From nobody Sun Sep 28 17:03:42 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757625884; cv=none; d=zohomail.com; s=zohoarc; b=MCmS25pAmklfI9pT46Tj8WWOjd337zgc9lbIif8tOepY45xE8d+9M1I1u/4iaY6n/+FmDSrdIlIjr5uao8x7MCkSI5mnGx6TO0W44ZdamBmPwenO2l98zDk/99NCfljjM4DXuLr0nad8UPyjWxbR35I3P2qo//S0ZOKLAWLrUvw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757625884; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=H+wI1mVR1U7NVXhX8RRjgaPpxiSDUV5ckDS1JFuvV3g=; b=eakFm1tgQoSArGVmp4cX9sYBVC/Rx3h9OZOerOtp1Cgn2tWbxx6IcMqd6Gq/jQEpEyMXskbEDPkYBieYMHP5Dh2iRJ9WjJzUILvV9xQKCUX91xiTgU1IrlkFh8w8r5MMw728HrnrWGkZ+fvHXsLcWAj2YzpEnkr6BIhcS1pDGGE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757625884240339.2130387049333; Thu, 11 Sep 2025 14:24:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uwomB-0002i3-Ht; Thu, 11 Sep 2025 17:24:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom7-0002h0-V5 for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:15 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom5-0008QA-8t for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:15 -0400 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-232-m1n3ywUoMN6TYYAHyI4SCg-1; Thu, 11 Sep 2025 17:24:10 -0400 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-817ecd47971so569190385a.0 for ; Thu, 11 Sep 2025 14:24:10 -0700 (PDT) Received: from x1.com ([174.89.135.121]) by smtp.gmail.com with ESMTPSA id af79cd13be357-820c9845c47sm166032285a.28.2025.09.11.14.24.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Sep 2025 14:24:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757625851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H+wI1mVR1U7NVXhX8RRjgaPpxiSDUV5ckDS1JFuvV3g=; b=U/k5IB4aV0jogyqt8zhTjxJKh7tI0NFi4isF/ti4gXd8DWH8uoPqd8MheOCvERqcpq1hRW sLt8XzT5Yd2YNcixwlO9PGuqia+05U03AYndGYFrvn7OyKpWxS58sTDNBlZvSLn1kF6llW fstBXcax4vlIpNOePSaxJWDC2bOdY0Y= X-MC-Unique: m1n3ywUoMN6TYYAHyI4SCg-1 X-Mimecast-MFC-AGG-ID: m1n3ywUoMN6TYYAHyI4SCg_1757625849 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757625849; x=1758230649; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H+wI1mVR1U7NVXhX8RRjgaPpxiSDUV5ckDS1JFuvV3g=; b=nJoM9wiedppZ2mSidEkqccja8SByzTnvqfFvO9ZgQOsvDSP2cqup8WDlE18fwuMgUa Ee6woaxQhWfOKEOzeAuu8xa/6r5L/uAT71TgAx7Pae1bfEPT9x6MIFkGbeupQ3c1+0Z7 wbpRXjQh8nv3xvYfGcTqg2PifntVurtr5ibtDcFimMIUbw3FuimBiBA24p+DVyXIPk+u hOQPeZZwjDbmrMdpOq66GPOvh5T8DVlYEo6UQ2ksGgRJjBAo0g1IjaoqCXi103WVtE7G 8NPceo+X4hffX3xAp7cf69Rff7CtdzesnydOh0c0jxLuFUyO9QzLJF6WyVqjWfCRVtn5 S7ZA== X-Gm-Message-State: AOJu0YxvV4GKa335P4ZD+f4Lv8XAqoyJoVOPmAuJ49VNmNMIhpGiJOgM J+YONqeYmRWiprrkctt9mA9yB/oKWuXMdYoJENCkFBHKpGORRBBtTanfM8SoYEKUaW8ujhh66mb R/d4td4JxGthd/CuSRjl+LgQkBxzCEXWq3Vvpt37afZYhqjaZ7K5iINyu5TFPGPe/YZ2QUcJnho BlL9K1mJ4vVmvwYc653HMeFFqHYFSY2N2RsMD8CQ== X-Gm-Gg: ASbGncsycDqGKoZ6kIrkcu27zwbZdhC3LgSAhEygjzyPyAcgjq2vNDNU7R9jOaoOeYB Kmf8cZXhlBFSJH9aHWhNHyGcSGC+u0rSvU9dtuVupjs9K8wneiWNsqj1qdpAKABhCnVhhPnfpw/ vT6OffUyIQWmMMPt2Gin+yVIjFrA3uRgtBOsKX0waf32BtvTZXd9okaKjZkTbocnbmf4v/zqWQu Jpmvz+se8nz0ZBuPIAEqYUm/lbIhaDuF2q/AnqlKxmPkIdk7BEoxRHG+CojjOT0CsWPBWsaS9D6 