[PATCH v9 09/14] migration: Enable TLS for preempt channel

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Xu <peterx@redhat.com>
To: qemu-devel@nongnu.org
Cc: Juan Quintela <quintela@redhat.com>,
	peterx@redhat.com,
	"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
	Leonardo Bras Soares Passos <lsoaresp@redhat.com>,
	Manish Mishra <manish.mishra@nutanix.com>,
	"Daniel P . Berrange" <berrange@redhat.com>
Subject: [PATCH v9 09/14] migration: Enable TLS for preempt channel
Date: Thu,  7 Jul 2022 14:55:18 -0400	[thread overview]
Message-ID: <20220707185518.27529-1-peterx@redhat.com> (raw)
In-Reply-To: <20220707185342.26794-1-peterx@redhat.com>

This patch is based on the async preempt channel creation.  It continues
wiring up the new channel with TLS handshake to destionation when enabled.

Note that only the src QEMU needs such operation; the dest QEMU does not
need any change for TLS support due to the fact that all channels are
established synchronously there, so all the TLS magic is already properly
handled by migration_tls_channel_process_incoming().

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 migration/postcopy-ram.c | 57 ++++++++++++++++++++++++++++++++++------
 migration/trace-events   |  1 +
 2 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 70b21e9d51..b9a37ef255 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -36,6 +36,7 @@
 #include "socket.h"
 #include "qemu-file.h"
 #include "yank_functions.h"
+#include "tls.h"
 
 /* Arbitrary limit on size of each discard command,
  * keeps them around ~200 bytes
@@ -1552,15 +1553,15 @@ bool postcopy_preempt_new_channel(MigrationIncomingState *mis, QEMUFile *file)
     return true;
 }
 
+/*
+ * Setup the postcopy preempt channel with the IOC.  If ERROR is specified,
+ * setup the error instead.  This helper will free the ERROR if specified.
+ */
 static void
-postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+postcopy_preempt_send_channel_done(MigrationState *s,
+                                   QIOChannel *ioc, Error *local_err)
 {
-    MigrationState *s = opaque;
-    QIOChannel *ioc = QIO_CHANNEL(qio_task_get_source(task));
-    Error *local_err = NULL;
-
-    if (qio_task_propagate_error(task, &local_err)) {
-        /* Something wrong happened.. */
+    if (local_err) {
         migrate_set_error(s, local_err);
         error_free(local_err);
     } else {
@@ -1574,7 +1575,47 @@ postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
      * postcopy_qemufile_src to know whether it failed or not.
      */
     qemu_sem_post(&s->postcopy_qemufile_src_sem);
-    object_unref(OBJECT(ioc));
+}
+
+static void
+postcopy_preempt_tls_handshake(QIOTask *task, gpointer opaque)
+{
+    g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+    MigrationState *s = opaque;
+    Error *local_err = NULL;
+
+    qio_task_propagate_error(task, &local_err);
+    postcopy_preempt_send_channel_done(s, ioc, local_err);
+}
+
+static void
+postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+{
+    g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+    MigrationState *s = opaque;
+    QIOChannelTLS *tioc;
+    Error *local_err = NULL;
+
+    if (qio_task_propagate_error(task, &local_err)) {
+        goto out;
+    }
+
+    if (migrate_channel_requires_tls_upgrade(ioc)) {
+        tioc = migration_tls_client_create(s, ioc, s->hostname, &local_err);
+        if (!tioc) {
+            goto out;
+        }
+        trace_postcopy_preempt_tls_handshake();
+        qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-preempt");
+        qio_channel_tls_handshake(tioc, postcopy_preempt_tls_handshake,
+                                  s, NULL, NULL);
+        /* Setup the channel until TLS handshake finished */
+        return;
+    }
+
+out:
+    /* This handles both good and error cases */
+    postcopy_preempt_send_channel_done(s, ioc, local_err);
 }
 
 /* Returns 0 if channel established, -1 for error. */
diff --git a/migration/trace-events b/migration/trace-events
index 0e385c3a07..a34afe7b85 100644
--- a/migration/trace-events
+++ b/migration/trace-events
@@ -287,6 +287,7 @@ postcopy_request_shared_page(const char *sharer, const char *rb, uint64_t rb_off
 postcopy_request_shared_page_present(const char *sharer, const char *rb, uint64_t rb_offset) "%s already %s offset 0x%"PRIx64
 postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" in %s"
 postcopy_page_req_del(void *addr, int count) "resolved page req %p total %d"
+postcopy_preempt_tls_handshake(void) ""
 postcopy_preempt_new_channel(void) ""
 postcopy_preempt_thread_entry(void) ""
 postcopy_preempt_thread_exit(void) ""
-- 
2.32.0

next prev parent reply	other threads:[~2022-07-07 19:02 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-07 18:53 [PATCH v9 00/14] migration: Postcopy Preemption Peter Xu
2022-07-07 18:53 ` [PATCH v9 01/14] migration: Add postcopy-preempt capability Peter Xu
2022-07-07 18:55 ` [PATCH v9 02/14] migration: Postcopy preemption preparation on channel creation Peter Xu
2022-07-19 15:15   ` Dr. David Alan Gilbert
2022-07-19 15:25     ` Peter Xu
2022-07-19 15:31       ` Dr. David Alan Gilbert
2022-07-19 15:39         ` Peter Xu
2022-07-19 16:06           ` Dr. David Alan Gilbert
2022-07-07 18:55 ` [PATCH v9 03/14] migration: Postcopy preemption enablement Peter Xu
2022-07-07 18:55 ` [PATCH v9 04/14] migration: Postcopy recover with preempt enabled Peter Xu
2022-07-07 18:55 ` [PATCH v9 05/14] migration: Create the postcopy preempt channel asynchronously Peter Xu
2022-07-07 18:55 ` [PATCH v9 06/14] migration: Add property x-postcopy-preempt-break-huge Peter Xu
2022-07-07 18:55 ` [PATCH v9 07/14] migration: Add helpers to detect TLS capability Peter Xu
2022-07-07 18:55 ` [PATCH v9 08/14] migration: Export tls-[creds|hostname|authz] params to cmdline too Peter Xu
2022-07-07 18:55 ` Peter Xu [this message]
2022-07-07 18:55 ` [PATCH v9 10/14] migration: Respect postcopy request order in preemption mode Peter Xu
2022-07-07 18:55 ` [PATCH v9 11/14] tests: Move MigrateCommon upper Peter Xu
2022-07-07 18:55 ` [PATCH v9 12/14] tests: Add postcopy tls migration test Peter Xu
2022-07-13 11:25   ` Dr. David Alan Gilbert
2022-07-07 18:55 ` [PATCH v9 13/14] tests: Add postcopy tls recovery " Peter Xu
2022-07-07 18:55 ` [PATCH v9 14/14] tests: Add postcopy preempt tests Peter Xu
2022-07-19 13:50 ` [PATCH v9 00/14] migration: Postcopy Preemption Dr. David Alan Gilbert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:70b21e9d5 dfblob:b9a37ef25 dfblob:0e385c3a0 dfblob:a34afe7b8 )
 OR (
bs:"[PATCH v9 09/14] migration: Enable TLS for preempt channel" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220707185518.27529-1-peterx@redhat.com \
    --to=peterx@redhat.com \
    --cc=berrange@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=lsoaresp@redhat.com \
    --cc=manish.mishra@nutanix.com \
    --cc=qemu-devel@nongnu.org \
    --cc=quintela@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).