From eb87203b646c27938ecb11d7766c5c98f836241f Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:55:59 +0200 Subject: rbd: Reject -blockdev server.*.{numeric, to, ipv4, ipv6} We use InetSocketAddress in the QAPI schema. However, the code doesn't use inet_connect_saddr(), but formats "host" and "port" into a configuration string for rados_conf_set(). Thus, members "numeric", "to", "ipv4" and "ipv6" are silently ignored. Not nice. Example: -blockdev rbd,node-name=nn,pool=p,image=i,server.0.host=h0,server.0.port=12345,server.0.ipv4=off Factor a suitable InetSocketAddressBase out of InetSocketAddress, and use that. "numeric", "to", "ipv4" and "ipv6" are now rejected. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-2-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- qapi-schema.json | 21 ++++++++++++++------- qapi/block-core.json | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/qapi-schema.json b/qapi-schema.json index 68a43274bf..b921994ae3 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -4051,19 +4051,27 @@ 'data': [ 'all', 'rx', 'tx' ] } ## -# @InetSocketAddress: -# -# Captures a socket address or address range in the Internet namespace. +# @InetSocketAddressBase: # # @host: host part of the address +# @port: port part of the address +## +{ 'struct': 'InetSocketAddressBase', + 'data': { + 'host': 'str', + 'port': 'str' } } + +## +# @InetSocketAddress: # -# @port: port part of the address, or lowest port if @to is present +# Captures a socket address or address range in the Internet namespace. # # @numeric: true if the host/port are guaranteed to be numeric, # false if name resolution should be attempted. Defaults to false. # (Since 2.9) # -# @to: highest port to try +# @to: If present, this is range of possible addresses, with port +# between @port and @to. # # @ipv4: whether to accept IPv4 addresses, default try both IPv4 and IPv6 # @@ -4072,9 +4080,8 @@ # Since: 1.3 ## { 'struct': 'InetSocketAddress', + 'base': 'InetSocketAddressBase', 'data': { - 'host': 'str', - 'port': 'str', '*numeric': 'bool', '*to': 'uint16', '*ipv4': 'bool', diff --git a/qapi/block-core.json b/qapi/block-core.json index 0f132fc995..5d2efe4ea7 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2652,7 +2652,7 @@ '*conf': 'str', '*snapshot': 'str', '*user': 'str', - '*server': ['InetSocketAddress'], + '*server': ['InetSocketAddressBase'], '*auth-supported': ['RbdAuthMethod'], '*password-secret': 'str' } } -- cgit v1.2.3 From f51c363c2ba97af02fedaeb7eaad68f433007382 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:00 +0200 Subject: rbd: Fix to cleanly reject -drive without pool or image qemu_rbd_open() neglects to check pool and image are present. Missing image is caught by rbd_open(), but missing pool crashes. Reproducer: $ qemu-system-x86_64 -nodefaults -drive driver=rbd,id=rbd,image=i,... terminate called after throwing an instance of 'std::logic_error' what(): basic_string::_M_construct null not valid Aborted (core dumped) where ... is a working server.0.{host,port} configuration. Doesn't affect -drive with file=..., because qemu_rbd_parse_filename() always sets both pool and image. Doesn't affect -blockdev, because pool and image are mandatory in the QAPI schema. Fix by adding the missing checks. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-3-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index ee13f3d9d3..5ba2a877d8 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -711,6 +711,12 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, name = qemu_opt_get(opts, "image"); keypairs = qemu_opt_get(opts, "keyvalue-pairs"); + if (!pool || !name) { + error_setg(errp, "Parameters 'pool' and 'image' are required"); + r = -EINVAL; + goto failed_opts; + } + r = rados_create(&s->cluster, clientname); if (r < 0) { error_setg_errno(errp, -r, "error initializing"); @@ -718,9 +724,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, } s->snap = g_strdup(snap); - if (name) { - pstrcpy(s->name, RBD_MAX_IMAGE_NAME_SIZE, name); - } + pstrcpy(s->name, RBD_MAX_IMAGE_NAME_SIZE, name); /* try