urReMr39oI9MG25XTE505qtnx1ugng== X-Received: by 2002:a05:620a:400a:b0:823:a532:dfd1 with SMTP id af79cd13be357-823f8ce1457mr128882185a.9.1757625849207; Thu, 11 Sep 2025 14:24:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHrDl69+D03XH4Br/KujYABHwPemtC1pi8xr4++W+9Kckfdkit+A87wk6CmhVJzS7OiqbJSjA== X-Received: by 2002:a05:620a:400a:b0:823:a532:dfd1 with SMTP id af79cd13be357-823f8ce1457mr128878585a.9.1757625848697; Thu, 11 Sep 2025 14:24:08 -0700 (PDT) From: Peter Xu To: qemu-devel@nongnu.org Cc: Juraj Marcin , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , peterx@redhat.com, Fabiano Rosas Subject: [PATCH v2 1/3] io/crypto: Move tls premature termination handling into QIO layer Date: Thu, 11 Sep 2025 17:23:53 -0400 Message-ID: <20250911212355.1943494-2-peterx@redhat.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250911212355.1943494-1-peterx@redhat.com> References: <20250911212355.1943494-1-peterx@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=peterx@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757625884966116600 Content-Type: text/plain; charset="utf-8" QCryptoTLSSession allows TLS premature termination in two cases, one of the case is when the channel shutdown() is invoked on READ side. It's possible the shutdown() happened after the read thread blocked at gnutls_record_recv(). In this case, we should allow the premature termination to happen. The problem is by the time qcrypto_tls_session_read() was invoked, tioc->shutdown may not have been set, so this may instead be treated as an error if there is concurrent shutdown() calls. To allow the flag to reflect the latest status of tioc->shutdown, move the check upper into the QIOChannel level, so as to read the flag only after QEMU gets an GNUTLS_E_PREMATURE_TERMINATION. When at it, introduce qio_channel_tls_allow_premature_termination() helper to make the condition checks easier to read. This patch will fix a qemu qtest warning when running the preempt tls test, reporting premature termination: QTEST_QEMU_BINARY=3D./qemu-system-x86_64 ./tests/qtest/migration-test --ful= l -r /x86_64/migration/postcopy/preempt/tls/psk ... qemu-kvm: Cannot read from TLS channel: The TLS connection was non-properly= terminated. ... In this specific case, the error was set by postcopy_preempt_thread, which normally will be concurrently shutdown()ed by the main thread. Signed-off-by: Peter Xu Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Fabiano Rosas Reviewed-by: Juraj Marcin --- include/crypto/tlssession.h | 7 +------ crypto/tlssession.c | 7 ++----- io/channel-tls.c | 21 +++++++++++++++++++-- 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 2f62ce2d67..6b4fcadee7 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -110,6 +110,7 @@ typedef struct QCryptoTLSSession QCryptoTLSSession; =20 #define QCRYPTO_TLS_SESSION_ERR_BLOCK -2 +#define QCRYPTO_TLS_SESSION_PREMATURE_TERMINATION -3 =20 /** * qcrypto_tls_session_new: @@ -259,7 +260,6 @@ ssize_t qcrypto_tls_session_write(QCryptoTLSSession *se= ss, * @sess: the TLS session object * @buf: to fill with plain