From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227859; cv=none; d=zohomail.com; s=zohoarc; b=CyBdhH3CXCerIG2MbhwsqlUkY/Ijr7wNnpJaKzdiZD+ZhK6cEidTg6NYoFRFT/Vn4wKDVY+OZHXcSm38Fz+Wm/42giZtRXM1P1JpQgEWkwZ3gTPOw+XkAB8hVZKM58i7IchcPNkkREaKJazZDqjy1LCWdkFOUtfySnzyPTRGG3c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227859; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=p+XAgmDBTmks2GsZR1QW1XdUNlqAMMzX8BRwPw+gsOQ=; b=hLmikHBsh7+FJOo5+NDYc3yy3jagLI57S5tgPkYAbL86WtY5K0jBeHW/xzMMYX2UWIOeS4uaj8AsvaoeVaJi0EWkjH0jnrW8AdWea9EioWuAhZ70MhorHl4CpmtPMfRcb1pCKU5kh6hEYyx8CGmN/IImnjUED4ul41oHbGVMWtc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227859826424.8790027366971; Tue, 22 Jul 2025 16:44:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMd6-0002Hx-LL; Tue, 22 Jul 2025 19:42:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMd0-0002Bq-Pe for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:34 -0400 Received: from smtp-out2.suse.de ([2a07:de40:b251:101:10:150:64:2]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMcy-0007qF-J1 for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:34 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id AB1401F78A; Tue, 22 Jul 2025 23:42:21 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 193E313AF1; Tue, 22 Jul 2025 23:42:19 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id YOwhMtshgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227741; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p+XAgmDBTmks2GsZR1QW1XdUNlqAMMzX8BRwPw+gsOQ=; b=mT3j9EHZNx1MSa5EKhUoaFfKqKuvEVDU8ggh+4eupXUGIH8SHoS41/v4ImSknCmsYA0WCv kPBcY/VpiV9CDhKXJ8F4DjfbZIL8Cq/EfIDtgL4Frslz/HGIlb5T8d1T4hrVQeRzq2jtxn X+P9gKZRWLkhv8qQdKFjPeq8MH2XkEY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227741; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p+XAgmDBTmks2GsZR1QW1XdUNlqAMMzX8BRwPw+gsOQ=; b=3WxXdwSq+F9Zz+MZCWUBkyd6OuaKFAZ4ujFpL6tR+tuOwT+qV5h6gZXyXHnIBAv/k4jR7Z 3UFJcEOhHbXdsADw== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=mT3j9EHZ; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=3WxXdwSq DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227741; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p+XAgmDBTmks2GsZR1QW1XdUNlqAMMzX8BRwPw+gsOQ=; b=mT3j9EHZNx1MSa5EKhUoaFfKqKuvEVDU8ggh+4eupXUGIH8SHoS41/v4ImSknCmsYA0WCv kPBcY/VpiV9CDhKXJ8F4DjfbZIL8Cq/EfIDtgL4Frslz/HGIlb5T8d1T4hrVQeRzq2jtxn X+P9gKZRWLkhv8qQdKFjPeq8MH2XkEY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227741; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p+XAgmDBTmks2GsZR1QW1XdUNlqAMMzX8BRwPw+gsOQ=; b=3WxXdwSq+F9Zz+MZCWUBkyd6OuaKFAZ4ujFpL6tR+tuOwT+qV5h6gZXyXHnIBAv/k4jR7Z 3UFJcEOhHbXdsADw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , Peter Maydell , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL 1/7] migration: HMP: Fix possible out-of-bounds access Date: Tue, 22 Jul 2025 20:42:09 -0300 Message-Id: <20250722234215.6807-2-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.51 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:mid,suse.de:dkim,suse.de:email]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Queue-Id: AB1401F78A X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -3.51 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:2; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227862161116600 Coverity has caught a bug in the formatting of time intervals for postcopy latency distribution display in 'info migrate'. While bounds checking the labels array, sizeof is incorrectly being used. ARRAY_SIZE is the correct form of obtaining the size of an array. Fixes: 3345fb3b6d ("migration/postcopy: Add latency distribution report for= blocktime") Resolves: Coverity CID 1612248 Suggested-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 Link: https://lore.kernel.org/qemu-devel/20250716182648.30202-2-farosas@sus= e.de Signed-off-by: Fabiano Rosas --- migration/migration-hmp-cmds.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c index cef5608210..bb954881d7 100644 --- a/migration/migration-hmp-cmds.c +++ b/migration/migration-hmp-cmds.c @@ -57,11 +57,9 @@ static const gchar *format_time_str(uint64_t us) const char *units[] =3D {"us", "ms", "sec"}; int index =3D 0; =20 - while (us > 1000) { + while (us > 1000 && index + 1 < ARRAY_SIZE(units)) { us /=3D 1000; - if (++index >=3D (sizeof(units) - 1)) { - break; - } + index++; } =20 return g_strdup_printf("%"PRIu64" %s", us, units[index]); --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227787; cv=none; d=zohomail.com; s=zohoarc; b=j31C4kdGhtar3QWyC6Mj1O9L+d/jFwTlZ2XOyu5Dcg6aBkLxpb8pRZuVudg77NPRtFSsL1biqqlNuXK5hB03kllP/XbZjfmOP++MNOHSG0nToowlx9oXLS0MO1XCSXAdWZtm084WTKLXzXQn5jhPUmoBLkCH6HsNxbccaO4yQLo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227787; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UGKHdRquwoCcGe1GcdnxR/xIouOOcyFkyprWTGEyZsU=; b=OpgB2k7YvAhYWK6l/5s+90OTy219tQvUMol+xFFivCp9Ncn4VYfI5I9ibL1kZvKWxl+5atrVTMAD/KyiC7Zey5/z4J5ArT++KjnFu45O8IfORawUbEh/vQIl9egAiJp6yUhv5HPi38rC8dHh43CPTk/kBiFEGfsoAcx7R1tihSo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227787439839.3967881491534; Tue, 22 Jul 2025 16:43:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMd0-0002Bo-RK; Tue, 