default location when conf=NULL, but ignore failure */ r = rados_conf_read_file(s->cluster, conf); -- cgit v1.2.3 From 730b00bbfdc15f914f47e03a703fa7647c10c4a9 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:01 +0200 Subject: rbd: Don't limit length of parameter values We laboriously enforce that parameter values are between one and some arbitrary limit in length. Only RBD_MAX_IMAGE_NAME_SIZE comes from librbd.h, and I'm not sure it applies. Where the other limits come from is unclear. Drop the length checking. The limits librbd actually imposes must be checked by librbd anyway. There's one minor complication: BDRVRBDState member name is a fixed-size array. Depends on the length limit. Make it a pointer to a dynamically allocated string. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-4-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 91 ++++++++++--------------------------------------------------- 1 file changed, 14 insertions(+), 77 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 5ba2a877d8..0fea348bdb 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -56,11 +56,6 @@ #define OBJ_MAX_SIZE (1UL << OBJ_DEFAULT_OBJ_ORDER) -#define RBD_MAX_CONF_NAME_SIZE 128 -#define RBD_MAX_CONF_VAL_SIZE 512 -#define RBD_MAX_CONF_SIZE 1024 -#define RBD_MAX_POOL_NAME_SIZE 128 -#define RBD_MAX_SNAP_NAME_SIZE 128 #define RBD_MAX_SNAPS 100 /* The LIBRBD_SUPPORTS_IOVEC is defined in librbd.h */ @@ -99,16 +94,12 @@ typedef struct BDRVRBDState { rados_t cluster; rados_ioctx_t io_ctx; rbd_image_t image; - char name[RBD_MAX_IMAGE_NAME_SIZE]; + char *name; char *snap; } BDRVRBDState; -static char *qemu_rbd_next_tok(int max_len, - char *src, char delim, - const char *name, - char **p, Error **errp) +static char *qemu_rbd_next_tok(char *src, char delim, char **p) { - int l; char *end; *p = NULL; @@ -127,15 +118,6 @@ static char *qemu_rbd_next_tok(int max_len, *end = '\0'; } } - l = strlen(src); - if (l >= max_len) { - error_setg(errp, "%s too long", name); - return NULL; - } else if (l == 0) { - error_setg(errp, "%s too short", name); - return NULL; - } - return src; } @@ -159,7 +141,6 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, char *p, *buf, *keypairs; char *found_str; size_t max_keypair_size; - Error *local_err = NULL; if (!strstart(filename, "rbd:", &start)) { error_setg(errp, "File name must start with 'rbd:'"); @@ -171,11 +152,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, keypairs = g_malloc0(max_keypair_size); p = buf; - found_str = qemu_rbd_next_tok(RBD_MAX_POOL_NAME_SIZE, p, - '/', "pool name", &p, &local_err); - if (local_err) { - goto done; - } + found_str = qemu_rbd_next_tok(p, '/', &p); if (!p) { error_setg(errp, "Pool name is required"); goto done; @@ -184,27 +161,15 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, qdict_put(options, "pool", qstring_from_str(found_str)); if (strchr(p, '@')) { - found_str = qemu_rbd_next_tok(RBD_MAX_IMAGE_NAME_SIZE, p, - '@', "object name", &p, &local_err); - if (local_err) { - goto done; - } + found_str = qemu_rbd_next_tok(p, '@', &p); qemu_rbd_unescape(found_str); qdict_put(options, "image", qstring_from_str(found_str)); - found_str = qemu_rbd_next_tok(RBD_MAX_SNAP_NAME_SIZE, p, - ':', "snap name", &p, &local_err); - if (local_err) { - goto done; - } + found_str = qemu_rbd_next_tok(p, ':', &p); qemu_rbd_unescape(found_str); qdict_put(options, "snapshot", qstring_from_str(found_str)); } else { - found_str = qemu_rbd_next_tok(RBD_MAX_IMAGE_NAME_SIZE, p, - ':', "object name", &p, &local_err); - if (local_err) { - goto done; - } + found_str = qemu_rbd_next_tok(p, ':', &p); qemu_rbd_unescape(found_str); qdict_put(options, "image", qstring_from_str(found_str)); } @@ -212,11 +177,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, goto done; } - found_str = qemu_rbd_next_tok(RBD_MAX_CONF_NAME_SIZE, p, - '\0', "configuration", &p, &local_err); - if (local_err) { - goto done; - } + found_str = qemu_rbd_next_tok(p, '\0', &p); p = found_str; @@ -224,12 +185,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, * 