text received * @len: the length of @buf - * @gracefulTermination: treat premature termination as graceful EOF * @errp: pointer to hold returned error object * * Receive up to @len bytes of data from the remote peer @@ -267,10 +267,6 @@ ssize_t qcrypto_tls_session_write(QCryptoTLSSession *s= ess, * qcrypto_tls_session_set_callbacks(), decrypt it and * store it in @buf. * - * If @gracefulTermination is true, then a premature termination - * of the TLS session will be treated as indicating EOF, as - * opposed to an error. - * * It is an error to call this before * qcrypto_tls_session_handshake() returns * QCRYPTO_TLS_HANDSHAKE_COMPLETE @@ -282,7 +278,6 @@ ssize_t qcrypto_tls_session_write(QCryptoTLSSession *se= ss, ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, char *buf, size_t len, - bool gracefulTermination, Error **errp); =20 /** diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 86d407a142..ac38c2121d 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -552,7 +552,6 @@ ssize_t qcrypto_tls_session_read(QCryptoTLSSession *session, char *buf, size_t len, - bool gracefulTermination, Error **errp) { ssize_t ret; @@ -570,9 +569,8 @@ qcrypto_tls_session_read(QCryptoTLSSession *session, if (ret < 0) { if (ret =3D=3D GNUTLS_E_AGAIN) { return QCRYPTO_TLS_SESSION_ERR_BLOCK; - } else if ((ret =3D=3D GNUTLS_E_PREMATURE_TERMINATION) && - gracefulTermination){ - return 0; + } else if (ret =3D=3D GNUTLS_E_PREMATURE_TERMINATION) { + return QCRYPTO_TLS_SESSION_PREMATURE_TERMINATION; } else { if (session->rerr) { error_propagate(errp, session->rerr); @@ -789,7 +787,6 @@ ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, char *buf, size_t len, - bool gracefulTermination, Error **errp) { error_setg(errp, "TLS requires GNUTLS support"); diff --git a/io/channel-tls.c b/io/channel-tls.c index a8248a9216..5a2c8188ce 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -346,6 +346,19 @@ static void qio_channel_tls_finalize(Object *obj) qcrypto_tls_session_free(ioc->session); } =20 +static bool +qio_channel_tls_allow_premature_termination(QIOChannelTLS *tioc, int flags) +{ + if (flags & QIO_CHANNEL_READ_FLAG_RELAXED_EOF) { + return true; + } + + if (qatomic_read(&tioc->shutdown) & QIO_CHANNEL_SHUTDOWN_READ) { + return true; + } + + return false; +} =20 static ssize_t qio_channel_tls_readv(QIOChannel *ioc, const struct iovec *iov, @@ -364,8 +377,6 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc, tioc->session, iov[i].iov_base, iov[i].iov_len, - flags & QIO_CHANNEL_READ_FLAG_RELAXED_EOF || - qatomic_load_acquire(&tioc->shutdown) & QIO_CHANNEL_SHUTDOWN_R= EAD, errp); if (ret =3D=3D QCRYPTO_TLS_SESSION_ERR_BLOCK) { if (got) { @@ -373,6 +384,12 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc, } else { return QIO_CHANNEL_ERR_BLOCK; } + } else if (ret =3D=3D QCRYPTO_TLS_SESSION_PREMATURE_TERMINATION) { + if (qio_channel_tls_allow_premature_termination(tioc, flags)) { + ret =3D 0; + } else { + return -1; + } } else if (ret < 0) { return -1; } --=20 2.50.1 From nobody Sun Sep 28 17:03:42 