From nobody Sun Feb 8 12:58:13 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1547565509419920.729873939439; Tue, 15 Jan 2019 07:18:29 -0800 (PST) Received: from localhost ([127.0.0.1]:48295 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjQU0-0006m2-Dh for importer@patchew.org; Tue, 15 Jan 2019 10:18:28 -0500 Received: from eggs.gnu.org ([209.51.188.92]:46770) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjQ6t-0005mc-4A for qemu-devel@nongnu.org; Tue, 15 Jan 2019 09:54:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gjQ6r-0004su-TB for qemu-devel@nongnu.org; Tue, 15 Jan 2019 09:54:35 -0500 Received: from mx1.redhat.com ([209.132.183.28]:45962) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjQ6r-0004rq-LM for qemu-devel@nongnu.org; Tue, 15 Jan 2019 09:54:33 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E8F7BA0E45; Tue, 15 Jan 2019 14:54:30 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-55.ams2.redhat.com [10.36.112.55]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0836B5D98E; Tue, 15 Jan 2019 14:54:27 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Tue, 15 Jan 2019 14:52:55 +0000 Message-Id: <20190115145256.9593-12-berrange@redhat.com> In-Reply-To: <20190115145256.9593-1-berrange@redhat.com> References: <20190115145256.9593-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 15 Jan 2019 14:54:31 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 11/12] chardev: disallow TLS/telnet/websocket with tcp_chr_wait_connected X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , Yongji Xie , Paolo Bonzini , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" In the previous commit commit 1dc8a6695c731abb7461c637b2512c3670d82be4 Author: Marc-Andr=C3=A9 Lureau Date: Tue Aug 16 12:33:32 2016 +0400 char: fix waiting for TLS and telnet connection the tcp_chr_wait_connected() method was changed to check for a non-NULL 's->ioc' as a sign that there is already a connection present, as opposed to checking the "connected" flag to supposedly fix handling of TLS/telnet connections. The original code would repeatedly call tcp_chr_wait_connected creating many connections as 'connected' would never become true. The changed code would still repeatedly call tcp_chr_wait_connected busy waiting because s->ioc is set but the chardev will never see CHR_EVENT_OPENED. IOW, the code is still broken with TLS/telnet, but in a different way. Checking for a non-NULL 's->ioc' does not mean that a CHR_EVENT_OPENED will be ready for a TLS/telnet connection. These protocols (and the websocket protocol) all require the main loop to be running in order to complete the protocol handshake before emitting CHR_EVENT_OPENED. The tcp_chr_wait_connected() method is only used during early startup before a main loop is running, so TLS/telnet/websock connections can never complete initialization. Making this work would require changing tcp_chr_wait_connected to run a main loop. This is quite complex since we must not allow GSource's that other parts of QEMU have registered to run yet. The current callers of tcp_chr_wait_connected do not require use of the TLS/telnet/websocket protocols, so the simplest option is to just forbid this combination completely for now. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau --- chardev/char-socket.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index 91d775e9c5..7e98a95bbd 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -951,8 +951,20 @@ static void tcp_chr_accept_server_sync(Chardev *chr) static int tcp_chr_wait_connected(Chardev *chr, Error **errp) { SocketChardev *s =3D SOCKET_CHARDEV(chr); - /* It can't wait on s->connected, since it is set asynchronously - * in TLS and telnet cases, only wait for an accepted socket */ + const char *opts[] =3D { "telnet", "tn3270", "websock", "tls-creds" }; + bool optset[] =3D { s->is_telnet, s->is_tn3270, s->is_websock, s->tls_= creds }; + size_t i; + + QEMU_BUILD_BUG_ON(G_N_ELEMENTS(opts) !=3D G_N_ELEMENTS(optset)); + for (i =3D 0; i < G_N_ELEMENTS(opts); i++) { + if (optset[i]) { + error_setg(errp, + "'%s' option is incompatible with waiting for " + "connection during early startup", opts[i]); + return -1; + } + } + while (!s->ioc) { if (s->is_listen) { tcp_chr_accept_server_sync(chr); --=20 2.20.1