'id' and 'conf' a bit special. Key/value pairs may be in any order. */ while (p) { char *name, *value; - name = qemu_rbd_next_tok(RBD_MAX_CONF_NAME_SIZE, p, - '=', "conf option name", &p, &local_err); - if (local_err) { - break; - } - + name = qemu_rbd_next_tok(p, '=', &p); if (!p) { error_setg(errp, "conf option %s has no value", name); break; @@ -237,11 +193,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, qemu_rbd_unescape(name); - value = qemu_rbd_next_tok(RBD_MAX_CONF_VAL_SIZE, p, - ':', "conf option value", &p, &local_err); - if (local_err) { - break; - } + value = qemu_rbd_next_tok(p, ':', &p); qemu_rbd_unescape(value); if (!strcmp(name, "conf")) { @@ -274,9 +226,6 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, done: - if (local_err) { - error_propagate(errp, local_err); - } g_free(buf); g_free(keypairs); return; @@ -308,30 +257,20 @@ static int qemu_rbd_set_keypairs(rados_t cluster, const char *keypairs, char *p, *buf; char *name; char *value; - Error *local_err = NULL; int ret = 0; buf = g_strdup(keypairs); p = buf; while (p) { - name = qemu_rbd_next_tok(RBD_MAX_CONF_NAME_SIZE, p, - '=', "conf option name", &p, &local_err); - if (local_err) { - break; - } - + name = qemu_rbd_next_tok(p, '=', &p); if (!p) { error_setg(errp, "conf option %s has no value", name); ret = -EINVAL; break; } - value = qemu_rbd_next_tok(RBD_MAX_CONF_VAL_SIZE, p, - ':', "conf option value", &p, &local_err); - if (local_err) { - break; - } + value = qemu_rbd_next_tok(p, ':', &p); ret = rados_conf_set(cluster, name, value); if (ret < 0) { @@ -341,10 +280,6 @@ static int qemu_rbd_set_keypairs(rados_t cluster, const char *keypairs, } } - if (local_err) { - error_propagate(errp, local_err); - ret = -EINVAL; - } g_free(buf); return ret; } @@ -724,7 +659,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, } s->snap = g_strdup(snap); - pstrcpy(s->name, RBD_MAX_IMAGE_NAME_SIZE, name); + s->name = g_strdup(name); /* try default location when conf=NULL, but ignore failure */ r = rados_conf_read_file(s->cluster, conf); @@ -798,6 +733,7 @@ failed_open: failed_shutdown: rados_shutdown(s->cluster); g_free(s->snap); + g_free(s->name); failed_opts: qemu_opts_del(opts); g_free(mon_host); @@ -812,6 +748,7 @@ static void qemu_rbd_close(BlockDriverState *bs) rbd_close(s->image); rados_ioctx_destroy(s->io_ctx); g_free(s->snap); + g_free(s->name); rados_shutdown(s->cluster); } -- cgit v1.2.3 From 8efb339dd47b164429e9a57f36ac5c3dd810a4ce Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:02 +0200 Subject: rbd: Clean up after the previous commit This code in qemu_rbd_parse_filename() found_str = qemu_rbd_next_tok(p, '\0', &p); p = found_str; has no effect. Drop it, and simplify qemu_rbd_next_tok(). Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-5-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 0fea348bdb..182a5a35ff 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -104,19 +104,17 @@ static char *qemu_rbd_next_tok(char *src, char delim, char **p) *p = NULL; - if (delim != '\0') { - for (end = src; *end; ++end) { - if (*end == delim) { - break; - } - if (*end == '\\' && end[1] != '\0') { - end++; - } - } + for (end = src; *end; ++end) { if (*end == delim) { - *p = end + 1; - *end = '\0'; + break; } + if (*end == '\\' && end[1] != '\0') { + end++; + } + } + if (*end == delim) { + *p = end + 1; + *end = '\0'; } return src; } @@ -177,10 +175,6 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, goto done; } - found_str = qemu_rbd_next_tok(p, '\0', &p); - - p = found_str; - /* The following are essentially all key/value pairs, and we treat * 'id' and 'conf' a bit special. Key/value pairs may be in any order. */ while (p) { -- cgit v1.2.3 From 82f20e8547ce665e9bb23fdb55374840b846c143 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:03 +0200 Subject: rbd: Don't accept -drive driver=rbd, keyvalue-pairs=... The way we communicate extra key-value pairs from qemu_rbd_parse_filename() to qemu_rbd_open() exposes option parameter "keyvalue-pairs" on the command line. It's not wanted there. Hack: rename the parameter to "=keyvalue-pairs" to make it inaccessible. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-6-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 182a5a35ff..2632533a06 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -215,7 +215,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options, } if (keypairs[0]) { - qdict_put(options, "keyvalue-pairs", qstring_from_str(keypairs)); + qdict_put(options, "=keyvalue-pairs", qstring_from_str(keypairs)); } @@ -330,7 +330,11 @@ static QemuOptsList runtime_opts = { .help = "Rados id name", }, { - .name = "keyvalue-pairs", + /* + * HACK: name starts with '=' so that qemu_opts_parse() + * can't set it + */ + .name = "=keyvalue-pairs", .type = QEMU_OPT_STRING, .help = "Legacy rados key/value option parameters", }, @@ -405,7 +409,7 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp) conf = qemu_opt_get(rbd_opts, "conf"); clientname = qemu_opt_get(rbd_opts, "user"); name = qemu_opt_get(rbd_opts, "image"); - keypairs = qemu_opt_get(rbd_opts, "keyvalue-pairs"); + keypairs = qemu_opt_get(rbd_opts, "=keyvalue-pairs"); ret = rados_create(&cluster, clientname); if (ret < 0) { @@ -638,7 +642,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, snap = qemu_opt_get(opts, "snapshot"); clientname = qemu_opt_get(opts, "user"); name = qemu_opt_get(opts, "image"); - keypairs = qemu_opt_get(opts, "keyvalue-pairs"); + keypairs = qemu_opt_get(opts, "=keyvalue-pairs"); if (!pool || !name) { error_setg(errp, "Parameters 'pool' and 'image' are required"); -- cgit v1.2.3 From cbf036b4f3da48c2be6865eed4896acbd4149bc6 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:04 +0200 Subject: rbd: Clean up runtime_opts, fix -drive to reject filename runtime_opts is used for three different purposes: * qemu_rbd_open() uses it to accept options it recognizes, such as "pool" and "image". Other .bdrv_open() methods do it similarly. * qemu_rbd_open() accepts additional list-valued options auth-supported and server, with the help of qemu_rbd_array_opts(). The list elements are again dictionaries. qemu_rbd_array_opts() uses runtime_opts to accept their members. Thus, runtime_opts contains recognized sub-sub-options "auth", "host", "port" in addition to recognized options. No other block driver does that. * qemu_rbd_create() uses it to convert the QDict produced by qemu_rbd_parse_filename() to QemuOpts. No other block driver does that. The keys produced by qemu_rbd_parse_filename() are "pool", "image", "snapshot", "conf", "user" and "keyvalue-pairs". qemu_rbd_open() accepts these, so no additional ones here. This is a confusing mess. Dates back to commit 0f9d252. First step to clean it up is documenting runtime_opts.desc[]: * Reorder entries to match the QAPI schema, like we do in other block drivers. * Document why the schema's "server" and "auth-supported" aren't in .desc[]. * Document why "keyvalue-pairs", "host", "port" and "auth" are in .desc[], but not the schema. * Delete "filename", because none of the three users actually uses it. This fixes -drive to reject parameter filename instead of silently ignoring it. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Jeff Cody Message-id: 1490691368-32099-7-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 2632533a06..b2afe0732f 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -294,30 +294,20 @@ static QemuOptsList runtime_opts = { .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head), .desc = { { - .name = "filename", + .name = "pool", .type = QEMU_OPT_STRING, - .help = "Specification of the rbd image", + .help = "Rados pool name", }, { - .name = "password-secret", + .name = "image", .type = QEMU_OPT_STRING, - .help = "ID of secret providing the password", + .help = "Image name in the pool", }, { .name = "conf", .type = QEMU_OPT_STRING, .help = "Rados config file location", }, - { - .name = "pool", - .type = QEMU_OPT_STRING, - .help = "Rados pool name", - }, - { - .name = "image", - .type = QEMU_OPT_STRING, - .help = "Image name in the pool", - }, { .name = "snapshot", .type = QEMU_OPT_STRING, @@ -329,6 +319,19 @@ static QemuOptsList runtime_opts = { .type = QEMU_OPT_STRING, .help = "Rados id name", }, + /* + * server.