22 Jul 2025 19:42:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMcv-00029L-Df for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:32 -0400 Received: from smtp-out1.suse.de ([2a07:de40:b251:101:10:150:64:1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMct-0007pK-3D for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:29 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id CE3472121D; Tue, 22 Jul 2025 23:42:23 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3229813A32; Tue, 22 Jul 2025 23:42:21 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id OPA1ON0hgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227743; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UGKHdRquwoCcGe1GcdnxR/xIouOOcyFkyprWTGEyZsU=; b=Yb/zuKL1L56KOxpbKHufSno8bx4IaAyFZhRUOHc7v/TczaXpjJnePZTN8sJszpE7zDUANc oVQTyi1UZa6wqqvZRPkV/DVHWizUXn87MN9qS8B/TQbbNt3hOqJdDwGse82bVDwCX1g4Fd UUIZqNBzYA+lo0tzzjuVvDb4POjiTe0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227743; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UGKHdRquwoCcGe1GcdnxR/xIouOOcyFkyprWTGEyZsU=; b=sxGisKN4YqbB56JKhc/aDpk//HGS31vvegRB+HbVjkVNS/dsHcyNVuAnA4NckALy8U2GvP 2ww2txXAKPSIfmDg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227743; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UGKHdRquwoCcGe1GcdnxR/xIouOOcyFkyprWTGEyZsU=; b=Yb/zuKL1L56KOxpbKHufSno8bx4IaAyFZhRUOHc7v/TczaXpjJnePZTN8sJszpE7zDUANc oVQTyi1UZa6wqqvZRPkV/DVHWizUXn87MN9qS8B/TQbbNt3hOqJdDwGse82bVDwCX1g4Fd UUIZqNBzYA+lo0tzzjuVvDb4POjiTe0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227743; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UGKHdRquwoCcGe1GcdnxR/xIouOOcyFkyprWTGEyZsU=; b=sxGisKN4YqbB56JKhc/aDpk//HGS31vvegRB+HbVjkVNS/dsHcyNVuAnA4NckALy8U2GvP 2ww2txXAKPSIfmDg== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , Prasad Pandit , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL 2/7] migration: HMP: Fix postcopy latency distribution label Date: Tue, 22 Jul 2025 20:42:10 -0300 Message-Id: <20250722234215.6807-3-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.30 / 50.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email, suse.de:mid, imap1.dmz-prg2.suse.org:helo] X-Spam-Score: -3.30 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:1; envelope-from=farosas@suse.de; helo=smtp-out1.suse.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227789663116600 Fix the loop condition to avoid having a label with "1000 us" instead of "1 ms". Reported-by: Prasad Pandit Reviewed-by: Philippe Mathieu-Daud=C3=A9 Link: https://lore.kernel.org/qemu-devel/20250716182648.30202-3-farosas@sus= e.de Signed-off-by: Fabiano Rosas --- migration/migration-hmp-cmds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c index bb954881d7..a8b879c9d6 100644 --- a/migration/migration-hmp-cmds.c +++ b/migration/migration-hmp-cmds.c @@ -57,7 +57,7 @@ static const gchar *format_time_str(uint64_t us) const char *units[] =3D {"us", "ms", "sec"}; int index =3D 0; =20 - while (us > 1000 && index + 1 < ARRAY_SIZE(units)) { + while (us >=3D 1000 && index + 1 < ARRAY_SIZE(units)) { us /=3D 1000; index++; } --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227787; cv=none; d=zohomail.com; s=zohoarc; b=oJlHBpj5f4Y4Ic6ABxUneCTDIDT27fJkA/zT1tHdMaiE+/oZUW3VDWV7m8RQXcj93/tGh6GfeqRi3mrcrwS88K8vPnVOvIFJqe6ahhqRx1aQhB0/VLf5KyBAukSTOpvS54A7Fp9jFiRxT4Xbe++vTP4ZJzE1/mHpCyovYQ7zY2I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227787; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=FpIGcul4c8MWO4PXiLIFSI8jV6l+n4H7Trzi2MKZHKQ=; b=Yp/C4FSFtBxQKYHyIaDgF2+XdubwFqqsc+ecu8++aDkOlYIAFf7OGxZCScXf7PbWqu4a5JwXO45sslVYMxfV8HRKsYvOZzZYHSVHH2aA7f3M9ndkZRFeQNnYIxeYd8mXBHt9cmO25/2qbwOheoavk+NfqZq8rYkyVqoltQjhr5g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227787643829.4205704647344; Tue, 22 Jul 2025 16:43:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMd4-0002EN-BF; Tue, 22 Jul 2025 19:42:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMd2-0002DJ-6F for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:36 -0400 Received: from smtp-out1.suse.de ([2a07:de40:b251:101:10:150:64:1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMcz-0007qQ-Vz for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:35 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 9E20F218EA; Tue, 22 Jul 2025 23:42:25 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4BF4813A32; Tue, 22 Jul 2025 23:42:24 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 2FvEAuAhgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpIGcul4c8MWO4PXiLIFSI8jV6l+n4H7Trzi2MKZHKQ=; b=1IeDhzl/9lE5z4XX4gqIc/mxt285FT9n5U/84TceWucZXT2ZFJx4XbcYg2bvyC5/Ej0Ird 40aDGLdW+KvnwpDH1dVG8vs5MEerusNDp3CgkQpsP+6mhi8qu53dHr4bUNEJh+s7rny86t vHe6o/1k7YYveYDnZtZkk4OiM9c/rfs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpIGcul4c8MWO4PXiLIFSI8jV6l+n4H7Trzi2MKZHKQ=; b=XChAR1ZbLzGbmZLLGXRgfzncKecx2/Gw2rfksgO7Vl8R76B8tWbsw8wjG7lqJ9fDhXH/ok NQeDit7DLc3mQxDw== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="1IeDhzl/"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=XChAR1Zb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpIGcul4c8MWO4PXiLIFSI8jV6l+n4H7Trzi2MKZHKQ=; b=1IeDhzl/9lE5z4XX4gqIc/mxt285FT9n5U/84TceWucZXT2ZFJx4XbcYg2bvyC5/Ej0Ird 