Re: [Qemu-devel] [PATCH] io: return 0 for EOF in TLS session read after shutdown

[Eric Blake <eblake@redhat.com>]

On 11/19/18 7:42 AM, Daniel P. Berrangé wrote:
> GNUTLS takes a paranoid approach when seeing 0 bytes returned by the
> underlying OS read() function. It will consider this an error and
> return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0
> return value. It expects apps to arrange for clean termination at
> the protocol level and not rely on seeing EOF from a read call to
> detect shutdown. This is to harden apps against a malicious 3rd party
> causing termination of the sockets layer.
> 
> This is unhelpful for the QEMU NBD code which does have a clean
> protocol level shutdown, but still relies on seeing 0 from the I/O
> channel read in the coroutine handling incoming replies.
> 
> The upshot is that when using a plain NBD connection shutdown is
> silent, but when using TLS, the client spams the console with
> 
>    Cannot read from TLS channel: Broken pipe
> 
> The NBD connection has, however, called qio_channel_shutdown()
> at this point to indicate that it is done with I/O. This gives
> the opportunity to optimize the code such that when the channel
> has been shutdown in the read direction, the error code
> GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return
> instead of an error.

Detecting premature termination when the client has NOT requested 
orderly shutdown is still important, and this patch preserves that 
aspect.  You are only changing the case where the client has informed 
the qio code "yes, an early termination is now okay".

> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---

> +++ b/include/io/channel.h
> @@ -51,9 +51,9 @@ enum QIOChannelFeature {
>   typedef enum QIOChannelShutdown QIOChannelShutdown;
>   
>   enum QIOChannelShutdown {
> -    QIO_CHANNEL_SHUTDOWN_BOTH,
> -    QIO_CHANNEL_SHUTDOWN_READ,
> -    QIO_CHANNEL_SHUTDOWN_WRITE,
> +    QIO_CHANNEL_SHUTDOWN_READ = 1,
> +    QIO_CHANNEL_SHUTDOWN_WRITE = 2,
> +    QIO_CHANNEL_SHUTDOWN_BOTH = 3,

Nice use of bit operations :)

> +++ b/io/channel-tls.c
> @@ -275,6 +275,9 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc,
>                   } else {
>                       return QIO_CHANNEL_ERR_BLOCK;
>                   }
> +            } else if (errno == ECONNABORTED &&
> +                       (tioc->shutdown & QIO_CHANNEL_SHUTDOWN_READ)) {
> +                return 0;
>               }

Reviewed-by: Eric Blake <eblake@redhat.com>

I like this patch better than my proposed hack to ignore read errors 
after requesting quit; testing it now.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org