[Libguestfs] [nbdkit PATCH 7/7] nbd: Implement structured replies
Eric Blake
eblake at redhat.com
Tue Apr 23 20:25:00 UTC 2019
On 4/22/19 7:50 PM, Eric Blake wrote:
> Time to enhance the nbd plugin to request structured replies from the
> server. For now, deal only with structured reads. The server can now
> return sparse reads, even though we need nbdkit version 3 before we
> can in turn return sparse reads back to the client.
>
> + case NBD_STRUCTURED_REPLY_MAGIC:
> + more = !(rep.structured.flags & NBD_REPLY_FLAG_DONE);
> + trans = find_trans_by_cookie (h, rep.simple.handle, !more);
> if (!trans) {
> - nbdkit_error ("reply with unexpected cookie %#" PRIx64, rep.handle);
> + nbdkit_error ("reply with unexpected cookie %#" PRIx64, rep.simple.handle);
> return nbd_mark_dead (h);
> }
>
> - *fd = trans->u.fds[1];
> + if (!more)
> + *fd = trans->u.fds[1];
> + else if (error && !trans->err)
> + trans->err = error;
> buf = trans->buf;
> count = trans->count;
> + if (buf && h->structured &&
> + }
> free (trans);
This sets up a use-after-free if the server replies with more than one
chunk. The free(trans) call must happen only if !more. Looks like I'll
be sending a v2 of the tail of this series on top of my work to utilize
cleanup.h (I've applied the obvious bug fixes in 1, 4, and 5, and am
waiting for the NBD list to respond to my question about a possible
protocol spec change before deciding to push 2 alone or squashed with 3).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20190423/c8f2c32b/attachment.sig>
More information about the Libguestfs
mailing list