[{"id":3629436,"web_url":"http://patchwork.ozlabs.org/comment/3629436/","msgid":"","list_archive_url":null,"date":"2025-12-29T16:12:38","subject":"Re: [RFC PATCH 05/25] migration: Cleanup TLS handshake hostname\n passing","submitter":{"id":67717,"url":"http://patchwork.ozlabs.org/api/people/67717/","name":"Peter Xu","email":"peterx@redhat.com"},"content":"On Fri, Dec 26, 2025 at 06:19:07PM -0300, Fabiano Rosas wrote:\n> The TLS hostname is doing a tour around the world just to be cached\n> into s->hostname. We're already abusing MigrationState by doing that,\n> so incorporate the s->hostname into migration_tls_hostname() and stop\n> passing the string around.\n> \n> The old route was roughly:\n> \n> -transport code (socket.c, fd.c, etc):\n> if (SOCKET_ADDRESS_TYPE_INET)\n> hostname = saddr->u.inet.host\n> else\n> hostname = NULL\n> migration_channel_connect(..., hostname)\n> s->hostname = hostname;\n> migration_tls_client_create(..., hostname)\n> if (migrate_tls_hostname())\n> qio_channel_tls_new_client(migrate_tls_hostname())\n> else\n> qio_channel_tls_new_client(hostname)\n> \n> -postcopy_preempt_setup:\n> postcopy_preempt_send_channel_new\n> migration_tls_client_create(..., s->hostname)\n> \n> New route is:\n> \n> -socket.c only:\n> if SOCKET_ADDRESS_TYPE_INET\n> s->hostname = saddr->u.inet.host\n> migration_channel_connect()\n> migration_tls_client_create()\n> qio_channel_tls_new_client(migrate_tls_hostname())\n> \n> -postcopy_preempt_setup:\n> postcopy_preempt_send_channel_new\n> migration_tls_client_create()\n> qio_channel_tls_new_client(migrate_tls_hostname())\n> \n> Signed-off-by: Fabiano Rosas \n\nI suggest let's still copy Dan on all tls changes, though. I've done it\nhere.\n\nLooks alright to me:\n\nReviewed-by: Peter Xu \n\nTwo trivial comments on top..\n\n- Maybe, we can get rid of SocketConnectData altogether now\n\n- Maybe, we want to keep at least one tracepoint that would dump the\n hostname used\n\n> ---\n> migration/channel.c | 6 ++----\n> migration/channel.h | 1 -\n> migration/exec.c | 2 +-\n> migration/fd.c | 2 +-\n> migration/file.c | 2 +-\n> migration/multifd.c | 9 +++------\n> migration/options.c | 5 +++++\n> migration/postcopy-ram.c | 2 +-\n> migration/socket.c | 9 +++------\n> migration/tls.c | 17 ++++-------------\n> migration/tls.h | 2 --\n> migration/trace-events | 10 +++++-----\n> 12 files changed, 26 insertions(+), 41 deletions(-)\n> \n> diff --git a/migration/channel.c b/migration/channel.c\n> index b4ab676048..ba14f66d85 100644\n> --- a/migration/channel.c\n> +++ b/migration/channel.c\n> @@ -60,20 +60,18 @@ void migration_channel_process_incoming(QIOChannel *ioc)\n> *\n> * @s: Current migration state\n> * @ioc: Channel to which we are connecting\n> - * @hostname: Where we want to connect\n> * @error: Error indicating failure to connect, free'd here\n> */\n> void migration_channel_connect(MigrationState *s,\n> QIOChannel *ioc,\n> - const char *hostname,\n> Error *error)\n> {\n> trace_migration_set_outgoing_channel(\n> - ioc, object_get_typename(OBJECT(ioc)), hostname, error);\n> + ioc, object_get_typename(OBJECT(ioc)), error);\n> \n> if (!error) {\n> if (migrate_channel_requires_tls_upgrade(ioc)) {\n> - migration_tls_channel_connect(s, ioc, hostname, &error);\n> + migration_tls_channel_connect(s, ioc, &error);\n> \n> if (!error) {\n> /* tls_channel_connect will call back to this\n> diff --git a/migration/channel.h b/migration/channel.h\n> index 5bdb8208a7..2215091323 100644\n> --- a/migration/channel.h\n> +++ b/migration/channel.h\n> @@ -22,7 +22,6 @@ void migration_channel_process_incoming(QIOChannel *ioc);\n> \n> void migration_channel_connect(MigrationState *s,\n> QIOChannel *ioc,\n> - const char *hostname,\n> Error *error_in);\n> \n> int migration_channel_read_peek(QIOChannel *ioc,\n> diff --git a/migration/exec.c b/migration/exec.c\n> index 20e6cccf8c..78fe0fff13 100644\n> --- a/migration/exec.c\n> +++ b/migration/exec.c\n> @@ -55,7 +55,7 @@ void exec_start_outgoing_migration(MigrationState *s, strList *command,\n> }\n> \n> qio_channel_set_name(ioc, \"migration-exec-outgoing\");\n> - migration_channel_connect(s, ioc, NULL, NULL);\n> + migration_channel_connect(s, ioc, NULL);\n> object_unref(OBJECT(ioc));\n> }\n> \n> diff --git a/migration/fd.c b/migration/fd.c\n> index 9bf9be6acb..c956b260a4 100644\n> --- a/migration/fd.c\n> +++ b/migration/fd.c\n> @@ -70,7 +70,7 @@ void fd_start_outgoing_migration(MigrationState *s, const char *fdname, Error **\n> }\n> \n> qio_channel_set_name(ioc, \"migration-fd-outgoing\");\n> - migration_channel_connect(s, ioc, NULL, NULL);\n> + migration_channel_connect(s, ioc, NULL);\n> object_unref(OBJECT(ioc));\n> }\n> \n> diff --git a/migration/file.c b/migration/file.c\n> index bb8031e3c7..c490f2b219 100644\n> --- a/migration/file.c\n> +++ b/migration/file.c\n> @@ -122,7 +122,7 @@ void file_start_outgoing_migration(MigrationState *s,\n> return;\n> }\n> qio_channel_set_name(ioc, \"migration-file-outgoing\");\n> - migration_channel_connect(s, ioc, NULL, NULL);\n> + migration_channel_connect(s, ioc, NULL);\n> }\n> \n> static gboolean file_accept_incoming_migration(QIOChannel *ioc,\n> diff --git a/migration/multifd.c b/migration/multifd.c\n> index bf6da85af8..3fb1a07ba9 100644\n> --- a/migration/multifd.c\n> +++ b/migration/multifd.c\n> @@ -814,12 +814,10 @@ static bool multifd_tls_channel_connect(MultiFDSendParams *p,\n> QIOChannel *ioc,\n> Error **errp)\n> {\n> - MigrationState *s = migrate_get_current();\n> - const char *hostname = s->hostname;\n> MultiFDTLSThreadArgs *args;\n> QIOChannelTLS *tioc;\n> \n> - tioc = migration_tls_client_create(ioc, hostname, errp);\n> + tioc = migration_tls_client_create(ioc, errp);\n> if (!tioc) {\n> return false;\n> }\n> @@ -829,7 +827,7 @@ static bool multifd_tls_channel_connect(MultiFDSendParams *p,\n> * created TLS channel, which has already taken a reference.\n> */\n> object_unref(OBJECT(ioc));\n> - trace_multifd_tls_outgoing_handshake_start(ioc, tioc, hostname);\n> + trace_multifd_tls_outgoing_handshake_start(ioc, tioc);\n> qio_channel_set_name(QIO_CHANNEL(tioc), \"multifd-tls-outgoing\");\n> \n> args = g_new0(MultiFDTLSThreadArgs, 1);\n> @@ -876,8 +874,7 @@ static void multifd_new_send_channel_async(QIOTask *task, gpointer opaque)\n> goto out;\n> }\n> \n> - trace_multifd_set_outgoing_channel(ioc, object_get_typename(OBJECT(ioc)),\n> - migrate_get_current()->hostname);\n> + trace_multifd_set_outgoing_channel(ioc, object_get_typename(OBJECT(ioc)));\n> \n> if (migrate_channel_requires_tls_upgrade(ioc)) {\n> ret = multifd_tls_channel_connect(p, ioc, &local_err);\n> diff --git a/migration/options.c b/migration/options.c\n> index 9a5a39c886..881034c289 100644\n> --- a/migration/options.c\n> +++ b/migration/options.c\n> @@ -956,6 +956,11 @@ const char *migrate_tls_hostname(void)\n> return s->parameters.tls_hostname->u.s;\n> }\n> \n> + /* hostname saved from a previously connected channel */\n> + if (s->hostname) {\n> + return s->hostname;\n> + }\n> +\n> return NULL;\n> }\n> \n> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c\n> index 3623ab9dab..03cb0d8d65 100644\n> --- a/migration/postcopy-ram.c\n> +++ b/migration/postcopy-ram.c\n> @@ -1966,7 +1966,7 @@ postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)\n> }\n> \n> if (migrate_channel_requires_tls_upgrade(ioc)) {\n> - tioc = migration_tls_client_create(ioc, s->hostname, &local_err);\n> + tioc = migration_tls_client_create(ioc, &local_err);\n> if (!tioc) {\n> goto out;\n> }\n> diff --git a/migration/socket.c b/migration/socket.c\n> index 9e379bf56f..426f363b99 100644\n> --- a/migration/socket.c\n> +++ b/migration/socket.c\n> @@ -44,7 +44,6 @@ void socket_send_channel_create(QIOTaskFunc f, void *data)\n> \n> struct SocketConnectData {\n> MigrationState *s;\n> - char *hostname;\n> };\n> \n> static void socket_connect_data_free(void *opaque)\n> @@ -53,7 +52,6 @@ static void socket_connect_data_free(void *opaque)\n> if (!data) {\n> return;\n> }\n> - g_free(data->hostname);\n> g_free(data);\n> }\n> \n> @@ -69,7 +67,7 @@ static void socket_outgoing_migration(QIOTask *task,\n> goto out;\n> }\n> \n> - trace_migration_socket_outgoing_connected(data->hostname);\n> + trace_migration_socket_outgoing_connected();\n> \n> if (migrate_zero_copy_send() &&\n> !qio_channel_has_feature(sioc, QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY)) {\n> @@ -77,7 +75,7 @@ static void socket_outgoing_migration(QIOTask *task,\n> }\n> \n> out:\n> - migration_channel_connect(data->s, sioc, data->hostname, err);\n> + migration_channel_connect(data->s, sioc, err);\n> object_unref(OBJECT(sioc));\n> }\n> \n> @@ -96,7 +94,7 @@ void socket_start_outgoing_migration(MigrationState *s,\n> outgoing_args.saddr = addr;\n> \n> if (saddr->type == SOCKET_ADDRESS_TYPE_INET) {\n> - data->hostname = g_strdup(saddr->u.inet.host);\n> + s->hostname = g_strdup(saddr->u.inet.host);\n> }\n> \n> qio_channel_set_name(QIO_CHANNEL(sioc), \"migration-socket-outgoing\");\n> @@ -180,4 +178,3 @@ void socket_start_incoming_migration(SocketAddress *saddr,\n> qapi_free_SocketAddress(address);\n> }\n> }\n> -\n> diff --git a/migration/tls.c b/migration/tls.c\n> index 1df31bdcbb..82f58cbc78 100644\n> --- a/migration/tls.c\n> +++ b/migration/tls.c\n> @@ -112,12 +112,11 @@ static void migration_tls_outgoing_handshake(QIOTask *task,\n> } else {\n> trace_migration_tls_outgoing_handshake_complete();\n> }\n> - migration_channel_connect(s, ioc, NULL, err);\n> + migration_channel_connect(s, ioc, err);\n> object_unref(OBJECT(ioc));\n> }\n> \n> QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n> - const char *hostname,\n> Error **errp)\n> {\n> QCryptoTLSCreds *creds;\n> @@ -127,29 +126,21 @@ QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n> return NULL;\n> }\n> \n> - const char *tls_hostname = migrate_tls_hostname();\n> - if (tls_hostname) {\n> - hostname = tls_hostname;\n> - }\n> -\n> - return qio_channel_tls_new_client(ioc, creds, hostname, errp);\n> + return qio_channel_tls_new_client(ioc, creds, migrate_tls_hostname(), errp);\n> }\n> \n> void migration_tls_channel_connect(MigrationState *s,\n> QIOChannel *ioc,\n> - const char *hostname,\n> Error **errp)\n> {\n> QIOChannelTLS *tioc;\n> \n> - tioc = migration_tls_client_create(ioc, hostname, errp);\n> + tioc = migration_tls_client_create(ioc, errp);\n> if (!tioc) {\n> return;\n> }\n> \n> - /* Save hostname into MigrationState for handshake */\n> - s->hostname = g_strdup(hostname);\n> - trace_migration_tls_outgoing_handshake_start(hostname);\n> + trace_migration_tls_outgoing_handshake_start();\n> qio_channel_set_name(QIO_CHANNEL(tioc), \"migration-tls-outgoing\");\n> \n> if (migrate_postcopy_ram() || migrate_return_path()) {\n> diff --git a/migration/tls.h b/migration/tls.h\n> index 7607cfe803..7cd9c76013 100644\n> --- a/migration/tls.h\n> +++ b/migration/tls.h\n> @@ -27,12 +27,10 @@\n> void migration_tls_channel_process_incoming(QIOChannel *ioc, Error **errp);\n> \n> QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n> - const char *hostname,\n> Error **errp);\n> \n> void migration_tls_channel_connect(MigrationState *s,\n> QIOChannel *ioc,\n> - const char *hostname,\n> Error **errp);\n> void migration_tls_channel_end(QIOChannel *ioc, Error **errp);\n> /* Whether the QIO channel requires further TLS handshake? */\n> diff --git a/migration/trace-events b/migration/trace-events\n> index bf11b62b17..da8f909cac 100644\n> --- a/migration/trace-events\n> +++ b/migration/trace-events\n> @@ -149,10 +149,10 @@ multifd_send_sync_main_wait(uint8_t id) \"channel %u\"\n> multifd_send_terminate_threads(void) \"\"\n> multifd_send_thread_end(uint8_t id, uint64_t packets) \"channel %u packets %\" PRIu64\n> multifd_send_thread_start(uint8_t id) \"%u\"\n> -multifd_tls_outgoing_handshake_start(void *ioc, void *tioc, const char *hostname) \"ioc=%p tioc=%p hostname=%s\"\n> +multifd_tls_outgoing_handshake_start(void *ioc, void *tioc) \"ioc=%p tioc=%p\"\n> multifd_tls_outgoing_handshake_error(void *ioc, const char *err) \"ioc=%p err=%s\"\n> multifd_tls_outgoing_handshake_complete(void *ioc) \"ioc=%p\"\n> -multifd_set_outgoing_channel(void *ioc, const char *ioctype, const char *hostname) \"ioc=%p ioctype=%s hostname=%s\"\n> +multifd_set_outgoing_channel(void *ioc, const char *ioctype) \"ioc=%p ioctype=%s\"\n> \n> # migration.c\n> migrate_set_state(const char *new_state) \"new state %s\"\n> @@ -204,7 +204,7 @@ migration_transferred_bytes(uint64_t qemu_file, uint64_t multifd, uint64_t rdma)\n> \n> # channel.c\n> migration_set_incoming_channel(void *ioc, const char *ioctype) \"ioc=%p ioctype=%s\"\n> -migration_set_outgoing_channel(void *ioc, const char *ioctype, const char *hostname, void *err) \"ioc=%p ioctype=%s hostname=%s err=%p\"\n> +migration_set_outgoing_channel(void *ioc, const char *ioctype, void *err) \"ioc=%p ioctype=%s err=%p\"\n> \n> # global_state.c\n> migrate_state_too_big(void) \"\"\n> @@ -328,11 +328,11 @@ migration_file_incoming(const char *filename) \"filename=%s\"\n> \n> # socket.c\n> migration_socket_incoming_accepted(void) \"\"\n> -migration_socket_outgoing_connected(const char *hostname) \"hostname=%s\"\n> +migration_socket_outgoing_connected(void) \"\"\n> migration_socket_outgoing_error(const char *err) \"error=%s\"\n> \n> # tls.c\n> -migration_tls_outgoing_handshake_start(const char *hostname) \"hostname=%s\"\n> +migration_tls_outgoing_handshake_start(void) \"\"\n> migration_tls_outgoing_handshake_error(const char *err) \"err=%s\"\n> migration_tls_outgoing_handshake_complete(void) \"\"\n> migration_tls_incoming_handshake_start(void) \"\"\n> -- \n> 2.51.0\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=itj9sJLJ;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=tjh1goRK;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dg1VS1MRvz1xqH\n\tfor ; Tue, 30 Dec 2025 03:13:36 +1100 (AEDT)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1vaFrb-0008W9-Tt; Mon, 29 Dec 2025 11:12:56 -0500","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from ) id 1vaFrZ-0008Vx-QY\n for qemu-devel@nongnu.org; Mon, 29 Dec 2025 11:12:53 -0500","from us-smtp-delivery-124.mimecast.com ([170.10.129.