search for: backend_set_handl

...le); + } + return r; } int diff --git a/server/filters.c b/server/filters.c index 5bdc8aa7..1ee62829 100644 --- a/server/filters.c +++ b/server/filters.c @@ -210,10 +210,13 @@ filter_open (struct backend *b, struct connection *conn, int readonly) if (handle == NULL) return -1; backend_set_handle (b, conn, handle); - return 0; } - else - return backend_open (b->next, conn, readonly); + else { + if (backend_open (b->next, conn, readonly) == -1) + return -1; + backend_set_handle (b, conn, NBDKIT_HANDLE_NOT_NEEDED); + } + return 0; } static void @@ -224,8 +227...

...are even less likely in a real client). The solution is to call .close after NBD_OPT_INFO, coupled with enough glue logic to reset cached connection handles back to the state expected by .open. This in turn means factoring out another backend_* function, but also gives us an opportunity to change backend_set_handle to no longer accept NULL. The assertion failure is, to some extent, a possible denial of service attack (one client can force nbdkit to exit by merely sending OPT_INFO before OPT_GO, preventing the next client from connecting), although this is mitigated by using TLS to weed out untrusted clients...

The first one is the nastiest - it is an assertion failure caused by a spec-compliant client and introduced by our security fix that was released in 1.14.1. Eric Blake (4): server: Fix regression for NBD_OPT_INFO before NBD_OPT_GO server: Fix back-to-back SET_META_CONTEXT server: Forbid NUL in export and context names server: Fix OPT_GO on different export than SET_META_CONTEXT

...ckend *b, const char *name, extern void backend_unload (struct backend *b, void (*unload) (void)) __attribute__((__nonnull__ (1))); +extern int backend_open (struct backend *b, struct connection *conn, + int readonly) + __attribute__((__nonnull__ (1, 2))); extern void backend_set_handle (struct backend *b, struct connection *conn, void *handle) __attribute__((__nonnull__ (1, 2 /* not 3 */))); diff --git a/server/backend.c b/server/backend.c index 749b1f15..ebdef63a 100644 --- a/server/backend.c +++ b/server/backend.c @@ -167,6 +167,20 @@ backen...

I think this is my last round of patches for issues I identified with the retry filter. With this in place, it should be safe to interject another filter in between retry and the plugin. Eric Blake (5): retry: Don't call into closed plugin tests: Refactor test-retry-reopen-fail.sh tests: Enhance retry test to cover failed reopen server: Move prepare/finalize/close recursion to

This is a subset of the last half of the larger 9-patch series. The uncontroversial first half of that series is pushed, but here, I tried to reduce the size of the patches by splitting out some of the more complex changes, so that the rest of the changes remaining in the series are more mechanical. In turn, it forced me to write timing tests, which let me spot another spot where we are wasting

...8,6 @@ struct connection { size_t nr_handles; uint32_t cflags; - uint64_t exportsize; uint16_t eflags; bool readonly; bool can_flush; diff --git a/server/backend.c b/server/backend.c index b2054aa2..374d8540 100644 --- a/server/backend.c +++ b/server/backend.c @@ -132,10 +132,13 @@ backend_set_handle (struct backend *b, struct connection *conn, void *handle) int64_t backend_get_size (struct backend *b, struct connection *conn) { + struct b_conn_handle *h = &conn->handles[b->i]; + debug ("%s: get_size", b->name); - /* TODO caching */ - return b->get_size (b,...

...t; h->exportsize || offset + count > h->exportsize) { + nbdkit_error ("invalid request: %s: offset and count are out of range: " + "offset=%" PRIu64 " count=%" PRIu32, cmd, offset, count); + return true; + } + return false; +} + void backend_set_handle (struct backend *b, struct connection *conn, void *handle) { @@ -283,6 +320,10 @@ backend_pread (struct backend *b, struct connection *conn, debug ("%s: pread count=%" PRIu32 " offset=%" PRIu64, b->name, count, offset); + if (invalid_range (b, conn, "pre...

It's easy to use the sh script to demonstrate that nbdkit is inefficiently calling into .get_size, .can_fua, and friends more than necessary. We've also commented on the list in the past that it would be nice to ensure that when filters call into next_ops, they are not violating constraints (as we've have to fix several bugs in the past where we did not have such checking to protect

I still don't have .prepare/.finalize working cleanly across reopen, but did find a nasty bug where a botched assertion means we failed to notice reads beyond EOF in both the xz and retry filter. Refactoring backend.c will make .finalize work easier. Eric Blake (5): xz: Avoid reading beyond EOF retry: Check size before transactions tests: Test retry when get_size values change