From nobody Thu May 2 12:59:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488471622216776.0109738507356; Thu, 2 Mar 2017 08:20:22 -0800 (PST) Received: from localhost ([::1]:53153 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjTSl-0001XE-0f for importer@patchew.org; Thu, 02 Mar 2017 11:20:19 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51717) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjTS1-0001VB-Dh for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjTS0-0005TO-AV for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:33 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52134) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cjTS0-0005S8-0w for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:32 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2757B80484 for ; Thu, 2 Mar 2017 16:19:32 +0000 (UTC) Received: from t460.redhat.com (ovpn-116-205.ams2.redhat.com [10.36.116.205]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v22GJQ3F004891; Thu, 2 Mar 2017 11:19:29 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Thu, 2 Mar 2017 16:19:20 +0000 Message-Id: <20170302161921.10181-2-berrange@redhat.com> In-Reply-To: <20170302161921.10181-1-berrange@redhat.com> References: <20170302161921.10181-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 02 Mar 2017 16:19:32 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 1/2] migration: allow clearing migration string parameters X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Juan Quintela , Markus Armbruster , "Dr. David Alan Gilbert" , John Ferlan , Jiri Denemark Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Some of the migration parameters are strings, which default to NULL, eg tls-hostname and tls-creds. The mgmt app will set the tls-creds parameter on both source and target QEMU instances, in order to trigger use of TLS for migration. After performing a TLS encrypted migration though, migration might be used for other reasons - for example, to save the QEMU state to a file. We need TLS turned off when doing this, but the migrate-set-parameters QAPI command does not provide any facility to clear/reset parameters to their default state. If you simply omit the tls_creds parameter in migrate-set-parameters, then 'has_tls_creds' will be false and so no action will be taken. JSON allows a parameter to have a nil value, but the QEMU JSON visitor will reject that when deserializing into a QObject. The migration code has no need to distinguish "" vs NULL for the TLS hostname or TLS credentials object name, since "" is invalid in both cases. This enables clearing of tls-hostname and tls-creds by treating "" as equivalent to NULL. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- migration/migration.c | 12 ++++++++++-- qapi-schema.json | 4 ++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index c6ae69d..a8cb56e 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -872,11 +872,19 @@ void qmp_migrate_set_parameters(MigrationParameters *= params, Error **errp) } if (params->has_tls_creds) { g_free(s->parameters.tls_creds); - s->parameters.tls_creds =3D g_strdup(params->tls_creds); + if (*params->tls_creds =3D=3D '\0') { + s->parameters.tls_creds =3D NULL; + } else { + s->parameters.tls_creds =3D g_strdup(params->tls_creds); + } } if (params->has_tls_hostname) { g_free(s->parameters.tls_hostname); - s->parameters.tls_hostname =3D g_strdup(params->tls_hostname); + if (*params->tls_hostname =3D=3D '\0') { + s->parameters.tls_hostname =3D NULL; + } else { + s->parameters.tls_hostname =3D g_strdup(params->tls_hostname); + } } if (params->has_max_bandwidth) { s->parameters.max_bandwidth =3D params->max_bandwidth; diff --git a/qapi-schema.json b/qapi-schema.json index 150ee98..d1df9a4 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -1036,6 +1036,8 @@ # credentials must be for a 'server' endpoint. Setting this # will enable TLS for all migrations. The default is unset, # resulting in unsecured migration at the QEMU level. (Since 2= .7) +# An empty string means that QEMU will use plain text mode for +# migration, rather than TLS (Since 2.9) # # @tls-hostname: #optional hostname of the target host for the migration. = This # is required when using x509 based TLS credentials and the @@ -1043,6 +1045,8 @@ # example if using fd: or exec: based migration, the # hostname must be provided so that the server's x509 # certificate identity can be validated. (Since 2.7) +# An empty string means that QEMU will use the hostname +# associated with the migration URI, if any. (Since 2.9) # # @max-bandwidth: to set maximum speed for migration. maximum speed in # bytes per second. (Since 2.8) --=20 2.9.3 From nobody Thu May 2 12:59:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488471703819306.6626201687859; Thu, 2 Mar 2017 08:21:43 -0800 (PST) Received: from localhost ([::1]:53167 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjTU4-0002Zy-Ip for importer@patchew.org; Thu, 02 Mar 2017 11:21:40 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51749) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjTS3-0001Wb-Nb for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjTS2-0005UR-NI for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:35 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59324) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cjTS2-0005U9-IE for qemu-devel@nongnu.org; Thu, 02 Mar 2017 11:19:34 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A53C8C05678D for ; Thu, 2 Mar 2017 16:19:34 +0000 (UTC) Received: from t460.redhat.com (ovpn-116-205.ams2.redhat.com [10.36.116.205]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v22GJQ3G004891; Thu, 2 Mar 2017 11:19:32 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Thu, 2 Mar 2017 16:19:21 +0000 Message-Id: <20170302161921.10181-3-berrange@redhat.com> In-Reply-To: <20170302161921.10181-1-berrange@redhat.com> References: <20170302161921.10181-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 02 Mar 2017 16:19:34 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 2/2] migration: always report tls-creds & tls-hostname migrate parameters X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Juan Quintela , Markus Armbruster , "Dr. David Alan Gilbert" , John Ferlan , Jiri Denemark Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Currently the query-migrate-parameters command will omit reporting of the tls-creds & tls-hostname parameters if their value is NULL. This makes it impossible for an app to detect if these parameters are supported by QEMU, without trying to actually set them and catching the error. Since the code is treating "" and NULL as equivalent, we can simply always report these values and give them a value of "". This allows apps like libvirt to detect the fact that these parameters are supported by QEMU. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- migration/migration.c | 10 ++++++---- qapi-schema.json | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index a8cb56e..760f104 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -581,10 +581,12 @@ MigrationParameters *qmp_query_migrate_parameters(Err= or **errp) params->cpu_throttle_initial =3D s->parameters.cpu_throttle_initial; params->has_cpu_throttle_increment =3D true; params->cpu_throttle_increment =3D s->parameters.cpu_throttle_incremen= t; - params->has_tls_creds =3D !!s->parameters.tls_creds; - params->tls_creds =3D g_strdup(s->parameters.tls_creds); - params->has_tls_hostname =3D !!s->parameters.tls_hostname; - params->tls_hostname =3D g_strdup(s->parameters.tls_hostname); + params->has_tls_creds =3D true; + params->tls_creds =3D g_strdup(s->parameters.tls_creds ? + s->parameters.tls_creds : ""); + params->has_tls_hostname =3D true; + params->tls_hostname =3D g_strdup(s->parameters.tls_hostname ? + s->parameters.tls_hostname : ""); params->has_max_bandwidth =3D true; params->max_bandwidth =3D s->parameters.max_bandwidth; params->has_downtime_limit =3D true; diff --git a/qapi-schema.json b/qapi-schema.json index d1df9a4..7d046c3 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -1089,7 +1089,9 @@ # "compress-level": 1, # "cpu-throttle-initial": 20, # "max-bandwidth": 33554432, -# "downtime-limit": 300 +# "downtime-limit": 300, +# "tls-creds": "tls0", +# "tls-hostname": "" # } # } # --=20 2.9.3