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from ) id 1vaFrW-0004Xa-50\n for qemu-devel@nongnu.org; Mon, 29 Dec 2025 11:12:52 -0500","from mail-qv1-f69.google.com (mail-qv1-f69.google.com\n [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-155-tH58QTg7NvSjFxAXYHHdwQ-1; Mon, 29 Dec 2025 11:12:41 -0500","by mail-qv1-f69.google.com with SMTP id\n 6a1803df08f44-88a344b86f7so335133316d6.0\n for ; Mon, 29 Dec 2025 08:12:41 -0800 (PST)","from x1.local ([142.188.210.156]) by smtp.gmail.com with ESMTPSA id\n af79cd13be357-8c096787536sm2417461585a.4.2025.12.29.08.12.38\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Mon, 29 Dec 2025 08:12:39 -0800 (PST)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1767024766;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=SI1SJpIFZfl6uZw/Sc/YRu7epnkXtTOdqbsj7dYNCDs=;\n b=itj9sJLJXlDD8D05N9VF2j332TTij3NEkvpDXjdLZycMCK2uYFg8RVMSEsuHEYulm1RaZW\n t500I3l/olt2lio/sKEP0+4b3pWm69in2FsgLAVitsXQ/2fwGABkVnXmpRpo1MjOFlONZq\n T9d+tQCzsoQpOkVYGvS1eqpbB5QGYHU=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1767024760; x=1767629560; darn=nongnu.org;\n h=in-reply-to:content-disposition:mime-version:references:message-id\n :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;\n bh=SI1SJpIFZfl6uZw/Sc/YRu7epnkXtTOdqbsj7dYNCDs=;\n b=tjh1goRKPnS+QtruY9tJNquVbereFcjPlWn1iqO3ZcI9v+vvDwb/qvF57mOpIvrBgW\n ehR4F7UhBIHUiGQeGfgiBvyQQjR2uXEBlZpLFQu5tlDhb4gypO7leHKAMeOkc6w1SPU6\n kS7c2g6/H47ykXOyaVq7hLa9aFwTB/3MNdBhD/yUHHwYDsmxEIoPAFnyU0QOj6uD6N44\n LH/Pqag7nfYUGnD1Vzzr0PCTRn5b9L+0gu71oFS3ke6WmewpsN9ifw/kINlmRu7tNdRM\n ZqJkUutWxpw5zraloYEdqAEKfi1PEpHdI4kQeZdQsggqrdlklg4nfzimixIILFxXUx27\n NWuQ=="],"X-MC-Unique":"tH58QTg7NvSjFxAXYHHdwQ-1","X-Mimecast-MFC-AGG-ID":"tH58QTg7NvSjFxAXYHHdwQ_1767024760","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1767024760; x=1767629560;\n h=in-reply-to:content-disposition:mime-version:references:message-id\n :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc\n :subject:date:message-id:reply-to;\n bh=SI1SJpIFZfl6uZw/Sc/YRu7epnkXtTOdqbsj7dYNCDs=;\n b=CWDuiZcW1i1MBbr1nw2MvgH12EbEKBniLurGEOzOaUUVymQuHLmWUXn1/vz/jAX91u\n KEw0Rvcx3efP17bmU2I6qJtlRedwSAuaK6KygaISEdvH0bTVGcQOFHB/4aY0HrXncf+r\n 1k80ZIPR42/nVqT8ulFJ4kGV+ivdHOjsWjXBjluvz/Np1qq/jyeSxqxZ6IrkdA9plnYY\n o0tNr09sOKGUwK5eTc9jFZ8DOgNJbldGp7HAA/QGTBLr5FUy2wupPtaYQx/qUM5MGK3n\n t7J++erK/LFsyRo8gKAgT8DVWDiUzWyEwE8z+KZjh0Zrjw/W7gXQckq6z8mdAcZpd4LG\n 5DJQ==","X-Gm-Message-State":"AOJu0YwDLB2avT5n9bnc5Jd29/2OY7bUSdDOerLv6U/JIhkRQyIZRNQE\n WOhkkMXoIXGllmny8287SHZDP7W3ajywE/eBYnff5kcW2EkAHSj0WZpwptx4nKOxz9Mjxw2iWvM\n wVevc1D59pt8qDQ6jzcgZBtGsbhuTZCNrC34mnbgkTSrBav892uxkA5f1","X-Gm-Gg":"AY/fxX4kMJvxzdem2K5oEbCX7GrRUikdJkGUbrtsZQXBXipKYV2gA7h+QxIs9e5Cbt4\n 66wchQZEb6m6WpBqwQDO9i4efYsPS7BkmOJpwHp+PJiYCiLXNonWuvGSUOtz3kmOG5cm0WMdfE6\n pLFog5MpfB/tmoNmGgy0MUU7gm7Zt2Q+yNqUpWZJ3eQ6vi/5rB9qMUX5CbxZDc31IX1Wv0LCwlY\n C5ojhqvxAYqFjguqZyVgZHSUJUro11MDqrhPJBZ2nB2kmLH2MVpxxRoii4c6uxLw+1ziKD0yH3Q\n xRR5hybIQMYM72dgOJsIN3bGHpflc5ZdFZWaKTs5MMmkstqSopMAdMsiyWgxIqZgltdklwPL1OG\n gS8Q=","X-Received":["by 2002:ad4:4bc2:0:b0:882:4901:e960 with SMTP id\n 6a1803df08f44-88d84fff90fmr375052246d6.29.1767024760455;\n Mon, 29 Dec 2025 08:12:40 -0800 (PST)","by 2002:ad4:4bc2:0:b0:882:4901:e960 with SMTP id\n 6a1803df08f44-88d84fff90fmr375051746d6.29.1767024759813;\n Mon, 29 Dec 2025 08:12:39 -0800 (PST)"],"X-Google-Smtp-Source":"\n AGHT+IGpu8zrrLwyfwKaENImrTkZKqguKbDa3YdSqu4y754myYb2Pypjk3pbCnAQgYftsqH3Wfct0Q==","Date":"Mon, 29 Dec 2025 11:12:38 -0500","From":"Peter Xu ","To":"Fabiano Rosas ","Cc":"qemu-devel@nongnu.org,\n Daniel =?utf-8?b?UC4gQmVycmFuZ8Op?