init(nbd);
|
|
|
|
for (i = 0; i < num_connections; i++) {
|
2017-04-06 21:01:58 +00:00
|
|
|
struct recv_thread_args *args;
|
|
|
|
|
|
|
|
args = kzalloc(sizeof(*args), GFP_KERNEL);
|
|
|
|
if (!args) {
|
|
|
|
sock_shutdown(nbd);
|
2020-01-22 03:18:57 +00:00
|
|
|
/*
|
|
|
|
* If num_connections is m (2 < m),
|
|
|
|
* and NO.1 ~ NO.n(1 < n < m) kzallocs are successful.
|
|
|
|
* But NO.(n + 1) failed. We still have n recv threads.
|
|
|
|
* So, add flush_workqueue here to prevent recv threads
|
|
|
|
* dropping the last config_refs and trying to destroy
|
|
|
|
* the workqueue from inside the workqueue.
|
|
|
|
*/
|
|
|
|
if (i)
|
|
|
|
flush_workqueue(nbd->recv_workq);
|
2017-04-06 21:01:58 +00:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
sk_set_memalloc(config->socks[i]->sock->sk);
|
2017-07-21 14:48:15 +00:00
|
|
|
if (nbd->tag_set.timeout)
|
|
|
|
config->socks[i]->sock->sk->sk_sndtimeo =
|
|
|
|
nbd->tag_set.timeout;
|
2017-04-06 21:01:58 +00:00
|
|
|
atomic_inc(&config->recv_threads);
|
|
|
|
refcount_inc(&nbd->config_refs);
|
|
|
|
INIT_WORK(&args->work, recv_work);
|
|
|
|
args->nbd = nbd;
|
2023-09-11 02:33:08 +00:00
|
|
|
args->nsock = config->socks[i];
|
2017-04-06 21:01:58 +00:00
|
|
|
args->index = i;
|
2019-08-04 19:10:06 +00:00
|
|
|
queue_work(nbd->recv_workq, &args->work);
|
2015-07-27 05:36:49 +00:00
|
|
|
}
|
2021-09-20 23:25:33 +00:00
|
|
|
return nbd_set_size(nbd, config->bytesize, nbd_blksize(config));
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
|
|
|
|
2022-03-30 05:29:03 +00:00
|
|
|
static int nbd_start_device_ioctl(struct nbd_device *nbd)
|
2017-04-06 21:02:00 +00:00
|
|
|
{
|
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = nbd_start_device(nbd);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if (max_part)
|
2020-09-21 07:19:45 +00:00
|
|
|
set_bit(GD_NEED_PART_SCAN, &nbd->disk->state);
|
2017-04-06 21:02:00 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
ret = wait_event_interruptible(config->recv_wq,
|
2017-04-06 21:01:58 +00:00
|
|
|
atomic_read(&config->recv_threads) == 0);
|
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().
Link: https://syzkaller.appspot.com/bug?id=7d89a3ffacd2b83fdd39549bc4d8e0a89ef21239 [1]
Reported-by: syzbot+38e6c55d4969a14c1534@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220907163502.577561-1-syoshida@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-09-07 16:35:02 +00:00
|
|
|
if (ret) {
|
2017-04-06 21:01:58 +00:00
|
|
|
sock_shutdown(nbd);
|
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().
Link: https://syzkaller.appspot.com/bug?id=7d89a3ffacd2b83fdd39549bc4d8e0a89ef21239 [1]
Reported-by: syzbot+38e6c55d4969a14c1534@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220907163502.577561-1-syoshida@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-09-07 16:35:02 +00:00
|
|
|
nbd_clear_que(nbd);
|
|
|
|
}
|
2019-12-08 22:51:50 +00:00
|
|
|
|
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().
Link: https://syzkaller.appspot.com/bug?id=7d89a3ffacd2b83fdd39549bc4d8e0a89ef21239 [1]
Reported-by: syzbot+38e6c55d4969a14c1534@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220907163502.577561-1-syoshida@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-09-07 16:35:02 +00:00
|
|
|
flush_workqueue(nbd->recv_workq);
|
2017-02-07 22:10:22 +00:00
|
|
|
mutex_lock(&nbd->config_lock);
|
2022-03-30 05:29:03 +00:00
|
|
|
nbd_bdev_reset(nbd);
|
2017-02-07 22:10:22 +00:00
|
|
|
/* user requested, ignore socket errors */
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_bit(NBD_RT_DISCONNECT_REQUESTED, &config->runtime_flags))
|
2017-04-06 21:02:00 +00:00
|
|
|
ret = 0;
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_bit(NBD_RT_TIMEDOUT, &config->runtime_flags))
|
2017-04-06 21:02:00 +00:00
|
|
|
ret = -ETIMEDOUT;
|
|
|
|
return ret;
|
2017-02-07 22:10:22 +00:00
|
|
|
}
|
|
|
|
|
2023-08-11 10:08:18 +00:00
|
|
|
static void nbd_clear_sock_ioctl(struct nbd_device *nbd)
|
2017-04-06 21:01:59 +00:00
|
|
|
{
|
2022-05-21 07:37:47 +00:00
|
|
|
nbd_clear_sock(nbd);
|
2023-10-03 15:31:06 +00:00
|
|
|
disk_force_media_change(nbd->disk);
|
|
|
|
nbd_bdev_reset(nbd);
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
|
2017-04-06 21:02:00 +00:00
|
|
|
&nbd->config->runtime_flags))
|
|
|
|
nbd_config_put(nbd);
|
2017-04-06 21:01:59 +00:00
|
|
|
}
|
|
|
|
|
2019-08-13 16:39:49 +00:00
|
|
|
static void nbd_set_cmd_timeout(struct nbd_device *nbd, u64 timeout)
|
|
|
|
{
|
|
|
|
nbd->tag_set.timeout = timeout * HZ;
|
2019-08-13 16:39:52 +00:00
|
|
|
if (timeout)
|
|
|
|
blk_queue_rq_timeout(nbd->disk->queue, timeout * HZ);
|
2020-08-10 12:00:44 +00:00
|
|
|
else
|
|
|
|
blk_queue_rq_timeout(nbd->disk->queue, 30 * HZ);
|
2019-08-13 16:39:49 +00:00
|
|
|
}
|
|
|
|
|
2017-02-07 22:10:22 +00:00
|
|
|
/* Must be called with config_lock held */
|
|
|
|
static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
|
|
|
|
unsigned int cmd, unsigned long arg)
|
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2021-08-04 02:12:12 +00:00
|
|
|
loff_t bytesize;
|
2017-04-06 21:01:58 +00:00
|
|
|
|
2017-02-07 22:10:22 +00:00
|
|
|
switch (cmd) {
|
|
|
|
case NBD_DISCONNECT:
|
2017-04-06 21:01:59 +00:00
|
|
|
return nbd_disconnect(nbd);
|
2017-02-07 22:10:22 +00:00
|
|
|
case NBD_CLEAR_SOCK:
|
2023-08-11 10:08:18 +00:00
|
|
|
nbd_clear_sock_ioctl(nbd);
|
2017-04-06 21:01:59 +00:00
|
|
|
return 0;
|
2017-02-07 22:10:22 +00:00
|
|
|
case NBD_SET_SOCK:
|
2017-04-06 21:02:00 +00:00
|
|
|
return nbd_add_socket(nbd, arg, false);
|
2017-02-07 22:10:22 +00:00
|
|
|
case NBD_SET_BLKSIZE:
|
2020-11-16 14:57:00 +00:00
|
|
|
return nbd_set_size(nbd, config->bytesize, arg);
|
2005-04-16 22:20:36 +00:00
|
|
|
case NBD_SET_SIZE:
|
2021-09-20 23:25:33 +00:00
|
|
|
return nbd_set_size(nbd, arg, nbd_blksize(config));
|
2015-07-27 05:36:49 +00:00
|
|
|
case NBD_SET_SIZE_BLOCKS:
|
2021-09-20 23:25:33 +00:00
|
|
|
if (check_shl_overflow(arg, config->blksize_bits, &bytesize))
|
2021-08-04 02:12:12 +00:00
|
|
|
return -EINVAL;
|
2021-09-20 23:25:33 +00:00
|
|
|
return nbd_set_size(nbd, bytesize, nbd_blksize(config));
|
2007-10-17 06:27:37 +00:00
|
|
|
case NBD_SET_TIMEOUT:
|
2019-08-13 16:39:52 +00:00
|
|
|
nbd_set_cmd_timeout(nbd, arg);
|
2007-10-17 06:27:37 +00:00
|
|
|
return 0;
|
2009-04-02 23:58:41 +00:00
|
|
|
|
2012-10-05 00:16:15 +00:00
|
|
|
case NBD_SET_FLAGS:
|
2017-04-06 21:01:58 +00:00
|
|
|
config->flags = arg;
|
2012-10-05 00:16:15 +00:00
|
|
|
return 0;
|
2017-02-07 22:10:22 +00:00
|
|
|
case NBD_DO_IT:
|
2022-03-30 05:29:03 +00:00
|
|
|
return nbd_start_device_ioctl(nbd);
|
2005-04-16 22:20:36 +00:00
|
|
|
case NBD_CLEAR_QUE:
|
2006-01-06 08:09:47 +00:00
|
|
|
/*
|
|
|
|
* This is for compatibility only. The queue is always cleared
|
|
|
|
* by NBD_DO_IT or NBD_CLEAR_SOCK.
|
|
|
|
*/
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
|
|
|
case NBD_PRINT_DEBUG:
|
2016-09-08 19:33:37 +00:00
|
|
|
/*
|
|
|
|
* For compatibility only, we no longer keep a list of
|
|
|
|
* outstanding requests.
|
|
|
|
*/
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2009-04-02 23:58:41 +00:00
|
|
|
return -ENOTTY;
|
|
|
|
}
|
|
|
|
|
2023-06-08 11:02:55 +00:00
|
|
|
static int nbd_ioctl(struct block_device *bdev, blk_mode_t mode,
|
2009-04-02 23:58:41 +00:00
|
|
|
unsigned int cmd, unsigned long arg)
|
|
|
|
{
|
2012-03-28 21:42:51 +00:00
|
|
|
struct nbd_device *nbd = bdev->bd_disk->private_data;
|
2017-04-06 21:02:00 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
|
|
|
int error = -EINVAL;
|
2009-04-02 23:58:41 +00:00
|
|
|
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EPERM;
|
|
|
|
|
2017-05-06 02:25:18 +00:00
|
|
|
/* The block layer will pass back some non-nbd ioctls in case we have
|
|
|
|
* special handling for them, but we don't so just return an error.
|
|
|
|
*/
|
|
|
|
if (_IOC_TYPE(cmd) != 0xab)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_lock(&nbd->config_lock);
|
2017-04-06 21:02:00 +00:00
|
|
|
|
|
|
|
/* Don't allow ioctl operations on a nbd device that was created with
|
|
|
|
* netlink, unless it's DISCONNECT or CLEAR_SOCK, which are fine.
