nvmf: add AllowAnyHost option to subsystems (a2db49a1) · Commits · Public Repositories / spdk

CHANGELOG.md

+8 −1

Original line number	Diff line number	Diff line
		@@ -32,12 +32,19 @@ The HotplugEnable option in `[Nvme]` sections of the configuration file is now
		The NVMe library now includes a function spdk_nvme_ns_get_ctrlr which returns the
		NVMe Controller associated with a given namespace.

		### NVMe-oF Target (nvmf)
		### NVMe-oF Target (nvmf_tgt)

		The NVMe-oF target no longer requires any in capsule data buffers to run, and
		the feature is now entirely optional. Previously, at least 4KiB in capsule
		data buffers were required.

		NVMe-oF subsytems have a new configuration option, AllowAnyHost, to control
		whether the host NQN whitelist is enforced when accepting new connections.
		If no Host options have been specified and AllowAnyHost is disabled, the
		connection will be denied; this is a behavior change from previous releases,
		which allowed any host NQN to connect if the Host list was empty.
		AllowAnyHost is disabled by default.

		### Environment Abstraction Layer

		A new default value, SPDK_MEMPOOL_DEFAULT_CACHE_SIZE, was added to provide

app/nvmf_tgt/conf.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -124,6 +124,7 @@ spdk_add_nvmf_discovery_subsystem(void)
		return -1;
		}

		spdk_nvmf_subsystem_set_allow_any_host(app_subsys->subsystem, true);
		nvmf_tgt_start_subsystem(app_subsys);

		return 0;
		@@ -230,6 +231,7 @@ spdk_nvmf_parse_subsystem(struct spdk_conf_section *sp)
		char *listen_addrs_str[MAX_LISTEN_ADDRESSES] = {};
		int num_hosts;
		char *hosts[MAX_HOSTS];
		bool allow_any_host;
		const char *sn;
		int num_devs;
		char *devs[MAX_NAMESPACES];
		@@ -290,6 +292,8 @@ spdk_nvmf_parse_subsystem(struct spdk_conf_section *sp)
		}
		num_hosts = i;

		allow_any_host = spdk_conf_section_get_boolval(sp, "AllowAnyHost", false);

		sn = spdk_conf_section_get_val(sp, "SN");

		num_devs = 0;
		@@ -304,7 +308,7 @@ spdk_nvmf_parse_subsystem(struct spdk_conf_section *sp)

		ret = spdk_nvmf_construct_subsystem(nqn, lcore,
		num_listen_addrs, listen_addrs,
		num_hosts, hosts,
		num_hosts, hosts, allow_any_host,
		sn,
		num_devs, devs);

		@@ -357,7 +361,7 @@ spdk_nvmf_parse_conf(void)
		int
		spdk_nvmf_construct_subsystem(const char *name, int32_t lcore,
		int num_listen_addresses, struct rpc_listen_address *addresses,
		int num_hosts, char *hosts[],
		int num_hosts, char *hosts[], bool allow_any_host,
		const char sn, int num_devs, char dev_list[])
		{
		struct spdk_nvmf_subsystem *subsystem;
		@@ -444,6 +448,7 @@ spdk_nvmf_construct_subsystem(const char *name, int32_t lcore,
		for (i = 0; i < num_hosts; i++) {
		spdk_nvmf_subsystem_add_host(subsystem, hosts[i]);
		}
		spdk_nvmf_subsystem_set_allow_any_host(subsystem, allow_any_host);

		if (sn == NULL) {
		SPDK_ERRLOG("Subsystem %s: missing serial number\n", name);

app/nvmf_tgt/nvmf_rpc.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -89,6 +89,9 @@ dump_nvmf_subsystem(struct spdk_json_write_ctx w, struct nvmf_tgt_subsystem tg
		}
		spdk_json_write_array_end(w);

		spdk_json_write_name(w, "allow_any_host");
		spdk_json_write_bool(w, spdk_nvmf_subsystem_get_allow_any_host(subsystem));

		spdk_json_write_name(w, "hosts");
		spdk_json_write_array_begin(w);

		@@ -261,6 +264,7 @@ struct rpc_subsystem {
		char *nqn;
		struct rpc_listen_addresses listen_addresses;
		struct rpc_hosts hosts;
		bool allow_any_host;
		char *pci_address;
		char *serial_number;
		struct rpc_dev_names namespaces;
		@@ -283,6 +287,7 @@ static const struct spdk_json_object_decoder rpc_subsystem_decoders[] = {
		{"nqn", offsetof(struct rpc_subsystem, nqn), spdk_json_decode_string},
		{"listen_addresses", offsetof(struct rpc_subsystem, listen_addresses), decode_rpc_listen_addresses},
		{"hosts", offsetof(struct rpc_subsystem, hosts), decode_rpc_hosts, true},
		{"allow_any_host", offsetof(struct rpc_subsystem, allow_any_host), spdk_json_decode_bool, true},
		{"serial_number", offsetof(struct rpc_subsystem, serial_number), spdk_json_decode_string, true},
		{"namespaces", offsetof(struct rpc_subsystem, namespaces), decode_rpc_dev_names, true},
		};
		@@ -321,7 +326,7 @@ spdk_rpc_construct_nvmf_subsystem(struct spdk_jsonrpc_request *request,
		ret = spdk_nvmf_construct_subsystem(req.nqn, req.core,
		req.listen_addresses.num_listen_address,
		req.listen_addresses.addresses,
		req.hosts.num_hosts, req.hosts.hosts,
		req.hosts.num_hosts, req.hosts.hosts, req.allow_any_host,
		req.serial_number,
		req.namespaces.num_names, req.namespaces.names);
		if (ret) {

app/nvmf_tgt/nvmf_tgt.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -83,7 +83,7 @@ int
		spdk_nvmf_construct_subsystem(const char *name,
		int32_t lcore,
		int num_listen_addresses, struct rpc_listen_address *addresses,
		int num_hosts, char *hosts[],
		int num_hosts, char *hosts[], bool allow_any_host,
		const char sn, int num_devs, char dev_list[]);

		int

doc/nvmf.md

+3 −0

Original line number	Diff line number	Diff line
		@@ -160,6 +160,7 @@ TransportID "trtype:PCIe traddr:0000:82:00.0" Nvme1
		NQN nqn.2016-06.io.spdk:cnode1
		Core 25
		Listen RDMA 192.168.100.8:4420
		AllowAnyHost No
		Host nqn.2016-06.io.spdk:init
		SN SPDK00000000000001
		Namespace Nvme0n1
		@@ -168,6 +169,7 @@ Namespace Nvme0n1
		NQN nqn.2016-06.io.spdk:cnode2
		Core 26
		Listen RDMA 192.168.100.9:4420
		AllowAnyHost Yes
		SN SPDK00000000000002
		Namespace Nvme1n1
		~~~
		@@ -193,6 +195,7 @@ virtual controller with two namespaces backed by the malloc LUNs named Malloc0 a
		NQN nqn.2016-06.io.spdk:cnode2
		Core 0
		Listen RDMA 192.168.2.21:4420
		AllowAnyHost No
		Host nqn.2016-06.io.spdk:init
		SN SPDK00000000000001
		Namespace Malloc0