40aDGLdW+KvnwpDH1dVG8vs5MEerusNDp3CgkQpsP+6mhi8qu53dHr4bUNEJh+s7rny86t vHe6o/1k7YYveYDnZtZkk4OiM9c/rfs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpIGcul4c8MWO4PXiLIFSI8jV6l+n4H7Trzi2MKZHKQ=; b=XChAR1ZbLzGbmZLLGXRgfzncKecx2/Gw2rfksgO7Vl8R76B8tWbsw8wjG7lqJ9fDhXH/ok NQeDit7DLc3mQxDw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PULL 3/7] migration: show error message when postcopy fails Date: Tue, 22 Jul 2025 20:42:11 -0300 Message-Id: <20250722234215.6807-4-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.51 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:mid,suse.de:dkim,suse.de:email,imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Queue-Id: 9E20F218EA X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -3.51 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:1; envelope-from=farosas@suse.de; helo=smtp-out1.suse.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227789688116600 From: Daniel P. Berrang=C3=A9 The 'info migrate' command only shows the error message when the migration state is 'failed'. When postcopy is used, however, the 'postcopy-paused' state is used instead of 'failed', so we must show the error message there too. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Link: https://lore.kernel.org/qemu-devel/20250721133913.2914669-1-berrange@= redhat.com [line break to satisfy checkpatch] Signed-off-by: Fabiano Rosas --- migration/migration-hmp-cmds.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c index a8b879c9d6..0fc21f0647 100644 --- a/migration/migration-hmp-cmds.c +++ b/migration/migration-hmp-cmds.c @@ -151,7 +151,9 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict) if (info->has_status) { monitor_printf(mon, "Status: \t\t%s", MigrationStatus_str(info->status)); - if (info->status =3D=3D MIGRATION_STATUS_FAILED && info->error_des= c) { + if ((info->status =3D=3D MIGRATION_STATUS_FAILED || + info->status =3D=3D MIGRATION_STATUS_POSTCOPY_PAUSED) && + info->error_desc) { monitor_printf(mon, " (%s)\n", info->error_desc); } else { monitor_printf(mon, "\n"); --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227787; cv=none; d=zohomail.com; s=zohoarc; b=d1n5r04sTujK4Aqsr0HrKtRJaR787jjeW0paWPKQgq9COYqVSY15DVCPozMMymGaQisbh0WjCeTtUAhd3YE7NVUzxkLIuO8MHwxUBiaAjef1/FhZ8a+qohS7YG2sqL75SI2eisLY6bkBpqtNjjLr9NpabwMYKKjKVdBQQ+LmhDc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227787; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Cws9ZBn7W6BABjgl82koFv+kfMSyuUuT0Z9d7up9/oU=; b=oJ3vtzUzPwHIBv7OAUBVsn/y8+dMNTUbhYlcAgNVVBZIAYDs9S+UFYkjE+r6UZ1MzIt9w1TlKpBAHsqNmxK2pxGbU+G0IW/56Ids9JO2b4P+LtZrc7qBbbYRM+WrqLnIB+XaAkKSw5Jvq8EHyPIq1GS2W5IHYLZkGpzuHMal2Lk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227787615687.1030121069111; Tue, 22 Jul 2025 16:43:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMd9-0002KN-Se; Tue, 22 Jul 2025 19:42:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMd7-0002JJ-NF for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:41 -0400 Received: from smtp-out2.suse.de ([2a07:de40:b251:101:10:150:64:2]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMd5-0007r1-5t for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:41 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 77F601F789; Tue, 22 Jul 2025 23:42:27 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 261FC13A32; Tue, 22 Jul 2025 23:42:25 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 2C9ANeEhgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cws9ZBn7W6BABjgl82koFv+kfMSyuUuT0Z9d7up9/oU=; b=VcsiGZaTNxpdeHSj5YuQgmWhAbfGU6WhZSN0Zbhn595AOWcFXmhoDdZ9/1HJJzap3S/myy ZClNPaA8sUfrPnVHCdPvo+JABPSlKvtdSEeXzvdNNqPaziYxMs5eZCqk+sMb+nsvhPXcyd M8pBwRZJsg2lGWzPYb6JZwX1NQ502j4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cws9ZBn7W6BABjgl82koFv+kfMSyuUuT0Z9d7up9/oU=; b=7YueyKHFtuE4hBzNhfKGze+WqgsKmetQ75uDPYjI4ak2+jTErbOVRrTVYN50/95iljXYNM i6sIABGxj028GnCw== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=VcsiGZaT; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=7YueyKHF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cws9ZBn7W6BABjgl82koFv+kfMSyuUuT0Z9d7up9/oU=; b=VcsiGZaTNxpdeHSj5YuQgmWhAbfGU6WhZSN0Zbhn595AOWcFXmhoDdZ9/1HJJzap3S/myy ZClNPaA8sUfrPnVHCdPvo+JABPSlKvtdSEeXzvdNNqPaziYxMs5eZCqk+sMb+nsvhPXcyd M8pBwRZJsg2lGWzPYb6JZwX1NQ502j4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cws9ZBn7W6BABjgl82koFv+kfMSyuUuT0Z9d7up9/oU=; b=7YueyKHFtuE4hBzNhfKGze+WqgsKmetQ75uDPYjI4ak2+jTErbOVRrTVYN50/95iljXYNM i6sIABGxj028GnCw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PULL 4/7] crypto: implement workaround for GNUTLS thread safety problems Date: Tue, 22 Jul 2025 20:42:12 -0300 Message-Id: <20250722234215.6807-5-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:mid,suse.de:dkim,suse.de:email]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Queue-Id: 77F601F789 X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -3.51 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:2; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227789938116600 From: Daniel P. Berrang=C3=A9 When TLS 1.3 is negotiated on a TLS session, GNUTLS will perform automatic