|
|
|
|
*/
|
2019-09-17 11:56:05 +00:00
|
|
|
if (!test_bit(NBD_RT_BOUND, &config->runtime_flags) ||
|
2017-04-06 21:02:00 +00:00
|
|
|
(cmd == NBD_DISCONNECT || cmd == NBD_CLEAR_SOCK))
|
|
|
|
error = __nbd_ioctl(bdev, nbd, cmd, arg);
|
|
|
|
else
|
|
|
|
dev_err(nbd_to_dev(nbd), "Cannot use ioctl interface on a netlink controlled device.\n");
|
2016-11-22 19:04:40 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
2009-04-02 23:58:41 +00:00
|
|
|
return error;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2023-11-16 16:23:14 +00:00
|
|
|
static int nbd_alloc_and_init_config(struct nbd_device *nbd)
|
2017-04-06 21:01:58 +00:00
|
|
|
{
|
|
|
|
struct nbd_config *config;
|
|
|
|
|
2023-11-16 16:23:14 +00:00
|
|
|
if (WARN_ON(nbd->config))
|
|
|
|
return -EINVAL;
|
|
|
|
|
2022-05-21 07:37:45 +00:00
|
|
|
if (!try_module_get(THIS_MODULE))
|
2023-11-16 16:23:14 +00:00
|
|
|
return -ENODEV;
|
2022-05-21 07:37:45 +00:00
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
config = kzalloc(sizeof(struct nbd_config), GFP_NOFS);
|
2022-05-21 07:37:45 +00:00
|
|
|
if (!config) {
|
|
|
|
module_put(THIS_MODULE);
|
2023-11-16 16:23:14 +00:00
|
|
|
return -ENOMEM;
|
2022-05-21 07:37:45 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
atomic_set(&config->recv_threads, 0);
|
|
|
|
init_waitqueue_head(&config->recv_wq);
|
2017-04-06 21:02:04 +00:00
|
|
|
init_waitqueue_head(&config->conn_wait);
|
2021-09-20 23:25:33 +00:00
|
|
|
config->blksize_bits = NBD_DEF_BLKSIZE_BITS;
|
2017-04-06 21:02:04 +00:00
|
|
|
atomic_set(&config->live_connections, 0);
|
2023-11-16 16:23:16 +00:00
|
|
|
|
2023-11-16 16:23:14 +00:00
|
|
|
nbd->config = config;
|
2023-11-16 16:23:16 +00:00
|
|
|
/*
|
|
|
|
* Order refcount_set(&nbd->config_refs, 1) and nbd->config assignment,
|
|
|
|
* its pair is the barrier in nbd_get_config_unlocked().
|
|
|
|
* So nbd_get_config_unlocked() won't see nbd->config as null after
|
|
|
|
* refcount_inc_not_zero() succeed.
|
|
|
|
*/
|
|
|
|
smp_mb__before_atomic();
|
2023-11-16 16:23:14 +00:00
|
|
|
refcount_set(&nbd->config_refs, 1);
|
|
|
|
|
|
|
|
return 0;
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
|
|
|
|
2023-06-08 11:02:55 +00:00
|
|
|
static int nbd_open(struct gendisk *disk, blk_mode_t mode)
|
2017-04-06 21:01:58 +00:00
|
|
|
{
|
|
|
|
struct nbd_device *nbd;
|
2023-11-16 16:23:15 +00:00
|
|
|
struct nbd_config *config;
|
2017-04-06 21:01:58 +00:00
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
mutex_lock(&nbd_index_mutex);
|
2023-06-08 11:02:36 +00:00
|
|
|
nbd = disk->private_data;
|
2017-04-06 21:01:58 +00:00
|
|
|
if (!nbd) {
|
|
|
|
ret = -ENXIO;
|
|
|
|
goto out;
|
|
|
|
}
|
2017-04-06 21:02:06 +00:00
|
|
|
if (!refcount_inc_not_zero(&nbd->refs)) {
|
|
|
|
ret = -ENXIO;
|
|
|
|
goto out;
|
|
|
|
}
|
2023-11-16 16:23:15 +00:00
|
|
|
|
|
|
|
config = nbd_get_config_unlocked(nbd);
|
|
|
|
if (!config) {
|
2017-04-06 21:01:58 +00:00
|
|
|
mutex_lock(&nbd->config_lock);
|
|
|
|
if (refcount_inc_not_zero(&nbd->config_refs)) {
|
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
goto out;
|
|
|
|
}
|
2023-11-16 16:23:14 +00:00
|
|
|
ret = nbd_alloc_and_init_config(nbd);
|
|
|
|
if (ret) {
|
2017-04-06 21:01:58 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
goto out;
|
|
|
|
}
|
2023-11-16 16:23:14 +00:00
|
|
|
|
2017-04-06 21:02:06 +00:00
|
|
|
refcount_inc(&nbd->refs);
|
2017-04-06 21:01:58 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
2020-12-17 08:58:47 +00:00
|
|
|
if (max_part)
|
2023-06-08 11:02:36 +00:00
|
|
|
set_bit(GD_NEED_PART_SCAN, &disk->state);
|
2023-11-16 16:23:15 +00:00
|
|
|
} else if (nbd_disconnected(config)) {
|
2020-12-17 08:58:47 +00:00
|
|
|
if (max_part)
|
2023-06-08 11:02:36 +00:00
|
|
|
set_bit(GD_NEED_PART_SCAN, &disk->state);
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
|
|
|
out:
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2023-06-08 11:02:37 +00:00
|
|
|
static void nbd_release(struct gendisk *disk)
|
2017-04-06 21:01:58 +00:00
|
|
|
{
|
|
|
|
struct nbd_device *nbd = disk->private_data;
|
2018-06-15 21:05:32 +00:00
|
|
|
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_bit(NBD_RT_DISCONNECT_ON_CLOSE, &nbd->config->runtime_flags) &&
|
2022-03-30 05:29:06 +00:00
|
|
|
disk_openers(disk) == 0)
|
2018-06-15 21:05:32 +00:00
|
|
|
nbd_disconnect_and_put(nbd);
|
|
|
|
|
2017-04-06 21:01:58 +00:00
|
|
|
nbd_config_put(nbd);
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:01:58 +00:00
|
|
|
}
|
|
|
|
|
2023-11-07 10:34:35 +00:00
|
|
|
static void nbd_free_disk(struct gendisk *disk)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd = disk->private_data;
|
|
|
|
|
|
|
|
kfree(nbd);
|
|
|
|
}
|
|
|
|
|
2009-09-22 00:01:13 +00:00
|
|
|
static const struct block_device_operations nbd_fops =
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
.owner = THIS_MODULE,
|
2017-04-06 21:01:58 +00:00
|
|
|
.open = nbd_open,
|
|
|
|
.release = nbd_release,
|
2010-07-08 08:18:46 +00:00
|
|
|
.ioctl = nbd_ioctl,
|
2016-01-07 15:04:37 +00:00
|
|
|
.compat_ioctl = nbd_ioctl,
|
2023-11-07 10:34:35 +00:00
|
|
|
.free_disk = nbd_free_disk,
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
2015-08-17 06:20:06 +00:00
|
|
|
#if IS_ENABLED(CONFIG_DEBUG_FS)
|
|
|
|
|
|
|
|
static int nbd_dbg_tasks_show(struct seq_file *s, void *unused)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd = s->private;
|
|
|
|
|
2021-10-20 07:39:59 +00:00
|
|
|
if (nbd->pid)
|
|
|
|
seq_printf(s, "recv: %d\n", nbd->pid);
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-02-06 07:10:55 +00:00
|
|
|
DEFINE_SHOW_ATTRIBUTE(nbd_dbg_tasks);
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
static int nbd_dbg_flags_show(struct seq_file *s, void *unused)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd = s->private;
|
2017-04-06 21:01:58 +00:00
|
|
|
u32 flags = nbd->config->flags;
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
seq_printf(s, "Hex: 0x%08x\n\n", flags);
|
|
|
|
|
|
|
|
seq_puts(s, "Known flags:\n");
|
|
|
|
|
|
|
|
if (flags & NBD_FLAG_HAS_FLAGS)
|
|
|
|
seq_puts(s, "NBD_FLAG_HAS_FLAGS\n");
|
|
|
|
if (flags & NBD_FLAG_READ_ONLY)
|
|
|
|
seq_puts(s, "NBD_FLAG_READ_ONLY\n");
|
|
|
|
if (flags & NBD_FLAG_SEND_FLUSH)
|
|
|
|
seq_puts(s, "NBD_FLAG_SEND_FLUSH\n");
|
2017-05-26 03:55:54 +00:00
|
|
|
if (flags & NBD_FLAG_SEND_FUA)
|
|
|
|
seq_puts(s, "NBD_FLAG_SEND_FUA\n");
|
2015-08-17 06:20:06 +00:00
|
|
|
if (flags & NBD_FLAG_SEND_TRIM)
|
|
|
|
seq_puts(s, "NBD_FLAG_SEND_TRIM\n");
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-02-06 07:10:55 +00:00
|
|
|
DEFINE_SHOW_ATTRIBUTE(nbd_dbg_flags);
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
static int nbd_dev_dbg_init(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
struct dentry *dir;
|
2017-04-06 21:01:58 +00:00
|
|
|
struct nbd_config *config = nbd->config;
|
2015-10-24 19:15:34 +00:00
|
|
|
|
|
|
|
if (!nbd_dbg_dir)
|
|
|
|
return -EIO;
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
dir = debugfs_create_dir(nbd_name(nbd), nbd_dbg_dir);
|
2023-05-12 13:05:32 +00:00
|
|
|
if (IS_ERR(dir)) {
|
2015-10-24 19:15:34 +00:00
|
|
|
dev_err(nbd_to_dev(nbd), "Failed to create debugfs dir for '%s'\n",
|
|
|
|
nbd_name(nbd));
|
|
|
|
return -EIO;
|
2015-08-17 06:20:06 +00:00
|
|
|
}
|
2017-04-06 21:01:58 +00:00
|
|
|
config->dbg_dir = dir;
|
2015-08-17 06:20:06 +00:00
|
|
|
|
2021-02-06 07:10:55 +00:00
|
|
|
debugfs_create_file("tasks", 0444, dir, nbd, &nbd_dbg_tasks_fops);
|
2017-04-06 21:01:58 +00:00
|
|
|
debugfs_create_u64("size_bytes", 0444, dir, &config->bytesize);
|
2016-09-08 19:33:40 +00:00
|
|
|
debugfs_create_u32("timeout", 0444, dir, &nbd->tag_set.timeout);
|
2021-09-20 23:25:33 +00:00
|
|
|
debugfs_create_u32("blocksize_bits", 0444, dir, &config->blksize_bits);
|
2021-02-06 07:10:55 +00:00
|
|
|
debugfs_create_file("flags", 0444, dir, nbd, &nbd_dbg_flags_fops);
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_dev_dbg_close(struct nbd_device *nbd)
|
|
|
|
{
|
2017-04-06 21:01:58 +00:00
|
|
|
debugfs_remove_recursive(nbd->config->dbg_dir);
|
2015-08-17 06:20:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int nbd_dbg_init(void)
|
|
|
|
{
|
|
|
|
struct dentry *dbg_dir;
|
|
|
|
|
|
|
|
dbg_dir = debugfs_create_dir("nbd", NULL);
|
2023-05-12 13:05:32 +00:00
|
|
|
if (IS_ERR(dbg_dir))
|
2015-10-24 19:15:34 +00:00
|
|
|
return -EIO;
|
