Re: [Qemu-devel] [PATCH 3/6] migration: add support for a "tls-authz" migration parameter

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Juan Quintela <quintela@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, "Eric Blake" <eblake@redhat.com>,
	"Kevin Wolf" <kwolf@redhat.com>, "Max Reitz" <mreitz@redhat.com>,
	"Markus Armbruster" <armbru@redhat.com>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	qemu-block@nongnu.org,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 3/6] migration: add support for a "tls-authz" migration parameter
Date: Wed, 20 Jun 2018 12:03:45 +0200	[thread overview]
Message-ID: <87efh1lqpq.fsf@secure.mitica> (raw)
In-Reply-To: <20180615155103.11924-4-berrange@redhat.com> ("Daniel P. Berrangé"'s message of "Fri, 15 Jun 2018 16:51:00 +0100")

Daniel P. Berrangé <berrange@redhat.com> wrote:
> From: "Daniel P. Berrange" <berrange@redhat.com>

.....


It is not just the fault of this patch, but as you are the one doing the
tls bits on migration...


> @@ -1106,6 +1108,12 @@ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
>          s->parameters.tls_hostname = g_strdup(params->tls_hostname->u.s);
>      }
>  
> +    if (params->has_tls_authz) {
> +        g_free(s->parameters.tls_authz);
> +        assert(params->tls_authz->type == QTYPE_QSTRING);

We really try  hard not to use assert() on migration code (yes, it is an
ongoing effort).  The code around this is something like:

static void migrate_params_test_apply(MigrateSetParameters *params,
                                      MigrationParameters *dest)
{
    [...]

    if (params->has_compress_level) {
        dest->compress_level = params->compress_level;
    }

    [...]

    if (params->has_tls_creds) {
        assert(params->tls_creds->type == QTYPE_QSTRING);
        dest->tls_creds = g_strdup(params->tls_creds->u.s);
    }
    [...]
}

Ok, tls code is the one with strings, but still.

static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
{
    [...]
    if (params->has_compress_level) {
        s->parameters.compress_level = params->compress_level;
    }
    [...]

    if (params->has_tls_creds) {
        g_free(s->parameters.tls_creds);
        assert(params->tls_creds->type == QTYPE_QSTRING);
        s->parameters.tls_creds = g_strdup(params->tls_creds->u.s);
    }
}

And this other function:

static bool migrate_params_check(MigrationParameters *params, Error **errp)
{
    if (params->has_compress_level &&
        (params->compress_level > 9)) {
        error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "compress_level",
                   "is invalid, it should be in the range of 0 to 9");
        return false;
    }
    [...]
}

Where we don't check anything for tls.

Perhaps we can move the asserts here?

We can also try to merge migrate_params_check and
migrate_params_test_apply() into a single function, but it is not
completely trivial at the moment.

Wondering if we can do it better.

Later, Juan.

next prev parent reply	other threads:[~2018-06-20 10:04 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-15 15:50 [Qemu-devel] [PATCH 0/6] Add authorization support to all network services Daniel P. Berrangé
2018-06-15 15:50 ` [Qemu-devel] [PATCH 1/6] qemu-nbd: add support for authorization of TLS clients Daniel P. Berrangé
2018-06-19 20:06   ` Eric Blake
2018-06-20  8:42     ` Daniel P. Berrangé
2018-06-15 15:50 ` [Qemu-devel] [PATCH 2/6] nbd: allow authorization with nbd-server-start QMP command Daniel P. Berrangé
2018-06-19 20:10   ` Eric Blake
2018-06-19 22:07     ` Daniel P. Berrangé
2018-06-15 15:51 ` [Qemu-devel] [PATCH 3/6] migration: add support for a "tls-authz" migration parameter Daniel P. Berrangé
2018-06-15 17:54   ` Dr. David Alan Gilbert
2018-06-18 13:40     ` Daniel P. Berrangé
2018-06-20 10:03   ` Juan Quintela [this message]
2018-06-20 10:07     ` Daniel P. Berrangé
2018-06-20 10:11       ` Juan Quintela
2018-06-15 15:51 ` [Qemu-devel] [PATCH 4/6] chardev: add support for authorization for TLS clients Daniel P. Berrangé
2018-06-15 15:51 ` [Qemu-devel] [PATCH 5/6] vnc: allow specifying a custom authorization object name Daniel P. Berrangé
2018-06-19 12:57   ` Daniel P. Berrangé
2018-06-15 15:51 ` [Qemu-devel] [PATCH 6/6] monitor: deprecate acl_show, acl_reset, acl_policy, acl_add, acl_remove Daniel P. Berrangé
2018-06-19 12:31   ` Dr. David Alan Gilbert
2018-06-19 12:52     ` Daniel P. Berrangé

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87efh1lqpq.fsf@secure.mitica \
    --to=quintela@redhat.com \
    --cc=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=eblake@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.