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757625906; cv=none; d=zohomail.com; s=zohoarc; b=e5HEvweQFlBh1qlU6Gog/2x2MlaZsA+jD1iYlftAH6Ht6S/SgbiBwiqejm+eSNsKycYiBj68LXY6tAlu5Slq60O1d+GA7koDlr+4RYESDlqrxCyhTWAt+um726fY6McTMiIcnX23lku4HkmVBenrC0RHnVFmfP9UWDIEx84VDXU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757625906; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=x+mQzcBNcIdFANreHLy90tT/Nh2HwBTHifc2In8UdMM=; b=O73lmcHxUSKAj2hjuWcl29ShZd1jRvDojNpXVMibuXWZCtxfdPezqZJLP0mto8zvC0tQbaEzuwdVcaHanUfFsXJAN2aZa8qKSVApBlzKtv2wHnRQSt5hEX5vxeBQUmcAXTn30yZdpJ/lgwmQVQTS55dIdo2trjhxDGupaSfSU/M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757625906033282.8742635150651; Thu, 11 Sep 2025 14:25:06 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uwomE-0002ii-AX; Thu, 11 Sep 2025 17:24:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom7-0002h1-V2 for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:15 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom5-0008QQ-Bk for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:15 -0400 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-42-EJ1Dh1aaMG2v9oRnWZ-DWw-1; Thu, 11 Sep 2025 17:24:11 -0400 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-7e870623cdaso263676985a.2 for ; Thu, 11 Sep 2025 14:24:11 -0700 (PDT) Received: from x1.com ([174.89.135.121]) by smtp.gmail.com with ESMTPSA id af79cd13be357-820c9845c47sm166032285a.28.2025.09.11.14.24.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Sep 2025 14:24:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757625852; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x+mQzcBNcIdFANreHLy90tT/Nh2HwBTHifc2In8UdMM=; b=hJWIHVh83qzNmA/AOUzGwMCy1cLfbZkXCokofQ9oTC8d/VEOVmnv0NWLsm4Fla3zVWcCoL qmBvxGc/Hf6dWeDU3jdqgT+fiQPQbmDswEF0fJQX/MvIKt+WKGZpWReeHVTmRL8L9WbgQc 4usfCMBOCvNuM1YeaI+veDf6GjyYJaQ= X-MC-Unique: EJ1Dh1aaMG2v9oRnWZ-DWw-1 X-Mimecast-MFC-AGG-ID: EJ1Dh1aaMG2v9oRnWZ-DWw_1757625851 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757625850; x=1758230650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x+mQzcBNcIdFANreHLy90tT/Nh2HwBTHifc2In8UdMM=; b=oK9XTWJywJ5QYbK8zrnDSDWkVTwyELddb4VC1M1GvpoNeSXklWH59V665WjzeF1CHQ WiMp9cYAHOTHZ+2egmtitUaJQrTspwS36YYp5IAZjsr6JPs9nmOsXbK7zACR5t6S1KXm QBe0ze4HiOReugGBb2T8OoMoLF6NpUeCiBMqzZJcs9LiLSMDvpgkweGIx/LefDAl4zhO 56h+vXzD0/e3xmjJTZn/st8faHorMYgjnx0FvTKanIzqVYJdg6exbTt88m9XmkwVJP4A ZqIYNWsmQsdmYewLPZPowPH8dizDWLTMYRTLJN/LTdHl4yRrxx9ZUVLLQsu6mu2SOGhY 6cWA== X-Gm-Message-State: AOJu0YyLpPAh2OQckcIZwIc1wMVv9dy00NJiEhnEekb/w/Q+axVVqwJq I35a72RJwaxvG4xAgmwbAtS34T0Q7E8eoqjEsSkBfApP8usPLw5kPTGrP4KIyONNxCNDYV2dQSQ MN3FlXq7DEmBpas5i59s2tDYvNnWK0NdP7XKwMTCyiD1fx7qDsx+pPjbF+0TIxR/pVoD8b+o3jP rtIyc93gGM2cOX3Dsvl+m5IC+jJ5+VGxWHFwXC9w== X-Gm-Gg: ASbGnctrDOZD5MUT4Pmt3Oam2bn8MAc+s1AxFlfbpRzvubSf+mwrUvLjKFih8xDAszo j2kxzgRuvCjKDZZtz4klW1rzc4Rk4AJvwIRtXBYl11gYtFPa8W+GKGVkeY8G9j4gw8yv5PbyYjB tNjuuYjIeeFiM9ePC1e/ToS5QvJnmZVwHmAwY6lcNcF9agW7xuV8NFoET20ltXoywtQ3hnDabsj UvZIY98/Fcf4O5H9bKIbTC4FreWZxcO8HhBQFjRJ5FzBwM2SISoITU5Q+0mNlRm6YY94BWKfA7Y 0jQlDPkNTyFFt50ytK6zru+XccJpCg== X-Received: by 2002:a05:620a:44c4:b0:810:69dc:6e