2015-08-17 06:20:06 +00:00
|
|
|
|
|
|
|
nbd_dbg_dir = dbg_dir;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_dbg_close(void)
|
|
|
|
{
|
|
|
|
debugfs_remove_recursive(nbd_dbg_dir);
|
|
|
|
}
|
|
|
|
|
|
|
|
#else /* IS_ENABLED(CONFIG_DEBUG_FS) */
|
|
|
|
|
|
|
|
static int nbd_dev_dbg_init(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_dev_dbg_close(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static int nbd_dbg_init(void)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_dbg_close(void)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2017-05-01 16:19:08 +00:00
|
|
|
static int nbd_init_request(struct blk_mq_tag_set *set, struct request *rq,
|
|
|
|
unsigned int hctx_idx, unsigned int numa_node)
|
2016-09-08 19:33:37 +00:00
|
|
|
{
|
|
|
|
struct nbd_cmd *cmd = blk_mq_rq_to_pdu(rq);
|
2017-05-01 16:19:08 +00:00
|
|
|
cmd->nbd = set->driver_data;
|
2018-07-16 16:11:34 +00:00
|
|
|
cmd->flags = 0;
|
2018-07-16 16:11:35 +00:00
|
|
|
mutex_init(&cmd->lock);
|
2016-09-08 19:33:37 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-03-30 20:39:16 +00:00
|
|
|
static const struct blk_mq_ops nbd_mq_ops = {
|
2016-09-08 19:33:37 +00:00
|
|
|
.queue_rq = nbd_queue_rq,
|
2017-04-20 14:03:06 +00:00
|
|
|
.complete = nbd_complete_rq,
|
2016-09-08 19:33:37 +00:00
|
|
|
.init_request = nbd_init_request,
|
2016-09-08 19:33:40 +00:00
|
|
|
.timeout = nbd_xmit_timeout,
|
2016-09-08 19:33:37 +00:00
|
|
|
};
|
|
|
|
|
2021-08-11 12:44:28 +00:00
|
|
|
static struct nbd_device *nbd_dev_add(int index, unsigned int refs)
|
2017-02-01 21:11:40 +00:00
|
|
|
{
|
2024-02-15 07:02:48 +00:00
|
|
|
struct queue_limits lim = {
|
|
|
|
.max_hw_sectors = 65536,
|
|
|
|
.max_user_sectors = 256,
|
|
|
|
.max_segments = USHRT_MAX,
|
|
|
|
.max_segment_size = UINT_MAX,
|
|
|
|
};
|
2017-02-01 21:11:40 +00:00
|
|
|
struct nbd_device *nbd;
|
|
|
|
struct gendisk *disk;
|
|
|
|
int err = -ENOMEM;
|
|
|
|
|
|
|
|
nbd = kzalloc(sizeof(struct nbd_device), GFP_KERNEL);
|
|
|
|
if (!nbd)
|
|
|
|
goto out;
|
|
|
|
|
2021-06-02 06:53:34 +00:00
|
|
|
nbd->tag_set.ops = &nbd_mq_ops;
|
|
|
|
nbd->tag_set.nr_hw_queues = 1;
|
|
|
|
nbd->tag_set.queue_depth = 128;
|
|
|
|
nbd->tag_set.numa_node = NUMA_NO_NODE;
|
|
|
|
nbd->tag_set.cmd_size = sizeof(struct nbd_cmd);
|
|
|
|
nbd->tag_set.flags = BLK_MQ_F_SHOULD_MERGE |
|
|
|
|
BLK_MQ_F_BLOCKING;
|
|
|
|
nbd->tag_set.driver_data = nbd;
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
INIT_WORK(&nbd->remove_work, nbd_dev_remove_work);
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
nbd->backend = NULL;
|
2021-06-02 06:53:34 +00:00
|
|
|
|
|
|
|
err = blk_mq_alloc_tag_set(&nbd->tag_set);
|
|
|
|
if (err)
|
2017-02-01 21:11:40 +00:00
|
|
|
goto out_free_nbd;
|
|
|
|
|
2021-08-11 12:44:28 +00:00
|
|
|
mutex_lock(&nbd_index_mutex);
|
2017-02-01 21:11:40 +00:00
|
|
|
if (index >= 0) {
|
|
|
|
err = idr_alloc(&nbd_index_idr, nbd, index, index + 1,
|
|
|
|
GFP_KERNEL);
|
|
|
|
if (err == -ENOSPC)
|
|
|
|
err = -EEXIST;
|
|
|
|
} else {
|
2023-06-05 12:21:59 +00:00
|
|
|
err = idr_alloc(&nbd_index_idr, nbd, 0,
|
|
|
|
(MINORMASK >> part_shift) + 1, GFP_KERNEL);
|
2017-02-01 21:11:40 +00:00
|
|
|
if (err >= 0)
|
|
|
|
index = err;
|
|
|
|
}
|
2021-08-25 16:31:06 +00:00
|
|
|
nbd->index = index;
|
2021-08-11 12:44:28 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2017-02-01 21:11:40 +00:00
|
|
|
if (err < 0)
|
2021-06-02 06:53:34 +00:00
|
|
|
goto out_free_tags;
|
2017-02-01 21:11:40 +00:00
|
|
|
|
2024-02-15 07:02:48 +00:00
|
|
|
disk = blk_mq_alloc_disk(&nbd->tag_set, &lim, NULL);
|
2021-06-02 06:53:34 +00:00
|
|
|
if (IS_ERR(disk)) {
|
|
|
|
err = PTR_ERR(disk);
|
2017-02-01 21:11:40 +00:00
|
|
|
goto out_free_idr;
|
|
|
|
}
|
2021-06-02 06:53:34 +00:00
|
|
|
nbd->disk = disk;
|
2017-02-01 21:11:40 +00:00
|
|
|
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
nbd->recv_workq = alloc_workqueue("nbd%d-recv",
|
|
|
|
WQ_MEM_RECLAIM | WQ_HIGHPRI |
|
|
|
|
WQ_UNBOUND, 0, nbd->index);
|
|
|
|
if (!nbd->recv_workq) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk), "Could not allocate knbd recv work queue.\n");
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto out_err_disk;
|
|
|
|
}
|
|
|
|
|
2017-02-01 21:11:40 +00:00
|
|
|
/*
|
|
|
|
* Tell the block layer that we are not a rotational device
|
|
|
|
*/
|
2018-03-08 01:10:10 +00:00
|
|
|
blk_queue_flag_set(QUEUE_FLAG_NONROT, disk->queue);
|
2017-02-01 21:11:40 +00:00
|
|
|
|
|
|
|
mutex_init(&nbd->config_lock);
|
2017-04-06 21:01:58 +00:00
|
|
|
refcount_set(&nbd->config_refs, 0);
|
2021-08-25 16:31:05 +00:00
|
|
|
/*
|
|
|
|
* Start out with a zero references to keep other threads from using
|
|
|
|
* this device until it is fully initialized.
|
|
|
|
*/
|
|
|
|
refcount_set(&nbd->refs, 0);
|
2017-04-06 21:02:06 +00:00
|
|
|
INIT_LIST_HEAD(&nbd->list);
|
2017-02-01 21:11:40 +00:00
|
|
|
disk->major = NBD_MAJOR;
|
2022-04-02 17:40:23 +00:00
|
|
|
disk->first_minor = index << part_shift;
|
2021-06-02 06:53:34 +00:00
|
|
|
disk->minors = 1 << part_shift;
|
2017-02-01 21:11:40 +00:00
|
|
|
disk->fops = &nbd_fops;
|
|
|
|
disk->private_data = nbd;
|
|
|
|
sprintf(disk->disk_name, "nbd%d", index);
|
2021-09-27 21:59:58 +00:00
|
|
|
err = add_disk(disk);
|
|
|
|
if (err)
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
goto out_free_work;
|
2021-08-25 16:31:05 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now publish the device.
|
|
|
|
*/
|
|
|
|
refcount_set(&nbd->refs, refs);
|
2017-04-06 21:02:05 +00:00
|
|
|
nbd_total_devices++;
|
2021-08-11 12:44:26 +00:00
|
|
|
return nbd;
|
2017-02-01 21:11:40 +00:00
|
|
|
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
out_free_work:
|
|
|
|
destroy_workqueue(nbd->recv_workq);
|
2021-09-27 21:59:58 +00:00
|
|
|
out_err_disk:
|
2022-06-19 06:05:52 +00:00
|
|
|
put_disk(disk);
|
2017-02-01 21:11:40 +00:00
|
|
|
out_free_idr:
|
2021-08-25 16:31:03 +00:00
|
|
|
mutex_lock(&nbd_index_mutex);
|
2017-02-01 21:11:40 +00:00
|
|
|
idr_remove(&nbd_index_idr, index);
|
2021-08-25 16:31:03 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2021-06-02 06:53:34 +00:00
|
|
|
out_free_tags:
|
|
|
|
blk_mq_free_tag_set(&nbd->tag_set);
|
2017-02-01 21:11:40 +00:00
|
|
|
out_free_nbd:
|
|
|
|
kfree(nbd);
|
|
|
|
out:
|
2021-08-11 12:44:26 +00:00
|
|
|
return ERR_PTR(err);
|
2017-02-01 21:11:40 +00:00
|
|
|
}
|
|
|
|
|
2021-08-25 16:31:07 +00:00
|
|
|
static struct nbd_device *nbd_find_get_unused(void)
|
2017-04-06 21:02:00 +00:00
|
|
|
{
|
2021-08-25 16:31:04 +00:00
|
|
|
struct nbd_device *nbd;
|
|
|
|
int id;
|
2017-04-06 21:02:00 +00:00
|
|
|
|
2021-08-25 16:31:04 +00:00
|
|
|
lockdep_assert_held(&nbd_index_mutex);
|
|
|
|
|
2021-08-25 16:31:07 +00:00
|
|
|
idr_for_each_entry(&nbd_index_idr, nbd, id) {
|
|
|
|
if (refcount_read(&nbd->config_refs) ||
|
|
|
|
test_bit(NBD_DESTROY_ON_DISCONNECT, &nbd->flags))
|
|
|
|
continue;
|
|
|
|
if (refcount_inc_not_zero(&nbd->refs))
|
2021-08-25 16:31:04 +00:00
|
|
|
return nbd;
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
2021-08-25 16:31:04 +00:00
|
|
|
|
|
|
|
return NULL;
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Netlink interface. */
|
2018-07-18 16:32:43 +00:00
|
|
|
static const struct nla_policy nbd_attr_policy[NBD_ATTR_MAX + 1] = {
|
2017-04-06 21:02:00 +00:00
|
|
|
[NBD_ATTR_INDEX] = { .type = NLA_U32 },
|
|
|
|
[NBD_ATTR_SIZE_BYTES] = { .type = NLA_U64 },
|
|
|
|
[NBD_ATTR_BLOCK_SIZE_BYTES] = { .type = NLA_U64 },
|
|
|
|
[NBD_ATTR_TIMEOUT] = { .type = NLA_U64 },
|
|
|
|
[NBD_ATTR_SERVER_FLAGS] = { .type = NLA_U64 },
|
|
|
|
[NBD_ATTR_CLIENT_FLAGS] = { .type = NLA_U64 },
|
|
|
|
[NBD_ATTR_SOCKETS] = { .type = NLA_NESTED},
|
2017-04-06 21:02:04 +00:00
|
|
|
[NBD_ATTR_DEAD_CONN_TIMEOUT] = { .type = NLA_U64 },
|
2017-04-06 21:02:05 +00:00
|
|
|
[NBD_ATTR_DEVICE_LIST] = { .type = NLA_NESTED},
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
[NBD_ATTR_BACKEND_IDENTIFIER] = { .type = NLA_STRING},
|
2017-04-06 21:02:00 +00:00
|
|
|
};
|
|
|
|
|
2018-07-18 16:32:43 +00:00
|
|
|
static const struct nla_policy nbd_sock_policy[NBD_SOCK_MAX + 1] = {
|
2017-04-06 21:02:00 +00:00
|
|
|
[NBD_SOCK_FD] = { .type = NLA_U32 },
|
|
|
|
};
|
|
|
|
|
2017-04-06 21:02:05 +00:00
|
|
|
/* We don't use this right now since we don't parse the incoming list, but we
|
|
|
|
* still want it here so userspace knows what to expect.
