You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
qemu/crypto
Peter Xu 7e0c22d585 io/crypto: Move tls premature termination handling into QIO layer
QCryptoTLSSession allows TLS premature termination in two cases, one of the
case is when the channel shutdown() is invoked on READ side.

It's possible the shutdown() happened after the read thread blocked at
gnutls_record_recv().  In this case, we should allow the premature
termination to happen.

The problem is by the time qcrypto_tls_session_read() was invoked,
tioc->shutdown may not have been set, so this may instead be treated as an
error if there is concurrent shutdown() calls.

To allow the flag to reflect the latest status of tioc->shutdown, move the
check upper into the QIOChannel level, so as to read the flag only after
QEMU gets an GNUTLS_E_PREMATURE_TERMINATION.

When at it, introduce qio_channel_tls_allow_premature_termination() helper
to make the condition checks easier to read.  When doing so, change the
qatomic_load_acquire() to qatomic_read(): here we don't need any ordering
of memory accesses, but reading a flag.  qatomic_read() would suffice
because it guarantees fetching from memory.  Nothing else we should need to
order on memory access.

This patch will fix a qemu qtest warning when running the preempt tls test,
reporting premature termination:

QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --full -r /x86_64/migration/postcopy/preempt/tls/psk
...
qemu-kvm: Cannot read from TLS channel: The TLS connection was non-properly terminated.
...

In this specific case, the error was set by postcopy_preempt_thread, which
normally will be concurrently shutdown()ed by the main thread.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20250918203937.200833-2-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
3 weeks ago
..
aes.c target/riscv: Use existing lookup tables for MixColumns 2 years ago
afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 1 year ago
afalgpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 1 year ago
afsplit.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 1 year ago
akcipher-gcrypt.c.inc include: Rename sysemu/ -> system/ 10 months ago
akcipher-nettle.c.inc include: Rename sysemu/ -> system/ 10 months ago
akcipher.c qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 1 year ago
akcipherpriv.h qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 1 year ago
block-luks-priv.h crypto: Clean up includes 3 years ago
block-luks.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 1 year ago
block-luks.h crypto: Fix LGPL information in the file headers 6 years ago
block-qcow.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 1 year ago
block-qcow.h crypto: Fix LGPL information in the file headers 6 years ago
block.c qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
blockpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
cipher-afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 1 year ago
cipher-gcrypt.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
cipher-gnutls.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
cipher-nettle.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
cipher-stub.c.inc crypto: fully drop built-in cipher provider 5 months ago
cipher.c crypto: fully drop built-in cipher provider 5 months ago
cipherpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 1 year ago
clmul.c crypto: Add generic 64-bit carry-less multiply routine 2 years ago
der.c crypto: Remove unused DER string functions 1 year ago
der.h crypto: Remove unused DER string functions 1 year ago
hash-afalg.c overall: Remove unnecessary g_strdup_printf() calls 8 months ago
hash-gcrypt.c crypto: perform runtime check for hash/hmac support in gcrypt 12 months ago
hash-glib.c crypto/hash: avoid overwriting user supplied result pointer 1 year ago
hash-gnutls.c crypto/hash: avoid overwriting user supplied result pointer 1 year ago
hash-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 12 months ago
hash.c crypto: Introduce SM3 hash hmac pbkdf algorithm 12 months ago
hashpriv.h crypto/hashpriv: Remove old hash API function 1 year ago
hmac-gcrypt.c crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls 2 months ago
hmac-glib.c crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls 2 months ago
hmac-gnutls.c crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls 2 months ago
hmac-nettle.c crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls 2 months ago
hmac.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 1 year ago
hmacpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 1 year ago
init.c crypto: drop gnutls debug logging support 1 year ago
ivgen-essiv.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-essiv.h crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain.h Clean up ill-advised or unusual header guards 4 years ago
ivgen-plain64.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain64.h crypto: Fix LGPL information in the file headers 6 years ago
ivgen.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 1 year ago
ivgenpriv.h qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 1 year ago
meson.build crypto: Introduce x509 utils 1 year ago
pbkdf-gcrypt.c crypto: Introduce SM3 hash hmac pbkdf algorithm 12 months ago
pbkdf-gnutls.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 1 year ago
pbkdf-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 12 months ago
pbkdf-stub.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 1 year ago
pbkdf.c crypto: fix bogus error benchmarking pbkdf on fast machines 9 months ago
random-gcrypt.c crypto: Fix LGPL information in the file headers 6 years ago
random-gnutls.c crypto: Fix LGPL information in the file headers 6 years ago
random-none.c crypto: add "none" random provider 5 years ago
random-platform.c crypto: Fix LGPL information in the file headers 6 years ago
rsakey-builtin.c.inc qapi/crypto: Drop unwanted 'prefix' 1 year ago
rsakey-nettle.c.inc qapi/crypto: Drop unwanted 'prefix' 1 year ago
rsakey.c crypto: Support export akcipher to pkcs8 3 years ago
rsakey.h crypto: Support export akcipher to pkcs8 3 years ago
secret.c qom: Have class_init() take a const data argument 6 months ago
secret_common.c qom: Make InterfaceInfo[] uses const 6 months ago
secret_keyring.c qom: Have class_init() take a const data argument 6 months ago
sm4.c crypto: Add SM4 constant parameter CK 2 years ago
tls-cipher-suites.c qom: Make InterfaceInfo[] uses const 6 months ago
tlscreds.c qom: Have class_init() take a const data argument 6 months ago
tlscredsanon.c qom: Make InterfaceInfo[] uses const 6 months ago
tlscredspriv.h crypto: Make QCryptoTLSCreds* structures private 4 years ago
tlscredspsk.c qom: Make InterfaceInfo[] uses const 6 months ago
tlscredsx509.c crypto: load all certificates in X509 CA file 3 months ago
tlssession.c io/crypto: Move tls premature termination handling into QIO layer 3 weeks ago
trace-events crypto: add tracing & warning about GNUTLS countermeasures 3 months ago
trace.h trace: switch position of headers to what Meson requires 5 years ago
x509-utils.c crypto/x509-utils: Check for error from gnutls_x509_crt_init() 3 months ago
xts.c crypto: Fix LGPL information in the file headers 6 years ago