| Message ID | 20190703224707.12437-1-eblake@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2,RFC] qemu-nbd: Permit TLS with Unix sockets | expand |
Patchew URL: https://patchew.org/QEMU/20190703224707.12437-1-eblake@redhat.com/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===
PASS 1 fdc-test /x86_64/fdc/cmos
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
==10051==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-coroutine"
==10096==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10096==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffffb89b000; bottom 0x7f13499f8000; size: 0x00ecb1ea3000 (1016597196800)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-coroutine /basic/no-dangling-access
---
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
PASS 14 test-aio /aio/timer/schedule
==10111==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
PASS 17 test-aio /aio-gsource/bh/schedule
---
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
PASS 28 test-aio /aio-gsource/timer/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-aio-multithread -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-aio-multithread"
==10118==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-aio-multithread /aio/multi/lifecycle
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ide-test"
PASS 2 test-aio-multithread /aio/multi/schedule
==10135==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 ide-test /x86_64/ide/identify
PASS 3 test-aio-multithread /aio/multi/mutex/contended
==10146==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 ide-test /x86_64/ide/flush
==10157==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
==10163==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 ide-test /x86_64/ide/bmdma/trim
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
==10174==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-throttle"
==10185==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-throttle /throttle/leak_bucket
PASS 2 test-throttle /throttle/compute_wait
PASS 3 test-throttle /throttle/init
---
PASS 5 test-throttle /throttle/have_timer
PASS 6 test-throttle /throttle/detach_attach
PASS 7 test-throttle /throttle/config_functions
==10191==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 test-throttle /throttle/accounting
PASS 9 test-throttle /throttle/groups
PASS 10 test-throttle /throttle/config/enabled
---
PASS 15 test-throttle /throttle/config/iops_size
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-thread-pool"
PASS 6 ide-test /x86_64/ide/bmdma/one_sector_short_prdt
==10198==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
==10200==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 ide-test /x86_64/ide/bmdma/long_prdt
==10272==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10272==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffec41b2000; bottom 0x7f228cffe000; size: 0x00dc371b4000 (945817337856)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 5 test-thread-pool /thread-pool/cancel
PASS 8 ide-test /x86_64/ide/bmdma/no_busmaster
PASS 9 ide-test /x86_64/ide/flush/nodev
PASS 6 test-thread-pool /thread-pool/cancel-async
==10283==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-hbitmap -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-hbitmap"
PASS 10 ide-test /x86_64/ide/flush/empty_drive
PASS 1 test-hbitmap /hbitmap/granularity
PASS 2 test-hbitmap /hbitmap/size/0
PASS 3 test-hbitmap /hbitmap/size/unaligned
PASS 4 test-hbitmap /hbitmap/iter/empty
==10293==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 test-hbitmap /hbitmap/iter/partial
PASS 6 test-hbitmap /hbitmap/iter/granularity
PASS 7 test-hbitmap /hbitmap/iter/iter_and_reset
---
PASS 14 test-hbitmap /hbitmap/set/twice
PASS 15 test-hbitmap /hbitmap/set/overlap
PASS 16 test-hbitmap /hbitmap/reset/empty
==10299==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 17 test-hbitmap /hbitmap/reset/general
PASS 12 ide-test /x86_64/ide/flush/retry_isa
PASS 18 test-hbitmap /hbitmap/reset/all
---
PASS 28 test-hbitmap /hbitmap/truncate/shrink/medium
PASS 29 test-hbitmap /hbitmap/truncate/shrink/large
PASS 30 test-hbitmap /hbitmap/meta/zero
==10305==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 13 ide-test /x86_64/ide/cdrom/pio
==10311==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 14 ide-test /x86_64/ide/cdrom/pio_large
==10317==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 15 ide-test /x86_64/ide/cdrom/dma
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/ahci-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ahci-test"
PASS 31 test-hbitmap /hbitmap/meta/one
---
PASS 33 test-hbitmap /hbitmap/meta/word
PASS 34 test-hbitmap /hbitmap/meta/sector
PASS 35 test-hbitmap /hbitmap/serialize/align
==10331==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 ahci-test /x86_64/ahci/sanity
==10337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 ahci-test /x86_64/ahci/pci_spec
PASS 36 test-hbitmap /hbitmap/serialize/basic
PASS 37 test-hbitmap /hbitmap/serialize/part
---
PASS 42 test-hbitmap /hbitmap/next_dirty_area/next_dirty_area_1
PASS 43 test-hbitmap /hbitmap/next_dirty_area/next_dirty_area_4
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-bdrv-drain -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-bdrv-drain"
==10343==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10346==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-bdrv-drain /bdrv-drain/nested
PASS 2 test-bdrv-drain /bdrv-drain/multiparent
PASS 3 test-bdrv-drain /bdrv-drain/set_aio_context
---
PASS 37 test-bdrv-drain /bdrv-drain/detach/parent_cb
PASS 38 test-bdrv-drain /bdrv-drain/detach/driver_cb
PASS 39 test-bdrv-drain /bdrv-drain/attach/drain
==10378==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-bdrv-graph-mod -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-bdrv-graph-mod"
==10396==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-bdrv-graph-mod /bdrv-graph-mod/update-perm-tree
PASS 2 test-bdrv-graph-mod /bdrv-graph-mod/should-update-child
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-blockjob -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-blockjob"
PASS 4 ahci-test /x86_64/ahci/hba_spec
==10402==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-blockjob /blockjob/ids
PASS 2 test-blockjob /blockjob/cancel/created
