From: Fabiano Rosas <farosas@suse.de>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Markus Armbruster" <armbru@redhat.com>,
qemu-devel@nongnu.org, "Peter Xu" <peterx@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>
Subject: Re: [PATCH 01/21] migration: Normalize tls arguments
Date: Thu, 26 Jun 2025 11:51:27 -0300 [thread overview]
Message-ID: <87zfdu5zf4.fsf@suse.de> (raw)
In-Reply-To: <87o6uayh9r.fsf@pond.sub.org>
Markus Armbruster <armbru@redhat.com> writes:
> Fabiano Rosas <farosas@suse.de> writes:
>
>> Markus Armbruster <armbru@redhat.com> writes:
>>
>>> Fabiano Rosas <farosas@suse.de> writes:
>>>
>>>> The migration parameters tls_creds, tls_authz and tls_hostname
>>>> currently have a non-uniform handling. When used as arguments to
>>>> migrate-set-parameters, their type is StrOrNull and when used as
>>>> return value from query-migrate-parameters, their type is a plain
>>>> string.
>>>>
>>>> Not only having to convert between the types is cumbersome, but it
>>>> also creates the issue of requiring two different QAPI types to be
>>>> used, one for each command. MigrateSetParameters is used for
>>>> migrate-set-parameters with the TLS arguments as StrOrNull while
>>>> MigrationParameters is used for query-migrate-parameters with the TLS
>>>> arguments as str.
>>>>
>>>> Since StrOrNull could be considered a superset of str, change the type
>>>> of the TLS arguments in MigrationParameters to StrOrNull and add a
>>>> helper to ensure they're never actually used as QTYPE_QNULL.
>>>
>>> The type of @tls_creds, @tls-hostname, @tls-authz changes from str to
>>> StrOrNull in introspection query-migrate-parameters. Loss of precision.
>>> Introspection is already imprecise: it shows the members optional even
>>> though they aren't. We accept the loss of precision to enable
>>> de-duplication.
>>>
>>> This should be worked into the commit message.
>>>
>>
>> Ack.
>>
>>>> This will allow the type duplication to be removed in the next
>>>> patches.
>>>>
>>>> Signed-off-by: Fabiano Rosas <farosas@suse.de>
>>>> ---
>>>> migration/migration-hmp-cmds.c | 8 +-
>>>> migration/migration.c | 2 +
>>>> migration/options.c | 149 ++++++++++++++++++++-------------
>>>> migration/options.h | 1 +
>>>> migration/tls.c | 2 +-
>>>> qapi/migration.json | 6 +-
>>>> 6 files changed, 99 insertions(+), 69 deletions(-)
>>>>
>>>> diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c
>>>> index e8a563c7d8..bc8179c582 100644
>>>> --- a/migration/migration-hmp-cmds.c
>>>> +++ b/migration/migration-hmp-cmds.c
>>>> @@ -276,14 +276,12 @@ void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict)
>>>> monitor_printf(mon, "%s: %u\n",
>>>> MigrationParameter_str(MIGRATION_PARAMETER_MAX_CPU_THROTTLE),
>>>> params->max_cpu_throttle);
>>>> - assert(params->tls_creds);
>>>> monitor_printf(mon, "%s: '%s'\n",
>>>> MigrationParameter_str(MIGRATION_PARAMETER_TLS_CREDS),
>>>> - params->tls_creds);
>>>> - assert(params->tls_hostname);
>>>> + params->tls_creds ? params->tls_creds->u.s : "");
>>>> monitor_printf(mon, "%s: '%s'\n",
>>>> MigrationParameter_str(MIGRATION_PARAMETER_TLS_HOSTNAME),
>>>> - params->tls_hostname);
>>>> + params->tls_hostname ? params->tls_hostname->u.s : "");
>>>> assert(params->has_max_bandwidth);
>>>> monitor_printf(mon, "%s: %" PRIu64 " bytes/second\n",
>>>> MigrationParameter_str(MIGRATION_PARAMETER_MAX_BANDWIDTH),
>>>> @@ -319,7 +317,7 @@ void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict)
>>>> params->max_postcopy_bandwidth);
>>>> monitor_printf(mon, "%s: '%s'\n",
>>>> MigrationParameter_str(MIGRATION_PARAMETER_TLS_AUTHZ),
>>>> - params->tls_authz);
>>>> + params->tls_authz ? params->tls_authz->u.s : "");
>>>>
>>>> if (params->has_block_bitmap_mapping) {
>>>> const BitmapMigrationNodeAliasList *bmnal;
>>>
>>> Before, the code assumes ->tls_creds, ->tls_hostname, and ->tls_authz
>>> are non-null. It assert its assumption for the first two.