= ","Subject":"Re: [RFC PATCH 05/25] migration: Cleanup TLS handshake hostname\n passing","Message-ID":"","References":"<20251226211930.27565-1-farosas@suse.de>\n <20251226211930.27565-6-farosas@suse.de>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20251226211930.27565-6-farosas@suse.de>","Received-SPF":"pass client-ip=170.10.129.124; envelope-from=peterx@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}},{"id":3629516,"web_url":"http://patchwork.ozlabs.org/comment/3629516/","msgid":"<87cy3x84dx.fsf@suse.de>","list_archive_url":null,"date":"2025-12-29T19:38:50","subject":"Re: [RFC PATCH 05/25] migration: Cleanup TLS handshake hostname\n passing","submitter":{"id":85343,"url":"http://patchwork.ozlabs.org/api/people/85343/","name":"Fabiano Rosas","email":"farosas@suse.de"},"content":"Peter Xu writes:\n\n> On Fri, Dec 26, 2025 at 06:19:07PM -0300, Fabiano Rosas wrote:\n>> The TLS hostname is doing a tour around the world just to be cached\n>> into s->hostname. We're already abusing MigrationState by doing that,\n>> so incorporate the s->hostname into migration_tls_hostname() and stop\n>> passing the string around.\n>> \n>> The old route was roughly:\n>> \n>> -transport code (socket.c, fd.c, etc):\n>> if (SOCKET_ADDRESS_TYPE_INET)\n>> hostname = saddr->u.inet.host\n>> else\n>> hostname = NULL\n>> migration_channel_connect(..., hostname)\n>> s->hostname = hostname;\n>> migration_tls_client_create(..., hostname)\n>> if (migrate_tls_hostname())\n>> qio_channel_tls_new_client(migrate_tls_hostname())\n>> else\n>> qio_channel_tls_new_client(hostname)\n>> \n>> -postcopy_preempt_setup:\n>> postcopy_preempt_send_channel_new\n>> migration_tls_client_create(..., s->hostname)\n>> \n>> New route is:\n>> \n>> -socket.c only:\n>> if SOCKET_ADDRESS_TYPE_INET\n>> s->hostname = saddr->u.inet.host\n>> migration_channel_connect()\n>> migration_tls_client_create()\n>> qio_channel_tls_new_client(migrate_tls_hostname())\n>> \n>> -postcopy_preempt_setup:\n>> postcopy_preempt_send_channel_new\n>> migration_tls_client_create()\n>> qio_channel_tls_new_client(migrate_tls_hostname())\n>> \n>> Signed-off-by: Fabiano Rosas \n>\n> I suggest let's still copy Dan on all tls changes, though. I've done it\n> here.\n>\n\nThanks\n\n> Looks alright to me:\n>\n> Reviewed-by: Peter Xu \n>\n> Two trivial comments on top..\n>\n> - Maybe, we can get rid of SocketConnectData altogether now\n>\n\nIt goes away voluntarily on patch 21.\n\n> - Maybe, we want to keep at least one tracepoint that would dump the\n> hostname used\n>\n\nI can add one just in case.\n\n>> ---\n>> migration/channel.c | 6 ++----\n>> migration/channel.h | 1 -\n>> migration/exec.c | 2 +-\n>> migration/fd.c | 2 +-\n>> migration/file.c | 2 +-\n>> migration/multifd.c | 9 +++------\n>> migration/options.c | 5 +++++\n>> migration/postcopy-ram.c | 2 +-\n>> migration/socket.c | 9 +++------\n>> migration/tls.c | 17 ++++-------------\n>> migration/tls.h | 2 --\n>> migration/trace-events | 10 +++++-----\n>> 12 files changed, 26 insertions(+), 41 deletions(-)\n>> \n>> diff --git a/migration/channel.c b/migration/channel.c\n>> index b4ab676048..ba14f66d85 100644\n>> --- a/migration/channel.c\n>> +++ b/migration/channel.c\n>> @@ -60,20 +60,18 @@ void migration_channel_process_incoming(QIOChannel *ioc)\n>> *\n>> * @s: Current migration state\n>> * @ioc: Channel to which we are connecting\n>> - * @hostname: Where we want to connect\n>> * @error: Error indicating failure to connect, free'd here\n>> */\n>> void migration_channel_connect(MigrationState *s,\n>> QIOChannel *ioc,\n>> - const char *hostname,\n>> Error *error)\n>> {\n>> trace_migration_set_outgoing_channel(\n>> - ioc, object_get_typename(OBJECT(ioc)), hostname, error);\n>> + ioc, object_get_typename(OBJECT(ioc)), error);\n>> \n>> if (!error) {\n>> if (migrate_channel_requires_tls_upgrade(ioc)) {\n>> - migration_tls_channel_connect(s, ioc, hostname, &error);\n>> + migration_tls_channel_connect(s, ioc, &error);\n>> \n>> if (!error) {\n>> /* tls_channel_connect will call back to this\n>> diff --git a/migration/channel.h b/migration/channel.h\n>> index 5bdb8208a7..2215091323 100644\n>> --- a/migration/channel.h\n>> +++ b/migration/channel.h\n>> @@ -22,7 +22,6 @@ void migration_channel_process_incoming(QIOChannel *ioc);\n>> \n>> void migration_channel_connect(MigrationState *s,\n>> QIOChannel *ioc,\n>> - const char *hostname,\n>> Error *error_in);\n>> \n>> int migration_channel_read_peek(QIOChannel *ioc,\n>> diff --git a/migration/exec.c b/migration/exec.c\n>> index 20e6cccf8c..78fe0fff13 100644\n>> --- a/migration/exec.c\n>> +++ b/migration/exec.c\n>> @@ -55,7 +55,7 @@ void exec_start_outgoing_migration(MigrationState *s, strList *command,\n>> }\n>> \n>> qio_channel_set_name(ioc, \"migration-exec-outgoing\");\n>> - migration_channel_connect(s, ioc, NULL, NULL);\n>> + migration_channel_connect(s, ioc, NULL);\n>> object_unref(OBJECT(ioc));\n>> }\n>> \n>> diff --git a/migration/fd.c b/migration/fd.c\n>> index 