rekeying of the session after 16 million records. This is done for all algorithms except CHACHA20_POLY1305 which does not require rekeying. Unfortunately the rekeying breaks GNUTLS' promise that it is safe to use a gnutls_session_t object concurrently from multiple threads if they are exclusively calling gnutls_record_send/recv. This patch implements a workaround for QEMU that adds a mutex lock around any gnutls_record_send/recv call to serialize execution within GNUTLS code. When GNUTLS calls into the push/pull functions we can release the lock so the OS level I/O calls can at least have some parallelism. The big downside of this is that the actual encryption/decryption code is fully serialized, which will halve performance of that cipher operations if two threads are contending. The workaround is not enabled by default, since most use of GNUTLS in QEMU does not tickle the problem, only non-multifd migration with a return path open is affected. Fortunately the migration code also won't trigger the halving of performance, since only the outbound channel diretion needs to sustain high data rates, the inbound direction is low volume. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Link: https://lore.kernel.org/qemu-devel/20250718150514.2635338-2-berrange@= redhat.com [add stub for qcrypto_tls_session_require_thread_safety; fix unused var] Signed-off-by: Fabiano Rosas --- crypto/tlssession.c | 92 +++++++++++++++++++++++++++++++++-- include/crypto/tlssession.h | 14 ++++++ meson.build | 9 ++++ meson_options.txt | 2 + scripts/meson-buildoptions.sh | 5 ++ 5 files changed, 119 insertions(+), 3 deletions(-) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 6d8f8df623..baef878fa0 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -19,6 +19,7 @@ */ =20 #include "qemu/osdep.h" +#include "qemu/thread.h" #include "crypto/tlssession.h" #include "crypto/tlscredsanon.h" #include "crypto/tlscredspsk.h" @@ -51,6 +52,14 @@ struct QCryptoTLSSession { */ Error *rerr; Error *werr; + + /* + * Used to protect against broken GNUTLS thread safety + * https://gitlab.com/gnutls/gnutls/-/issues/1717 + */ + bool requireThreadSafety; + bool lockEnabled; + QemuMutex lock; }; =20 =20 @@ -69,6 +78,7 @@ qcrypto_tls_session_free(QCryptoTLSSession *session) g_free(session->peername); g_free(session->authzid); object_unref(OBJECT(session->creds)); + qemu_mutex_destroy(&session->lock); g_free(session); } =20 @@ -84,10 +94,19 @@ qcrypto_tls_session_push(void *opaque, const void *buf,= size_t len) return -1; }; =20 + if (session->lockEnabled) { + qemu_mutex_unlock(&session->lock); + } + error_free(session->werr); session->werr =3D NULL; =20 ret =3D session->writeFunc(buf, len, session->opaque, &session->werr); + + if (session->lockEnabled) { + qemu_mutex_lock(&session->lock); + } + if (ret =3D=3D QCRYPTO_TLS_SESSION_ERR_BLOCK) { errno =3D EAGAIN; return -1; @@ -114,7 +133,16 @@ qcrypto_tls_session_pull(void *opaque, void *buf, size= _t len) error_free(session->rerr); session->rerr =3D NULL; =20 + if (session->lockEnabled) { + qemu_mutex_unlock(&session->lock); + } + ret =3D session->readFunc(buf, len, session->opaque, &session->rerr); + + if (session->lockEnabled) { + qemu_mutex_lock(&session->lock); + } + if (ret =3D=3D QCRYPTO_TLS_SESSION_ERR_BLOCK) { errno =3D EAGAIN; return -1; @@ -153,6 +181,8 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, session->creds =3D creds; object_ref(OBJECT(creds)); =20 + qemu_mutex_init(&session->lock); + if (creds->endpoint !=3D endpoint) { error_setg(errp, "Credentials endpoint doesn't match session"); goto error; @@ -289,6 +319,11 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, return NULL; } =20 +void qcrypto_tls_session_require_thread_safety(QCryptoTLSSession *sess) +{ + sess->requireThreadSafety =3D true; +} + static int qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, Error **errp) @@ -480,7 +515,17 @@ qcrypto_tls_session_write(QCryptoTLSSession *session, size_t len, Error **errp) { - ssize_t ret =3D gnutls_record_send(session->handle, buf, len); + ssize_t ret; + + if (session->lockEnabled) { + qemu_mutex_lock(&session->lock); + } + + ret =3D gnutls_record_send(session->handle, buf, len); + + if (session->lockEnabled) { + qemu_mutex_unlock(&session->lock); + } =20 if (ret < 0) { if (ret =3D=3D GNUTLS_E_AGAIN) { @@ -509,7 +554,17 @@ qcrypto_tls_session_read(QCryptoTLSSession *session, bool gracefulTermination, Error **errp) { - ssize_t ret =3D gnutls_record_recv(session->handle, buf, len); + ssize_t ret; + + if (session->lockEnabled) { + qemu_mutex_lock(&session->lock); + } + + ret =3D gnutls_record_recv(session->handle, buf, len); + + if (session->lockEnabled) { + qemu_mutex_unlock(&session->lock); + } =20 if (ret < 0) { if (ret =3D=3D GNUTLS_E_AGAIN) { @@ -545,8 +600,29 @@ int qcrypto_tls_session_handshake(QCryptoTLSSession *session, Error **errp) { - int ret =3D gnutls_handshake(session->handle); + int ret; + ret =3D gnutls_handshake(session->handle); + if (!ret) { +#ifdef CONFIG_GNUTLS_BUG1717_WORKAROUND + gnutls_cipher_algorithm_t cipher =3D + gnutls_cipher_get(session->handle); + + /* + * Any use of rekeying in TLS 1.3 is unsafe for + * a gnutls with bug 1717, however, we know that + * QEMU won't initiate manual rekeying. Thus we + * only have to protect against automatic rekeying + * which doesn't trigger with CHACHA20 + */ + if (session->requireThreadSafety && + gnutls_protocol_get_version(session->handle) =3D=3D + GNUTLS_TLS1_3 && + cipher !