>>>
>>> Afterwards, it maps null to "". Why is that necessary? Hmm, see below.
>>>
>>
>> Maps NULL to "" because the intermediate type, MigrationParameters, has
>> been changed from str to StrOrNull. For the purposes of info
>> migrate_parameters and query-migrate-parameters the only valid values
>> are a non-empty string or an empty string.
>
> But is NULL possible? If you just change the type from str to StrOrNull
> and no more, it isn't.
>
Since the TLS options don't have a qdev property anymore, they also
don't get set a default value. So s->parameters can indeed have the NULL
value in it.
I could initialize them in migrate_params_init. It's all about choosing
where to move the complexity. I'm leaning towards keeping it in the
interface: query-migrate converts them to whatever it needs to output
and set-migrate writes a normalized version into s->parameters.
>>>> diff --git a/migration/migration.c b/migration/migration.c
>>>> index 4697732bef..f65cb81b6d 100644
>>>> --- a/migration/migration.c
>>>> +++ b/migration/migration.c
>>>> @@ -4053,6 +4053,8 @@ static void migration_instance_finalize(Object *obj)
>>>> {
>>>> MigrationState *ms = MIGRATION_OBJ(obj);
>>>>
>>>> + migrate_tls_opts_free(&ms->parameters);
>>>
>>> Is this a bug fix?
>>>
>>
>> My new version is a little different, but I can make it a separate patch
>> if that happens to be the case.
>
> Yes, please.
>
>>> As far as I can tell, the object gets destroyed only on QEMU shutdown.
>>> Freeing resources then is unnecessary, except it may help leak detection
>>> tools.
>>>
>>
>> From a maintenance perspective I consider any leak as a bug because I
>> don't have control over what kinds of leak detection tools are ran on
>> the code. To avoid spending time looking at such bug reports I have ASAN
>> automated in my testing and I fix early any leaks that it founds.
>>
>>>> +
>>>> qemu_mutex_destroy(&ms->error_mutex);
>>>> qemu_mutex_destroy(&ms->qemu_file_lock);
>>>> qemu_sem_destroy(&ms->wait_unplug_sem);
>>>> diff --git a/migration/options.c b/migration/options.c
>>>> index 162c72cda4..45a95dc6da 100644
>>>> --- a/migration/options.c
>>>> +++ b/migration/options.c
>>>> @@ -162,9 +162,11 @@ const Property migration_properties[] = {
>>>> DEFINE_PROP_SIZE("announce-step", MigrationState,
>>>> parameters.announce_step,
>>>> DEFAULT_MIGRATE_ANNOUNCE_STEP),
>>>> - DEFINE_PROP_STRING("tls-creds", MigrationState, parameters.tls_creds),
>>>> - DEFINE_PROP_STRING("tls-hostname", MigrationState, parameters.tls_hostname),
>>>> - DEFINE_PROP_STRING("tls-authz", MigrationState, parameters.tls_authz),
>>>> + /*
>>>> + * tls-creds, tls-hostname and tls-authz are of type StrOrNull,
>>>> + * which can't be easily handled (if at all) by qdev. So these
>>>> + * will not be exposed as global migration options (-global).
>>>> + */
>>>
>>> This is a compatibility break.
