From: Peter Xu <peterx@redhat.com>
To: Fabiano Rosas <farosas@suse.de>
Cc: qemu-devel@nongnu.org,
"Maciej S . Szmigiero" <mail@maciej.szmigiero.name>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Zhao Liu" <zhao1.liu@intel.com>
Subject: Re: [RFC PATCH v3 7/8] migration/multifd: Add a compat property for TLS termination
Date: Mon, 10 Feb 2025 12:11:42 -0500 [thread overview]
Message-ID: <Z6ozTtvsIU66tzQ7@x1.local> (raw)
In-Reply-To: <20250207195359.17443-8-farosas@suse.de>
On Fri, Feb 07, 2025 at 04:53:58PM -0300, Fabiano Rosas wrote:
> We're currently changing the way the source multifd migration handles
> the shutdown of the multifd channels when TLS is in use to perform a
> clean termination by calling gnutls_bye().
>
> Older src QEMUs will always close the channel without terminating the
> TLS session. New dst QEMUs treat an unclean termination as an error.
>
> Add multifd_clean_tls_termination (default true) that can be switched
> on the destination whenever a src QEMU <= 9.2 is in use.
>
> (Note that the compat property is only strictly necessary for src
> QEMUs older than 9.1. Due to synchronization coincidences, src QEMUs
> 9.1 and 9.2 can put the destination in a condition where it doesn't
> see the unclean termination. Still, make the property more inclusive
> to facilitate potential backports.)
>
> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
One nitpick..
> ---
> hw/core/machine.c | 1 +
> migration/migration.h | 33 +++++++++++++++++++++++++++++++++
> migration/multifd.c | 15 +++++++++++++--
> migration/multifd.h | 2 ++
> migration/options.c | 2 ++
> 5 files changed, 51 insertions(+), 2 deletions(-)
>
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 254cc20c4c..02cff735b3 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -42,6 +42,7 @@ GlobalProperty hw_compat_9_2[] = {
> { "virtio-balloon-pci-transitional", "vectors", "0" },
> { "virtio-balloon-pci-non-transitional", "vectors", "0" },
> { "virtio-mem-pci", "vectors", "0" },
> + { "migration", "multifd-clean-tls-termination", "false" },
> };
> const size_t hw_compat_9_2_len = G_N_ELEMENTS(hw_compat_9_2);
>
> diff --git a/migration/migration.h b/migration/migration.h
> index 4c1fafc2b5..77def0b437 100644
> --- a/migration/migration.h
> +++ b/migration/migration.h
> @@ -443,6 +443,39 @@ struct MigrationState {
> * Default value is false. (since 8.1)
> */
> bool multifd_flush_after_each_section;
> +
> + /*
> + * This variable only makes sense when set on the machine that is
> + * the destination of a multifd migration with TLS enabled. It
> + * affects the behavior of the last send->recv iteration with
> + * regards to termination of the TLS session.
> + *
> + * When set:
> + *
> + * - the destination QEMU instance can expect to never get a
> + * GNUTLS_E_PREMATURE_TERMINATION error. Manifested as the error
> + * message: "The TLS connection was non-properly terminated".
> + *
> + * When clear:
> + *
> + * - the destination QEMU instance can expect to see a
> + * GNUTLS_E_PREMATURE_TERMINATION error in any multifd channel
> + * whenever the last recv() call of that channel happens after
> + * the source QEMU instance has already issued shutdown() on the
> + * channel.
> + *
> + * Commit 637280aeb2 (since 9.1) introduced a side effect that
> + * causes the destination instance to not be affected by the
> + * premature termination, while commit 1d457daf86 (since 10.0)
> + * causes the premature termination condition to be once again
> + * reachable.
> + *
> + * NOTE: Regardless of the state of this option, a premature
> + * termination of the TLS connection might happen due to error at
> + * any moment prior to the last send->recv iteration.
