From cf6a8b8400f865aee2d83db7703fd21b32c9b8a4 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Mon, 3 Feb 2025 02:44:57 -0500
Subject: [PATCH] * Mon Feb 03 2025 Miroslav Rezanina <mrezanin@redhat.com> -
 9.1.0-13

- kvm-nbd-server-Silence-server-warnings-on-port-probes.patch [RHEL-76908]
- Resolves: RHEL-76908
  (Ensure qemu as NBD server does not flood logs [rhel-10])
---
 ...lence-server-warnings-on-port-probes.patch | 105 ++++++++++++++++++
 qemu-kvm.spec                                 |   9 +-
 2 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 kvm-nbd-server-Silence-server-warnings-on-port-probes.patch

diff --git a/kvm-nbd-server-Silence-server-warnings-on-port-probes.patch b/kvm-nbd-server-Silence-server-warnings-on-port-probes.patch
new file mode 100644
index 0000000..a09d883
--- /dev/null
+++ b/kvm-nbd-server-Silence-server-warnings-on-port-probes.patch
@@ -0,0 +1,105 @@
+From 4364ac20ae74ae2fa4cc2dfa4e982411d9902b59 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 15 Nov 2024 13:55:53 -0600
+Subject: [PATCH] nbd-server: Silence server warnings on port probes
+
+RH-Author: Eric Blake <eblake@redhat.com>
+RH-MergeRequest: 334: nbd-server: Silence server warnings on port probes
+RH-Jira: RHEL-76908
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/1] a66ea3900e0a8515871b6342dfbc0d2c108b4911 (ebblake/centos-qemu-kvm)
+
+While testing the use of qemu-nbd in a Pod of a Kubernetes cluster, I
+got LOTS of log messages of the forms:
+
+qemu-nbd: option negotiation failed: Failed to read flags: Unexpected end-of-file before all data were read
+qemu-nbd: option negotiation failed: Failed to read flags: Unable to read from socket: Connection reset by peer
+
+While it is nice to warn about clients that aren't following protocol
+(in case it helps diagnosing bugs in those clients), a mere port probe
+(where the client never write()s any bytes, and where we might even
+hit EPIPE in trying to send our greeting to the client) is NOT
+abnormal, but merely serves to pollute the log.  And Kubernetes
+_really_ likes to do port probes to determine whether a given Pod is
+up and running.
+
+Easy ways to demonstrate the above port probes:
+$ qemu-nbd -r -f raw path/to/file &
+$ nc localhost 10809 </dev/null
+$ bash -c 'exec </dev/tcp/localhost/10809'
+$ kill $!
+
+Silence the noise by not capturing errors until after our first
+successful read() from a client.
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-ID: <20241115195638.1132007-2-eblake@redhat.com>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
+(cherry picked from commit efd3dda312129b91986f85976afbda58d40f757f)
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ nbd/server.c | 26 +++++++++++++++++---------
+ 1 file changed, 17 insertions(+), 9 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index c30e687fc8..f64e47270c 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1150,8 +1150,8 @@ nbd_negotiate_meta_queries(NBDClient *client, Error **errp)
+  * Return:
+  * -errno  on error, errp is set
+  * 0       on successful negotiation, errp is not set
+- * 1       if client sent NBD_OPT_ABORT, i.e. on valid disconnect,
+- *         errp is not set
++ * 1       if client sent NBD_OPT_ABORT (i.e. on valid disconnect) or never
++ *         wrote anything (i.e. port probe); errp is not set
+  */
+ static coroutine_fn int
+ nbd_negotiate_options(NBDClient *client, Error **errp)
+@@ -1175,8 +1175,13 @@ nbd_negotiate_options(NBDClient *client, Error **errp)
+         ...           Rest of request
+     */
+ 
+-    if (nbd_read32(client->ioc, &flags, "flags", errp) < 0) {
+-        return -EIO;
++    /*
++     * Intentionally ignore errors on this first read - we do not want
++     * to be noisy about a mere port probe, but only for clients that
++     * start talking the protocol and then quit abruptly.
++     */
++    if (nbd_read32(client->ioc, &flags, "flags", NULL) < 0) {
++        return 1;
+     }
+     client->mode = NBD_MODE_EXPORT_NAME;
+     trace_nbd_negotiate_options_flags(flags);
+@@ -1383,8 +1388,8 @@ nbd_negotiate_options(NBDClient *client, Error **errp)
+  * Return:
+  * -errno  on error, errp is set
+  * 0       on successful negotiation, errp is not set
+- * 1       if client sent NBD_OPT_ABORT, i.e. on valid disconnect,
+- *         errp is not set
++ * 1       if client sent NBD_OPT_ABORT (i.e. on valid disconnect) or never
++ *         wrote anything (i.e. port probe); errp is not set
+  */
+ static coroutine_fn int nbd_negotiate(NBDClient *client, Error **errp)
+ {
+@@ -1415,9 +1420,12 @@ static coroutine_fn int nbd_negotiate(NBDClient *client, Error **errp)
+     stq_be_p(buf + 8, NBD_OPTS_MAGIC);
+     stw_be_p(buf + 16, NBD_FLAG_FIXED_NEWSTYLE | NBD_FLAG_NO_ZEROES);
+ 
+-    if (nbd_write(client->ioc, buf, 18, errp) < 0) {
+-        error_prepend(errp, "write failed: ");
+-        return -EINVAL;
++    /*
++     * Be silent about failure to write our greeting: there is nothing
++     * wrong with a client testing if our port is alive.
++     */
++    if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
++        return 1;
+     }
+     ret = nbd_negotiate_options(client, errp);
+     if (ret != 0) {
+-- 
+2.39.3
+
diff --git a/qemu-kvm.spec b/qemu-kvm.spec
index f9b6ada..6c62070 100644
--- a/qemu-kvm.spec
+++ b/qemu-kvm.spec
@@ -143,7 +143,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 9.1.0
-Release: 12%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 13%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -430,6 +430,8 @@ Patch126: kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch
 Patch127: kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch
 # For RHEL-71761 - [Nvidia "Grace"] Lack of "PAuth" CPU feature results in live migration failure from RHEL 9.6 to 10
 Patch128: kvm-arm-disable-pauth-for-virt-rhel9-in-RHEL10.patch
+# For RHEL-76908 - Ensure qemu as NBD server does not flood logs [rhel-10]
+Patch129: kvm-nbd-server-Silence-server-warnings-on-port-probes.patch
 
 %if %{have_clang}
 BuildRequires: clang
@@ -1496,6 +1498,11 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Mon Feb 03 2025 Miroslav Rezanina <mrezanin@redhat.com> - 9.1.0-13
+- kvm-nbd-server-Silence-server-warnings-on-port-probes.patch [RHEL-76908]
+- Resolves: RHEL-76908
+  (Ensure qemu as NBD server does not flood logs [rhel-10])
+
 * Mon Jan 27 2025 Miroslav Rezanina <mrezanin@redhat.com> - 9.1.0-12
 - kvm-pci-ensure-valid-link-status-bits-for-downstream-por.patch [RHEL-65618]
 - kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch [RHEL-72717]