migration: Enable TLS for preempt channel
This patch is based on the async preempt channel creation. It continues wiring up the new channel with TLS handshake to destionation when enabled. Note that only the src QEMU needs such operation; the dest QEMU does not need any change for TLS support due to the fact that all channels are established synchronously there, so all the TLS magic is already properly handled by migration_tls_channel_process_incoming(). Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20220707185518.27529-1-peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
parent
9a26662752
commit
f0afaf6ce4
@ -36,6 +36,7 @@
|
|||||||
#include "socket.h"
|
#include "socket.h"
|
||||||
#include "qemu-file.h"
|
#include "qemu-file.h"
|
||||||
#include "yank_functions.h"
|
#include "yank_functions.h"
|
||||||
|
#include "tls.h"
|
||||||
|
|
||||||
/* Arbitrary limit on size of each discard command,
|
/* Arbitrary limit on size of each discard command,
|
||||||
* keeps them around ~200 bytes
|
* keeps them around ~200 bytes
|
||||||
@ -1552,15 +1553,15 @@ bool postcopy_preempt_new_channel(MigrationIncomingState *mis, QEMUFile *file)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Setup the postcopy preempt channel with the IOC. If ERROR is specified,
|
||||||
|
* setup the error instead. This helper will free the ERROR if specified.
|
||||||
|
*/
|
||||||
static void
|
static void
|
||||||
postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
|
postcopy_preempt_send_channel_done(MigrationState *s,
|
||||||
|
QIOChannel *ioc, Error *local_err)
|
||||||
{
|
{
|
||||||
MigrationState *s = opaque;
|
if (local_err) {
|
||||||
QIOChannel *ioc = QIO_CHANNEL(qio_task_get_source(task));
|
|
||||||
Error *local_err = NULL;
|
|
||||||
|
|
||||||
if (qio_task_propagate_error(task, &local_err)) {
|
|
||||||
/* Something wrong happened.. */
|
|
||||||
migrate_set_error(s, local_err);
|
migrate_set_error(s, local_err);
|
||||||
error_free(local_err);
|
error_free(local_err);
|
||||||
} else {
|
} else {
|
||||||
@ -1574,7 +1575,47 @@ postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
|
|||||||
* postcopy_qemufile_src to know whether it failed or not.
|
* postcopy_qemufile_src to know whether it failed or not.
|
||||||
*/
|
*/
|
||||||
qemu_sem_post(&s->postcopy_qemufile_src_sem);
|
qemu_sem_post(&s->postcopy_qemufile_src_sem);
|
||||||
object_unref(OBJECT(ioc));
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
postcopy_preempt_tls_handshake(QIOTask *task, gpointer opaque)
|
||||||
|
{
|
||||||
|
g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
|
||||||
|
MigrationState *s = opaque;
|
||||||
|
Error *local_err = NULL;
|
||||||
|
|
||||||
|
qio_task_propagate_error(task, &local_err);
|
||||||
|
postcopy_preempt_send_channel_done(s, ioc, local_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)
|
||||||
|
{
|
||||||
|
g_autoptr(QIOChannel) ioc = QIO_CHANNEL(qio_task_get_source(task));
|
||||||
|
MigrationState *s = opaque;
|
||||||
|
QIOChannelTLS *tioc;
|
||||||
|
Error *local_err = NULL;
|
||||||
|
|
||||||
|
if (qio_task_propagate_error(task, &local_err)) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (migrate_channel_requires_tls_upgrade(ioc)) {
|
||||||
|
tioc = migration_tls_client_create(s, ioc, s->hostname, &local_err);
|
||||||
|
if (!tioc) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
trace_postcopy_preempt_tls_handshake();
|
||||||
|
qio_channel_set_name(QIO_CHANNEL(tioc), "migration-tls-preempt");
|
||||||
|
qio_channel_tls_handshake(tioc, postcopy_preempt_tls_handshake,
|
||||||
|
s, NULL, NULL);
|
||||||
|
/* Setup the channel until TLS handshake finished */
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
/* This handles both good and error cases */
|
||||||
|
postcopy_preempt_send_channel_done(s, ioc, local_err);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Returns 0 if channel established, -1 for error. */
|
/* Returns 0 if channel established, -1 for error. */
|
||||||
|
@ -287,6 +287,7 @@ postcopy_request_shared_page(const char *sharer, const char *rb, uint64_t rb_off
|
|||||||
postcopy_request_shared_page_present(const char *sharer, const char *rb, uint64_t rb_offset) "%s already %s offset 0x%"PRIx64
|
postcopy_request_shared_page_present(const char *sharer, const char *rb, uint64_t rb_offset) "%s already %s offset 0x%"PRIx64
|
||||||
postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" in %s"
|
postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" in %s"
|
||||||
postcopy_page_req_del(void *addr, int count) "resolved page req %p total %d"
|
postcopy_page_req_del(void *addr, int count) "resolved page req %p total %d"
|
||||||
|
postcopy_preempt_tls_handshake(void) ""
|
||||||
postcopy_preempt_new_channel(void) ""
|
postcopy_preempt_new_channel(void) ""
|
||||||
postcopy_preempt_thread_entry(void) ""
|
postcopy_preempt_thread_entry(void) ""
|
||||||
postcopy_preempt_thread_exit(void) ""
|
postcopy_preempt_thread_exit(void) ""
|
||||||
|
Loading…
Reference in New Issue
Block a user