=3D GNUTLS_CIPHER_CHACHA20_POLY1305) { + session->lockEnabled =3D true; + } +#endif + session->handshakeComplete =3D true; return QCRYPTO_TLS_HANDSHAKE_COMPLETE; } @@ -584,8 +660,15 @@ qcrypto_tls_session_bye(QCryptoTLSSession *session, Er= ror **errp) return 0; } =20 + if (session->lockEnabled) { + qemu_mutex_lock(&session->lock); + } ret =3D gnutls_bye(session->handle, GNUTLS_SHUT_WR); =20 + if (session->lockEnabled) { + qemu_mutex_unlock(&session->lock); + } + if (!ret) { return QCRYPTO_TLS_BYE_COMPLETE; } @@ -651,6 +734,9 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_U= NUSED, return NULL; } =20 +void qcrypto_tls_session_require_thread_safety(QCryptoTLSSession *sess) +{ +} =20 void qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED) diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index d77ae0d423..2f62ce2d67 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -165,6 +165,20 @@ void qcrypto_tls_session_free(QCryptoTLSSession *sess); =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSSession, qcrypto_tls_session_free) =20 +/** + * qcrypto_tls_session_require_thread_safety: + * @sess: the TLS session object + * + * Mark that this TLS session will require thread safety + * for concurrent I/O in both directions. This must be + * called before the handshake is performed. + * + * This will activate a workaround for GNUTLS thread + * safety issues, where appropriate for the negotiated + * TLS session parameters. + */ +void qcrypto_tls_session_require_thread_safety(QCryptoTLSSession *sess); + /** * qcrypto_tls_session_check_credentials: * @sess: the TLS session object diff --git a/meson.build b/meson.build index c2bc3eeedc..e53cd5b413 100644 --- a/meson.build +++ b/meson.build @@ -1809,6 +1809,7 @@ endif =20 gnutls =3D not_found gnutls_crypto =3D not_found +gnutls_bug1717_workaround =3D false if get_option('gnutls').enabled() or (get_option('gnutls').auto() and have= _system) # For general TLS support our min gnutls matches # that implied by our platform support matrix @@ -1834,6 +1835,12 @@ if get_option('gnutls').enabled() or (get_option('gn= utls').auto() and have_syste method: 'pkg-config', required: get_option('gnutls')) endif + + if gnutls.found() and not get_option('gnutls-bug1717-workaround').disabl= ed() + # XXX: when bug 1717 is resolved, add logic to probe for + # the GNUTLS fixed version number to handle the 'auto' case + gnutls_bug1717_workaround =3D true + endif endif =20 # We prefer use of gnutls for crypto, unless the options @@ -2585,6 +2592,7 @@ config_host_data.set('CONFIG_KEYUTILS', keyutils.foun= d()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) +config_host_data.set('CONFIG_GNUTLS_BUG1717_WORKAROUND', gnutls_bug1717_wo= rkaround) config_host_data.set('CONFIG_TASN1', tasn1.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) @@ -4869,6 +4877,7 @@ summary_info +=3D {'TLS priority': get_option('t= ls_priority')} summary_info +=3D {'GNUTLS support': gnutls} if gnutls.found() summary_info +=3D {' GNUTLS crypto': gnutls_crypto.found()} + summary_info +=3D {' GNUTLS bug 1717 workaround': gnutls_bug1717_workar= ound } endif summary_info +=3D {'libgcrypt': gcrypt} summary_info +=3D {'nettle': nettle} diff --git a/meson_options.txt b/meson_options.txt index fff1521e58..dd33530750 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -174,6 +174,8 @@ option('libcbor', type : 'feature', value : 'auto', description: 'libcbor support') option('gnutls', type : 'feature', value : 'auto', description: 'GNUTLS cryptography support') +option('gnutls-bug1717-workaround', type: 'feature', value : 'auto', + description: 'GNUTLS workaround for https://gitlab.com/gnutls/gnutl= s/-/issues/1717') option('nettle', type : 'feature', value : 'auto', description: 'nettle cryptography support') option('gcrypt', type : 'feature', value : 'auto', diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh index 0ebe6bc52a..d559e260ed 100644 --- a/scripts/meson-buildoptions.sh +++ b/scripts/meson-buildoptions.sh @@ -123,6 +123,9 @@ meson_options_help() { printf "%s\n" ' gio use libgio for D-Bus support' printf "%s\n" ' glusterfs Glusterfs block device driver' printf "%s\n" ' gnutls GNUTLS cryptography support' + printf "%s\n" ' gnutls-bug1717-workaround' + printf "%s\n" ' GNUTLS workaround for' + printf "%s\n" ' https://gitlab.com/gnutls/gnutls/-/issu= es/1717' printf "%s\n" ' gtk GTK+ user interface' printf "%s\n" ' gtk-clipboard clipboard support for the gtk UI (EXPER= IMENTAL, MAY HANG)' printf "%s\n" ' guest-agent Build QEMU Guest Agent' @@ -331,6 +334,8 @@ _meson_option_parse() { --disable-glusterfs) printf "%s" -Dglusterfs=3Ddisabled ;; --enable-gnutls) printf "%s" -Dgnutls=3Denabled ;; --disable-gnutls) printf "%s" -Dgnutls=3Ddisabled ;; + --enable-gnutls-bug1717-workaround) printf "%s" -Dgnutls-bug1717-worka= round=3Denabled ;; + --disable-gnutls-bug1717-workaround) printf "%s" -Dgnutls-bug1717-work= around=3Ddisabled ;; --enable-gtk) printf "%s" -Dgtk=3Denabled ;; --disable-gtk) printf "%s" -Dgtk=3Ddisabled ;; --enable-gtk-clipboard) printf "%s" -Dgtk_clipboard=3Denabled ;; --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227841; cv=none; d=zohomail.com; s=zohoarc; b=dGiQe85NgS+03egp2As6b1DUOVNEQXvakESPThVfDDT1DR3eOfb2Vs6FsTsiA81IoVPCbTxOd6UDi/YXhimTSEyTJzJhG/Ozjsn/aVqiELYobvwsj3Xw48MAUirFGvsTBOVEK4nHNdZ1xd8GQ75GxOEB8yZIoJ3UBvK519s3VQg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227841; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=F9T7mh+QJ0Qn3+vuo5odbDBZt5ruNTk4Dn/PbWX7kUc=; b=jx+V/1AZ+TNHLESuV2V6fFdAqfewSYyvEGIUEnXpMjqVuQfvcmxUjjer/VS3pARgrVK+xF7oVMTZ3TEZQPF3+PW2DY+KIzpdeLMkoqrQuScD596h5/TFtu440wyfm67L9gEXJbncR1su10qgA3fRO1psL+a/CTp3e+o7C02jfSE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227841923931.2100190771887; Tue, 22 Jul 2025 16:44:01 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMdF-0002QN-6v; Tue, 22 Jul 2025 19:42:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMdE-0002PT-AL for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:48 -0400 Received: from smtp-out2.suse.de ([195.135.223.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMdB-0007rX-Dv for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:47 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 518221F7A0; Tue, 22 Jul 2025 23:42:29 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id F3EE913A32; Tue, 22 Jul 2025 23:42:27 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id wCH8K+MhgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227749; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F9T7mh+QJ0Qn3+vuo5odbDBZt5ruNTk4Dn/PbWX7kUc=; b=e3OTUtmJCGof/dBk1b8i8uRuMo0L8vXTNVyytbI8XErVF/XdFIG/u4Q/bjsMD/bzMCumUp vJIHEmT4DsSC9VfWPbLeeUzSgMrqg/L1Wy0AYSCJJyJ61pgYZBeIRdZBVLayP4QFdQ4VgS Qu62rmOC/t3vbZfezsrwTWQmw8VGEZY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227749; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F9T7mh+QJ0Qn3+vuo5odbDBZt5ruNTk4Dn/PbWX7kUc=; b=dr56fBFEdMNWd18oqHzRFAhsqY/zk5J7IZUYTwQNfjWUXV9x/2C/adzkRmHUQQGmU2YmRB XLAH1z3QAzoVQEAA== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=e3OTUtmJ; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=dr56fBFE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227749; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F9T7mh+QJ0Qn3+vuo5odbDBZt5ruNTk4Dn/PbWX7kUc=; b=e3OTUtmJCGof/dBk1b8i8uRuMo0L8vXTNVyytbI8XErVF/XdFIG/u4Q/bjsMD/bzMCumUp vJIHEmT4DsSC9VfWPbLeeUzSgMrqg/L1Wy0AYSCJJyJ61pgYZBeIRdZBVLayP4QFdQ4VgS Qu62rmOC/t3vbZfezsrwTWQmw8VGEZY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227749; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F9T7mh+QJ0Qn3+vuo5odbDBZt5ruNTk4Dn/PbWX7kUc=; b=dr56fBFEdMNWd18oqHzRFAhsqY/zk5J7IZUYTwQNfjWUXV9x/2C/adzkRmHUQQGmU2YmRB XLAH1z3QAzoVQEAA== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PULL 5/7] io: add support for activating TLS thread safety workaround Date: Tue, 22 Jul 2025 20:42:13 -0300 Message-Id: <20250722234215.6807-6-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 518221F7A0 X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spamd-Result: default: False [-3.51 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; DNSWL_BLOCKED(0.00)[2a07:de40:b281:104:10:150:64:97:from,2a07:de40:b281:106:10:150:64:167:received]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo,suse.de:dkim,suse.de:mid,suse.de:email]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+] X-Spam-Score: -3.51 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=195.135.223.131; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227843932116600 From: Daniel P. Berrang=C3=A9 Add a QIO_CHANNEL_FEATURE_CONCURRENT_IO feature flag. If this is set on a QIOChannelTLS session object, the TLS session will be marked as requiring thread safety, which will activate the workaround for GNUTLS bug 1717 if needed. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Link: https://lore.kernel.org/qemu-devel/20250718150514.2635338-3-berrange@= redhat.com Signed-off-by: Fabiano Rosas --- include/io/channel.h | 1 + io/channel-tls.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/io/channel.h b/include/io/channel.h index 62b657109c..234e5db70d 100644 --- a/include/io/channel.h +++ b/include/io/channel.h @@ -46,6 +46,7 @@ enum QIOChannelFeature { QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY, QIO_CHANNEL_FEATURE_READ_MSG_PEEK, QIO_CHANNEL_FEATURE_SEEKABLE, + QIO_CHANNEL_FEATURE_CONCURRENT_IO, }; =20 =20 diff --git a/io/channel-tls.c b/io/channel-tls.c index db2ac1deae..a8248a9216 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -241,6 +241,11 @@ void qio_channel_tls_handshake(QIOChannelTLS *ioc, { QIOTask *task; =20 + if (qio_channel_has_feature(QIO_CHANNEL(ioc), + QIO_CHANNEL_FEATURE_CONCURRENT_IO)) { + qcrypto_tls_session_require_thread_safety(ioc->session); + } + task =3D qio_task_new(OBJECT(ioc), func, opaque, destroy); =20 --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227842; cv=none; d=zohomail.com; s=zohoarc; b=m2UnWvNqqRNGXIN4qIDvfKsYNY5ktouBhCr6gSISrnk+IvtAaSnoD/7Rf05D4fl+S0MmICUf53CAKetPo1AxfLA0U+wKJgBTu7QL2OJlQAv0haAvUYzuK79c5uWerUdYMcpaBE3GYqWm0BRXBTeijCiLZPH1SLwmqXNt9C/i8V8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227842; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KPHQdKOsJoUO2aXXmjAa2hdW3VeBDD42pfqDwCgqC8g=; b=CUCJ+9IKGHJoySWYWI0oCvSh7+MY6Ltg9gy+3X0yvpZcyrshtfwtRCTCHXQR3724HL0amautS+V0hqO/8a+F5dQSzF26sv3DIPrPCn2jH1GvKqbJixUQbGk8bwjmEGsySZMhVQ3jLNyYn2lT1l9SfNkRj9gDtCmwqARZ5Y9zhkk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175322784258024.81786497724829; Tue, 22 Jul 2025 16:44:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMdM-0002Xw-1W; Tue, 22 Jul 2025 19:42:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMdK-0002Vv-HB for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:54 -0400 Received: from smtp-out2.suse.de ([195.135.223.