Tagging NBD 3.24

Travis wants us to have a "plan" these days, which reads like "pay us".

Not going to do that, sorry.

When a user sends a name length value of 0xffffffff, nbd-server will try
to allocate one more byte for the \0 at the end, but that will result in
an integer overflow and a malloc(0), with the resulting write being to a
dangling pointer.

Fix by constraining the string size to 4096 bytes, as recommended by the
protocol standard.

This issue exists in NBD_OPT_INFO/NBD_OPT_GO handling as well as in
NBD_OPT_EXPORT_NAME handling.

CVE-2022-26495

Reported-By: 王多 <duo.wang@chaitin.com>
Signed-Off-By: Wouter Verhelst <w@uter.be>

When len - sizeof(namelen) > 1024, we have a buffer overflow.

Fix by using the "consume" function, which was written for that purpose.

CVE-2022-26496

Reported-By: Dialluvioso <dialluvioso@protonmail.com>
Reported-By: 王多 <duo.wang@chaitin.com>
Signed-Off-By: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Just as a starting point, especially:
The command line parameters must be added to the man page.

Questions:
- Did I update the right files?
- Is the .in.sgml file written manually or are there tools that
  should be used?

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Initial version.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Add an initial CLI.
Planned CLI extentions:
- define what TRIM should do: keep unchanged, set to 0, take the content
  from another block.
- do not apply all sectors, instead behave like a write-back cache
  and drop a few random sectors.
- Create a log file of what was skipped/applied.
- Replay a log file.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Initial commit for nbd-trplay, a command to replay parts of an nbd
trace file.

Changes:
- Just copy nbd-trdump.
- Changes:
   * nbd-trdump replaced with nbd-trplay.
   * Whitespace in empty lines removed.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

The transaction log contains only the request from the clients, the
replies from the server were missing.

The change adds the replies to the transaction log.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Right now:
- The historic values for NBD_REQUEST_MAGIC and NBD_REPLY_MAGIC are
  just documented in nbd.h, without any background.
- The new value that is now used for internal use by nbd-server is
  not documented at all.

Resolve that:
- Add all required information to proto.md.
- Remove the reserved magic values from nbd.h: proto.md is the
  authorative source, double storage doesn't help.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Bugfix for the previous patch:
nbd-server uses multiple processes and within each process multiple threads.
Thus: Locking is needed, to ensure that the data in the transaction log
is not corrupted.

Solution: Use sem_open(), the simplest solution.

Alternatives:
- shm_open() + a shared pthread_mutex

- fcntl() for cross process locking, and a ptrace_mutex for intra-process
  locking.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

The datalog generated by nbd-server contains only the requests
received by the server, not the actual data to be written.

This patch adds support to write the actual data.

As details:
- It is configurable, the default behavior is not changed.
- It defines a new magic that is only used for the log file, and uses
  an entry with that magic to store the information that the actual
  data is stored in the trace file.
- It is an incompatible change: Current nbd-trdump utilities will
  just fail/produce bad output when called with a new log file,
  without a proper error message.
- nbd-trdump supports to dump also the messages sent by the
  server. Unfortunately, the current server does not log
  the sent messages. This change does not fix this.

Open:
Should nbd-trdump abort when it sees an unknown new log config
option? Right now, it is only printed out as "UNKNOWN", but the
tool tries to continue anyways.

Known bugs:
Locking is missing. If multiple clients connect, then the data log
will be unusable.

Plan: Use a named posix semaphore (sem_open()).
Given the multi-process, multi-thread model, with a single fd shared
by everyone, this is probably simpler than trying to find a reliable
flock()/fcntl()/pthread_mutex_lock() combination.
Alternative: shm_open()+a shared pthread_mutex.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Manfred Spraul authored Jan 21, 2022 and Wouter Verhelst committed Mar 03, 2022

Support for pretty-printing NBD_CMD_TRIM and NBD_CMD_WRITE_ZEROES is
missing in nbd-trdump.
In addition, only the commands right now implemented in nbd-server
are supported, instead of all commands defined in the protocol.

Thus:
- move the existing getcommandname() helper function into a new
  nbd-helper.h header file.
- use the helper function in nbd-trdump
- add all commands from proto.md.
- in nbd-trdump: change ctest from "char *" to "const char *"
  and increase number of characters in printf statement.

Signed-off-by: Manfred Spraul <manfred.spraul@de.bosch.com>
Signed-off-by: Wouter Verhelst <w@uter.be>

Fixes: gh-131