[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 18/29] migration: Enable TLS for preempt channel
From: |
Dr. David Alan Gilbert (git) |
Subject: |
[PULL 18/29] migration: Enable TLS for preempt channel |
Date: |
Tue, 19 Jul 2022 18:02:10 +0100 |
From: Peter Xu <peterx@redhat.com>
This patch is based on the async preempt channel creation. It continues
wiring up the new channel with TLS handshake to destionation when enabled.
Note that only the src QEMU needs such operation; the dest QEMU does not
need any change for TLS support due to the fact that all channels are
established synchronously there, so all the TLS magic is already properly
handled by migration_tls_channel_process_incoming().
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20220707185518.27529-1-peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
migration/postcopy-ram.c | 57 ++++++++++++++++++++++++++++++++++------
migration/trace-events | 1 +
2 files changed, 50 insertions(+), 8 deletions(-)
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 70b21e9d51..b9a37ef255 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -36,6 +36,7 @@
#include "socket.h"
#include "qemu-file.h"
#include "yank_functions.h"
+#include "tls.h"
/* Arbitrary limit on size of each discard command,
* keeps them around ~200 bytes
@@ -1552,15 +1553,15 @@ bool
postcopy_preempt_new_channel(MigrationIncomingState *mis, QEMUFile *file)
return true;
}
+/*
+ * Setup the postcopy preempt channel with the IOC. If ERROR is specified,
+ * setup the error instead. This helper will free the ERROR if specified.
+ */
static void
-postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+postcopy_preempt_send_channel_done(MigrationState *s,
+ QIOChannel *ioc, Error *local_err)
{
- MigrationState *s = opaque;
- QIOChannel *ioc = QIO_CHANNEL(qio_task_get_source(task));
- Error *local_err = NULL;
-
- if (qio_task_propagate_error(task, &local_err)) {
- /* Something wrong happened.. */
+ if (local_err) {
migrate_set_error(s, local_err);
error_free(local_err);
} else {
@@ -1574,7 +1575,47 @@ postcopy_preempt_send_channel_new(QIOTask *task,
gpointer opaque)
* postcopy_qemufile_src to know whether it failed or not.
*/
qemu_sem_post(&s->postcopy_qemufile_src_sem);
- object_unref(OBJECT(ioc));
+}
+
+static void
+postcopy_preempt_tls_handshake(QIOTask *task, gpointer opaque)
+{
+ g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+ MigrationState *s = opaque;
+ Error *local_err = NULL;
+
+ qio_task_propagate_error(task, &local_err);
+ postcopy_preempt_send_channel_done(s, ioc, local_err);
+}
+
+static void
+postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+{
+ g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+ MigrationState *s = opaque;
+ QIOChannelTLS *tioc;
+ Error *local_err = NULL;
+
+ if (qio_task_propagate_error(task, &local_err)) {
+ goto out;
+ }
+
+ if (migrate_channel_requires_tls_upgrade(ioc)) {
+ tioc = migration_tls_client_create(s, ioc, s->hostname, &local_err);
+ if (!tioc) {
+ goto out;
+ }
+ trace_postcopy_preempt_tls_handshake();
+ qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-preempt");
+ qio_channel_tls_handshake(tioc, postcopy_preempt_tls_handshake,
+ s, NULL, NULL);
+ /* Setup the channel until TLS handshake finished */
+ return;
+ }
+
+out:
+ /* This handles both good and error cases */
+ postcopy_preempt_send_channel_done(s, ioc, local_err);
}
/* Returns 0 if channel established, -1 for error. */
diff --git a/migration/trace-events b/migration/trace-events
index 0e385c3a07..a34afe7b85 100644
--- a/migration/trace-events
+++ b/migration/trace-events
@@ -287,6 +287,7 @@ postcopy_request_shared_page(const char *sharer, const char
*rb, uint64_t rb_off
postcopy_request_shared_page_present(const char *sharer, const char *rb,
uint64_t rb_offset) "%s already %s offset 0x%"PRIx64
postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" in
%s"
postcopy_page_req_del(void *addr, int count) "resolved page req %p total %d"
+postcopy_preempt_tls_handshake(void) ""
postcopy_preempt_new_channel(void) ""
postcopy_preempt_thread_entry(void) ""
postcopy_preempt_thread_exit(void) ""
--
2.36.1
- [PULL 16/29] migration: Add helpers to detect TLS capability, (continued)
- [PULL 16/29] migration: Add helpers to detect TLS capability, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 12/29] migration: Postcopy preemption enablement, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 14/29] migration: Create the postcopy preempt channel asynchronously, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 23/29] tests: Add postcopy preempt tests, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 19/29] migration: Respect postcopy request order in preemption mode, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 28/29] multifd: Document the locking of MultiFD{Send/Recv}Params, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 24/29] migration: remove unreachable code after reading data, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 29/29] migration: Avoid false-positive on non-supported scenarios for zero-copy-send, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 22/29] tests: Add postcopy tls recovery migration test, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 27/29] migration/multifd: Report to user when zerocopy not working, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 18/29] migration: Enable TLS for preempt channel,
Dr. David Alan Gilbert (git) <=
- [PULL 15/29] migration: Add property x-postcopy-preempt-break-huge, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 20/29] tests: Move MigrateCommon upper, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 10/29] migration: Add postcopy-preempt capability, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 26/29] Add dirty-sync-missed-zero-copy migration stat, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 21/29] tests: Add postcopy tls migration test, Dr. David Alan Gilbert (git), 2022/07/19
- [PULL 25/29] QIOChannelSocket: Fix zero-copy flush returning code 1 when nothing sent, Dr. David Alan Gilbert (git), 2022/07/19
- Re: [PULL 00/29] migration queue, Peter Maydell, 2022/07/19
- Re: [PULL 00/29] migration queue, Peter Maydell, 2022/07/19