qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] io: return 0 for EOF in TLS session read after

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH] io: return 0 for EOF in TLS session read after shutdown
Date: Mon, 19 Nov 2018 08:31:08 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 
On 11/19/18 7:42 AM, Daniel P. Berrangé wrote:

GNUTLS takes a paranoid approach when seeing 0 bytes returned by the
underlying OS read() function. It will consider this an error and
return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0
return value. It expects apps to arrange for clean termination at
the protocol level and not rely on seeing EOF from a read call to
detect shutdown. This is to harden apps against a malicious 3rd party
causing termination of the sockets layer.

This is unhelpful for the QEMU NBD code which does have a clean
protocol level shutdown, but still relies on seeing 0 from the I/O
channel read in the coroutine handling incoming replies.

The upshot is that when using a plain NBD connection shutdown is
silent, but when using TLS, the client spams the console with

   Cannot read from TLS channel: Broken pipe

The NBD connection has, however, called qio_channel_shutdown()
at this point to indicate that it is done with I/O. This gives
the opportunity to optimize the code such that when the channel
has been shutdown in the read direction, the error code
GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return
instead of an error.
Detecting premature termination when the client has NOT requested orderly shutdown is still important, and this patch preserves that aspect. You are only changing the case where the client has informed the qio code "yes, an early termination is now okay". 



Signed-off-by: Daniel P. Berrangé <address@hidden>
---



+++ b/include/io/channel.h
@@ -51,9 +51,9 @@ enum QIOChannelFeature {
  typedef enum QIOChannelShutdown QIOChannelShutdown;
enum QIOChannelShutdown { 
-    QIO_CHANNEL_SHUTDOWN_BOTH,
-    QIO_CHANNEL_SHUTDOWN_READ,
-    QIO_CHANNEL_SHUTDOWN_WRITE,
+    QIO_CHANNEL_SHUTDOWN_READ = 1,
+    QIO_CHANNEL_SHUTDOWN_WRITE = 2,
+    QIO_CHANNEL_SHUTDOWN_BOTH = 3,


Nice use of bit operations :)


+++ b/io/channel-tls.c
@@ -275,6 +275,9 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc,
                  } else {
                      return QIO_CHANNEL_ERR_BLOCK;
                  }
+            } else if (errno == ECONNABORTED &&
+                       (tioc->shutdown & QIO_CHANNEL_SHUTDOWN_READ)) {
+                return 0;
              }


Reviewed-by: Eric Blake <address@hidden>
I like this patch better than my proposed hack to ignore read errors after requesting quit; testing it now. 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]