[2/2] io/channel-tls: fix handling of bigger read buffers

Message ID	20221115142329.92524-3-antoine.damhet@shadow.tech (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> sender: damhet_a) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id DAA513FC86; Tue, 15 Nov 2022 15:23:44 +0100 (CET) From: antoine.damhet@shadow.tech To: qemu-devel@nongnu.org Cc: vm@shadow.tech, Antoine Damhet <antoine.damhet@shadow.tech>, Charles Frey <charles.frey@shadow.tech>, =?utf-8?q?Daniel_P=2E_Berrang?= =?utf-8?q?=C3=A9?= <berrange@redhat.com> Subject: [PATCH 2/2] io/channel-tls: fix handling of bigger read buffers Date: Tue, 15 Nov 2022 15:23:29 +0100 Message-Id: <20221115142329.92524-3-antoine.damhet@shadow.tech> In-Reply-To: <20221115142329.92524-1-antoine.damhet@shadow.tech> References: <20221115142329.92524-1-antoine.damhet@shadow.tech> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=91.243.117.197; envelope-from=SRS0=Pw4Z=3P=lse.epita.fr=xdbob@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	TLS: fix read stall with large buffers \| expand [0/2] TLS: fix read stall with large buffers [1/2] crypto: TLS: introduce `check_pending` [2/2] io/channel-tls: fix handling of bigger read buffers

Message ID

20221115142329.92524-3-antoine.damhet@shadow.tech (mailing list archive)

State

New, archived

Headers

From: antoine.damhet@shadow.tech
To: qemu-devel@nongnu.org
Cc: vm@shadow.tech, Antoine Damhet <antoine.damhet@shadow.tech>,
 Charles Frey <charles.frey@shadow.tech>, =?utf-8?q?Daniel_P=2E_Berrang?=
	=?utf-8?q?=C3=A9?= <berrange@redhat.com>
Subject: [PATCH 2/2] io/channel-tls: fix handling of bigger read buffers
Date: Tue, 15 Nov 2022 15:23:29 +0100
Message-Id: <20221115142329.92524-3-antoine.damhet@shadow.tech>
In-Reply-To: <20221115142329.92524-1-antoine.damhet@shadow.tech>
References: <20221115142329.92524-1-antoine.damhet@shadow.tech>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=91.243.117.197;
 envelope-from=SRS0=Pw4Z=3P=lse.epita.fr=xdbob@cri.epita.fr;
 helo=mail-2.srv.cri.epita.fr
X-Spam_score_int: -15
X-Spam_score: -1.6
X-Spam_bar: -
X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9,
 HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

TLS: fix read stall with large buffers | expand

Commit Message

Antoine Damhet Nov. 15, 2022, 2:23 p.m. UTC

From: Antoine Damhet <antoine.damhet@shadow.tech>

Since the TLS backend can read more data from the underlying QIOChannel
we introduce a minimal child GSource to notify if we still have more
data available to be read.

Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech>
Signed-off-by: Charles Frey <charles.frey@shadow.tech>
---
 io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

Comments

Daniel P. Berrangé Nov. 16, 2022, 10:52 a.m. UTC | #1

On Tue, Nov 15, 2022 at 03:23:29PM +0100, antoine.damhet@shadow.tech wrote:
> From: Antoine Damhet <antoine.damhet@shadow.tech>
> 
> Since the TLS backend can read more data from the underlying QIOChannel
> we introduce a minimal child GSource to notify if we still have more
> data available to be read.
> 
> Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech>
> Signed-off-by: Charles Frey <charles.frey@shadow.tech>
> ---
>  io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 65 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel

Antoine Damhet Dec. 16, 2022, 10:38 a.m. UTC | #2

On Wed, Nov 16, 2022 at 10:52:20AM +0000, Daniel P. Berrangé wrote:
> On Tue, Nov 15, 2022 at 03:23:29PM +0100, antoine.damhet@shadow.tech wrote:
> > From: Antoine Damhet <antoine.damhet@shadow.tech>
> > 
> > Since the TLS backend can read more data from the underlying QIOChannel
> > we introduce a minimal child GSource to notify if we still have more
> > data available to be read.
> > 
> > Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech>
> > Signed-off-by: Charles Frey <charles.frey@shadow.tech>
> > ---
> >  io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 65 insertions(+), 1 deletion(-)
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Thanks,

Now that the 7.2.0 is released, can we hope to get this queued ? If not
what should I do ?

