81 lines
3.5 KiB
Diff
81 lines
3.5 KiB
Diff
From 5d48c5d215071526383b8fc50d81ecde62e4111b Mon Sep 17 00:00:00 2001
|
|
From: Peter Krempa <pkrempa@redhat.com>
|
|
Date: Fri, 19 Apr 2024 15:51:35 +0200
|
|
Subject: [PATCH] qemu: migration: Don't use empty string for 'tls-hostname'
|
|
NBD blockdev
|
|
|
|
While QEMU accepts and interprets an empty string in the tls-hostname
|
|
field in migration parametes as if it's unset, the same does not apply
|
|
for the 'tls-hostname' field when 'blockdev-add'-ing a NBD backend for
|
|
non-shared storage migration.
|
|
|
|
When libvirt sets up migation with TLS in 'qemuMigrationParamsEnableTLS'
|
|
the QEMU_MIGRATION_PARAM_TLS_HOSTNAME migration parameter will be set to
|
|
empty string in case when the 'hostname' argument is passed as NULL.
|
|
|
|
Later on when setting up the NBD connections for non-shared storage
|
|
migration 'qemuMigrationParamsGetTLSHostname', which fetches the value
|
|
of the aforementioned TLS parameter.
|
|
|
|
This bug was mostly latent until recently as libvirt used
|
|
MIGRATION_DEST_CONNECT_HOST mode in most cases which required the
|
|
hostname to be passed, thus the parameter was set properly.
|
|
|
|
This changed with 8d693d79c40 for post-copy migration, where libvirt now
|
|
instructs qemu to connect and thus passes NULL hostname to
|
|
qemuMigrationParamsEnableTLS, which in turn causes libvirt to try to
|
|
add NBD connection with empty string as tls-hostname resulting in:
|
|
|
|
error: internal error: unable to execute QEMU command 'blockdev-add': Certificate does not match the hostname
|
|
|
|
To address this modify 'qemuMigrationParamsGetTLSHostname' to undo the
|
|
weird semantics the migration code uses to handle TLS hostname and make
|
|
it return NULL if the hostname is an empty string.
|
|
|
|
Fixes: e8fa09d66bc
|
|
Resolves: https://issues.redhat.com/browse/RHEL-32880
|
|
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
---
|
|
src/qemu/qemu_migration_params.c | 15 +++++++++++++--
|
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
|
|
index e955822f68f..48f8657f716 100644
|
|
--- a/src/qemu/qemu_migration_params.c
|
|
+++ b/src/qemu/qemu_migration_params.c
|
|
@@ -1158,6 +1158,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriver *driver,
|
|
*tlsAlias) < 0)
|
|
return -1;
|
|
|
|
+ /* QEMU interprets an empty string for hostname as if it is not populated */
|
|
if (!migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].set &&
|
|
qemuMigrationParamsSetString(migParams,
|
|
QEMU_MIGRATION_PARAM_TLS_HOSTNAME,
|
|
@@ -1659,13 +1660,23 @@ qemuMigrationCapsGet(virDomainObj *vm,
|
|
* @migParams: Migration params object
|
|
*
|
|
* Fetches the value of the QEMU_MIGRATION_PARAM_TLS_HOSTNAME parameter which is
|
|
- * passed from the user as VIR_MIGRATE_PARAM_TLS_DESTINATION
|
|
+ * passed from the user as VIR_MIGRATE_PARAM_TLS_DESTINATION.
|
|
+ *
|
|
+ * In contrast with the migration parameter semantics, where an empty string
|
|
+ * is considered as if the hostname was not provided, this function will return
|
|
+ * NULL instead of an empty string as other parts of QEMU expect that the
|
|
+ * hostname is not provided at all.
|
|
*/
|
|
const char *
|
|
qemuMigrationParamsGetTLSHostname(qemuMigrationParams *migParams)
|
|
{
|
|
+ const char *hostname = migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].value.s;
|
|
+
|
|
if (!migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].set)
|
|
return NULL;
|
|
|
|
- return migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].value.s;
|
|
+ if (STREQ(hostname, ""))
|
|
+ return NULL;
|
|
+
|
|
+ return hostname;
|
|
}
|