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMdI-0007sT-KS for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:54 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 2AEBA1F7B2; Tue, 22 Jul 2025 23:42:31 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id CD03513A32; Tue, 22 Jul 2025 23:42:29 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id AG5vIuUhgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227751; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KPHQdKOsJoUO2aXXmjAa2hdW3VeBDD42pfqDwCgqC8g=; b=MTNzmeNmiZ0gtd+9DPTuvFcbUr38sLaiVCzjdkIkZWOtoqNRNUkV7bZo6Tujl9gi40dgFc gK3m4JwBYZocZahpLfB0uYnLv1Lq/33nSXgCdNSEBn5zBMKPtssVVeRD68vwQWb6td2Ip2 tKa6EK70NEO8yX+pPd57n58YIzxn23c= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227751; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KPHQdKOsJoUO2aXXmjAa2hdW3VeBDD42pfqDwCgqC8g=; b=srA5TPjydkAoJM2pk8ng1qMBPdGKUM41v5VFaFcfx6ivKCEIJZ5RkP8Z/GKNLwO7zQ+yiS kdS8UyTgXi/OqFAw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227751; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KPHQdKOsJoUO2aXXmjAa2hdW3VeBDD42pfqDwCgqC8g=; b=MTNzmeNmiZ0gtd+9DPTuvFcbUr38sLaiVCzjdkIkZWOtoqNRNUkV7bZo6Tujl9gi40dgFc gK3m4JwBYZocZahpLfB0uYnLv1Lq/33nSXgCdNSEBn5zBMKPtssVVeRD68vwQWb6td2Ip2 tKa6EK70NEO8yX+pPd57n58YIzxn23c= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227751; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KPHQdKOsJoUO2aXXmjAa2hdW3VeBDD42pfqDwCgqC8g=; b=srA5TPjydkAoJM2pk8ng1qMBPdGKUM41v5VFaFcfx6ivKCEIJZ5RkP8Z/GKNLwO7zQ+yiS kdS8UyTgXi/OqFAw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PULL 6/7] migration: activate TLS thread safety workaround Date: Tue, 22 Jul 2025 20:42:14 -0300 Message-Id: <20250722234215.6807-7-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.30 / 50.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.998]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:mid, suse.de:email, imap1.dmz-prg2.suse.org:helo] X-Spam-Score: -3.30 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=195.135.223.131; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227843940116600 From: Daniel P. Berrang=C3=A9 When either the postcopy or return path capabilities are enabled, the migration code will use the primary channel for bidirectional I/O. If either of those capabilities are enabled, the migration code needs to mark the channel as expecting concurrent I/O in order to activate the thread safety workarounds for GNUTLS bug 1717 Closes: https://gitlab.com/qemu-project/qemu/-/issues/1937 Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Link: https://lore.kernel.org/qemu-devel/20250718150514.2635338-4-berrange@= redhat.com Signed-off-by: Fabiano Rosas --- migration/tls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/migration/tls.c b/migration/tls.c index 5cbf952383..284a6194b2 100644 --- a/migration/tls.c +++ b/migration/tls.c @@ -90,6 +90,10 @@ void migration_tls_channel_process_incoming(MigrationSta= te *s, =20 trace_migration_tls_incoming_handshake_start(); qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-incoming"); + if (migrate_postcopy_ram() || migrate_return_path()) { + qio_channel_set_feature(QIO_CHANNEL(tioc), + QIO_CHANNEL_FEATURE_CONCURRENT_IO); + } qio_channel_tls_handshake(tioc, migration_tls_incoming_handshake, NULL, @@ -149,6 +153,11 @@ void migration_tls_channel_connect(MigrationState *s, s->hostname =3D g_strdup(hostname); trace_migration_tls_outgoing_handshake_start(hostname); qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-outgoing"); + + if (migrate_postcopy_ram() || migrate_return_path()) { + qio_channel_set_feature(QIO_CHANNEL(tioc), + QIO_CHANNEL_FEATURE_CONCURRENT_IO); + } qio_channel_tls_handshake(tioc, migration_tls_outgoing_handshake, s, --=20 2.35.3 From nobody Sat Nov 15 09:50:12 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1753227868; cv=none; d=zohomail.com; s=zohoarc; b=J1OpFbIVLdhF3KS/hSymofd48kgklaStSGldLgJUM0W0hJTF2hqtwMEGTZUi0+dZlFnWM0vuP10nhluA3PJxgfDpFoURVZMe2uYaiYyRoH89ljA17zTFMH5hxxmUXaMEjFzFZuacIzBaxWDTZZMiIXis7iacSzmmhSdecKzayE4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753227868; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jZZh+ZVa3T5k6vTaImGQ/AbOZe7gkNeo6VdPQTexAdg=; b=an/ma2ng1aeBhVRVmMPUXvyzT4B3h2Xn0WgtkLfgOkW0/AT3MVA/ssMCnBpqiWHjysQLQgg+nmdlLMFbZW10Mm58t4GHAui2Lfj0DP01pORppYkDlz9Nms14bZtxSGSTJaR4LNqYgj3GeSrnmXF9QpOTeSowRelfg0mv+qDg2mg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753227868702669.9111969765685; Tue, 22 Jul 2025 16:44:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ueMdy-0002jm-Cd; Tue, 22 Jul 2025 19:43:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ueMdQ-0002aD-Av for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:43:02 -0400 Received: from smtp-out2.suse.de ([195.135.223.