Best regards,

Daniel P. Berrangé Dec. 16, 2022, 10:55 a.m. UTC | #3

On Fri, Dec 16, 2022 at 11:38:03AM +0100, Antoine Damhet wrote:
> On Wed, Nov 16, 2022 at 10:52:20AM +0000, Daniel P. Berrangé wrote:
> > On Tue, Nov 15, 2022 at 03:23:29PM +0100, antoine.damhet@shadow.tech wrote:
> > > From: Antoine Damhet <antoine.damhet@shadow.tech>
> > > 
> > > Since the TLS backend can read more data from the underlying QIOChannel
> > > we introduce a minimal child GSource to notify if we still have more
> > > data available to be read.
> > > 
> > > Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech>
> > > Signed-off-by: Charles Frey <charles.frey@shadow.tech>
> > > ---
> > >  io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++-
> > >  1 file changed, 65 insertions(+), 1 deletion(-)
> > 
> > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> Thanks,
> 
> Now that the 7.2.0 is released, can we hope to get this queued ? If not
> what should I do ?

Yes, I have this queued already for my next pull req.

With regards,
Daniel

Thomas Huth Feb. 28, 2024, 4:11 p.m. UTC | #4

On 15/11/2022 15.23, antoine.damhet@shadow.tech wrote:
> From: Antoine Damhet <antoine.damhet@shadow.tech>
> 
> Since the TLS backend can read more data from the underlying QIOChannel
> we introduce a minimal child GSource to notify if we still have more
> data available to be read.
> 
> Signed-off-by: Antoine Damhet <antoine.damhet@shadow.tech>
> Signed-off-by: Charles Frey <charles.frey@shadow.tech>
> ---
>   io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++-
>   1 file changed, 65 insertions(+), 1 deletion(-)

  Hi Antoine, Charles and Daniel!

This patch can cause a crash with character devices in QEMU that check for a 
valid amount of data that should be written to it, like e.g. the sclpconsole 
of qemu-system-s390x. And I guess other character devices are affected, too, 
in the sense that they are dropping characters silently.

The problem can be reproduced like this:

1) In one terminal, do this:

mkdir qemu-pki
cd qemu-pki
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
# enter some dummy value for the cert
openssl genrsa 2048 > server-key.pem
openssl req -new -x509 -nodes -days 365000 -key server-key.pem \
  -out server-cert.pem
# enter some other dummy values for the cert

gnutls-serv --echo --x509cafile ca-cert.pem --x509keyfile server-key.pem \
             --x509certfile server-cert.pem -p 8338

2) In another terminal, do this:

wget 
https://download.fedoraproject.org/pub/fedora-secondary/releases/39/Cloud/s390x/images/Fedora-Cloud-Base-39-1.5.s390x.qcow2

qemu-system-s390x -nographic -nodefaults \
   -hda Fedora-Cloud-Base-39-1.5.s390x.qcow2 \
   -object 
tls-creds-x509,id=tls0,endpoint=client,verify-peer=false,dir=$PWD/qemu-pki \
   -chardev socket,id=tls_chardev,host=localhost,port=8338,tls-creds=tls0 \
   -device sclpconsole,chardev=tls_chardev,id=tls_serial

QEMU then aborts after a second or two with:

qemu-system-s390x: ../../devel/qemu/hw/char/sclpconsole.c:73: chr_read: 
Assertion `size <= SIZE_BUFFER_VT220 - scon->iov_data_len' failed.
Aborted (core dumped)

It looks like the second read does not trigger the chr_can_read() function 
to be called before the read, which should normally always be done before 
sending bytes to a character device to see how much it can handle. ... do 
you maybe have any ideas how to fix this?