> + */
> + bool multifd_clean_tls_termination;
> +
> /*
> * This decides the size of guest memory chunk that will be used
> * to track dirty bitmap clearing. The size of memory chunk will
> diff --git a/migration/multifd.c b/migration/multifd.c
> index 0296758c08..8045197be8 100644
> --- a/migration/multifd.c
> +++ b/migration/multifd.c
> @@ -1151,6 +1151,7 @@ void multifd_recv_sync_main(void)
>
> static void *multifd_recv_thread(void *opaque)
> {
> + MigrationState *s = migrate_get_current();
> MultiFDRecvParams *p = opaque;
> Error *local_err = NULL;
> bool use_packets = multifd_use_packets();
> @@ -1159,18 +1160,28 @@ static void *multifd_recv_thread(void *opaque)
> trace_multifd_recv_thread_start(p->id);
> rcu_register_thread();
>
> + if (!s->multifd_clean_tls_termination) {
> + p->read_flags = QIO_CHANNEL_READ_FLAG_RELAXED_EOF;
> + }
> +
> while (true) {
> uint32_t flags = 0;
> bool has_data = false;
> p->normal_num = 0;
>
> +
Extra newline (can be fixed when merge)
> if (use_packets) {
> + struct iovec iov = {
> + .iov_base = (void *)p->packet,
> + .iov_len = p->packet_len
> + };
> +
> if (multifd_recv_should_exit()) {
> break;
> }
>
> - ret = qio_channel_read_all_eof(p->c, (void *)p->packet,
> - p->packet_len, &local_err);
> + ret = qio_channel_readv_full_all_eof(p->c, &iov, 1, NULL, NULL,
> + p->read_flags, &local_err);
> if (!ret) {
> /* EOF */
> assert(!local_err);
> diff --git a/migration/multifd.h b/migration/multifd.h
> index bd785b9873..cf408ff721 100644
> --- a/migration/multifd.h
> +++ b/migration/multifd.h
> @@ -244,6 +244,8 @@ typedef struct {
> uint32_t zero_num;
> /* used for de-compression methods */
> void *compress_data;
> + /* Flags for the QIOChannel */
> + int read_flags;
> } MultiFDRecvParams;
>
> typedef struct {
> diff --git a/migration/options.c b/migration/options.c
> index 1ad950e397..feda354935 100644
> --- a/migration/options.c
> +++ b/migration/options.c
> @@ -99,6 +99,8 @@ const Property migration_properties[] = {
> clear_bitmap_shift, CLEAR_BITMAP_SHIFT_DEFAULT),
> DEFINE_PROP_BOOL("x-preempt-pre-7-2", MigrationState,
> preempt_pre_7_2, false),
> + DEFINE_PROP_BOOL("multifd-clean-tls-termination", MigrationState,
> + multifd_clean_tls_termination, true),
>
> /* Migration parameters */
> DEFINE_PROP_UINT8("x-throttle-trigger-threshold", MigrationState,
> --
> 2.35.3
>
--
Peter Xu
next prev parent reply other threads:[~2025-02-10 17:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-07 19:53 [RFC PATCH v3 0/8] crypto,io,migration: Add support to gnutls_bye() Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 1/8] crypto: Allow gracefully ending the TLS session Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 2/8] io: tls: Add qio_channel_tls_bye Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 3/8] crypto: Remove qcrypto_tls_session_get_handshake_status Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 4/8] io: Add flags argument to qio_channel_readv_full_all_eof Fabiano Rosas
2025-02-10 9:04 ` Daniel P. Berrangé
2025-02-07 19:53 ` [RFC PATCH v3 5/8] io: Add a read flag for relaxed EOF Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 6/8] migration/multifd: Terminate the TLS connection Fabiano Rosas
2025-02-07 19:53 ` [RFC PATCH v3 7/8] migration/multifd: Add a compat property for TLS termination Fabiano Rosas
2025-02-10 17:11 ` Peter Xu [this message]
2025-02-07 19:53 ` [RFC PATCH v3 8/8] migration: Check migration error after loadvm Fabiano Rosas
2025-02-10 17:12 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6ozTtvsIU66tzQ7@x1.local \
--to=peterx@redhat.com \
--cc=berrange@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=mail@maciej.szmigiero.name \
--cc=marcel.apfelbaum@gmail.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.