>>>
>>> The orthodox way to break it is deprecate, let the grace period expire,
>>> break. Record in docs/about/deprecated.rst at the beginning, move the
>>> record to docs/about/removed-features.rst at the end.
>>>
>>> An argument could be made that the interface in question is
>>> accidental[*], not actually used by anything, and therefore breaking it
>>> without a grace period is fine. But even then we should record the
>>> breakage in docs/about/removed-features.rst.
>>>
>>
>> Ok. Alternatively I could try a little harder to keep these
>> options. I'll see what I can do.
>
> What do we think about this external interface?
>
> If we think it's accidental and unused, then putting in more work to
> keep it makes no sense.
>
> If we think it's deliberate and/or used, we should either keep it, or
> replace it the orthodox way.
>
There are two external interfaces actually.
-global migration.some_compat_option=on (stored in MigrationState):
seems intentional and I believe we'd lose the ability to get out of some
tricky situations if we ditched it.
-global migation.some_random_option=on (stored in MigrationParameters):
has become a debugging *feature*, which I personally don't use, but
others do. And worse: we don't know if anyone uses it in production.
We also arbitrarily put x- in front of options for some reason. There is
an argument to drop those because x- is scary and no one should be using
them.
I think it would be good to at least separate the responsibilities so
when the time comes we can deprecate/remove/replace the offending
interfaces. But I won't go into that now, there's already too much
change going on for this release.
next prev parent reply other threads:[~2025-06-26 14:52 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-03 1:37 [PATCH 00/21] migration: Unify capabilities and parameters Fabiano Rosas
2025-06-03 1:37 ` [PATCH 01/21] migration: Normalize tls arguments Fabiano Rosas
2025-06-05 20:51 ` Peter Xu
2025-06-06 13:48 ` Fabiano Rosas
2025-06-25 9:41 ` Markus Armbruster
2025-06-25 17:17 ` Fabiano Rosas
2025-06-26 9:38 ` Markus Armbruster
2025-06-26 14:51 ` Fabiano Rosas [this message]
2025-06-27 7:10 ` Markus Armbruster
2025-06-27 20:28 ` Fabiano Rosas
2025-07-01 7:08 ` Markus Armbruster
2025-07-01 9:05 ` Daniel P. Berrangé
2025-06-03 1:37 ` [PATCH 02/21] migration: Remove MigrateSetParameters Fabiano Rosas
2025-06-05 20:58 ` Peter Xu
2025-06-25 11:31 ` Markus Armbruster
2025-06-25 17:21 ` Fabiano Rosas
2025-06-26 9:40 ` Markus Armbruster
2025-06-03 1:37 ` [PATCH 03/21] qapi/migration: Don't document MigrationParameter Fabiano Rosas
2025-06-05 21:00 ` Peter Xu
2025-06-25 12:04 ` Markus Armbruster
2025-06-25 12:22 ` Markus Armbruster
2025-06-25 17:29 ` Fabiano Rosas
2025-06-03 1:37 ` [PATCH 04/21] migration: Run a post update routine after setting parameters Fabiano Rosas
2025-06-03 1:37 ` [PATCH 05/21] migration: Add a flag to track block-bitmap-mapping input Fabiano Rosas
2025-06-06 15:03 ` Peter Xu
2025-06-06 15:43 ` Fabiano Rosas
2025-06-06 17:44 ` Peter Xu
2025-06-06 18:38 ` Fabiano Rosas
