On Thu, Jan 30, 2025 at 11:08:29AM +0100, Maciej S. Szmigiero wrote: > From: "Maciej S. Szmigiero" <maciej.szmigi...@oracle.com> > > Multifd send channels are terminated by calling > qio_channel_shutdown(QIO_CHANNEL_SHUTDOWN_BOTH) in > multifd_send_terminate_threads(), which in the TLS case essentially > calls shutdown(SHUT_RDWR) on the underlying raw socket. > > Unfortunately, this does not terminate the TLS session properly and > the receive side sees this as a GNUTLS_E_PREMATURE_TERMINATION error. > > The only reason why this wasn't causing migration failures is because > the current migration code apparently does not check for migration > error being set after the end of the multifd receive process. > > However, this will change soon so the multifd receive code has to be > prepared to not return an error on such premature TLS session EOF. > Use the newly introduced QIOChannelTLS method for that. > > It's worth noting that even if the sender were to be changed to terminate > the TLS connection properly the receive side still needs to remain > compatible with older QEMU bit stream which does not do this.
If this is an existing bug, we could add a Fixes. Two pure questions.. - What is the correct way to terminate the TLS session without this flag? - Why this is only needed by multifd sessions? Thanks, -- Peter Xu
