• Daniel P. Berrangé's avatar
    io: return 0 for EOF in TLS session read after shutdown · a2458b6f
    Daniel P. Berrangé authored
    GNUTLS takes a paranoid approach when seeing 0 bytes returned by the
    underlying OS read() function. It will consider this an error and
    return GNUTLS_E_PREMATURE_TERMINATION instead of propagating the 0
    return value. It expects apps to arrange for clean termination at
    the protocol level and not rely on seeing EOF from a read call to
    detect shutdown. This is to harden apps against a malicious 3rd party
    causing termination of the sockets layer.
    
    This is unhelpful for the QEMU NBD code which does have a clean
    protocol level shutdown, but still relies on seeing 0 from the I/O
    channel read in the coroutine handling incoming replies.
    
    The upshot is that when using a plain NBD connection shutdown is
    silent, but when using TLS, the client spams the console with
    
      Cannot read from TLS channel: Broken pipe
    
    The NBD connection has, however, called qio_channel_shutdown()
    at this point to indicate that it is done with I/O. This gives
    the opportunity to optimize the code such that when the channel
    has been shutdown in the read direction, the error code
    GNUTLS_E_PREMATURE_TERMINATION gets turned into a '0' return
    instead of an error.
    Signed-off-by: 's avatarDaniel P. Berrangé <berrange@redhat.com>
    Message-Id: <20181119134228.11031-1-berrange@redhat.com>
    Reviewed-by: 's avatarEric Blake <eblake@redhat.com>
    Signed-off-by: 's avatarEric Blake <eblake@redhat.com>
    a2458b6f
Name
Last commit
Last update
..
Makefile.objs Loading commit data...
aes.c Loading commit data...
afalg.c Loading commit data...
afalgpriv.h Loading commit data...
afsplit.c Loading commit data...
block-luks.c Loading commit data...
block-luks.h Loading commit data...
block-qcow.c Loading commit data...
block-qcow.h Loading commit data...
block.c Loading commit data...
blockpriv.h Loading commit data...
cipher-afalg.c Loading commit data...
cipher-builtin.c Loading commit data...
cipher-gcrypt.c Loading commit data...
cipher-nettle.c Loading commit data...
cipher.c Loading commit data...
cipherpriv.h Loading commit data...
desrfb.c Loading commit data...
hash-afalg.c Loading commit data...
hash-gcrypt.c Loading commit data...
hash-glib.c Loading commit data...
hash-nettle.c Loading commit data...
hash.c Loading commit data...
hashpriv.h Loading commit data...
hmac-gcrypt.c Loading commit data...
hmac-glib.c Loading commit data...
hmac-nettle.c Loading commit data...
hmac.c Loading commit data...
hmacpriv.h Loading commit data...
init.c Loading commit data...
ivgen-essiv.c Loading commit data...
ivgen-essiv.h Loading commit data...
ivgen-plain.c Loading commit data...
ivgen-plain.h Loading commit data...
ivgen-plain64.c Loading commit data...
ivgen-plain64.h Loading commit data...
ivgen.c Loading commit data...
ivgenpriv.h Loading commit data...
pbkdf-gcrypt.c Loading commit data...
pbkdf-nettle.c Loading commit data...
pbkdf-stub.c Loading commit data...
pbkdf.c Loading commit data...
random-gcrypt.c Loading commit data...
random-gnutls.c Loading commit data...
random-platform.c Loading commit data...
secret.c Loading commit data...
tlscreds.c Loading commit data...
tlscredsanon.c Loading commit data...
tlscredspriv.h Loading commit data...
tlscredspsk.c Loading commit data...
tlscredsx509.c Loading commit data...
tlssession.c Loading commit data...
trace-events Loading commit data...
xts.c Loading commit data...