  Thanks,
   Thomas


> diff --git a/io/channel-tls.c b/io/channel-tls.c
> index 4ce890a538..4f2b8828f9 100644
> --- a/io/channel-tls.c
> +++ b/io/channel-tls.c
> @@ -388,12 +388,76 @@ static void qio_channel_tls_set_aio_fd_handler(QIOChannel *ioc,
>       qio_channel_set_aio_fd_handler(tioc->master, ctx, io_read, io_write, opaque);
>   }
>   
> +typedef struct QIOChannelTLSSource QIOChannelTLSSource;
> +struct QIOChannelTLSSource {
> +    GSource parent;
> +    QIOChannelTLS *tioc;
> +};
> +
> +static gboolean
> +qio_channel_tls_source_check(GSource *source)
> +{
> +    QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source;
> +
> +    return qcrypto_tls_session_check_pending(tsource->tioc->session) > 0;
> +}
> +
> +static gboolean
> +qio_channel_tls_source_prepare(GSource *source, gint *timeout)
> +{
> +    *timeout = -1;
> +    return qio_channel_tls_source_check(source);
> +}
> +
> +static gboolean
> +qio_channel_tls_source_dispatch(GSource *source, GSourceFunc callback,
> +                                gpointer user_data)
> +{
> +    return G_SOURCE_CONTINUE;
> +}
> +
> +static void
> +qio_channel_tls_source_finalize(GSource *source)
> +{
> +    QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source;
> +
> +    object_unref(OBJECT(tsource->tioc));
> +}
> +
> +static GSourceFuncs qio_channel_tls_source_funcs = {
> +    qio_channel_tls_source_prepare,
> +    qio_channel_tls_source_check,
> +    qio_channel_tls_source_dispatch,
> +    qio_channel_tls_source_finalize
> +};
> +
> +static void
> +qio_channel_tls_read_watch(QIOChannelTLS *tioc, GSource *source)
> +{
> +    GSource *child;
> +    QIOChannelTLSSource *tlssource;
> +
> +    child = g_source_new(&qio_channel_tls_source_funcs,
> +                          sizeof(QIOChannelTLSSource));
> +    tlssource = (QIOChannelTLSSource *)child;
> +
> +    tlssource->tioc = tioc;
> +    object_ref(OBJECT(tioc));
> +
> +    g_source_add_child_source(source, child);
> +}
> +
>   static GSource *qio_channel_tls_create_watch(QIOChannel *ioc,
>                                                GIOCondition condition)
>   {
>       QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
> +    GSource *source = qio_channel_create_watch(tioc->master, condition);
> +
> +    if (condition & G_IO_IN) {
> +        qio_channel_tls_read_watch(tioc, source);
> +    }
>   
> -    return qio_channel_create_watch(tioc->master, condition);
> +    return source;
>   }
>   
>   QCryptoTLSSession *

diff --git a/io/channel-tls.c b/io/channel-tls.c
index 4ce890a538..4f2b8828f9 100644
--- a/io/channel-tls.c
+++ b/io/channel-tls.c
@@ -388,12 +388,76 @@  static void qio_channel_tls_set_aio_fd_handler(QIOChannel *ioc,
     qio_channel_set_aio_fd_handler(tioc->master, ctx, io_read, io_write, opaque);
 }
 
+typedef struct QIOChannelTLSSource QIOChannelTLSSource;
+struct QIOChannelTLSSource {
+    GSource parent;
+    QIOChannelTLS *tioc;
+};
+
+static gboolean
+qio_channel_tls_source_check(GSource *source)
+{
+    QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source;
+
+    return qcrypto_tls_session_check_pending(tsource->tioc->session) > 0;
+}
+
+static gboolean
+qio_channel_tls_source_prepare(GSource *source, gint *timeout)
+{
+    *timeout = -1;
+    return qio_channel_tls_source_check(source);
+}
+
+static gboolean
+qio_channel_tls_source_dispatch(GSource *source, GSourceFunc callback,
+                                gpointer user_data)
+{
+    return G_SOURCE_CONTINUE;
+}
+
+static void
+qio_channel_tls_source_finalize(GSource *source)
+{
+    QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source;
+
+    object_unref(OBJECT(tsource->tioc));
+}
+
+static GSourceFuncs qio_channel_tls_source_funcs = {
+    qio_channel_tls_source_prepare,
+    qio_channel_tls_source_check,
+    qio_channel_tls_source_dispatch,
+    qio_channel_tls_source_finalize
+};
+
+static void
+qio_channel_tls_read_watch(QIOChannelTLS *tioc, GSource *source)
+{
+    GSource *child;
+    QIOChannelTLSSource *tlssource;
+
+    child = g_source_new(&qio_channel_tls_source_funcs,
+                          sizeof(QIOChannelTLSSource));
+    tlssource = (QIOChannelTLSSource *)child;
+
+    tlssource->tioc = tioc;
+    object_ref(OBJECT(tioc));
+
+    g_source_add_child_source(source, child);
+}
+
 static GSource *qio_channel_tls_create_watch(QIOChannel *ioc,
                                              GIOCondition condition)
 {
     QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+    GSource *source = qio_channel_create_watch(tioc->master, condition);
+
+    if (condition & G_IO_IN) {
+        qio_channel_tls_read_watch(tioc, source);
+    }
 
-    return qio_channel_create_watch(tioc->master, condition);
+    return source;
 }
 
 QCryptoTLSSession *

[2/2] io/channel-tls: fix handling of bigger read buffers

Commit Message

Comments

Patch