* and auth-supported.* extracted manually, see + * qemu_rbd_array_opts() + */ + { + .name = "password-secret", + .type = QEMU_OPT_STRING, + .help = "ID of secret providing the password", + }, + + /* + * Keys for qemu_rbd_parse_filename(), not in the QAPI schema + */ { /* * HACK: name starts with '=' so that qemu_opts_parse() @@ -338,6 +341,13 @@ static QemuOptsList runtime_opts = { .type = QEMU_OPT_STRING, .help = "Legacy rados key/value option parameters", }, + + /* + * The remainder aren't option keys, but option sub-sub-keys, + * so that qemu_rbd_array_opts() can abuse runtime_opts for + * its own purposes + * TODO clean this up + */ { .name = "host", .type = QEMU_OPT_STRING, -- cgit v1.2.3 From 078463977a6139c9725127f2a10d9cd8b9e1b4d6 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:05 +0200 Subject: rbd: Clean up qemu_rbd_create()'s detour through QemuOpts The conversion from QDict to QemuOpts is pointless. Simply get the stuff straight from the QDict. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Kevin Wolf Reviewed-by: Jeff Cody Message-id: 1490691368-32099-8-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index b2afe0732f..16ea60a0d3 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -376,7 +376,6 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp) rados_t cluster; rados_ioctx_t io_ctx; QDict *options = NULL; - QemuOpts *rbd_opts = NULL; int ret = 0; secretid = qemu_opt_get(opts, "password-secret"); @@ -407,19 +406,11 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp) goto exit; } - rbd_opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort); - qemu_opts_absorb_qdict(rbd_opts, options, &local_err); - if (local_err) { - error_propagate(errp, local_err); - ret = -EINVAL; - goto exit; - } - - pool = qemu_opt_get(rbd_opts, "pool"); - conf = qemu_opt_get(rbd_opts, "conf"); - clientname = qemu_opt_get(rbd_opts, "user"); - name = qemu_opt_get(rbd_opts, "image"); - keypairs = qemu_opt_get(rbd_opts, "=keyvalue-pairs"); + pool = qdict_get_try_str(options, "pool"); + conf = qdict_get_try_str(options, "conf"); + clientname = qdict_get_try_str(options, "user"); + name = qdict_get_try_str(options, "image"); + keypairs = qdict_get_try_str(options, "=keyvalue-pairs"); ret = rados_create(&cluster, clientname); if (ret < 0) { @@ -470,7 +461,6 @@ shutdown: exit: QDECREF(options); - qemu_opts_del(rbd_opts); return ret; } -- cgit v1.2.3 From 464444fcc161284ac0e743b99251debc297d5236 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:06 +0200 Subject: rbd: Revert -blockdev and -drive parameter auth-supported This reverts half of commit 0a55679. We're having second thoughts on the QAPI schema (and thus the external interface), and haven't reached consensus, yet. Issues include: * The implementation uses deprecated rados_conf_set() key "auth_supported". No biggie. * The implementation makes -drive silently ignore invalid parameters "auth" and "auth-supported.*.X" where X isn't "auth". Fixable (in fact I'm going to fix similar bugs around parameter server), so again no biggie. * BlockdevOptionsRbd member @password-secret applies only to authentication method cephx. Should it be a variant member of RbdAuthMethod? * BlockdevOptionsRbd member @user could apply to both methods cephx and none, but I'm not sure it's actually used with none. If it isn't, should it be a variant member of RbdAuthMethod? * The client offers a *set* of authentication methods, not a list. Should the methods be optional members of BlockdevOptionsRbd instead of members of list @auth-supported? The latter begs the question what multiple entries for the same method mean. Trivial question now that RbdAuthMethod contains nothing but @type, but less so when RbdAuthMethod acquires other members, such the ones discussed above. * How BlockdevOptionsRbd member @auth-supported interacts with settings from a configuration