with SMTP id af79cd13be357-824032b00b6mr109965285a.58.1757625850308; Thu, 11 Sep 2025 14:24:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGORlmUezVTkXzefb94IHJ4Mq5bzWIFkEbTyVVPBSxxOTmsLhImL3iiIduH/FYKY7v/VJ+w9Q== X-Received: by 2002:a05:620a:44c4:b0:810:69dc:6e with SMTP id af79cd13be357-824032b00b6mr109962385a.58.1757625849812; Thu, 11 Sep 2025 14:24:09 -0700 (PDT) From: Peter Xu To: qemu-devel@nongnu.org Cc: Juraj Marcin , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , peterx@redhat.com, Fabiano Rosas Subject: [PATCH v2 2/3] io/tls: Make qio_channel_tls_bye() always synchronous Date: Thu, 11 Sep 2025 17:23:54 -0400 Message-ID: <20250911212355.1943494-3-peterx@redhat.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250911212355.1943494-1-peterx@redhat.com> References: <20250911212355.1943494-1-peterx@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=peterx@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757625907305116601 Content-Type: text/plain; charset="utf-8" No issue I hit, the change is only from code observation when I am looking at a TLS premature termination issue. qio_channel_tls_bye() API needs to be synchronous. When it's not, the previous impl will attach an asynchronous task retrying but only until when the channel gets the relevant GIO event. It may be problematic, because the caller of qio_channel_tls_bye() may have invoked channel close() before that, leading to premature termination of the TLS session. Remove the asynchronous handling, instead retry it immediately. Currently, the only two possible cases that may lead to async task is either INTERRUPT or EAGAIN. It should be suffice to spin retry as of now, until a solid proof showing that a more complicated retry logic is needed. With that, we can remove the whole async model for the bye task. When at it, making the function return bool, which looks like a common pattern in QEMU when errp is used. Side note on the tracepoints: previously the tracepoint bye_complete() isn't used. Start to use it in this patch. bye_pending() and bye_cancel() can be dropped now. Adding bye_retry() instead. Signed-off-by: Peter Xu --- include/io/channel-tls.h | 5 ++- io/channel-tls.c | 86 +++++----------------------------------- io/trace-events | 3 +- 3 files changed, 15 insertions(+), 79 deletions(-) diff --git a/include/io/channel-tls.h b/include/io/channel-tls.h index 7e9023570d..bcd14ffbd6 100644 --- a/include/io/channel-tls.h +++ b/include/io/channel-tls.h @@ -49,7 +49,6 @@ struct QIOChannelTLS { QCryptoTLSSession *session; QIOChannelShutdown shutdown; guint hs_ioc_tag; - guint bye_ioc_tag; }; =20 /** @@ -60,8 +59,10 @@ struct QIOChannelTLS { * Perform the TLS session termination. This method will return * immediately and the termination will continue in the background, * provided the main loop is running. + * + * Returns: true on success, false on error (with errp set) */ -void qio_channel_tls_bye(QIOChannelTLS *ioc, Error **errp); +bool qio_channel_tls_bye(QIOChannelTLS *ioc, Error **errp); =20 /** * qio_channel_tls_new_server: diff --git a/io/channel-tls.c b/io/channel-tls.c index 5a2c8188ce..8510a187a8 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -253,84 +253,25 @@ void qio_channel_tls_handshake(QIOChannelTLS *ioc, qio_channel_tls_handshake_task(ioc, task, context); } =20 -static gboolean qio_channel_tls_bye_io(QIOChannel *ioc, GIOCondition condi= tion, - gpointer user_data); - -static void qio_channel_tls_bye_task(QIOChannelTLS *ioc, QIOTask *task, - GMainContext *context) +bool qio_channel_tls_bye(QIOChannelTLS *ioc, Error **errp) { - GIOCondition condition; - QIOChannelTLSData *data; int status; - Error *err =3D NULL; =20 - status =3D qcrypto_tls_session_bye(ioc->session, &err); + trace_qio_channel_tls_bye_start(ioc); +retry: + status =3D qcrypto_tls_session_bye(ioc->session, errp); =20 if (status < 0) { trace_qio_channel_tls_bye_fail(ioc); - qio_task_set_error(task, err); - qio_task_complete(task); - return; - } - - if (status =3D=3D QCRYPTO_TLS_BYE_COMPLETE) { - qio_task_complete(task); - return; - } - - data =3D g_new0(typeof(*data), 1); - data->task =3D task; - data->context =3D context; - - if (context) { - g_main_context_ref(context); - } - - if (status =3D=3D QCRYPTO_TLS_BYE_SENDING) { - condition =3D G_IO_OUT; - } else { - condition =3D G_IO_IN; - } - - trace_qio_channel_tls_bye_pending(ioc, status); - ioc->bye_ioc_tag =3D qio_channel_add_watch_full(ioc->master, condition, - qio_channel_tls_bye_io, - data, NULL, context); -} - - -static gboolean qio_channel_tls_bye_io(QIOChannel *ioc, GIOCondition condi= tion, - gpointer user_data) -{ - QIOChannelTLSData *data =3D user_data; - QIOTask *task =3D data->task; - GMainContext *context =3D data->context; - QIOChannelTLS *tioc =3D QIO_CHANNEL_TLS(qio_task_get_source(task)); - - tioc->bye_ioc_tag =3D 0; - g_free(data); - qio_channel_tls_bye_task(tioc, task, context); - - if (context) { - g_main_context_unref(context); + return false; + } else if (status !=3D QCRYPTO_TLS_BYE_COMPLETE) { + /* BYE event must be synchronous, retry immediately */ + trace_qio_channel_tls_bye_retry(ioc, status); + goto retry; } =20 - return FALSE; -} - -static void propagate_error(QIOTask *task, gpointer opaque) -{ - qio_task_propagate_error(task, opaque); -} - -void qio_channel_tls_bye(QIOChannelTLS *ioc, Error **errp) -{ - QIOTask *task; - - task =3D qio_task_new(OBJECT(ioc), propagate_error, errp, NULL); - - trace_qio_channel_tls_bye_start(ioc); - qio_channel_tls_bye_task(ioc, task, NULL); + trace_qio_channel_tls_bye_complete(ioc); + return true; } =20 static void qio_channel_tls_init(Object *obj G_GNUC_UNUSED) @@ -482,11 +423,6 @@ static int qio_channel_tls_close(QIOChannel *ioc, g_clear_handle_id(&tioc->hs_ioc_tag, g_source_remove); } =20 - if (tioc->bye_ioc_tag) { - trace_qio_channel_tls_bye_cancel(ioc); - g_clear_handle_id(&tioc->bye_ioc_tag, g_source_remove); - } - return qio_channel_close(tioc->master, errp); } =20 diff --git a/io/trace-events b/io/trace-events index dc3a63ba1f..67b3814192 100644 --- a/io/trace-events +++ b/io/trace-events @@ -45,10 +45,9 @@ qio_channel_tls_handshake_fail(void *ioc) "TLS