|
|
|
|
*/
|
2018-07-18 16:32:43 +00:00
|
|
|
static const struct nla_policy __attribute__((unused))
|
2017-04-06 21:02:05 +00:00
|
|
|
nbd_device_policy[NBD_DEVICE_ATTR_MAX + 1] = {
|
|
|
|
[NBD_DEVICE_INDEX] = { .type = NLA_U32 },
|
|
|
|
[NBD_DEVICE_CONNECTED] = { .type = NLA_U8 },
|
|
|
|
};
|
|
|
|
|
2019-05-29 20:16:06 +00:00
|
|
|
static int nbd_genl_size_set(struct genl_info *info, struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
struct nbd_config *config = nbd->config;
|
2021-09-20 23:25:33 +00:00
|
|
|
u64 bsize = nbd_blksize(config);
|
2019-05-29 20:16:06 +00:00
|
|
|
u64 bytes = config->bytesize;
|
|
|
|
|
|
|
|
if (info->attrs[NBD_ATTR_SIZE_BYTES])
|
|
|
|
bytes = nla_get_u64(info->attrs[NBD_ATTR_SIZE_BYTES]);
|
|
|
|
|
2020-11-16 14:57:00 +00:00
|
|
|
if (info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES])
|
2019-05-29 20:16:06 +00:00
|
|
|
bsize = nla_get_u64(info->attrs[NBD_ATTR_BLOCK_SIZE_BYTES]);
|
|
|
|
|
2021-09-20 23:25:33 +00:00
|
|
|
if (bytes != config->bytesize || bsize != nbd_blksize(config))
|
2020-11-16 14:57:00 +00:00
|
|
|
return nbd_set_size(nbd, bytes, bsize);
|
2019-05-29 20:16:06 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
|
|
|
|
{
|
2021-08-25 16:31:04 +00:00
|
|
|
struct nbd_device *nbd;
|
2017-04-06 21:02:00 +00:00
|
|
|
struct nbd_config *config;
|
|
|
|
int index = -1;
|
|
|
|
int ret;
|
2017-04-06 21:02:07 +00:00
|
|
|
bool put_dev = false;
|
2017-04-06 21:02:00 +00:00
|
|
|
|
|
|
|
if (!netlink_capable(skb, CAP_SYS_ADMIN))
|
|
|
|
return -EPERM;
|
|
|
|
|
2022-05-21 07:37:48 +00:00
|
|
|
if (info->attrs[NBD_ATTR_INDEX]) {
|
2017-04-06 21:02:00 +00:00
|
|
|
index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
|
2022-05-21 07:37:48 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Too big first_minor can cause duplicate creation of
|
|
|
|
* sysfs files/links, since index << part_shift might overflow, or
|
|
|
|
* MKDEV() expect that the max bits of first_minor is 20.
|
|
|
|
*/
|
|
|
|
if (index < 0 || index > MINORMASK >> part_shift) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("illegal input index %d\n", index);
|
2022-05-21 07:37:48 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
2023-02-24 02:13:01 +00:00
|
|
|
if (GENL_REQ_ATTR_CHECK(info, NBD_ATTR_SOCKETS)) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("must specify at least one socket\n");
|
2017-04-06 21:02:00 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2023-02-24 02:13:01 +00:00
|
|
|
if (GENL_REQ_ATTR_CHECK(info, NBD_ATTR_SIZE_BYTES)) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("must specify a size in bytes for the device\n");
|
2017-04-06 21:02:00 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
again:
|
|
|
|
mutex_lock(&nbd_index_mutex);
|
|
|
|
if (index == -1) {
|
2021-08-25 16:31:07 +00:00
|
|
|
nbd = nbd_find_get_unused();
|
2017-04-06 21:02:00 +00:00
|
|
|
} else {
|
|
|
|
nbd = idr_find(&nbd_index_idr, index);
|
2021-08-25 16:31:08 +00:00
|
|
|
if (nbd) {
|
|
|
|
if ((test_bit(NBD_DESTROY_ON_DISCONNECT, &nbd->flags) &&
|
|
|
|
test_bit(NBD_DISCONNECT_REQUESTED, &nbd->flags)) ||
|
|
|
|
!refcount_inc_not_zero(&nbd->refs)) {
|
2017-08-14 18:25:33 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2022-07-23 08:24:27 +00:00
|
|
|
pr_err("device at index %d is going down\n",
|
2021-08-25 16:31:08 +00:00
|
|
|
index);
|
|
|
|
return -EINVAL;
|
2017-08-14 18:25:33 +00:00
|
|
|
}
|
|
|
|
}
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
2021-08-25 16:31:08 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2019-09-17 11:56:06 +00:00
|
|
|
|
2021-08-25 16:31:08 +00:00
|
|
|
if (!nbd) {
|
2021-08-11 12:44:28 +00:00
|
|
|
nbd = nbd_dev_add(index, 2);
|
|
|
|
if (IS_ERR(nbd)) {
|
2022-07-23 08:24:27 +00:00
|
|
|
pr_err("failed to add new device\n");
|
2021-08-11 12:44:28 +00:00
|
|
|
return PTR_ERR(nbd);
|
|
|
|
}
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
mutex_lock(&nbd->config_lock);
|
|
|
|
if (refcount_read(&nbd->config_refs)) {
|
|
|
|
mutex_unlock(&nbd->config_lock);
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:00 +00:00
|
|
|
if (index == -1)
|
|
|
|
goto again;
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("nbd%d already in use\n", index);
|
2017-04-06 21:02:00 +00:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
2023-11-16 16:23:14 +00:00
|
|
|
|
|
|
|
ret = nbd_alloc_and_init_config(nbd);
|
|
|
|
if (ret) {
|
2017-04-06 21:02:00 +00:00
|
|
|
mutex_unlock(&nbd->config_lock);
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("couldn't allocate config\n");
|
2023-11-16 16:23:14 +00:00
|
|
|
return ret;
|
2017-04-06 21:02:00 +00:00
|
|
|
}
|
|
|
|
|
2023-11-16 16:23:14 +00:00
|
|
|
config = nbd->config;
|
|
|
|
set_bit(NBD_RT_BOUND, &config->runtime_flags);
|
2019-05-29 20:16:06 +00:00
|
|
|
ret = nbd_genl_size_set(info, nbd);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
2019-08-13 16:39:49 +00:00
|
|
|
if (info->attrs[NBD_ATTR_TIMEOUT])
|
|
|
|
nbd_set_cmd_timeout(nbd,
|
|
|
|
nla_get_u64(info->attrs[NBD_ATTR_TIMEOUT]));
|
2017-04-06 21:02:04 +00:00
|
|
|
if (info->attrs[NBD_ATTR_DEAD_CONN_TIMEOUT]) {
|
|
|
|
config->dead_conn_timeout =
|
|
|
|
nla_get_u64(info->attrs[NBD_ATTR_DEAD_CONN_TIMEOUT]);
|
|
|
|
config->dead_conn_timeout *= HZ;
|
|
|
|
}
|
2017-04-06 21:02:00 +00:00
|
|
|
if (info->attrs[NBD_ATTR_SERVER_FLAGS])
|
|
|
|
config->flags =
|
|
|
|
nla_get_u64(info->attrs[NBD_ATTR_SERVER_FLAGS]);
|
2017-04-06 21:02:07 +00:00
|
|
|
if (info->attrs[NBD_ATTR_CLIENT_FLAGS]) {
|
|
|
|
u64 flags = nla_get_u64(info->attrs[NBD_ATTR_CLIENT_FLAGS]);
|
|
|
|
if (flags & NBD_CFLAG_DESTROY_ON_DISCONNECT) {
|
2021-02-22 20:09:53 +00:00
|
|
|
/*
|
|
|
|
* We have 1 ref to keep the device around, and then 1
|
|
|
|
* ref for our current operation here, which will be
|
|
|
|
* inherited by the config. If we already have
|
|
|
|
* DESTROY_ON_DISCONNECT set then we know we don't have
|
|
|
|
* that extra ref already held so we don't need the
|
|
|
|
* put_dev.
|
|
|
|
*/
|
|
|
|
if (!test_and_set_bit(NBD_DESTROY_ON_DISCONNECT,
|
|
|
|
&nbd->flags))
|
|
|
|
put_dev = true;
|
2019-09-17 11:56:06 +00:00
|
|
|
} else {
|
2021-02-22 20:09:53 +00:00
|
|
|
if (test_and_clear_bit(NBD_DESTROY_ON_DISCONNECT,
|
|
|
|
&nbd->flags))
|
|
|
|
refcount_inc(&nbd->refs);
|
2017-04-06 21:02:07 +00:00
|
|
|
}
|
2018-06-15 21:05:32 +00:00
|
|
|
if (flags & NBD_CFLAG_DISCONNECT_ON_CLOSE) {
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_DISCONNECT_ON_CLOSE,
|
2018-06-15 21:05:32 +00:00
|
|
|
&config->runtime_flags);
|
|
|
|
}
|
2017-04-06 21:02:07 +00:00
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
if (info->attrs[NBD_ATTR_SOCKETS]) {
|
|
|
|
struct nlattr *attr;
|
|
|
|
int rem, fd;
|
|
|
|
|
|
|
|
nla_for_each_nested(attr, info->attrs[NBD_ATTR_SOCKETS],
|
|
|
|
rem) {
|
|
|
|
struct nlattr *socks[NBD_SOCK_MAX+1];
|
|
|
|
|
|
|
|
if (nla_type(attr) != NBD_SOCK_ITEM) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("socks must be embedded in a SOCK_ITEM attr\n");
|
2017-04-06 21:02:00 +00:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 12:07:28 +00:00
|
|
|
ret = nla_parse_nested_deprecated(socks, NBD_SOCK_MAX,
|
|
|
|
attr,
|
|
|
|
nbd_sock_policy,
|
|
|
|
info->extack);
|
2017-04-06 21:02:00 +00:00
|
|
|
if (ret != 0) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("error processing sock list\n");
|
2017-04-06 21:02:00 +00:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (!socks[NBD_SOCK_FD])
|
|
|
|
continue;
|
|
|
|
fd = (int)nla_get_u32(socks[NBD_SOCK_FD]);
|
|
|
|
ret = nbd_add_socket(nbd, fd, true);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ret = nbd_start_device(nbd);
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
if (info->attrs[NBD_ATTR_BACKEND_IDENTIFIER]) {
|
|
|
|
nbd->backend = nla_strdup(info->attrs[NBD_ATTR_BACKEND_IDENTIFIER],
|
|
|
|
GFP_KERNEL);
|
|
|
|
if (!nbd->backend) {
|
|
|
|
ret = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ret = device_create_file(disk_to_dev(nbd->disk), &backend_attr);
|
|
|
|
if (ret) {
|
|
|
|
dev_err(disk_to_dev(nbd->disk),
|
|
|
|
"device_create_file failed for backend!\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
set_bit(NBD_RT_HAS_BACKEND_FILE, &config->runtime_flags);
|
2017-04-06 21:02:00 +00:00
|
|
|
out:
|
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
if (!ret) {
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_HAS_CONFIG_REF, &config->runtime_flags);
|
2017-04-06 21:02:00 +00:00
|
|
|
refcount_inc(&nbd->config_refs);
|
|
|
|
nbd_connect_reply(info, nbd->index);
|
|
|
|
}
|
|
|
|
nbd_config_put(nbd);
|
2017-04-06 21:02:07 +00:00
|
|
|
if (put_dev)
|
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:00 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-06-15 21:05:32 +00:00
|
|
|
static void nbd_disconnect_and_put(struct nbd_device *nbd)
|
|
|
|
{
|
|
|
|
mutex_lock(&nbd->config_lock);
|
|
|
|
nbd_disconnect(nbd);
|
2021-08-13 15:13:30 +00:00
|
|
|
sock_shutdown(nbd);
|
2022-03-22 08:06:39 +00:00
|
|
|
wake_up(&nbd->config->conn_wait);
|
2019-08-04 19:10:06 +00:00
|
|
|
/*
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
* Make sure recv thread has finished, we can safely call nbd_clear_que()
|
2021-08-13 15:13:30 +00:00
|
|
|
* to cancel the inflight I/Os.
|
2019-08-04 19:10:06 +00:00
|
|
|
*/
|
nbd: Fix hungtask when nbd_config_put
I got follow issue:
[ 247.381177] INFO: task kworker/u10:0:47 blocked for more than 120 seconds.
