Re: [Qemu-devel] [PATCH v2 9/9] chardev: tcp: postpone TLS work until machine done

Wed, 07 Mar 2018 19:45:06 -0800 

On Wed, Mar 07, 2018 at 12:36:50PM +0000, Daniel P. Berrangé wrote:

[...]

> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > index bd40864f87..997c70dd7d 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > @@ -31,6 +31,7 @@
> >  #include "qemu/option.h"
> >  #include "qapi/error.h"
> >  #include "qapi/clone-visitor.h"
> > +#include "sysemu/sysemu.h"
> >  
> >  #include "chardev/char-io.h"
> >  
> > @@ -722,6 +723,11 @@ static void tcp_chr_tls_init(Chardev *chr)
> >      Error *err = NULL;
> >      gchar *name;
> >  
> > +    if (!machine_init_done) {
> > +        /* This will be postponed to machine_done notifier */
> > +        return;
> > +    }
> > +
> >      if (s->is_listen) {
> >          tioc = qio_channel_tls_new_server(
> >              s->ioc, s->tls_creds,
> > @@ -1145,6 +1151,10 @@ static int tcp_chr_machine_done_hook(Chardev *chr)
> >          tcp_chr_connect_async(chr);
> >      }
> >  
> > +    if (s->tls_creds) {
> > +        tcp_chr_tls_init(chr);
> > +    }
> 
> This looks questionable - AFAICT, there's no guarantee we have any
> client connection active when the machine dnoe hook runs. Only if
> the chardev is set in client mode, and reconnect_time is *not* set,
> but this seems to be run unconditionally.

You are right.  Thanks for spotting that.

Then how about this?  It's a bit ugly, but I think it should be safe:

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index bd40864f87..b4686fd23f 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -31,6 +31,7 @@
 #include "qemu/option.h"
 #include "qapi/error.h"
 #include "qapi/clone-visitor.h"
+#include "sysemu/sysemu.h"

 #include "chardev/char-io.h"

@@ -51,6 +52,11 @@ typedef struct {
     QIONetListener *listener;
     GSource *hup_source;
     QCryptoTLSCreds *tls_creds;
+    /*
+     * This should only be used once - when we want to setup TLS for
+     * the session but we need to wait until machine init done.
+     */
+    bool tls_need_postponed_init;
     int connected;
     int max_size;
     int do_telnetopt;
@@ -791,7 +797,15 @@ static int tcp_chr_new_client(Chardev *chr, 
QIOChannelSocket *sioc)
     }

     if (s->tls_creds) {
-        tcp_chr_tls_init(chr);
+        if (machine_init_done) {
+            tcp_chr_tls_init(chr);
+        } else {
+            /*
+             * Postpone to machine init done since we need the correct
+             * context to setup the TLS handshake.
+             */
+            s->tls_need_postponed_init = true;
+        }
     } else {
         if (s->do_telnetopt) {
             tcp_chr_telnet_init(chr);
@@ -1145,6 +1159,11 @@ static int tcp_chr_machine_done_hook(Chardev *chr)
         tcp_chr_connect_async(chr);
     }

+    if (s->tls_need_postponed_init) {
+        assert(s->tls_creds);
+        tcp_chr_tls_init(chr);
+    }
+
     return 0;
 }

Thanks,

-- 
Peter Xu

Reply via email to