handshake= fail ioc=3D%p" qio_channel_tls_handshake_complete(void *ioc) "TLS handshake complete ioc= =3D%p" qio_channel_tls_handshake_cancel(void *ioc) "TLS handshake cancel ioc=3D%p" qio_channel_tls_bye_start(void *ioc) "TLS termination start ioc=3D%p" -qio_channel_tls_bye_pending(void *ioc, int status) "TLS termination pendin= g ioc=3D%p status=3D%d" +qio_channel_tls_bye_retry(void *ioc, int status) "TLS termination pending = ioc=3D%p status=3D%d" qio_channel_tls_bye_fail(void *ioc) "TLS termination fail ioc=3D%p" qio_channel_tls_bye_complete(void *ioc) "TLS termination complete ioc=3D%p" -qio_channel_tls_bye_cancel(void *ioc) "TLS termination cancel ioc=3D%p" qio_channel_tls_credentials_allow(void *ioc) "TLS credentials allow ioc=3D= %p" qio_channel_tls_credentials_deny(void *ioc) "TLS credentials deny ioc=3D%p" =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:42 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757625916; cv=none; d=zohomail.com; s=zohoarc; b=F6bL6akVkZ9tR/zEXsxtBtfB1NoE77cb+9h02SDWHkAXHyKUZsJWmVz3/RB9JnU/crY5gdl7M9ZfsU/Ez9qq4VFsT2+qjo1OX8r/ygqEg8JoCcvvJmmuEyPriFXViZDDuxGuqGwU9idTTKAYO+DThoPTY4nY/BBUT/kDut9kRjs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757625916; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sN2ewjYKseHzqoQc0ThzSP1uQrVGcryEZdT1qKjYcXk=; b=O5oOp9sdN2algvJzQ+ih3Y62UJHUxMW2380WwLDdieUDStFFkSbNgx4mp/8jF1F3jQ/AP1cInG5kHobRsN6fBaV7jg0q4JGdXw8wbZzC4ztWC5o9MYsB1Xxk15svGVqrTB8fFRknuL+cJOuafxmDZ00ys4tVqHvvvzcaxJjHSZc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175762591646123.244718544932653; Thu, 11 Sep 2025 14:25:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uwomF-0002ij-2j; Thu, 11 Sep 2025 17:24:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom9-0002hz-N8 for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:19 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uwom7-0008Qe-P6 for qemu-devel@nongnu.org; Thu, 11 Sep 2025 17:24:17 -0400 Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-507-BuCLUof8PbGLrPL9OkXUAg-1; Thu, 11 Sep 2025 17:24:12 -0400 Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-812ae9acaecso286244285a.1 for ; Thu, 11 Sep 2025 14:24:12 -0700 (PDT) Received: from x1.com ([174.89.135.121]) by smtp.gmail.com with ESMTPSA id af79cd13be357-820c9845c47sm166032285a.28.2025.09.11.14.24.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Sep 2025 14:24:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757625853; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sN2ewjYKseHzqoQc0ThzSP1uQrVGcryEZdT1qKjYcXk=; b=HdxnTgh9VIaeIRfzdlX0lPPweQZGgfT/CzaVSU3p+/7URsufXatQ4cZsgEE40pMaWX3lwW vnlxTLN9J8KY217C4OFsy5LBlgJgcKxxMp2qtJWiyXLjLYnv1HUscZemQEl5AXop2d2ZuL Htiid+ayxLDpKNTF7iYC1ggiohQAufk= X-MC-Unique: BuCLUof8PbGLrPL9OkXUAg-1 X-Mimecast-MFC-AGG-ID: BuCLUof8PbGLrPL9OkXUAg_1757625852 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757625852; x=1758230652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sN2ewjYKseHzqoQc0ThzSP1uQrVGcryEZdT1qKjYcXk=; b=XdjC08IpcFi7eF7HG9TLIySYH8FR+91IDCJ3+TGFAVPPMeVIx7Pq5cyB47/MdSMOg5 