[libvirt PATCH 1/2] qemu: Disable NBD TLS migration over UNIX socket

Tue Nov 24 22:28:36 UTC 2020

On Wed, Nov 18, 2020 at 21:10:02 +0100, Martin Kletzander wrote:
> Even though it is technically possible, when running the migrations QEMU's
> nbd-server-start errors out with:
> 
>   "TLS is only supported with IPv4/IPv6"
> 
> We can always enable it when QEMU adds this feature, but for now it is safer to
> show our error message rather than rely on QEMU to error out properly.
> 
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
>  src/qemu/qemu_migration.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index fef0be63a1a7..dd44849b1a87 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -1100,6 +1100,12 @@ qemuMigrationSrcNBDStorageCopy(virQEMUDriverPtr driver,
>              if (uri->port)
>                  port = uri->port;
>          } else if (STREQ(uri->scheme, "unix")) {
> +            if (flags & VIR_MIGRATE_TLS) {
> +                virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> +                               _("NBD migration with TLS is not supported over UNIX socket"));
> +                return -1;
> +            }
> +
>              if (!uri->path) {
>                  virReportError(VIR_ERR_INVALID_ARG, "%s",
>                                 _("UNIX disks URI does not include path"));

For this patch with just the hunk above:

Reviewed-by: Jiri Denemark <jdenemar at redhat.com>

> @@ -4330,12 +4336,12 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriverPtr driver,
>  
>      VIR_DEBUG("driver=%p, sconn=%p, dconn=%p, dconnuri=%s, vm=%p, xmlin=%s, "
>                "dname=%s, uri=%s, graphicsuri=%s, listenAddress=%s, "
> -              "nmigrate_disks=%zu, migrate_disks=%p, nbdPort=%d, "
> +              "nmigrate_disks=%zu, migrate_disks=%p, nbdPort=%d, nbdURI=%s, "
>                "bandwidth=%llu, useParams=%d, flags=0x%lx",
>                driver, sconn, dconn, NULLSTR(dconnuri), vm, NULLSTR(xmlin),
>                NULLSTR(dname), NULLSTR(uri), NULLSTR(graphicsuri),
>                NULLSTR(listenAddress), nmigrate_disks, migrate_disks, nbdPort,
> -              bandwidth, useParams, flags);
> +              NULLSTR(nbdURI), bandwidth, useParams, flags);
>  
>      /* Unlike the virDomainMigrateVersion3 counterpart, we don't need
>       * to worry about auto-setting the VIR_MIGRATE_CHANGE_PROTECTION

This hunk is clearly unrelated and should not be part of this patch.

Jirka