[ 247.382644] Not tainted 4.19.90-dirty #140
[ 247.383502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.385027] Call Trace:
[ 247.388384] schedule+0xb8/0x3c0
[ 247.388966] schedule_timeout+0x2b4/0x380
[ 247.392815] wait_for_completion+0x367/0x510
[ 247.397713] flush_workqueue+0x32b/0x1340
[ 247.402700] drain_workqueue+0xda/0x3c0
[ 247.403442] destroy_workqueue+0x7b/0x690
[ 247.405014] nbd_config_put.cold+0x2f9/0x5b6
[ 247.405823] recv_work+0x1fd/0x2b0
[ 247.406485] process_one_work+0x70b/0x1610
[ 247.407262] worker_thread+0x5a9/0x1060
[ 247.408699] kthread+0x35e/0x430
[ 247.410918] ret_from_fork+0x1f/0x30
We can reproduce issue as follows:
1. Inject memory fault in nbd_start_device
-1244,10 +1248,18 @@ static int nbd_start_device(struct nbd_device *nbd)
nbd_dev_dbg_init(nbd);
for (i = 0; i < num_connections; i++) {
struct recv_thread_args *args;
-
- args = kzalloc(sizeof(*args), GFP_KERNEL);
+
+ if (i == 1) {
+ args = NULL;
+ printk("%s: inject malloc error\n", __func__);
+ }
+ else
+ args = kzalloc(sizeof(*args), GFP_KERNEL);
2. Inject delay in recv_work
-757,6 +760,8 @@ static void recv_work(struct work_struct *work)
blk_mq_complete_request(blk_mq_rq_from_pdu(cmd));
}
+ printk("%s: comm=%s pid=%d\n", __func__, current->comm, current->pid);
+ mdelay(5 * 1000);
nbd_config_put(nbd);
atomic_dec(&config->recv_threads);
wake_up(&config->recv_wq);
3. Create nbd server
nbd-server 8000 /tmp/disk
4. Create nbd client
nbd-client localhost 8000 /dev/nbd1
Then will trigger above issue.
Reason is when add delay in recv_work, lead to release the last reference
of 'nbd->config_refs'. nbd_config_put will call flush_workqueue to make
all work finish. Obviously, it will lead to deadloop.
To solve this issue, according to Josef's suggestion move 'recv_work'
init from start device to nbd_dev_add, then destroy 'recv_work'when
nbd device teardown.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20211102015237.2309763-5-yebin10@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-11-02 01:52:37 +00:00
|
|
|
flush_workqueue(nbd->recv_workq);
|
2021-08-13 15:13:30 +00:00
|
|
|
nbd_clear_que(nbd);
|
|
|
|
nbd->task_setup = NULL;
|
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
|
2019-09-17 11:56:05 +00:00
|
|
|
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
|
2018-06-15 21:05:32 +00:00
|
|
|
&nbd->config->runtime_flags))
|
|
|
|
nbd_config_put(nbd);
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static int nbd_genl_disconnect(struct sk_buff *skb, struct genl_info *info)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd;
|
|
|
|
int index;
|
|
|
|
|
|
|
|
if (!netlink_capable(skb, CAP_SYS_ADMIN))
|
|
|
|
return -EPERM;
|
|
|
|
|
2023-02-24 02:13:01 +00:00
|
|
|
if (GENL_REQ_ATTR_CHECK(info, NBD_ATTR_INDEX)) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("must specify an index to disconnect\n");
|
2017-04-06 21:02:00 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
|
|
|
|
mutex_lock(&nbd_index_mutex);
|
|
|
|
nbd = idr_find(&nbd_index_idr, index);
|
|
|
|
if (!nbd) {
|
2017-04-06 21:02:06 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("couldn't find device at index %d\n", index);
|
2017-04-06 21:02:00 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2017-04-06 21:02:06 +00:00
|
|
|
if (!refcount_inc_not_zero(&nbd->refs)) {
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("device at index %d is going down\n", index);
|
2017-04-06 21:02:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2021-05-12 11:43:31 +00:00
|
|
|
if (!refcount_inc_not_zero(&nbd->config_refs))
|
|
|
|
goto put_nbd;
|
2018-06-15 21:05:32 +00:00
|
|
|
nbd_disconnect_and_put(nbd);
|
2017-04-06 21:02:00 +00:00
|
|
|
nbd_config_put(nbd);
|
2021-05-12 11:43:31 +00:00
|
|
|
put_nbd:
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:00 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:01 +00:00
|
|
|
static int nbd_genl_reconfigure(struct sk_buff *skb, struct genl_info *info)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd = NULL;
|
|
|
|
struct nbd_config *config;
|
|
|
|
int index;
|
2018-06-15 21:05:32 +00:00
|
|
|
int ret = 0;
|
2017-04-06 21:02:07 +00:00
|
|
|
bool put_dev = false;
|
2017-04-06 21:02:01 +00:00
|
|
|
|
|
|
|
if (!netlink_capable(skb, CAP_SYS_ADMIN))
|
|
|
|
return -EPERM;
|
|
|
|
|
2023-02-24 02:13:01 +00:00
|
|
|
if (GENL_REQ_ATTR_CHECK(info, NBD_ATTR_INDEX)) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("must specify a device to reconfigure\n");
|
2017-04-06 21:02:01 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
|
|
|
|
mutex_lock(&nbd_index_mutex);
|
|
|
|
nbd = idr_find(&nbd_index_idr, index);
|
|
|
|
if (!nbd) {
|
2017-04-06 21:02:06 +00:00
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("couldn't find a device at index %d\n", index);
|
2017-04-06 21:02:01 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
nbd: provide a way for userspace processes to identify device backends
Problem:
On reconfigure of device, there is no way to defend if the backend
storage is matching with the initial backend storage.
Say, if an initial connect request for backend "pool1/image1" got
mapped to /dev/nbd0 and the userspace process is terminated. A next
reconfigure request within NBD_ATTR_DEAD_CONN_TIMEOUT is allowed to
use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill -9 rbd-nbd
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Solution:
Provide a way for userspace processes to keep some metadata to identify
between the device and the backend, so that when a reconfigure request is
made, we can compare and avoid such dangerous operations.
With this solution, as part of the initial connect request, backend
path can be stored in the sysfs per device config, so that on a reconfigure
request it's easy to check if the backend path matches with the initial
connect backend path.
Please note, ioctl interface to nbd will not have these changes, as there
won't be any reconfigure.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210429102828.31248-1-prasanna.kalever@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-29 10:28:28 +00:00
|
|
|
if (nbd->backend) {
|
|
|
|
if (info->attrs[NBD_ATTR_BACKEND_IDENTIFIER]) {
|
|
|
|
if (nla_strcmp(info->attrs[NBD_ATTR_BACKEND_IDENTIFIER],
|
|
|
|
nbd->backend)) {
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
|
|
|
dev_err(nbd_to_dev(nbd),
|
|
|
|
"backend image doesn't match with %s\n",
|
|
|
|
nbd->backend);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
|
|
|
dev_err(nbd_to_dev(nbd), "must specify backend\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
2017-04-06 21:02:06 +00:00
|
|
|
if (!refcount_inc_not_zero(&nbd->refs)) {
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("device at index %d is going down\n", index);
|
2017-04-06 21:02:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
2017-04-06 21:02:01 +00:00
|
|
|
|
2023-11-16 16:23:15 +00:00
|
|
|
config = nbd_get_config_unlocked(nbd);
|
|
|
|
if (!config) {
|
2017-04-06 21:02:01 +00:00
|
|
|
dev_err(nbd_to_dev(nbd),
|
|
|
|
"not configured, cannot reconfigure\n");
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:01 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
mutex_lock(&nbd->config_lock);
|
2019-09-17 11:56:05 +00:00
|
|
|
if (!test_bit(NBD_RT_BOUND, &config->runtime_flags) ||
|
2021-10-20 07:39:59 +00:00
|
|
|
!nbd->pid) {
|
2017-04-06 21:02:01 +00:00
|
|
|
dev_err(nbd_to_dev(nbd),
|
|
|
|
"not configured, cannot reconfigure\n");
|
2018-06-15 21:05:32 +00:00
|
|
|
ret = -EINVAL;
|
2017-04-06 21:02:01 +00:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2019-05-29 20:16:06 +00:00
|
|
|
ret = nbd_genl_size_set(info, nbd);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
2019-08-13 16:39:49 +00:00
|
|
|
if (info->attrs[NBD_ATTR_TIMEOUT])
|
|
|
|
nbd_set_cmd_timeout(nbd,
|
|
|
|
nla_get_u64(info->attrs[NBD_ATTR_TIMEOUT]));
|
2017-04-06 21:02:04 +00:00
|
|
|
if (info->attrs[NBD_ATTR_DEAD_CONN_TIMEOUT]) {
|
|
|
|
config->dead_conn_timeout =
|
|
|
|
nla_get_u64(info->attrs[NBD_ATTR_DEAD_CONN_TIMEOUT]);
|
|
|
|
config->dead_conn_timeout *= HZ;
|
|
|
|
}
|
2017-04-06 21:02:07 +00:00
|
|
|
if (info->attrs[NBD_ATTR_CLIENT_FLAGS]) {
|
|
|
|
u64 flags = nla_get_u64(info->attrs[NBD_ATTR_CLIENT_FLAGS]);
|
|
|
|
if (flags & NBD_CFLAG_DESTROY_ON_DISCONNECT) {
|
2021-02-22 20:09:53 +00:00
|
|
|
if (!test_and_set_bit(NBD_DESTROY_ON_DISCONNECT,
|
|
|
|
&nbd->flags))
|
2017-04-06 21:02:07 +00:00
|
|
|
put_dev = true;
|
|
|
|
} else {
|
2021-02-22 20:09:53 +00:00
|
|
|
if (test_and_clear_bit(NBD_DESTROY_ON_DISCONNECT,
|
|
|
|
&nbd->flags))
|
2017-04-06 21:02:07 +00:00
|
|
|
refcount_inc(&nbd->refs);
|
|
|
|
}
|
2018-06-15 21:05:32 +00:00
|
|
|
|
|
|
|
if (flags & NBD_CFLAG_DISCONNECT_ON_CLOSE) {
|
2019-09-17 11:56:05 +00:00
|
|
|
set_bit(NBD_RT_DISCONNECT_ON_CLOSE,
|
2018-06-15 21:05:32 +00:00
|
|
|
&config->runtime_flags);
|
|
|
|
} else {
|
2019-09-17 11:56:05 +00:00
|
|
|
clear_bit(NBD_RT_DISCONNECT_ON_CLOSE,
|
2018-06-15 21:05:32 +00:00
|
|
|
&config->runtime_flags);
|
|
|
|
}
|
2017-04-06 21:02:07 +00:00
|
|
|
}
|
2017-04-06 21:02:01 +00:00
|
|
|
|
|
|
|
if (info->attrs[NBD_ATTR_SOCKETS]) {
|
|
|
|
struct nlattr *attr;
|
|
|
|
int rem, fd;
|
|
|
|
|
|
|
|
nla_for_each_nested(attr, info->attrs[NBD_ATTR_SOCKETS],
|
|
|
|
rem) {
|
|
|
|
struct nlattr *socks[NBD_SOCK_MAX+1];
|
|
|
|
|
|
|
|
if (nla_type(attr) != NBD_SOCK_ITEM) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("socks must be embedded in a SOCK_ITEM attr\n");
|
2017-04-06 21:02:01 +00:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 12:07:28 +00:00
