On 4/22/19 7:50 PM, Eric Blake wrote:
Time to enhance the nbd plugin to request structured replies from
the
server. For now, deal only with structured reads. The server can now
return sparse reads, even though we need nbdkit version 3 before we
can in turn return sparse reads back to the client.
+ case NBD_STRUCTURED_REPLY_MAGIC:
+ more = !(rep.structured.flags & NBD_REPLY_FLAG_DONE);
+ trans = find_trans_by_cookie (h, rep.simple.handle, !more);
if (!trans) {
- nbdkit_error ("reply with unexpected cookie %#" PRIx64, rep.handle);
+ nbdkit_error ("reply with unexpected cookie %#" PRIx64,
rep.simple.handle);
return nbd_mark_dead (h);
}
- *fd = trans->u.fds[1];
+ if (!more)
+ *fd = trans->u.fds[1];
+ else if (error && !trans->err)
+ trans->err = error;
buf = trans->buf;
count = trans->count;
+ if (buf && h->structured &&
+ }
free (trans);
This sets up a use-after-free if the server replies with more than one
chunk. The free(trans) call must happen only if !more. Looks like I'll
be sending a v2 of the tail of this series on top of my work to utilize
cleanup.h (I've applied the obvious bug fixes in 1, 4, and 5, and am
waiting for the NBD list to respond to my question about a possible
protocol spec change before deciding to push 2 alone or squashed with 3).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization:
qemu.org |
libvirt.org