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ueMdO-0007t3-J2 for qemu-devel@nongnu.org; Tue, 22 Jul 2025 19:42:59 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 045211F7B5; Tue, 22 Jul 2025 23:42:33 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id A6FE013A32; Tue, 22 Jul 2025 23:42:31 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id qFgnGechgGiqOgAAD6G6ig (envelope-from ); Tue, 22 Jul 2025 23:42:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227753; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jZZh+ZVa3T5k6vTaImGQ/AbOZe7gkNeo6VdPQTexAdg=; b=c5Sdy7JDGgvNeN+YG3ps+AR/dRQAeultV4WHn/dXRh4mkycGxw847Z9RiHvnr+pqbqfony Aabm2ce8VEmmeFtdZjhESPSt1pMbWNl/i/xIfU4uKG4jNHrnUdVEkkSnXiXK1iafxNXCgH 8kRldLLfniw8prarRd2QTkf/28voigc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227753; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jZZh+ZVa3T5k6vTaImGQ/AbOZe7gkNeo6VdPQTexAdg=; b=0o8t8Fy2vz7w49WsHcC6dB+2J8+iEJVPuiJFrdKPedtdj8twdyO2u4h1jMbMIi7aM0tuSO msdSdmxCkdg7jDBw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1753227753; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jZZh+ZVa3T5k6vTaImGQ/AbOZe7gkNeo6VdPQTexAdg=; b=c5Sdy7JDGgvNeN+YG3ps+AR/dRQAeultV4WHn/dXRh4mkycGxw847Z9RiHvnr+pqbqfony Aabm2ce8VEmmeFtdZjhESPSt1pMbWNl/i/xIfU4uKG4jNHrnUdVEkkSnXiXK1iafxNXCgH 8kRldLLfniw8prarRd2QTkf/28voigc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1753227753; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jZZh+ZVa3T5k6vTaImGQ/AbOZe7gkNeo6VdPQTexAdg=; b=0o8t8Fy2vz7w49WsHcC6dB+2J8+iEJVPuiJFrdKPedtdj8twdyO2u4h1jMbMIi7aM0tuSO msdSdmxCkdg7jDBw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: Peter Xu , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PULL 7/7] crypto: add tracing & warning about GNUTLS countermeasures Date: Tue, 22 Jul 2025 20:42:15 -0300 Message-Id: <20250722234215.6807-8-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250722234215.6807-1-farosas@suse.de> References: <20250722234215.6807-1-farosas@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.30 / 50.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo, suse.de:email, suse.de:mid] X-Spam-Score: -3.30 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=195.135.223.131; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1753227870489116600 From: Daniel P. Berrang=C3=A9 We want some visibility on stderr when the GNUTLS thread safety countermeasures are activated, to encourage people to get the real fix deployed (once it exists). Some trace points will also help if we see any further wierd crash scenario we've not anticipated. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Link: https://lore.kernel.org/qemu-devel/20250718150514.2635338-5-berrange@= redhat.com [add missing include] Signed-off-by: Fabiano Rosas --- crypto/tlssession.c | 11 +++++++++++ crypto/trace-events | 2 ++ 2 files changed, 13 insertions(+) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index baef878fa0..86d407a142 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -19,6 +19,7 @@ */ =20 #include "qemu/osdep.h" +#include "qemu/error-report.h" #include "qemu/thread.h" #include "crypto/tlssession.h" #include "crypto/tlscredsanon.h" @@ -615,10 +616,20 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *sess= ion, * only have to protect against automatic rekeying * which doesn't trigger with CHACHA20 */ + trace_qcrypto_tls_session_parameters( + session, + session->requireThreadSafety, + gnutls_protocol_get_version(session->handle), + cipher); + if (session->requireThreadSafety && gnutls_protocol_get_version(session->handle) =3D=3D GNUTLS_TLS1_3 && cipher !=3D GNUTLS_CIPHER_CHACHA20_POLY1305) { + warn_report("WARNING: activating thread safety countermeasures= " + "for potentially broken GNUTLS with TLS1.3 cipher= =3D%d", + cipher); + trace_qcrypto_tls_session_bug1717_workaround(session); session->lockEnabled =3D true; } #endif diff --git a/crypto/trace-events b/crypto/trace-events index bccd0bbf29..d0e33427fa 100644 --- a/crypto/trace-events +++ b/crypto/trace-events @@ -21,6 +21,8 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const = char *file) "TLS creds # tlssession.c qcrypto_tls_session_new(void *session, void *creds, const char *hostname, = const char *authzid, int endpoint) "TLS session new session=3D%p creds=3D%p= hostname=3D%s authzid=3D%s endpoint=3D%d" qcrypto_tls_session_check_creds(void *session, const char *status) "TLS se= ssion check creds session=3D%p status=3D%s" +qcrypto_tls_session_parameters(void *session, int threadSafety, int protoc= ol, int cipher) "TLS session parameters session=3D%p threadSafety=3D%d prot= ocol=3D%d cipher=3D%d" +qcrypto_tls_session_bug1717_workaround(void *session) "TLS session bug1717= workaround session=3D%p" =20 # tls-cipher-suites.c qcrypto_tls_cipher_suite_priority(const char *name) "priority: %s" --=20 2.35.3