diff options
| author | Fabiano Rosas <farosas@suse.de> | 2025-02-07 10:50:49 -0300 |
|---|---|---|
| committer | Fabiano Rosas <farosas@suse.de> | 2025-02-14 15:19:04 -0300 |
| commit | 9b3b192f65b1cf635719a2981dd2d4b70892d2ec (patch) | |
| tree | 2a31b4c7b3e116ce5fda51fcc2b053004ebdfe96 /migration/migration.h | |
| parent | 48796f6b44df1dd0f78d18757889d5ac478c33e4 (diff) | |
| download | focaccia-qemu-9b3b192f65b1cf635719a2981dd2d4b70892d2ec.tar.gz focaccia-qemu-9b3b192f65b1cf635719a2981dd2d4b70892d2ec.zip | |
migration/multifd: Add a compat property for TLS termination
We're currently changing the way the source multifd migration handles the shutdown of the multifd channels when TLS is in use to perform a clean termination by calling gnutls_bye(). Older src QEMUs will always close the channel without terminating the TLS session. New dst QEMUs treat an unclean termination as an error. Add multifd_clean_tls_termination (default true) that can be switched on the destination whenever a src QEMU <= 9.2 is in use. (Note that the compat property is only strictly necessary for src QEMUs older than 9.1. Due to synchronization coincidences, src QEMUs 9.1 and 9.2 can put the destination in a condition where it doesn't see the unclean termination. Still, make the property more inclusive to facilitate potential backports.) Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Diffstat (limited to 'migration/migration.h')
| -rw-r--r-- | migration/migration.h | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/migration/migration.h b/migration/migration.h index eaebcc2042..eb84f75b4a 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -443,6 +443,39 @@ struct MigrationState { * Default value is false. (since 8.1) */ bool multifd_flush_after_each_section; + + /* + * This variable only makes sense when set on the machine that is + * the destination of a multifd migration with TLS enabled. It + * affects the behavior of the last send->recv iteration with + * regards to termination of the TLS session. + * + * When set: + * + * - the destination QEMU instance can expect to never get a + * GNUTLS_E_PREMATURE_TERMINATION error. Manifested as the error + * message: "The TLS connection was non-properly terminated". + * + * When clear: + * + * - the destination QEMU instance can expect to see a + * GNUTLS_E_PREMATURE_TERMINATION error in any multifd channel + * whenever the last recv() call of that channel happens after + * the source QEMU instance has already issued shutdown() on the + * channel. + * + * Commit 637280aeb2 (since 9.1) introduced a side effect that + * causes the destination instance to not be affected by the + * premature termination, while commit 1d457daf86 (since 10.0) + * causes the premature termination condition to be once again + * reachable. + * + * NOTE: Regardless of the state of this option, a premature + * termination of the TLS connection might happen due to error at + * any moment prior to the last send->recv iteration. + */ + bool multifd_clean_tls_termination; + /* * This decides the size of guest memory chunk that will be used * to track dirty bitmap clearing. The size of memory chunk will |