|
|
|
ret = nla_parse_nested_deprecated(socks, NBD_SOCK_MAX,
|
|
|
|
attr,
|
|
|
|
nbd_sock_policy,
|
|
|
|
info->extack);
|
2017-04-06 21:02:01 +00:00
|
|
|
if (ret != 0) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("error processing sock list\n");
|
2017-04-06 21:02:01 +00:00
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (!socks[NBD_SOCK_FD])
|
|
|
|
continue;
|
|
|
|
fd = (int)nla_get_u32(socks[NBD_SOCK_FD]);
|
|
|
|
ret = nbd_reconnect_socket(nbd, fd);
|
|
|
|
if (ret) {
|
|
|
|
if (ret == -ENOSPC)
|
|
|
|
ret = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
dev_info(nbd_to_dev(nbd), "reconnected socket\n");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
mutex_unlock(&nbd->config_lock);
|
|
|
|
nbd_config_put(nbd);
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:07 +00:00
|
|
|
if (put_dev)
|
|
|
|
nbd_put(nbd);
|
2017-04-06 21:02:01 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-10-02 21:49:54 +00:00
|
|
|
static const struct genl_small_ops nbd_connect_genl_ops[] = {
|
2017-04-06 21:02:00 +00:00
|
|
|
{
|
|
|
|
.cmd = NBD_CMD_CONNECT,
|
2019-04-26 12:07:31 +00:00
|
|
|
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
|
2017-04-06 21:02:00 +00:00
|
|
|
.doit = nbd_genl_connect,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.cmd = NBD_CMD_DISCONNECT,
|
2019-04-26 12:07:31 +00:00
|
|
|
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
|
2017-04-06 21:02:00 +00:00
|
|
|
.doit = nbd_genl_disconnect,
|
|
|
|
},
|
2017-04-06 21:02:01 +00:00
|
|
|
{
|
|
|
|
.cmd = NBD_CMD_RECONFIGURE,
|
2019-04-26 12:07:31 +00:00
|
|
|
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
|
2017-04-06 21:02:01 +00:00
|
|
|
.doit = nbd_genl_reconfigure,
|
|
|
|
},
|
2017-04-06 21:02:05 +00:00
|
|
|
{
|
|
|
|
.cmd = NBD_CMD_STATUS,
|
2019-04-26 12:07:31 +00:00
|
|
|
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
|
2017-04-06 21:02:05 +00:00
|
|
|
.doit = nbd_genl_status,
|
|
|
|
},
|
2017-04-06 21:02:00 +00:00
|
|
|
};
|
|
|
|
|
2017-04-06 21:02:02 +00:00
|
|
|
static const struct genl_multicast_group nbd_mcast_grps[] = {
|
|
|
|
{ .name = NBD_GENL_MCAST_GROUP_NAME, },
|
|
|
|
};
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static struct genl_family nbd_genl_family __ro_after_init = {
|
|
|
|
.hdrsize = 0,
|
|
|
|
.name = NBD_GENL_FAMILY_NAME,
|
|
|
|
.version = NBD_GENL_VERSION,
|
|
|
|
.module = THIS_MODULE,
|
2020-10-02 21:49:54 +00:00
|
|
|
.small_ops = nbd_connect_genl_ops,
|
|
|
|
.n_small_ops = ARRAY_SIZE(nbd_connect_genl_ops),
|
2022-08-25 00:18:30 +00:00
|
|
|
.resv_start_op = NBD_CMD_STATUS + 1,
|
2017-04-06 21:02:00 +00:00
|
|
|
.maxattr = NBD_ATTR_MAX,
|
2023-02-24 02:13:00 +00:00
|
|
|
.netnsok = 1,
|
genetlink: make policy common to family
Since maxattr is common, the policy can't really differ sanely,
so make it common as well.
The only user that did in fact manage to make a non-common policy
is taskstats, which has to be really careful about it (since it's
still using a common maxattr!). This is no longer supported, but
we can fake it using pre_doit.
This reduces the size of e.g. nl80211.o (which has lots of commands):
text data bss dec hex filename
398745 14323 2240 415308 6564c net/wireless/nl80211.o (before)
397913 14331 2240 414484 65314 net/wireless/nl80211.o (after)
--------------------------------
-832 +8 0 -824
Which is obviously just 8 bytes for each command, and an added 8
bytes for the new policy pointer. I'm not sure why the ops list is
counted as .text though.
Most of the code transformations were done using the following spatch:
@ops@
identifier OPS;
expression POLICY;
@@
struct genl_ops OPS[] = {
...,
{
- .policy = POLICY,
},
...
};
@@
identifier ops.OPS;
expression ops.POLICY;
identifier fam;
expression M;
@@
struct genl_family fam = {
.ops = OPS,
.maxattr = M,
+ .policy = POLICY,
...
};
This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
the cb->data as ops, which we want to change in a later genl patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-21 21:51:02 +00:00
|
|
|
.policy = nbd_attr_policy,
|
2017-04-06 21:02:02 +00:00
|
|
|
.mcgrps = nbd_mcast_grps,
|
|
|
|
.n_mcgrps = ARRAY_SIZE(nbd_mcast_grps),
|
2017-04-06 21:02:00 +00:00
|
|
|
};
|
2023-07-13 19:29:35 +00:00
|
|
|
MODULE_ALIAS_GENL_FAMILY(NBD_GENL_FAMILY_NAME);
|
2017-04-06 21:02:00 +00:00
|
|
|
|
2017-04-06 21:02:05 +00:00
|
|
|
static int populate_nbd_status(struct nbd_device *nbd, struct sk_buff *reply)
|
|
|
|
{
|
|
|
|
struct nlattr *dev_opt;
|
|
|
|
u8 connected = 0;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
/* This is a little racey, but for status it's ok. The
|
|
|
|
* reason we don't take a ref here is because we can't
|
|
|
|
* take a ref in the index == -1 case as we would need
|
|
|
|
* to put under the nbd_index_mutex, which could
|
|
|
|
* deadlock if we are configured to remove ourselves
|
|
|
|
* once we're disconnected.
|
|
|
|
*/
|
|
|
|
if (refcount_read(&nbd->config_refs))
|
|
|
|
connected = 1;
|
2019-04-26 09:13:06 +00:00
|
|
|
dev_opt = nla_nest_start_noflag(reply, NBD_DEVICE_ITEM);
|
2017-04-06 21:02:05 +00:00
|
|
|
if (!dev_opt)
|
|
|
|
return -EMSGSIZE;
|
|
|
|
ret = nla_put_u32(reply, NBD_DEVICE_INDEX, nbd->index);
|
|
|
|
if (ret)
|
|
|
|
return -EMSGSIZE;
|
|
|
|
ret = nla_put_u8(reply, NBD_DEVICE_CONNECTED,
|
|
|
|
connected);
|
|
|
|
if (ret)
|
|
|
|
return -EMSGSIZE;
|
|
|
|
nla_nest_end(reply, dev_opt);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int status_cb(int id, void *ptr, void *data)
|
|
|
|
{
|
|
|
|
struct nbd_device *nbd = ptr;
|
|
|
|
return populate_nbd_status(nbd, (struct sk_buff *)data);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int nbd_genl_status(struct sk_buff *skb, struct genl_info *info)
|
|
|
|
{
|
|
|
|
struct nlattr *dev_list;
|
|
|
|
struct sk_buff *reply;
|
|
|
|
void *reply_head;
|
|
|
|
size_t msg_size;
|
|
|
|
int index = -1;
|
|
|
|
int ret = -ENOMEM;
|
|
|
|
|
|
|
|
if (info->attrs[NBD_ATTR_INDEX])
|
|
|
|
index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
|
|
|
|
|
|
|
|
mutex_lock(&nbd_index_mutex);
|
|
|
|
|
|
|
|
msg_size = nla_total_size(nla_attr_size(sizeof(u32)) +
|
|
|
|
nla_attr_size(sizeof(u8)));
|
|
|
|
msg_size *= (index == -1) ? nbd_total_devices : 1;
|
|
|
|
|
|
|
|
reply = genlmsg_new(msg_size, GFP_KERNEL);
|
|
|
|
if (!reply)
|
|
|
|
goto out;
|
|
|
|
reply_head = genlmsg_put_reply(reply, info, &nbd_genl_family, 0,
|
|
|
|
NBD_CMD_STATUS);
|
|
|
|
if (!reply_head) {
|
|
|
|
nlmsg_free(reply);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2019-04-26 09:13:06 +00:00
|
|
|
dev_list = nla_nest_start_noflag(reply, NBD_ATTR_DEVICE_LIST);
|
2024-02-18 04:25:38 +00:00
|
|
|
if (!dev_list) {
|
|
|
|
nlmsg_free(reply);
|
|
|
|
ret = -EMSGSIZE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:05 +00:00
|
|
|
if (index == -1) {
|
|
|
|
ret = idr_for_each(&nbd_index_idr, &status_cb, reply);
|
|
|
|
if (ret) {
|
|
|
|
nlmsg_free(reply);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
struct nbd_device *nbd;
|
|
|
|
nbd = idr_find(&nbd_index_idr, index);
|
|
|
|
if (nbd) {
|
|
|
|
ret = populate_nbd_status(nbd, reply);
|
|
|
|
if (ret) {
|
|
|
|
nlmsg_free(reply);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
nla_nest_end(reply, dev_list);
|
|
|
|
genlmsg_end(reply, reply_head);
|
2019-02-19 05:14:07 +00:00
|
|
|
ret = genlmsg_reply(reply, info);
|
2017-04-06 21:02:05 +00:00
|
|
|
out:
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
static void nbd_connect_reply(struct genl_info *info, int index)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
void *msg_head;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
skb = genlmsg_new(nla_total_size(sizeof(u32)), GFP_KERNEL);
|
|
|
|
if (!skb)
|
|
|
|
return;
|
|
|
|
msg_head = genlmsg_put_reply(skb, info, &nbd_genl_family, 0,
|
|
|
|
NBD_CMD_CONNECT);
|
|
|
|
if (!msg_head) {
|
|
|
|
nlmsg_free(skb);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
ret = nla_put_u32(skb, NBD_ATTR_INDEX, index);
|
|
|
|
if (ret) {
|
|
|
|
nlmsg_free(skb);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
genlmsg_end(skb, msg_head);
|
|
|
|
genlmsg_reply(skb, info);
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-04-06 21:02:02 +00:00
|
|
|
static void nbd_mcast_index(int index)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
void *msg_head;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
skb = genlmsg_new(nla_total_size(sizeof(u32)), GFP_KERNEL);
|
|
|
|
if (!skb)
|
|
|
|
return;
|
|
|
|
msg_head = genlmsg_put(skb, 0, 0, &nbd_genl_family, 0,
|
|
|
|
NBD_CMD_LINK_DEAD);
|
|
|
|
if (!msg_head) {
|
|
|
|
nlmsg_free(skb);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
ret = nla_put_u32(skb, NBD_ATTR_INDEX, index);
|
|
|
|
if (ret) {
|
|
|
|
nlmsg_free(skb);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
genlmsg_end(skb, msg_head);
|
|
|
|
genlmsg_multicast(&nbd_genl_family, skb, 0, 0, GFP_KERNEL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nbd_dead_link_work(struct work_struct *work)
|
|
|
|
{
|
|
|
|
struct link_dead_args *args = container_of(work, struct link_dead_args,
|
|
|
|
work);
|
|
|
|
nbd_mcast_index(args->index);
|
|
|
|
kfree(args);
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
static int __init nbd_init(void)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2006-03-25 11:07:04 +00:00
|
|
|
BUILD_BUG_ON(sizeof(struct nbd_request) != 28);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
NBD: add partition support
Permit the use of partitions with network block devices (NBD).