2025-06-03 1:37 ` [PATCH 06/21] migration: Remove checks for s->parameters has_* fields Fabiano Rosas
2025-06-06 15:13 ` Peter Xu
2025-06-03 1:37 ` [PATCH 07/21] migration: Set block_bitmap_mapping unconditionally in query-migrate-parameters Fabiano Rosas
2025-06-03 1:37 ` [PATCH 08/21] migration: Do away with usage of QERR_INVALID_PARAMETER_VALUE Fabiano Rosas
2025-06-06 15:17 ` Peter Xu
2025-06-03 1:37 ` [PATCH 09/21] migration: Extract code to mark all parameters as present Fabiano Rosas
2025-06-06 15:26 ` Peter Xu
2025-06-06 15:51 ` Fabiano Rosas
2025-06-06 17:48 ` Peter Xu
2025-06-03 1:37 ` [PATCH 10/21] migration: Use QAPI_CLONE_MEMBERS in query_migrate_parameters Fabiano Rosas
2025-06-06 15:29 ` Peter Xu
2025-06-06 15:53 ` Fabiano Rosas
2025-06-12 20:58 ` Fabiano Rosas
2025-06-12 21:27 ` Peter Xu
2025-06-13 12:30 ` Fabiano Rosas
2025-06-03 1:38 ` [PATCH 11/21] migration: Use QAPI_CLONE_MEMBERS in migrate_params_test_apply Fabiano Rosas
2025-06-03 1:38 ` [PATCH 12/21] migration: Use QAPI_CLONE_MEMBERS in migrate_params_apply Fabiano Rosas
2025-06-03 1:38 ` [PATCH 13/21] migration: Use visitors in migrate_params_test_apply Fabiano Rosas
2025-06-03 1:38 ` [PATCH 14/21] migration: Cleanup hmp_info_migrate_parameters Fabiano Rosas
2025-06-06 18:52 ` Peter Xu
2025-06-03 1:38 ` [PATCH 15/21] migration: Add capabilities into MigrationParameters Fabiano Rosas
2025-06-06 19:01 ` Peter Xu
2025-06-03 1:38 ` [PATCH 16/21] qapi/migration: Mark that query/set-migrate-parameters support capabilities Fabiano Rosas
2025-06-03 9:01 ` Daniel P. Berrangé
2025-06-06 13:53 ` Fabiano Rosas
2025-06-03 1:38 ` [PATCH 17/21] migration: Remove s->capabilities Fabiano Rosas
2025-06-06 19:16 ` Peter Xu
2025-06-03 1:38 ` [PATCH 18/21] qapi/migration: Deprecate capabilities commands Fabiano Rosas
2025-06-06 19:16 ` Peter Xu
2025-06-03 1:38 ` [PATCH 19/21] migration: Allow migrate commands to provide the migration config Fabiano Rosas
2025-06-03 9:03 ` Daniel P. Berrangé
2025-06-06 19:28 ` Peter Xu
2025-06-06 20:23 ` Fabiano Rosas
2025-06-06 20:50 ` Peter Xu
2025-06-09 14:37 ` Fabiano Rosas
2025-06-09 15:51 ` Peter Xu
2025-06-09 16:13 ` Daniel P. Berrangé
2025-06-09 16:49 ` Peter Xu
2025-06-09 18:17 ` Fabiano Rosas
2025-06-09 18:02 ` Fabiano Rosas
2025-06-09 19:05 ` Peter Xu
2025-06-09 19:41 ` Fabiano Rosas
2025-06-09 20:35 ` Peter Xu
2025-06-10 20:55 ` Fabiano Rosas
2025-06-10 21:27 ` Peter Xu
2025-06-09 15:03 ` Daniel P. Berrangé
2025-06-09 15:33 ` Peter Xu
2025-06-09 15:43 ` Daniel P. Berrangé
2025-06-09 15:53 ` Peter Xu
2025-06-09 15:58 ` Peter Xu
2025-06-09 16:15 ` Daniel P. Berrangé
2025-06-09 16:41 ` Peter Xu
2025-06-03 1:38 ` [PATCH 20/21] libqtest: Add a function to check whether a QMP command supports a feature Fabiano Rosas
2025-06-03 1:38 ` [PATCH 21/21] tests/qtest/migration: Add a test for config passing Fabiano Rosas
2025-06-12 6:41 ` [PATCH 00/21] migration: Unify capabilities and parameters Mario Casquero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zfdu5zf4.fsf@suse.de \
--to=farosas@suse.de \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.