9bf9be6acb..c956b260a4 100644\n>> --- a/migration/fd.c\n>> +++ b/migration/fd.c\n>> @@ -70,7 +70,7 @@ void fd_start_outgoing_migration(MigrationState *s, const char *fdname, Error **\n>> }\n>> \n>> qio_channel_set_name(ioc, \"migration-fd-outgoing\");\n>> - migration_channel_connect(s, ioc, NULL, NULL);\n>> + migration_channel_connect(s, ioc, NULL);\n>> object_unref(OBJECT(ioc));\n>> }\n>> \n>> diff --git a/migration/file.c b/migration/file.c\n>> index bb8031e3c7..c490f2b219 100644\n>> --- a/migration/file.c\n>> +++ b/migration/file.c\n>> @@ -122,7 +122,7 @@ void file_start_outgoing_migration(MigrationState *s,\n>> return;\n>> }\n>> qio_channel_set_name(ioc, \"migration-file-outgoing\");\n>> - migration_channel_connect(s, ioc, NULL, NULL);\n>> + migration_channel_connect(s, ioc, NULL);\n>> }\n>> \n>> static gboolean file_accept_incoming_migration(QIOChannel *ioc,\n>> diff --git a/migration/multifd.c b/migration/multifd.c\n>> index bf6da85af8..3fb1a07ba9 100644\n>> --- a/migration/multifd.c\n>> +++ b/migration/multifd.c\n>> @@ -814,12 +814,10 @@ static bool multifd_tls_channel_connect(MultiFDSendParams *p,\n>> QIOChannel *ioc,\n>> Error **errp)\n>> {\n>> - MigrationState *s = migrate_get_current();\n>> - const char *hostname = s->hostname;\n>> MultiFDTLSThreadArgs *args;\n>> QIOChannelTLS *tioc;\n>> \n>> - tioc = migration_tls_client_create(ioc, hostname, errp);\n>> + tioc = migration_tls_client_create(ioc, errp);\n>> if (!tioc) {\n>> return false;\n>> }\n>> @@ -829,7 +827,7 @@ static bool multifd_tls_channel_connect(MultiFDSendParams *p,\n>> * created TLS channel, which has already taken a reference.\n>> */\n>> object_unref(OBJECT(ioc));\n>> - trace_multifd_tls_outgoing_handshake_start(ioc, tioc, hostname);\n>> + trace_multifd_tls_outgoing_handshake_start(ioc, tioc);\n>> qio_channel_set_name(QIO_CHANNEL(tioc), \"multifd-tls-outgoing\");\n>> \n>> args = g_new0(MultiFDTLSThreadArgs, 1);\n>> @@ -876,8 +874,7 @@ static void multifd_new_send_channel_async(QIOTask *task, gpointer opaque)\n>> goto out;\n>> }\n>> \n>> - trace_multifd_set_outgoing_channel(ioc, object_get_typename(OBJECT(ioc)),\n>> - migrate_get_current()->hostname);\n>> + trace_multifd_set_outgoing_channel(ioc, object_get_typename(OBJECT(ioc)));\n>> \n>> if (migrate_channel_requires_tls_upgrade(ioc)) {\n>> ret = multifd_tls_channel_connect(p, ioc, &local_err);\n>> diff --git a/migration/options.c b/migration/options.c\n>> index 9a5a39c886..881034c289 100644\n>> --- a/migration/options.c\n>> +++ b/migration/options.c\n>> @@ -956,6 +956,11 @@ const char *migrate_tls_hostname(void)\n>> return s->parameters.tls_hostname->u.s;\n>> }\n>> \n>> + /* hostname saved from a previously connected channel */\n>> + if (s->hostname) {\n>> + return s->hostname;\n>> + }\n>> +\n>> return NULL;\n>> }\n>> \n>> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c\n>> index 3623ab9dab..03cb0d8d65 100644\n>> --- a/migration/postcopy-ram.c\n>> +++ b/migration/postcopy-ram.c\n>> @@ -1966,7 +1966,7 @@ postcopy_preempt_send_channel_new(QIOTask *task, gpointer opaque)\n>> }\n>> \n>> if (migrate_channel_requires_tls_upgrade(ioc)) {\n>> - tioc = migration_tls_client_create(ioc, s->hostname, &local_err);\n>> + tioc = migration_tls_client_create(ioc, &local_err);\n>> if (!tioc) {\n>> goto out;\n>> }\n>> diff --git a/migration/socket.c b/migration/socket.c\n>> index 9e379bf56f..426f363b99 100644\n>> --- a/migration/socket.c\n>> +++ b/migration/socket.c\n>> @@ -44,7 +44,6 @@ void socket_send_channel_create(QIOTaskFunc f, void *data)\n>> \n>> struct SocketConnectData {\n>> MigrationState *s;\n>> - char *hostname;\n>> };\n>> \n>> static void socket_connect_data_free(void *opaque)\n>> @@ -53,7 +52,6 @@ static void socket_connect_data_free(void *opaque)\n>> if (!data) {\n>> return;\n>> }\n>> - g_free(data->hostname);\n>> g_free(data);\n>> }\n>> \n>> @@ -69,7 +67,7 @@ static void socket_outgoing_migration(QIOTask *task,\n>> goto out;\n>> }\n>> \n>> - trace_migration_socket_outgoing_connected(data->hostname);\n>> + trace_migration_socket_outgoing_connected();\n>> \n>> if (migrate_zero_copy_send() &&\n>> !qio_channel_has_feature(sioc, QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY)) {\n>> @@ -77,7 +75,7 @@ static void socket_outgoing_migration(QIOTask *task,\n>> }\n>> \n>> out:\n>> - migration_channel_connect(data->s, sioc, data->hostname, err);\n>> + migration_channel_connect(data->s, sioc, err);\n>> object_unref(OBJECT(sioc));\n>> }\n>> \n>> @@ -96,7 +94,7 @@ void socket_start_outgoing_migration(MigrationState *s,\n>> outgoing_args.saddr = addr;\n>> \n>> if (saddr->type == SOCKET_ADDRESS_TYPE_INET) {\n>> - data->hostname = g_strdup(saddr->u.inet.host);\n>> + s->hostname = g_strdup(saddr->u.inet.host);\n>> }\n>> \n>> qio_channel_set_name(QIO_CHANNEL(sioc), \"migration-socket-outgoing\");\n>> @@ -180,4 +178,3 @@ void socket_start_incoming_migration(SocketAddress *saddr,\n>> qapi_free_SocketAddress(address);\n>> }\n>> }\n>> -\n>> diff --git a/migration/tls.c b/migration/tls.c\n>> index 1df31bdcbb..82f58cbc78 100644\n>> --- a/migration/tls.c\n>> +++ b/migration/tls.c\n>> @@ -112,12 +112,11 @@ static void migration_tls_outgoing_handshake(QIOTask *task,\n>> } else {\n>> trace_migration_tls_outgoing_handshake_complete();\n>> }\n>> - migration_channel_connect(s, ioc, NULL, err);\n>> + migration_channel_connect(s, ioc, err);\n>> object_unref(OBJECT(ioc));\n>> }\n>> \n>> QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n>> - const char *hostname,\n>> Error **errp)\n>> {\n>> QCryptoTLSCreds *creds;\n>> @@ -127,29 +126,21 @@ QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n>> return NULL;\n>> }\n>> \n>> - const char *tls_hostname = migrate_tls_hostname();\n>> - if (tls_hostname) {\n>> - hostname = tls_hostname;\n>> - }\n>> -\n>> - return qio_channel_tls_new_client(ioc, creds, hostname, errp);\n>> + return qio_channel_tls_new_client(ioc, creds, migrate_tls_hostname(), errp);\n>> }\n>> \n>> void migration_tls_channel_connect(MigrationState *s,\n>> QIOChannel *ioc,\n>> - const char *hostname,\n>> Error **errp)\n>> {\n>> QIOChannelTLS *tioc;\n>> \n>> - tioc = migration_tls_client_create(ioc, hostname, errp);\n>> + tioc = migration_tls_client_create(ioc, errp);\n>> if (!tioc) {\n>> return;\n>> }\n>> \n>> - /* Save hostname into MigrationState for handshake */\n>> - s->hostname = g_strdup(hostname);\n>> - trace_migration_tls_outgoing_handshake_start(hostname);\n>> + trace_migration_tls_outgoing_handshake_start();\n>> qio_channel_set_name(QIO_CHANNEL(tioc), \"migration-tls-outgoing\");\n>> \n>> if (migrate_postcopy_ram() || migrate_return_path()) {\n>> diff --git a/migration/tls.h b/migration/tls.h\n>> index 7607cfe803..7cd9c76013 100644\n>> --- a/migration/tls.h\n>> +++ b/migration/tls.h\n>> @@ -27,12 +27,10 @@\n>> void migration_tls_channel_process_incoming(QIOChannel *ioc, Error **errp);\n>> \n>> QIOChannelTLS *migration_tls_client_create(QIOChannel *ioc,\n>> - const char *hostname,\n>> Error **errp);\n>> \n>> void migration_tls_channel_connect(MigrationState *s,\n>> QIOChannel *ioc,\n>> - const char *hostname,\n>> Error **errp);\n>> void migration_tls_channel_end(QIOChannel *ioc, Error **errp);\n>> /* Whether the QIO channel requires further TLS handshake? */\n>> diff --git a/migration/trace-events b/migration/trace-events\n>> index bf11b62b17..da8f909cac 100644\n>> --- a/migration/trace-events\n>> +++ b/migration/trace-events\n>> @@ -149,10 +149,10 @@ multifd_send_sync_main_wait(uint8_t id) \"channel %u\"\n>> multifd_send_terminate_threads(void) \"\"\n>> multifd_send_thread_end(uint8_t id, uint64_t packets) \"channel %u packets %\" PRIu64\n>> multifd_send_thread_start(uint8_t id) \"%u\"\n>> -multifd_tls_outgoing_handshake_start(void *ioc, void *tioc, const char *hostname) \"ioc=%p tioc=%p hostname=%s\"\n>> +multifd_tls_outgoing_handshake_start(void *ioc, void *tioc) \"ioc=%p tioc=%p\"\n>> multifd_tls_outgoing_handshake_error(void *ioc, const char *err) \"ioc=%p err=%s\"\n>> multifd_tls_outgoing_handshake_complete(void *ioc) \"ioc=%p\"\n>> -multifd_set_outgoing_channel(void *ioc, const char *ioctype, const char *hostname) \"ioc=%p ioctype=%s hostname=%s\"\n>> +multifd_set_outgoing_channel(void *ioc, const char *ioctype) \"ioc=%p ioctype=%s\"\n>> \n>> # migration.c\n>> migrate_set_state(const char *new_state) \"new state %s\"\n>> @@ -204,7 +204,7 @@ migration_transferred_bytes(uint64_t qemu_file, uint64_t multifd, uint64_t rdma)\n>> \n>> # channel.c\n>> migration_set_incoming_channel(void *ioc, const char *ioctype) \"ioc=%p ioctype=%s\"\n>> -migration_set_outgoing_channel(void *ioc, const char *ioctype, const char *hostname, void *err) \"ioc=%p ioctype=%s hostname=%s err=%p\"\n>> +migration_set_outgoing_channel(void *ioc, const char *ioctype, void *err) \"ioc=%p ioctype=%s err=%p\"\n>> \n>> # global_state.c\n>> migrate_state_too_big(void) \"\"\n>> @@ -328,11 +328,11 @@ migration_file_incoming(const char *filename) \"filename=%s\"\n>> \n>> # socket.c\n>> migration_socket_incoming_accepted(void) \"\"\n>> -migration_socket_outgoing_connected(const char *hostname) \"hostname=%s\"\n>> +migration_socket_outgoing_connected(void) \"\"\n>> migration_socket_outgoing_error(const char *err) \"error=%s\"\n>> \n>> # tls.c\n>> -migration_tls_outgoing_handshake_start(const char *hostname) \"hostname=%s\"\n>> +migration_tls_outgoing_handshake_start(void) \"\"\n>> migration_tls_outgoing_handshake_error(const char *err) \"err=%s\"\n>> migration_tls_outgoing_handshake_complete(void) \"\"\n>> migration_tls_incoming_handshake_start(void) \"\"\n>> -- \n>> 2.51.0\n>>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=qT1oIrQm;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=rIIZvVK9;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=nI+pyfOn;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=68lud/bo;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)","smtp-out2.suse.de;\n\tnone"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dg64p55c9z1xpV\n\tfor ; Tue, 30 Dec 2025 06:40:10 +1100 (AEDT)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1vaJ5M-0005uA-D2; Mon, 29 Dec 2025 14:39:20 -0500","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from ) id 1vaJ50-00055a-W6\n for qemu-devel@nongnu.org; Mon, 29 Dec 2025 14:39:05 -0500","from smtp-out2.suse.de ([195.135.223.131])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from ) id 1vaJ4y-0000Qa-Gv\n for qemu-devel@nongnu.org; Mon, 29 Dec 2025 14:38:58 -0500","from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-out2.suse.de (Postfix) with ESMTPS id D54BB5BCDB;\n Mon, 29 Dec 2025 19:38:54 +0000 (UTC)","from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 43FE4137C3;\n Mon, 29 Dec 2025 19:38:54 +0000 (UTC)","from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n by imap1.dmz-prg2.suse.org with ESMTPSA id XZetAM7YUmnIVgAAD6G6ig\n (envelope-from ); Mon, 29 Dec 2025 19:38:54 +0000"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1767037135;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=ID44k5xAapWR0M4r7Nb6PHozYhpLWpX93iR9yxaaJgM=;\n b=qT1oIrQm9GGBw1Z61lkA+unn5UAMp5jHbtwPbbSTbPsxiWXn6xnDpLMCNsz/Onvhij2pxM\n 7co9mjuC6axwpFYH+MJoNq3hGbD5Ac3ciSHesdD2A7zg8lbzw8DiDc1XF+zckpKtTPOQQb\n UxRuIZRoTweUSz9dvktfPBeP0Y7NJoE=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1767037135;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=ID44k5xAapWR0M4r7Nb6PHozYhpLWpX93iR9yxaaJgM=;\n b=rIIZvVK9zSuZ+LZXPijWrrFQb5nDThG+S4J8S2XAG3IjxiuovomMVBnMbu/6BUFx18n8GJ\n tdx9na2So2rxRlCQ==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1767037134;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=ID44k5xAapWR0M4r7Nb6PHozYhpLWpX93iR9yxaaJgM=;\n b=nI+pyfOn1F4On3B5Rl0nowaUyTCBshI9Uq6B3lr+Udtj+OZR20b/YB80KJxwGwNycupVaF\n fcmoKbj5NAROPepybqfVEWWuX97syMYrRDCUaSfN7qFF6HAUSYWcEJjdmQh9NDGS9tPv70\n Cm536/aF4jA4k1+luDgGcST//l7maLE=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1767037134;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=ID44k5xAapWR0M4r7Nb6PHozYhpLWpX93iR9yxaaJgM=;\n b=68lud/bozFqFNnT9GCqlX9EtuWpf1E6IzlnvIQqtB63wFS3geiYnuxtGb72Dyrybsn8Gei\n HAsEZo/lr+aQJPCw=="],"From":"Fabiano Rosas ","To":"Peter Xu ","Cc":"qemu-devel@nongnu.org,\n =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= ","Subject":"Re: [RFC PATCH 05/25] migration: Cleanup TLS handshake hostname\n passing","In-Reply-To":"","References":"<20251226211930.27565-1-farosas@suse.de>\n <20251226211930.27565-6-farosas@suse.de> ","Date":"Mon, 29 Dec 2025 16:38:50 -0300","Message-ID":"<87cy3x84dx.fsf@suse.de>","MIME-Version":"1.0","Content-Type":"text/plain","X-Spam-Score":"-4.30","X-Spamd-Result":"default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%];\n NEURAL_HAM_LONG(-1.00)[-1.000];\n NEURAL_HAM_SHORT(-0.20)[-0.992]; MIME_GOOD(-0.10)[text/plain];\n URIBL_BLOCKED(0.00)[suse.de:email,suse.de:mid,imap1.dmz-prg2.suse.org:helo];\n DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[];\n TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+];\n FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];\n TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2];\n FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_ALL(0.00)[];\n MID_RHS_MATCH_FROM(0.00)[]; MISSING_XM_UA(0.00)[];\n RCVD_VIA_SMTP_AUTH(0.00)[];\n DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo, suse.de:email,\n suse.de:mid]","Received-SPF":"pass client-ip=195.135.223.131; envelope-from=farosas@suse.de;\n helo=smtp-out2.suse.de","X-Spam_score_int":"-43","X-Spam_score":"-4.4","X-Spam_bar":"----","X-Spam_report":"(-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,\n RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]