file specified with @conf is undocumented. I suspect it's untested, too. Let's avoid painting ourselves into a corner now, and revert the feature for 2.9. Note that users can still configure authentication methods with a configuration file. They probably do that anyway if they use Ceph outside QEMU as well. Further note that this doesn't affect use of key "auth-supported" in -drive file=rbd:...:key=value. qemu_rbd_array_opts()'s parameter @type now must be RBD_MON_HOST, which is silly. This will be cleaned up shortly. Signed-off-by: Markus Armbruster Reviewed-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Jeff Cody Message-id: 1490691368-32099-9-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 31 +++---------------------------- qapi/block-core.json | 24 ------------------------ 2 files changed, 3 insertions(+), 52 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 16ea60a0d3..485cef4096 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -320,8 +320,7 @@ static QemuOptsList runtime_opts = { .help = "Rados id name", }, /* - * server.* and auth-supported.* extracted manually, see - * qemu_rbd_array_opts() + * server.* extracted manually, see qemu_rbd_array_opts() */ { .name = "password-secret", @@ -356,11 +355,6 @@ static QemuOptsList runtime_opts = { .name = "port", .type = QEMU_OPT_STRING, }, - { - .name = "auth", - .type = QEMU_OPT_STRING, - .help = "Supported authentication method, either cephx or none", - }, { /* end of list */ } }, }; @@ -512,7 +506,6 @@ static void qemu_rbd_complete_aio(RADOSCB *rcb) } #define RBD_MON_HOST 0 -#define RBD_AUTH_SUPPORTED 1 static char *qemu_rbd_array_opts(QDict *options, const char *prefix, int type, Error **errp) @@ -527,7 +520,7 @@ static char *qemu_rbd_array_opts(QDict *options, const char *prefix, int type, Error *local_err = NULL; int i; - assert(type == RBD_MON_HOST || type == RBD_AUTH_SUPPORTED); + assert(type == RBD_MON_HOST); num_entries = qdict_array_entries(options, prefix); @@ -573,10 +566,9 @@ static char *qemu_rbd_array_opts(QDict *options, const char *prefix, int type, value = strbuf; } } else { - value = qemu_opt_get(opts, "auth"); + abort(); } - /* each iteration in the for loop will build upon the string, and if * rados_str is NULL then it is our first pass */ if (rados_str) { @@ -608,7 +600,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, QemuOpts *opts; Error *local_err = NULL; char *mon_host = NULL; - char *auth_supported = NULL; int r; opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort); @@ -619,14 +610,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, return -EINVAL; } - auth_supported = qemu_rbd_array_opts(options, "auth-supported.", - RBD_AUTH_SUPPORTED, &local_err); - if (local_err) { - error_propagate(errp, local_err); - r = -EINVAL; - goto failed_opts; - } - mon_host = qemu_rbd_array_opts(options, "server.", RBD_MON_HOST, &local_err); if (local_err) { @@ -678,13 +661,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, } } - if (auth_supported) { - r = rados_conf_set(s->cluster, "auth_supported", auth_supported); - if (r < 0) { - goto failed_shutdown; - } - } - if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) { r = -EIO; goto failed_shutdown; @@ -735,7 +711,6 @@ failed_shutdown: failed_opts: qemu_opts_del(opts); g_free(mon_host); - g_free(auth_supported); return r; } diff --git a/qapi/block-core.json b/qapi/block-core.json index 5d2efe4ea7..6a7ca0b974 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2600,27 +2600,6 @@ '*timeout': 'int' } } -## -# @RbdAuthSupport: -# -# An enumeration of RBD auth support -# -# Since: 2.9 -## -{ 'enum': 'RbdAuthSupport', - 'data': [ 'cephx', 'none' ] } - - -## -# @RbdAuthMethod: -# -# An enumeration of rados auth_supported types -# -# Since: 2.9 -## -{ 'struct': 'RbdAuthMethod', - 'data': { 'auth': 'RbdAuthSupport' } } - ## # @BlockdevOptionsRbd: # @@ -2639,8 +2618,6 @@ # @server: Monitor host address and port. This maps # to the "mon_host" Ceph option. # -# @auth-supported: Authentication supported. -# # @password-secret: The