Commit ba23cec1 authored by Darek Stojaczyk's avatar Darek Stojaczyk Committed by Tomasz Zawadzki
Browse files

rpc: don't allow starting RPC server on a TCP port 



`-r` and `--rpc-socket` command line options will now require
path for a UNIX domain domain socket. The socket can be still
exposed over TCP with external programs. Hence, for (some)
compatibility reasons, the test scripts, jsonrpc-client, and
rpc.py will still be able connect directly via TCP.

Change-Id: I22a935f1596ce5f9c313b5be42cb85f772368c03
Signed-off-by: default avatarDarek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/605


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarTomasz Zawadzki <tomasz.zawadzki@intel.com>
Reviewed-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Community-CI: Mellanox Build Bot
parent 8179b09e

CHANGELOG.md

+7 −0
Original line number Diff line number Diff line
@@ -7,6 +7,12 @@ 
Add `opts_size` in `spdk_nvme_ctrlr_opts` structure in order to solve the compatiblity issue

for different ABI version.



### RPC



Command line parameters `-r` and `--rpc-socket` will longer accept TCP ports. RPC server

must now be started on a Unix domain socket. Exposing RPC on the network, as well as providing

proper authentication (if needed) is now a responsibility of the user.



### accel



A new API was added `spdk_accel_get_capabilities` that allows applications to
@@ -21,6 +27,7 @@ A new capability, compare, was added via `spdk_accel_submit_compare`. 
The software accel engine implemenation has added support for compare.



### dpdk



Updated DPDK submodule to DPDK 19.11.2, which includes fixes for DPDK vulnerabilities:

CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10724.

lib/jsonrpc/jsonrpc_server_tcp.c

+0 −3
Original line number Diff line number Diff line
@@ -66,9 +66,6 @@ spdk_jsonrpc_server_listen(int domain, int protocol, 


	val = 1;

	setsockopt(server->sockfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));

	if (protocol == IPPROTO_TCP) {

		setsockopt(server->sockfd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val));

	}



	flag = fcntl(server->sockfd, F_GETFL);

	if (fcntl(server->sockfd, F_SETFL, flag | O_NONBLOCK) < 0) {

lib/rpc/rpc.c

+47 −94
Original line number Diff line number Diff line
@@ -43,8 +43,6 @@ 
#include "spdk/util.h"

#include "spdk/version.h"



#define RPC_DEFAULT_PORT	"5260"



static struct sockaddr_un g_rpc_listen_addr_unix = {};

static char g_rpc_lock_path[sizeof(g_rpc_listen_addr_unix.sun_path) + sizeof(".lock")];

static int g_rpc_lock_fd = -1;
@@ -139,14 +137,10 @@ jsonrpc_handler(struct spdk_jsonrpc_request *request, 
int

spdk_rpc_listen(const char *listen_addr)

{

	struct addrinfo		hints;

	struct addrinfo		*res;

	int rc;



	memset(&g_rpc_listen_addr_unix, 0, sizeof(g_rpc_listen_addr_unix));



	if (listen_addr[0] == '/') {

		int rc;



	g_rpc_listen_addr_unix.sun_family = AF_UNIX;

	rc = snprintf(g_rpc_listen_addr_unix.sun_path,

		      sizeof(g_rpc_listen_addr_unix.sun_path),
@@ -195,52 +189,11 @@ spdk_rpc_listen(const char *listen_addr) 
			   sizeof(g_rpc_listen_addr_unix),

			   jsonrpc_handler);

	if (g_jsonrpc_server == NULL) {

		SPDK_ERRLOG("spdk_jsonrpc_server_listen() failed\n");

		close(g_rpc_lock_fd);

		g_rpc_lock_fd = -1;

		unlink(g_rpc_lock_path);

		g_rpc_lock_path[0] = '\0';

		}

	} else {

		char *tmp;

		char *host, *port;



		tmp = strdup(listen_addr);

		if (!tmp) {

			SPDK_ERRLOG("Out of memory\n");

			return -1;

		}



		if (spdk_parse_ip_addr(tmp, &host, &port) < 0) {

			free(tmp);

			SPDK_ERRLOG("Invalid listen address '%s'\n", listen_addr);

			return -1;

		}



		if (port == NULL) {

			port = RPC_DEFAULT_PORT;

		}



		memset(&hints, 0, sizeof(hints));

		hints.ai_family = AF_UNSPEC;

		hints.ai_socktype = SOCK_STREAM;

		hints.ai_protocol = IPPROTO_TCP;



		if (getaddrinfo(host, port, &hints, &res) != 0) {

			free(tmp);

			SPDK_ERRLOG("Unable to look up RPC listen address '%s'\n", listen_addr);

			return -1;

		}



		g_jsonrpc_server = spdk_jsonrpc_server_listen(res->ai_family, res->ai_protocol,

				   res->ai_addr, res->ai_addrlen,

				   jsonrpc_handler);



		freeaddrinfo(res);

		free(tmp);

	}



	if (g_jsonrpc_server == NULL) {

		SPDK_ERRLOG("spdk_jsonrpc_server_listen() failed\n");

		return -1;

	}