From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Juan Quintela <quintela@redhat.com>
Cc: qemu-devel@nongnu.org, lvivier@redhat.com, dgilbert@redhat.com,
peterx@redhat.com
Subject: Re: [Qemu-devel] [PATCH v10 10/24] migration: In case of error just end the migration
Date: Wed, 7 Mar 2018 11:52:10 +0000 [thread overview]
Message-ID: <20180307115210.GN20201@redhat.com> (raw)
In-Reply-To: <20180307110010.2205-11-quintela@redhat.com>
On Wed, Mar 07, 2018 at 11:59:56AM +0100, Juan Quintela wrote:
> Signed-off-by: Juan Quintela <quintela@redhat.com>
> ---
> migration/socket.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> diff --git a/migration/socket.c b/migration/socket.c
> index 08606c665d..b12b0a462e 100644
> --- a/migration/socket.c
> +++ b/migration/socket.c
> @@ -139,9 +139,8 @@ static gboolean socket_accept_incoming_migration(QIOChannel *ioc,
> sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
> &err);
> if (!sioc) {
> - error_report("could not accept migration connection (%s)",
> - error_get_pretty(err));
> - goto out;
> + migrate_set_error(migrate_get_current(), err);
> + return G_SOURCE_REMOVE;
It will only return NULL if a client connected & then went away. This should
not happen with a "normal" mgmt app usage. On the flip side this allows a
malicious network attacker to inflict a denial of service on the migration
by simply connecting to target QEMU & immediately exiting.
Our "authentication" for migration relies on being able to validate the TLS
certs during TLS handshake. So in general we ought to allow repeated incoming
connections until we get a successful handshake.
So in fact, I think a better fix here is to simply remove the original
'error_report' line, and ensure we return G_SOURCE_CONTINUE to wait for
another incoming connection from the real mgmt app.
> }
>
> trace_migration_socket_incoming_accepted();
> @@ -150,7 +149,6 @@ static gboolean socket_accept_incoming_migration(QIOChannel *ioc,
> migration_channel_process_incoming(QIO_CHANNEL(sioc));
> object_unref(OBJECT(sioc));
>
> -out:
> if (migration_has_all_channels()) {
> /* Close listening socket as its no longer needed */
> qio_channel_close(ioc, NULL);
> --
> 2.14.3
>
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-03-07 11:52 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-07 10:59 [Qemu-devel] [RFC v10 00/24] Multifd Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 01/24] tests: Add migration precopy test Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 02/24] tests: Add migration xbzrle test Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 03/24] migration: Create tcp_port parameter Juan Quintela
2018-03-07 11:38 ` Daniel P. Berrangé
2018-03-14 14:48 ` Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 04/24] migration: Set the migration tcp port Juan Quintela
2018-03-07 11:40 ` Daniel P. Berrangé
2018-03-14 14:51 ` Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 05/24] tests: Migration ppc now inlines its program Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 06/24] tests: Add basic migration precopy tcp test Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 07/24] [RFH] tests: Add migration compress threads tests Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 08/24] migration: Add multifd test Juan Quintela
2018-03-13 16:53 ` Dr. David Alan Gilbert
2018-03-14 14:52 ` Juan Quintela
2018-03-14 14:53 ` Dr. David Alan Gilbert
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 09/24] migration: Set error state in case of error Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 10/24] migration: In case of error just end the migration Juan Quintela
2018-03-07 11:52 ` Daniel P. Berrangé [this message]
2018-03-08 2:39 ` Eric Blake
2018-03-07 15:08 ` Dr. David Alan Gilbert
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 11/24] migration: terminate_* can be called for other threads Juan Quintela
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 12/24] migration: Reference counting recv channels correctly Juan Quintela
2018-03-07 11:56 ` Daniel P. Berrangé
2018-03-07 10:59 ` [Qemu-devel] [PATCH v10 13/24] migration: Introduce multifd_recv_new_channel() Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 14/24] migration: Be sure all recv channels are created Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 15/24] migration: Synchronize send threads Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 16/24] migration: Synchronize recv threads Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 17/24] migration: Export functions to create send channels Juan Quintela
2018-03-07 12:00 ` Daniel P. Berrangé
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 18/24] migration: Add multifd traces for start/end thread Juan Quintela
2018-03-07 12:01 ` Daniel P. Berrangé
2018-03-07 12:11 ` Daniel P. Berrangé
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 19/24] migration: Create multifd channels Juan Quintela
2018-03-12 9:19 ` Peter Xu
2018-03-15 12:57 ` Juan Quintela
2018-03-16 3:07 ` Peter Xu
2018-03-16 8:43 ` Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 20/24] migration: Delay start of migration main routines Juan Quintela
2018-03-12 9:36 ` Peter Xu
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 21/24] migration: Transmit initial package through the multifd channels Juan Quintela
2018-03-07 12:07 ` Daniel P. Berrangé
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 22/24] migration: Create ram_multifd_page Juan Quintela
2018-03-07 12:12 ` Daniel P. Berrangé
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 23/24] migration: Create pages structure for reception Juan Quintela
2018-03-07 11:00 ` [Qemu-devel] [PATCH v10 24/24] [RFC] migration: Send pages through the multifd channels Juan Quintela
2018-03-07 12:14 ` Daniel P. Berrangé
2018-03-07 11:26 ` [Qemu-devel] [RFC v10 00/24] Multifd no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180307115210.GN20201@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).