ID of a QCryptoSecret object providing # the password for the login. # @@ -2653,7 +2630,6 @@ '*snapshot': 'str', '*user': 'str', '*server': ['InetSocketAddressBase'], - '*auth-supported': ['RbdAuthMethod'], '*password-secret': 'str' } } ## -- cgit v1.2.3 From 577d8c9a811fc697b4cc68fbbe5c509b028e0768 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:07 +0200 Subject: rbd: Revert -blockdev parameter password-secret This reverts a part of commit 8a47e8e. We're having second thoughts on the QAPI schema (and thus the external interface), and haven't reached consensus, yet. Issues include: * BlockdevOptionsRbd member @password-secret isn't actually a password, it's a key generated by Ceph. * We're not sure where member @password-secret belongs (see the previous commit). * How @password-secret interacts with settings from a configuration file specified with @conf is undocumented. Let's avoid painting ourselves into a corner now, and revert the feature for 2.9. Note that users can still configure an authentication key with a configuration file. They probably do that anyway if they use Ceph outside QEMU as well. Signed-off-by: Markus Armbruster Reviewed-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Jeff Cody Message-id: 1490691368-32099-10-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- qapi/block-core.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/qapi/block-core.json b/qapi/block-core.json index 6a7ca0b974..78eb8fb5aa 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2618,9 +2618,6 @@ # @server: Monitor host address and port. This maps # to the "mon_host" Ceph option. # -# @password-secret: The ID of a QCryptoSecret object providing -# the password for the login. -# # Since: 2.9 ## { 'struct': 'BlockdevOptionsRbd', @@ -2629,8 +2626,7 @@ '*conf': 'str', '*snapshot': 'str', '*user': 'str', - '*server': ['InetSocketAddressBase'], - '*password-secret': 'str' } } + '*server': ['InetSocketAddressBase'] } } ## # @BlockdevOptionsSheepdog: -- cgit v1.2.3 From 2836284db603775af557e969d5a800efb0190324 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 28 Mar 2017 10:56:08 +0200 Subject: rbd: Fix bugs around -drive parameter "server" qemu_rbd_open() takes option parameters as a flattened QDict, with keys of the form server.%d.host, server.%d.port, where %d counts up from zero. qemu_rbd_array_opts() extracts these values as follows. First, it calls qdict_array_entries() to find the list's length. For each list element, it formats the list's key prefix (e.g. "server.0."), then creates a new QDict holding the options with that key prefix, then converts that to a QemuOpts, so it can finally get the member values from there. If there's one surefire way to make code using QDict more awkward, it's creating more of them and mixing in QemuOpts for good measure. The extraction of keys starting with server.%d into another QDict makes us ignore parameters like server.0.neither-host-nor-port silently. The conversion to QemuOpts abuses runtime_opts, as described a few commits ago. Rewrite to simply get the values straight from the options QDict. Fixes -drive not to crash when server.*.* are present, but server.*.host is absent. Fixes -drive to reject invalid server.*.*. Permits cleaning up runtime_opts. Do that, and fix -drive to reject bogus parameters host and port instead of silently ignoring them. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Reviewed-by: Jeff Cody Message-id: 1490691368-32099-11-git-send-email-armbru@redhat.com Signed-off-by: Jeff Cody --- block/rbd.c | 127 +++++++++++++++--------------------------------------------- 1 file changed, 32 insertions(+), 95 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 485cef4096..498322b30b 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -13,6 +13,7 @@ #include "qemu/osdep.h" +#include #include "qapi/error.h" #include "qemu/error-report.h" #include "block/block_int.h" @@ -20,8 +21,6 @@ #include "qemu/cutils.h" #include "qapi/qmp/qstring.h" -#include - /* * When specifying the image filename use: * @@ -320,7 +319,7 @@ static QemuOptsList runtime_opts = { .help = "Rados id name", }, /* - * server.