A6oQQlcYtOCBaBJoB7BvDSdb76Pt+CC6/N7v5IOv4SjrvD8Mf3PbzRv4cdzt0dxYr8eB s1kUAwHMl98FlMcXjQzH2DToJFH8D5BWfS2F1UKzSQk2CKv8QqQrCDC3KiiE14Iw9Bj9 41/NsS4wEKOSE6L29Mo9Mv1X6KnDaa5m45jPGd9BzhjKwhS45BniT4pWKSTnVV4hXd0g GgnJ+4Yhspi3MhLuyVOS0t/CD+jco/cJxZHDN8ceoGK4irSOFnDPK7Bxc0xRXIuPntum x6kw== X-Gm-Message-State: AOJu0YyJNx/ZFfZLk8/36JYbjIriZk5jiP2xaQQAIdoO/ZSGr4jjkpAs Yu++QLr9WqfPS9jTq7pFKzfloOCdnl6GDj7NnN2u03Wr9VhWKEMdylejqNFxWjuYqUwe1oDt4jF Pdl2fwuFl89jrdeOj7DXXK76NnsZKk9qU7rJoMPaVePcNBBauW7kJlZnn06Vu56O6xon4wVbmGc j0C+FeW+1Ea9WxtVD/X+RD8f61x/mb2FhDF8kHuw== X-Gm-Gg: ASbGncuHv8Gms6H1csGDV3thqU+Lf+mOUSDQ+6AYtyhftuy1E1U+9NPCcVHVTYGaFxf ovLwfM/91jJ7zpYCevT03RoI50EoOdIuJ8cEqGwQaB4OdphiAtWm1yIk1ELLf2XuNGigSVqpRHq /dP89/ai5yo9XBykRkN5jeEMa+Iqq5GLsmO6gy5EA1DAHtKTR8w8nsGFzGVocq7fK4qL7ioUCKz ViMKVPiXlKVudxY3gs1sA0LmZSQy9pfnF37F90s6TD7WdD6KkJltcsV6GXhPIdO0h3UY6EoKacg 6K3OVFmY/g5dcZnMy1QZC1UZM7sXUw== X-Received: by 2002:a05:620a:280b:b0:81f:eb9f:a04c with SMTP id af79cd13be357-8240253e58bmr116797385a.54.1757625851514; Thu, 11 Sep 2025 14:24:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEVPd7JCuLDVwwMIoqATnOsV2K6NWcg5uP0bIcBZQGMOgv9WwJq+C+17710a0bbtog4WK98nQ== X-Received: by 2002:a05:620a:280b:b0:81f:eb9f:a04c with SMTP id af79cd13be357-8240253e58bmr116794185a.54.1757625850993; Thu, 11 Sep 2025 14:24:10 -0700 (PDT) From: Peter Xu To: qemu-devel@nongnu.org Cc: Juraj Marcin , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , peterx@redhat.com, Fabiano Rosas Subject: [PATCH v2 3/3] migration: Make migration_has_failed() work even for CANCELLING Date: Thu, 11 Sep 2025 17:23:55 -0400 Message-ID: <20250911212355.1943494-4-peterx@redhat.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250911212355.1943494-1-peterx@redhat.com> References: <20250911212355.1943494-1-peterx@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=peterx@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757625917038116600 Content-Type: text/plain; charset="utf-8" No issue I hit, the change is only from code observation when I am looking at a TLS premature termination issue. We set CANCELLED very late, it means migration_has_failed() may not work correctly if it's invoked before updating CANCELLING to CANCELLED. Allow that state will make migration_has_failed() working as expected even if it's invoked slightly earlier. One current user is the multifd code for the TLS graceful termination, where it's before updating to CANCELLED. Signed-off-by: Peter Xu Reviewed-by: Fabiano Rosas Reviewed-by: Juraj Marcin --- migration/migration.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/migration/migration.c b/migration/migration.c index 10c216d25d..f6f6a6e202 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -1702,7 +1702,8 @@ int migration_call_notifiers(MigrationState *s, Migra= tionEventType type, =20 bool migration_has_failed(MigrationState *s) { - return (s->state =3D=3D MIGRATION_STATUS_CANCELLED || + return (s->state =3D=3D MIGRATION_STATUS_CANCELLING || + s->state =3D=3D MIGRATION_STATUS_CANCELLED || s->state =3D=3D MIGRATION_STATUS_FAILED); } =20 --=20 2.50.1