A new parameter is introduced to define how many partition we want to be able
to manage per network block device. This parameter is "max_part".
For instance, to manage 63 partitions / loop device, we will do:
[on the server side]
# nbd-server 1234 /dev/sdb
[on the client side]
# modprobe nbd max_part=63
# ls -l /dev/nbd*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:14 /dev/nbd0
brw-rw---- 1 root disk 43, 64 2008-03-25 11:11 /dev/nbd1
brw-rw---- 1 root disk 43, 640 2008-03-25 11:11 /dev/nbd10
brw-rw---- 1 root disk 43, 704 2008-03-25 11:11 /dev/nbd11
brw-rw---- 1 root disk 43, 768 2008-03-25 11:11 /dev/nbd12
brw-rw---- 1 root disk 43, 832 2008-03-25 11:11 /dev/nbd13
brw-rw---- 1 root disk 43, 896 2008-03-25 11:11 /dev/nbd14
brw-rw---- 1 root disk 43, 960 2008-03-25 11:11 /dev/nbd15
brw-rw---- 1 root disk 43, 128 2008-03-25 11:11 /dev/nbd2
brw-rw---- 1 root disk 43, 192 2008-03-25 11:11 /dev/nbd3
brw-rw---- 1 root disk 43, 256 2008-03-25 11:11 /dev/nbd4
brw-rw---- 1 root disk 43, 320 2008-03-25 11:11 /dev/nbd5
brw-rw---- 1 root disk 43, 384 2008-03-25 11:11 /dev/nbd6
brw-rw---- 1 root disk 43, 448 2008-03-25 11:11 /dev/nbd7
brw-rw---- 1 root disk 43, 512 2008-03-25 11:11 /dev/nbd8
brw-rw---- 1 root disk 43, 576 2008-03-25 11:11 /dev/nbd9
# nbd-client localhost 1234 /dev/nbd0
Negotiation: ..size = 80418240KB
bs=1024, sz=80418240
-------NOTE, RFC: partition table is not automatically read.
The driver sets bdev->bd_invalidated to 1 to force the read of the partition
table of the device, but this is done only on an open of the device.
So we have to do a "touch /dev/nbdX" or something like that.
It can't be done from the nbd-client or nbd driver because at this
level we can't ask to read the partition table and to serve the request
at the same time (-> deadlock)
If someone has a better idea, I'm open to any suggestion.
-------NOTE, RFC
# fdisk -l /dev/nbd0
Disk /dev/nbd0: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/nbd0p1 * 1 9965 80043831 83 Linux
/dev/nbd0p2 9966 10011 369495 5 Extended
/dev/nbd0p5 9966 10011 369463+ 82 Linux swap / Solaris
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
brw-rw---- 1 root disk 43, 1 2008-03-25 11:16 /dev/nbd0p1
brw-rw---- 1 root disk 43, 2 2008-03-25 11:16 /dev/nbd0p2
brw-rw---- 1 root disk 43, 5 2008-03-25 11:16 /dev/nbd0p5
# mount /dev/nbd0p1 /mnt
# ls /mnt
bin dev initrd lost+found opt sbin sys var
boot etc initrd.img media proc selinux tmp vmlinuz
cdrom home lib mnt root srv usr
# umount /mnt
# nbd-client -d /dev/nbd0
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
-------NOTE
On "nbd-client -d", we can do an iocl(BLKRRPART) to update partition table:
as the size of the device is 0, we don't have to serve the partition manager
request (-> no deadlock).
-------NOTE
Signed-off-by: Paul Clements <paul.clements@steeleye.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:02:51 +00:00
|
|
|
if (max_part < 0) {
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("max_part must be >= 0\n");
|
NBD: add partition support
Permit the use of partitions with network block devices (NBD).
A new parameter is introduced to define how many partition we want to be able
to manage per network block device. This parameter is "max_part".
For instance, to manage 63 partitions / loop device, we will do:
[on the server side]
# nbd-server 1234 /dev/sdb
[on the client side]
# modprobe nbd max_part=63
# ls -l /dev/nbd*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:14 /dev/nbd0
brw-rw---- 1 root disk 43, 64 2008-03-25 11:11 /dev/nbd1
brw-rw---- 1 root disk 43, 640 2008-03-25 11:11 /dev/nbd10
brw-rw---- 1 root disk 43, 704 2008-03-25 11:11 /dev/nbd11
brw-rw---- 1 root disk 43, 768 2008-03-25 11:11 /dev/nbd12
brw-rw---- 1 root disk 43, 832 2008-03-25 11:11 /dev/nbd13
brw-rw---- 1 root disk 43, 896 2008-03-25 11:11 /dev/nbd14
brw-rw---- 1 root disk 43, 960 2008-03-25 11:11 /dev/nbd15
brw-rw---- 1 root disk 43, 128 2008-03-25 11:11 /dev/nbd2
brw-rw---- 1 root disk 43, 192 2008-03-25 11:11 /dev/nbd3
brw-rw---- 1 root disk 43, 256 2008-03-25 11:11 /dev/nbd4
brw-rw---- 1 root disk 43, 320 2008-03-25 11:11 /dev/nbd5
brw-rw---- 1 root disk 43, 384 2008-03-25 11:11 /dev/nbd6
brw-rw---- 1 root disk 43, 448 2008-03-25 11:11 /dev/nbd7
brw-rw---- 1 root disk 43, 512 2008-03-25 11:11 /dev/nbd8
brw-rw---- 1 root disk 43, 576 2008-03-25 11:11 /dev/nbd9
# nbd-client localhost 1234 /dev/nbd0
Negotiation: ..size = 80418240KB
bs=1024, sz=80418240
-------NOTE, RFC: partition table is not automatically read.
The driver sets bdev->bd_invalidated to 1 to force the read of the partition
table of the device, but this is done only on an open of the device.
So we have to do a "touch /dev/nbdX" or something like that.
It can't be done from the nbd-client or nbd driver because at this
level we can't ask to read the partition table and to serve the request
at the same time (-> deadlock)
If someone has a better idea, I'm open to any suggestion.
-------NOTE, RFC
# fdisk -l /dev/nbd0
Disk /dev/nbd0: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/nbd0p1 * 1 9965 80043831 83 Linux
/dev/nbd0p2 9966 10011 369495 5 Extended
/dev/nbd0p5 9966 10011 369463+ 82 Linux swap / Solaris
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
brw-rw---- 1 root disk 43, 1 2008-03-25 11:16 /dev/nbd0p1
brw-rw---- 1 root disk 43, 2 2008-03-25 11:16 /dev/nbd0p2
brw-rw---- 1 root disk 43, 5 2008-03-25 11:16 /dev/nbd0p5
# mount /dev/nbd0p1 /mnt
# ls /mnt
bin dev initrd lost+found opt sbin sys var
boot etc initrd.img media proc selinux tmp vmlinuz
cdrom home lib mnt root srv usr
# umount /mnt
# nbd-client -d /dev/nbd0
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
-------NOTE
On "nbd-client -d", we can do an iocl(BLKRRPART) to update partition table:
as the size of the device is 0, we don't have to serve the partition manager
request (-> no deadlock).
-------NOTE
Signed-off-by: Paul Clements <paul.clements@steeleye.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:02:51 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
part_shift = 0;
|
2011-05-28 12:44:46 +00:00
|
|
|
if (max_part > 0) {
|
NBD: add partition support
Permit the use of partitions with network block devices (NBD).
A new parameter is introduced to define how many partition we want to be able
to manage per network block device. This parameter is "max_part".
For instance, to manage 63 partitions / loop device, we will do:
[on the server side]
# nbd-server 1234 /dev/sdb
[on the client side]
# modprobe nbd max_part=63
# ls -l /dev/nbd*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:14 /dev/nbd0
brw-rw---- 1 root disk 43, 64 2008-03-25 11:11 /dev/nbd1
brw-rw---- 1 root disk 43, 640 2008-03-25 11:11 /dev/nbd10
brw-rw---- 1 root disk 43, 704 2008-03-25 11:11 /dev/nbd11
brw-rw---- 1 root disk 43, 768 2008-03-25 11:11 /dev/nbd12
brw-rw---- 1 root disk 43, 832 2008-03-25 11:11 /dev/nbd13
brw-rw---- 1 root disk 43, 896 2008-03-25 11:11 /dev/nbd14
brw-rw---- 1 root disk 43, 960 2008-03-25 11:11 /dev/nbd15
brw-rw---- 1 root disk 43, 128 2008-03-25 11:11 /dev/nbd2
brw-rw---- 1 root disk 43, 192 2008-03-25 11:11 /dev/nbd3
brw-rw---- 1 root disk 43, 256 2008-03-25 11:11 /dev/nbd4
brw-rw---- 1 root disk 43, 320 2008-03-25 11:11 /dev/nbd5
brw-rw---- 1 root disk 43, 384 2008-03-25 11:11 /dev/nbd6
brw-rw---- 1 root disk 43, 448 2008-03-25 11:11 /dev/nbd7
brw-rw---- 1 root disk 43, 512 2008-03-25 11:11 /dev/nbd8
brw-rw---- 1 root disk 43, 576 2008-03-25 11:11 /dev/nbd9
# nbd-client localhost 1234 /dev/nbd0
Negotiation: ..size = 80418240KB
bs=1024, sz=80418240
-------NOTE, RFC: partition table is not automatically read.
The driver sets bdev->bd_invalidated to 1 to force the read of the partition
table of the device, but this is done only on an open of the device.
So we have to do a "touch /dev/nbdX" or something like that.
It can't be done from the nbd-client or nbd driver because at this
level we can't ask to read the partition table and to serve the request
at the same time (-> deadlock)
If someone has a better idea, I'm open to any suggestion.