* extracted manually, see qemu_rbd_array_opts() + * server.* extracted manually, see qemu_rbd_mon_host() */ { .name = "password-secret", @@ -340,21 +339,6 @@ static QemuOptsList runtime_opts = { .type = QEMU_OPT_STRING, .help = "Legacy rados key/value option parameters", }, - - /* - * The remainder aren't option keys, but option sub-sub-keys, - * so that qemu_rbd_array_opts() can abuse runtime_opts for - * its own purposes - * TODO clean this up - */ - { - .name = "host", - .type = QEMU_OPT_STRING, - }, - { - .name = "port", - .type = QEMU_OPT_STRING, - }, { /* end of list */ } }, }; @@ -505,89 +489,43 @@ static void qemu_rbd_complete_aio(RADOSCB *rcb) qemu_aio_unref(acb); } -#define RBD_MON_HOST 0 - -static char *qemu_rbd_array_opts(QDict *options, const char *prefix, int type, - Error **errp) +static char *qemu_rbd_mon_host(QDict *options, Error **errp) { - int num_entries; - QemuOpts *opts = NULL; - QDict *sub_options; - const char *host; - const char *port; - char *str; - char *rados_str = NULL; - Error *local_err = NULL; + const char **vals = g_new(const char *, qdict_size(options) + 1); + char keybuf[32]; + const char *host, *port; + char *rados_str; int i; - assert(type == RBD_MON_HOST); - - num_entries = qdict_array_entries(options, prefix); - - if (num_entries < 0) { - error_setg(errp, "Parse error on RBD QDict array"); - return NULL; - } - - for (i = 0; i < num_entries; i++) { - char *strbuf = NULL; - const char *value; - char *rados_str_tmp; - - str = g_strdup_printf("%s%d.", prefix, i); - qdict_extract_subqdict(options, &sub_options, str); - g_free(str); - - opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort); - qemu_opts_absorb_qdict(opts, sub_options, &local_err); - QDECREF(sub_options); - if (local_err) { - error_propagate(errp, local_err); - g_free(rados_str); - rados_str = NULL; - goto exit; + for (i = 0;; i++) { + sprintf(keybuf, "server.%d.host", i); + host = qdict_get_try_str(options, keybuf); + qdict_del(options, keybuf); + sprintf(keybuf, "server.%d.port", i); + port = qdict_get_try_str(options, keybuf); + qdict_del(options, keybuf); + if (!host && !port) { + break; } - - if (type == RBD_MON_HOST) { - host = qemu_opt_get(opts, "host"); - port = qemu_opt_get(opts, "port"); - - value = host; - if (port) { - /* check for ipv6 */ - if (strchr(host, ':')) { - strbuf = g_strdup_printf("[%s]:%s", host, port); - } else { - strbuf = g_strdup_printf("%s:%s", host, port); - } - value = strbuf; - } else if (strchr(host, ':')) { - strbuf = g_strdup_printf("[%s]", host); - value = strbuf; - } - } else { - abort(); + if (!host) { + error_setg(errp, "Parameter server.%d.host is missing", i); + rados_str = NULL; + goto out; } - /* each iteration in the for loop will build upon the string, and if - * rados_str is NULL then it is our first pass */ - if (rados_str) { - /* separate options with ';', as that is what rados_conf_set() - * requires */ - rados_str_tmp = rados_str; - rados_str = g_strdup_printf("%s;%s", rados_str_tmp, value); - g_free(rados_str_tmp); + if (strchr(host, ':')) { + vals[i] = port ? g_strdup_printf("[%s]:%s", host, port) + : g_strdup_printf("[%s]", host); } else { - rados_str = g_strdup(value); + vals[i] = port ? g_strdup_printf("%s:%s", host, port) + : g_strdup(host); } - - g_free(strbuf); - qemu_opts_del(opts); - opts = NULL; } + vals[i] = NULL; -exit: - qemu_opts_del(opts); + rados_str = i ? g_strjoinv(";", (char **)vals) : NULL; +out: + g_strfreev((char **)vals); return rados_str; } @@ -606,12 +544,11 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags, qemu_opts_absorb_qdict(opts, options, &local_err); if (local_err) { error_propagate(errp, local_err); - qemu_opts_del(opts); - return -EINVAL; + r = -EINVAL; + goto failed_opts; } - mon_host = qemu_rbd_array_opts(options, "server.", - RBD_MON_HOST, &local_err); + mon_host = qemu_rbd_mon_host(options, &local_err); if (local_err) { error_propagate(errp, local_err); r = -EINVAL; -- cgit v1.2.3