[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v8 10/15] migration: Enable TLS for preempt channel
From: |
Peter Xu |
Subject: |
[PATCH v8 10/15] migration: Enable TLS for preempt channel |
Date: |
Wed, 22 Jun 2022 16:49:15 -0400 |
This patch is based on the async preempt channel creation. It continues
wiring up the new channel with TLS handshake to destionation when enabled.
Note that only the src QEMU needs such operation; the dest QEMU does not
need any change for TLS support due to the fact that all channels are
established synchronously there, so all the TLS magic is already properly
handled by migration_tls_channel_process_incoming().
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
migration/postcopy-ram.c | 57 ++++++++++++++++++++++++++++++++++------
migration/trace-events | 1 +
2 files changed, 50 insertions(+), 8 deletions(-)
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 70b21e9d51..b9a37ef255 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -36,6 +36,7 @@
#include "socket.h"
#include "qemu-file.h"
#include "yank_functions.h"
+#include "tls.h"
/* Arbitrary limit on size of each discard command,
* keeps them around ~200 bytes
@@ -1552,15 +1553,15 @@ bool
postcopy_preempt_new_channel(MigrationIncomingState *mis, QEMUFile *file)
return true;
}
+/*
+ * Setup the postcopy preempt channel with the IOC. If ERROR is specified,
+ * setup the error instead. This helper will free the ERROR if specified.
+ */
static void
-postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+postcopy_preempt_send_channel_done(MigrationState *s,
+ QIOChannel *ioc, Error *local_err)
{
- MigrationState *s = opaque;
- QIOChannel *ioc = QIO_CHANNEL(qio_task_get_source(task));
- Error *local_err = NULL;
-
- if (qio_task_propagate_error(task, &local_err)) {
- /* Something wrong happened.. */
+ if (local_err) {
migrate_set_error(s, local_err);
error_free(local_err);
} else {
@@ -1574,7 +1575,47 @@ postcopy_preempt_send_channel_new(QIOTask *task,
gpointer opaque)
* postcopy_qemufile_src to know whether it failed or not.
*/
qemu_sem_post(&s->postcopy_qemufile_src_sem);
- object_unref(OBJECT(ioc));
+}
+
+static void
+postcopy_preempt_tls_handshake(QIOTask *task, gpointer opaque)
+{
+ g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+ MigrationState *s = opaque;
+ Error *local_err = NULL;
+
+ qio_task_propagate_error(task, &local_err);
+ postcopy_preempt_send_channel_done(s, ioc, local_err);
+}
+
+static void
+postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
+{
+ g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
+ MigrationState *s = opaque;
+ QIOChannelTLS *tioc;
+ Error *local_err = NULL;
+
+ if (qio_task_propagate_error(task, &local_err)) {
+ goto out;
+ }
+
+ if (migrate_channel_requires_tls_upgrade(ioc)) {
+ tioc = migration_tls_client_create(s, ioc, s->hostname, &local_err);
+ if (!tioc) {
+ goto out;
+ }
+ trace_postcopy_preempt_tls_handshake();
+ qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-preempt");
+ qio_channel_tls_handshake(tioc, postcopy_preempt_tls_handshake,
+ s, NULL, NULL);
+ /* Setup the channel until TLS handshake finished */
+ return;
+ }
+
+out:
+ /* This handles both good and error cases */
+ postcopy_preempt_send_channel_done(s, ioc, local_err);
}
/* Returns 0 if channel established, -1 for error. */
diff --git a/migration/trace-events b/migration/trace-events
index 0e385c3a07..a34afe7b85 100644
--- a/migration/trace-events
+++ b/migration/trace-events
@@ -287,6 +287,7 @@ postcopy_request_shared_page(const char *sharer, const char
*rb, uint64_t rb_off
postcopy_request_shared_page_present(const char *sharer, const char *rb,
uint64_t rb_offset) "%s already %s offset 0x%"PRIx64
postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" in
%s"
postcopy_page_req_del(void *addr, int count) "resolved page req %p total %d"
+postcopy_preempt_tls_handshake(void) ""
postcopy_preempt_new_channel(void) ""
postcopy_preempt_thread_entry(void) ""
postcopy_preempt_thread_exit(void) ""
--
2.32.0
- [PATCH v8 00/15] migration: Postcopy Preemption, Peter Xu, 2022/06/22
- [PATCH v8 02/15] migration: Add postcopy-preempt capability, Peter Xu, 2022/06/22
- [PATCH v8 01/15] fixup! migration: remove the QEMUFileOps 'get_buffer' callback, Peter Xu, 2022/06/22
- [PATCH v8 03/15] migration: Postcopy preemption preparation on channel creation, Peter Xu, 2022/06/22
- [PATCH v8 04/15] migration: Postcopy preemption enablement, Peter Xu, 2022/06/22
- [PATCH v8 05/15] migration: Postcopy recover with preempt enabled, Peter Xu, 2022/06/22
- [PATCH v8 06/15] migration: Create the postcopy preempt channel asynchronously, Peter Xu, 2022/06/22
- [PATCH v8 07/15] migration: Add property x-postcopy-preempt-break-huge, Peter Xu, 2022/06/22
- [PATCH v8 08/15] migration: Add helpers to detect TLS capability, Peter Xu, 2022/06/22
- [PATCH v8 09/15] migration: Export tls-[creds|hostname|authz] params to cmdline too, Peter Xu, 2022/06/22
- [PATCH v8 10/15] migration: Enable TLS for preempt channel,
Peter Xu <=
- [PATCH v8 11/15] migration: Respect postcopy request order in preemption mode, Peter Xu, 2022/06/22
- [PATCH v8 12/15] tests: Move MigrateCommon upper, Peter Xu, 2022/06/22
- [PATCH v8 13/15] tests: Add postcopy tls migration test, Peter Xu, 2022/06/22
- [PATCH v8 14/15] tests: Add postcopy tls recovery migration test, Peter Xu, 2022/06/22
- [PATCH v8 15/15] tests: Add postcopy preempt tests, Peter Xu, 2022/06/22