-------NOTE, RFC
# fdisk -l /dev/nbd0
Disk /dev/nbd0: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/nbd0p1 * 1 9965 80043831 83 Linux
/dev/nbd0p2 9966 10011 369495 5 Extended
/dev/nbd0p5 9966 10011 369463+ 82 Linux swap / Solaris
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
brw-rw---- 1 root disk 43, 1 2008-03-25 11:16 /dev/nbd0p1
brw-rw---- 1 root disk 43, 2 2008-03-25 11:16 /dev/nbd0p2
brw-rw---- 1 root disk 43, 5 2008-03-25 11:16 /dev/nbd0p5
# mount /dev/nbd0p1 /mnt
# ls /mnt
bin dev initrd lost+found opt sbin sys var
boot etc initrd.img media proc selinux tmp vmlinuz
cdrom home lib mnt root srv usr
# umount /mnt
# nbd-client -d /dev/nbd0
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
-------NOTE
On "nbd-client -d", we can do an iocl(BLKRRPART) to update partition table:
as the size of the device is 0, we don't have to serve the partition manager
request (-> no deadlock).
-------NOTE
Signed-off-by: Paul Clements <paul.clements@steeleye.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:02:51 +00:00
|
|
|
part_shift = fls(max_part);
|
|
|
|
|
2011-05-28 12:44:46 +00:00
|
|
|
/*
|
|
|
|
* Adjust max_part according to part_shift as it is exported
|
|
|
|
* to user space so that user can know the max number of
|
|
|
|
* partition kernel should be able to manage.
|
|
|
|
*
|
|
|
|
* Note that -1 is required because partition 0 is reserved
|
|
|
|
* for the whole disk.
|
|
|
|
*/
|
|
|
|
max_part = (1UL << part_shift) - 1;
|
|
|
|
}
|
|
|
|
|
2011-05-28 12:44:46 +00:00
|
|
|
if ((1UL << part_shift) > DISK_MAX_PARTS)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (nbds_max > 1UL << (MINORBITS - part_shift))
|
|
|
|
return -EINVAL;
|
|
|
|
|
2019-08-04 19:10:06 +00:00
|
|
|
if (register_blkdev(NBD_MAJOR, "nbd"))
|
2017-02-01 21:11:40 +00:00
|
|
|
return -EIO;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
nbd_del_wq = alloc_workqueue("nbd-del", WQ_UNBOUND, 0);
|
|
|
|
if (!nbd_del_wq) {
|
|
|
|
unregister_blkdev(NBD_MAJOR, "nbd");
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
2017-04-06 21:02:00 +00:00
|
|
|
if (genl_register_family(&nbd_genl_family)) {
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
destroy_workqueue(nbd_del_wq);
|
2017-04-06 21:02:00 +00:00
|
|
|
unregister_blkdev(NBD_MAJOR, "nbd");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2015-08-17 06:20:06 +00:00
|
|
|
nbd_dbg_init();
|
|
|
|
|
2017-02-01 21:11:40 +00:00
|
|
|
for (i = 0; i < nbds_max; i++)
|
2021-08-11 12:44:28 +00:00
|
|
|
nbd_dev_add(i, 1);
|
2017-02-01 21:11:40 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2017-02-01 21:11:40 +00:00
|
|
|
static int nbd_exit_cb(int id, void *ptr, void *data)
|
|
|
|
{
|
2017-04-06 21:02:06 +00:00
|
|
|
struct list_head *list = (struct list_head *)data;
|
2017-02-01 21:11:40 +00:00
|
|
|
struct nbd_device *nbd = ptr;
|
2017-04-06 21:02:06 +00:00
|
|
|
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
/* Skip nbd that is being removed asynchronously */
|
|
|
|
if (refcount_read(&nbd->refs))
|
|
|
|
list_add_tail(&nbd->list, list);
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit nbd_cleanup(void)
|
|
|
|
{
|
2017-04-06 21:02:06 +00:00
|
|
|
struct nbd_device *nbd;
|
|
|
|
LIST_HEAD(del_list);
|
|
|
|
|
2022-05-21 07:37:44 +00:00
|
|
|
/*
|
|
|
|
* Unregister netlink interface prior to waiting
|
|
|
|
* for the completion of netlink commands.
|
|
|
|
*/
|
|
|
|
genl_unregister_family(&nbd_genl_family);
|
|
|
|
|
2015-08-17 06:20:06 +00:00
|
|
|
nbd_dbg_close();
|
|
|
|
|
2017-04-06 21:02:06 +00:00
|
|
|
mutex_lock(&nbd_index_mutex);
|
|
|
|
idr_for_each(&nbd_index_idr, &nbd_exit_cb, &del_list);
|
|
|
|
mutex_unlock(&nbd_index_mutex);
|
|
|
|
|
2017-04-28 13:49:19 +00:00
|
|
|
while (!list_empty(&del_list)) {
|
|
|
|
nbd = list_first_entry(&del_list, struct nbd_device, list);
|
|
|
|
list_del_init(&nbd->list);
|
2022-05-21 07:37:45 +00:00
|
|
|
if (refcount_read(&nbd->config_refs))
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("possibly leaking nbd_config (ref %d)\n",
|
2022-05-21 07:37:45 +00:00
|
|
|
refcount_read(&nbd->config_refs));
|
2017-04-28 13:49:19 +00:00
|
|
|
if (refcount_read(&nbd->refs) != 1)
|
2022-05-21 07:37:49 +00:00
|
|
|
pr_err("possibly leaking a device\n");
|
2017-04-06 21:02:06 +00:00
|
|
|
nbd_put(nbd);
|
|
|
|
}
|
|
|
|
|
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
Now open_mutex is used to synchronize partition operations (e.g,
blk_drop_partitions() and blkdev_reread_part()), however it makes
nbd driver broken, because nbd may call del_gendisk() in nbd_release()
or nbd_genl_disconnect() if NBD_CFLAG_DESTROY_ON_DISCONNECT is enabled,
and deadlock occurs, as shown below:
// AB-BA dead-lock
nbd_genl_disconnect blkdev_open
nbd_disconnect_and_put
lock bd_mutex
// last ref
nbd_put
lock nbd_index_mutex
del_gendisk
nbd_open
try lock nbd_index_mutex
try lock bd_mutex
or
// AA dead-lock
nbd_release
lock bd_mutex
nbd_put
try lock bd_mutex
Instead of fixing block layer (e.g, introduce another lock), fixing
the nbd driver to call del_gendisk() in a kworker when
NBD_DESTROY_ON_DISCONNECT is enabled. When NBD_DESTROY_ON_DISCONNECT
is disabled, nbd device will always be destroy through module removal,
and there is no risky of deadlock.
To ensure the reuse of nbd index succeeds, moving the calling of
idr_remove() after del_gendisk(), so if the reused index is not found
in nbd_index_idr, the old disk must have been deleted. And reusing
the existing destroy_complete mechanism to ensure nbd_genl_connect()
will wait for the completion of del_gendisk().
Also adding a new workqueue for nbd removal, so nbd_cleanup()
can ensure all removals complete before exits.
Reported-by: syzbot+0fe7752e52337864d29b@syzkaller.appspotmail.com
Fixes: c76f48eb5c08 ("block: take bd_mutex around delete_partitions in del_gendisk")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210811124428.2368491-2-hch@lst.de
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-08-11 12:44:23 +00:00
|
|
|
/* Also wait for nbd_dev_remove_work() completes */
|
|
|
|
destroy_workqueue(nbd_del_wq);
|
|
|
|
|
2017-02-01 21:11:40 +00:00
|
|
|
idr_destroy(&nbd_index_idr);
|
2005-04-16 22:20:36 +00:00
|
|
|
unregister_blkdev(NBD_MAJOR, "nbd");
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(nbd_init);
|
|
|
|
module_exit(nbd_cleanup);
|
|
|
|
|
|
|
|
MODULE_DESCRIPTION("Network Block Device");
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
|
2005-05-01 15:59:07 +00:00
|
|
|
module_param(nbds_max, int, 0444);
|
NBD: add partition support
Permit the use of partitions with network block devices (NBD).
A new parameter is introduced to define how many partition we want to be able
to manage per network block device. This parameter is "max_part".
For instance, to manage 63 partitions / loop device, we will do:
[on the server side]
# nbd-server 1234 /dev/sdb
[on the client side]
# modprobe nbd max_part=63
# ls -l /dev/nbd*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:14 /dev/nbd0
brw-rw---- 1 root disk 43, 64 2008-03-25 11:11 /dev/nbd1
brw-rw---- 1 root disk 43, 640 2008-03-25 11:11 /dev/nbd10
brw-rw---- 1 root disk 43, 704 2008-03-25 11:11 /dev/nbd11
brw-rw---- 1 root disk 43, 768 2008-03-25 11:11 /dev/nbd12
brw-rw---- 1 root disk 43, 832 2008-03-25 11:11 /dev/nbd13
brw-rw---- 1 root disk 43, 896 2008-03-25 11:11 /dev/nbd14
brw-rw---- 1 root disk 43, 960 2008-03-25 11:11 /dev/nbd15
brw-rw---- 1 root disk 43, 128 2008-03-25 11:11 /dev/nbd2
brw-rw---- 1 root disk 43, 192 2008-03-25 11:11 /dev/nbd3
brw-rw---- 1 root disk 43, 256 2008-03-25 11:11 /dev/nbd4
brw-rw---- 1 root disk 43, 320 2008-03-25 11:11 /dev/nbd5
brw-rw---- 1 root disk 43, 384 2008-03-25 11:11 /dev/nbd6
brw-rw---- 1 root disk 43, 448 2008-03-25 11:11 /dev/nbd7
brw-rw---- 1 root disk 43, 512 2008-03-25 11:11 /dev/nbd8
brw-rw---- 1 root disk 43, 576 2008-03-25 11:11 /dev/nbd9
# nbd-client localhost 1234 /dev/nbd0
Negotiation: ..size = 80418240KB
bs=1024, sz=80418240
-------NOTE, RFC: partition table is not automatically read.
The driver sets bdev->bd_invalidated to 1 to force the read of the partition
table of the device, but this is done only on an open of the device.
So we have to do a "touch /dev/nbdX" or something like that.
It can't be done from the nbd-client or nbd driver because at this
level we can't ask to read the partition table and to serve the request
at the same time (-> deadlock)
If someone has a better idea, I'm open to any suggestion.
-------NOTE, RFC
# fdisk -l /dev/nbd0
Disk /dev/nbd0: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/nbd0p1 * 1 9965 80043831 83 Linux
/dev/nbd0p2 9966 10011 369495 5 Extended
/dev/nbd0p5 9966 10011 369463+ 82 Linux swap / Solaris
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
brw-rw---- 1 root disk 43, 1 2008-03-25 11:16 /dev/nbd0p1
brw-rw---- 1 root disk 43, 2 2008-03-25 11:16 /dev/nbd0p2
brw-rw---- 1 root disk 43, 5 2008-03-25 11:16 /dev/nbd0p5
# mount /dev/nbd0p1 /mnt
# ls /mnt
bin dev initrd lost+found opt sbin sys var
boot etc initrd.img media proc selinux tmp vmlinuz
cdrom home lib mnt root srv usr
# umount /mnt
# nbd-client -d /dev/nbd0
# ls -l /dev/nbd0*
brw-rw---- 1 root disk 43, 0 2008-03-25 11:16 /dev/nbd0
-------NOTE
On "nbd-client -d", we can do an iocl(BLKRRPART) to update partition table:
as the size of the device is 0, we don't have to serve the partition manager
request (-> no deadlock).
-------NOTE
Signed-off-by: Paul Clements <paul.clements@steeleye.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:02:51 +00:00
|
|
|
MODULE_PARM_DESC(nbds_max, "number of network block devices to initialize (default: 16)");
|
|
|
|
module_param(max_part, int, 0444);
|
2017-08-14 18:56:16 +00:00
|
|
|
MODULE_PARM_DESC(max_part, "number of partitions per device (default: 16)");
|