1. Patchew
  2. QEMU
  3. View series

iotest 233 is failing (was: [PULL 27/45] io/crypto: Move tls premature termination handling into QIO layer)

Thomas Huth posted 1 patch 1 month ago
Failed in applying to current master (apply log)
iotest 233 is failing (was: [PULL 27/45] io/crypto: Move tls premature termination handling into QIO layer)
Posted by Thomas Huth 1 month ago 
On 03/10/2025 17.39, Peter Xu wrote:
> QCryptoTLSSession allows TLS premature termination in two cases, one of the
> case is when the channel shutdown() is invoked on READ side.
  Hi Peter,

this patch break iotest 233 for me:

thuth:~/tmp/qemu-build$ cd tests/qemu-iotests/
thuth:~/tmp/qemu-build/tests/qemu-iotests$ ./check 233
QEMU          -- "/home/thuth/tmp/qemu-build/qemu-system-x86_64" -nodefaults 
-display none -accel qtest
QEMU_IMG      -- "/home/thuth/tmp/qemu-build/qemu-img"
QEMU_IO       -- "/home/thuth/tmp/qemu-build/qemu-io" --cache writeback 
--aio threads -f raw
QEMU_NBD      -- "/home/thuth/tmp/qemu-build/qemu-nbd"
IMGFMT        -- raw
IMGPROTO      -- file
PLATFORM      -- Linux/x86_64 thuth-p1g4 6.16.10-200.fc42.x86_64
TEST_DIR      -- /home/thuth/tmp/qemu-build/tests/qemu-iotests/scratch
SOCK_DIR      -- /tmp/qemu-iotests-eidif2rs
GDB_OPTIONS   --
VALGRIND_QEMU --
PRINT_QEMU_OUTPUT --

233   fail       [09:58:28] [09:58:30]   2.5s   (last: 2.0s)  output 
mismatch (see 
/home/thuth/tmp/qemu-build/tests/qemu-iotests/scratch/raw-file-233/233.out.bad)
--- /home/thuth/devel/qemu/tests/qemu-iotests/233.out
+++ 
/home/thuth/tmp/qemu-build/tests/qemu-iotests/scratch/raw-file-233/233.out.bad
@@ -43,51 +43,37 @@

  == check TLS fail over TCP with mismatched hostname ==
  qemu-img: Could not open 
'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not 
match the hostname localhost
-qemu-nbd: Certificate does not match the hostname localhost
+qemu-nbd: Failed to read initial magic: Unable to read from socket: 
Connection reset by peer

  == check TLS works over TCP with mismatched hostname and override ==
-image: nbd://localhost:PORT
-file format: nbd
-virtual size: 64 MiB (67108864 bytes)
-disk size: unavailable
-exports available: 1
- export: ''
-  size:  67108864
-  min block: 1
-  transaction size: 64-bit
+qemu-img: Could not open 
'driver=nbd,host=localhost,port=PORT,tls-creds=tls0,tls-hostname=127.0.0.1': 
Failed to connect to 'localhost:PORT': Connection refused
+qemu-nbd: Failed to connect to 'localhost:10809': Connection refused

  == check TLS with different CA fails ==
-qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't 
got a known issuer
-qemu-nbd: The certificate hasn't got a known issuer
+qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to connect to 
'127.0.0.1:PORT': Connection refused
+qemu-nbd: Failed to connect to '127.0.0.1:10809': Connection refused

  == perform I/O over TLS ==
-read 1048576/1048576 bytes at offset 1048576
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-wrote 1048576/1048576 bytes at offset 1048576
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+qemu-io: can't open: Failed to connect to '127.0.0.1:10809': Connection refused
+Pattern verification failed at offset 1048576, 1048576 bytes
  read 1048576/1048576 bytes at offset 1048576
  1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)

  == check TLS with authorization ==
-qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
reply: Cannot read from TLS channel: The TLS connection was non-properly 
terminated.
-qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
reply: Cannot read from TLS channel: The TLS connection was non-properly 
terminated.
+./common.nbd: line 38: kill: (545045) - No such process
+./common.rc: line 208: 545147 Segmentation fault      (core dumped) ( 
VALGRIND_QEMU="${VALGRIND_QEMU_IMG}" _qemu_proc_exec "${VALGRIND_LOGFILE}" 
"$QEMU_IMG_PROG" $QEMU_IMG_OPTIONS "$@" )
+./common.rc: line 208: 545163 Segmentation fault      (core dumped) ( 
VALGRIND_QEMU="${VALGRIND_QEMU_IMG}" _qemu_proc_exec "${VALGRIND_LOGFILE}" 
"$QEMU_IMG_PROG" $QEMU_IMG_OPTIONS "$@" )

  == check TLS fail over UNIX with no hostname ==
  qemu-img: Could not open 
'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for 
certificate validation
-qemu-nbd: No hostname for certificate validation
+qemu-nbd: Failed to read initial magic: Unable to read from socket: 
Connection reset by peer

  == check TLS works over UNIX with hostname override ==
-image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
-file format: nbd
-virtual size: 64 MiB (67108864 bytes)
-disk size: unavailable
-exports available: 1
- export: ''
-  size:  67108864
-  min block: 1
-  transaction size: 64-bit
+qemu-img: Could not open 
'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0,tls-hostname=127.0.0.1': 
Failed to connect to 
'/tmp/qemu-iotests-eidif2rs/raw-file-233/qemu-nbd.sock': Connection refused
+qemu-nbd: Failed to connect to 
'/tmp/qemu-iotests-eidif2rs/raw-file-233/qemu-nbd.sock': Connection refused

  == check TLS works over UNIX with PSK ==
+./common.nbd: line 38: kill: (545184) - No such process
  image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
  file format: nbd
  virtual size: 64 MiB (67108864 bytes)
@@ -103,14 +89,8 @@
  qemu-nbd: TLS handshake failed: The TLS connection was non-properly 
terminated.

  == final server log ==
-qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: The TLS connection was non-properly terminated.
-qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: The TLS connection was non-properly terminated.
-qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
-qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
  qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
  qemu-nbd: option negotiation failed: TLS x509 authz check for 
DISTINGUISHED-NAME is denied
-qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: The TLS connection was non-properly terminated.
-qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read 
from TLS channel: The TLS connection was non-properly terminated.
  qemu-nbd: option negotiation failed: TLS handshake failed: An illegal 
parameter has been received.
  qemu-nbd: option negotiation failed: TLS handshake failed: An illegal 
parameter has been received.
  *** done
Failures: 233
Failed 1 of 1 iotests

Could you please have a look?

  Thanks,
   Thomas
Re: iotest 233 is failing
Posted by Thomas Huth 1 month ago 
On 10/10/2025 10.00, Thomas Huth wrote:
> On 03/10/2025 17.39, Peter Xu wrote:
>> QCryptoTLSSession allows TLS premature termination in two cases, one of the
>> case is when the channel shutdown() is invoked on READ side.
>   Hi Peter,
> 
> this patch break iotest 233 for me:
...
> Could you please have a look?
Never mind, Daniel just told me that there is already a patch available:

https://lore.kernel.org/qemu-devel/20251006190126.4159590-1-berrange@redhat.com/

  Thomas

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.