PASS 3 test-blockjob /blockjob/cancel/running
---
PASS 7 test-blockjob /blockjob/cancel/pending
PASS 8 test-blockjob /blockjob/cancel/concluded
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-blockjob-txn -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-blockjob-txn"
==10404==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10408==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-blockjob-txn /single/success
PASS 2 test-blockjob-txn /single/failure
PASS 3 test-blockjob-txn /single/cancel
---
PASS 7 test-blockjob-txn /pair/fail-cancel-race
PASS 5 ahci-test /x86_64/ahci/hba_enable
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-block-backend -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-block-backend"
==10419==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-block-backend /block-backend/drain_aio_error
PASS 2 test-block-backend /block-backend/drain_all_aio_error
==10417==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-block-iothread -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-block-iothread"
==10428==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-block-iothread /sync-op/pread
PASS 2 test-block-iothread /sync-op/pwrite
PASS 3 test-block-iothread /sync-op/load_vmstate
---
PASS 16 test-block-iothread /propagate/mirror
PASS 6 ahci-test /x86_64/ahci/identify
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-image-locking -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-image-locking"
==10451==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-image-locking /image-locking/basic
PASS 2 test-image-locking /image-locking/set-perm-abort
==10449==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-x86-cpuid -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-x86-cpuid"
PASS 1 test-x86-cpuid /cpuid/topology/basic
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-xbzrle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-xbzrle"
---
PASS 7 ahci-test /x86_64/ahci/max
PASS 6 test-xbzrle /xbzrle/encode_decode
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-vmstate -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-vmstate"
==10467==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-vmstate /vmstate/tmp_struct
PASS 2 test-vmstate /vmstate/simple/primitive
PASS 3 test-vmstate /vmstate/simple/array
---
PASS 10 test-int128 /int128/int128_rshift
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/rcutorture -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="rcutorture"
PASS 8 ahci-test /x86_64/ahci/reset
==10506==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 rcutorture /rcu/torture/1reader
==10506==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffee2233000; bottom 0x7fdba4dfe000; size: 0x00233d435000 (151351676928)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 9 ahci-test /x86_64/ahci/io/pio/lba28/simple/zero
PASS 2 rcutorture /rcu/torture/10readers
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-rcu-list -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-rcu-list"
==10528==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10528==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fff6df45000; bottom 0x7f0b4cffe000; size: 0x00f420f47000 (1048524910592)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-rcu-list /rcu/qlist/single-threaded
PASS 10 ahci-test /x86_64/ahci/io/pio/lba28/simple/low
==10547==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 test-rcu-list /rcu/qlist/short-few
==10547==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fffcc579000; bottom 0x7f80e7ffe000; size: 0x007ee457b000 (544996831232)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 11 ahci-test /x86_64/ahci/io/pio/lba28/simple/high
==10574==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10574==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffedf665000; bottom 0x7fcca49fe000; size: 0x00323ac67000 (215734448128)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 3 test-rcu-list /rcu/qlist/long-many
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-rcu-simpleq -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-rcu-simpleq"
PASS 12 ahci-test /x86_64/ahci/io/pio/lba28/double/zero
==10587==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-rcu-simpleq /rcu/qsimpleq/single-threaded
==10587==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc3aafe000; bottom 0x7ff996dfe000; size: 0x0002a3d00000 (11338252288)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 13 ahci-test /x86_64/ahci/io/pio/lba28/double/low
PASS 2 test-rcu-simpleq /rcu/qsimpleq/short-few
==10599==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10599==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffdb7ed8000; bottom 0x7f2ca41fe000; size: 0x00d113cda000 (897980407808)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 14 ahci-test /x86_64/ahci/io/pio/lba28/double/high
==10626==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10626==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd4cec0000; bottom 0x7fa9dff24000; size: 0x00536cf9c000 (358310592512)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 3 test-rcu-simpleq /rcu/qsimpleq/long-many
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-rcu-tailq -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-rcu-tailq"
PASS 15 ahci-test /x86_64/ahci/io/pio/lba28/long/zero
PASS 1 test-rcu-tailq /rcu/qtailq/single-threaded
==10639==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10639==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe340f1000; bottom 0x7fbeb757c000; size: 0x003f7cb75000 (272675328000)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 2 test-rcu-tailq /rcu/qtailq/short-few
PASS 16 ahci-test /x86_64/ahci/io/pio/lba28/long/low
==10672==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10672==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fffdd147000; bottom 0x7f63e3bfe000; size: 0x009bf9549000 (669902999552)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 3 test-rcu-tailq /rcu/qtailq/long-many
---
PASS 8 test-qdist /qdist/binning/shrink
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-qht -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-qht"
PASS 17 ahci-test /x86_64/ahci/io/pio/lba28/long/high
==10687==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 18 ahci-test /x86_64/ahci/io/pio/lba28/short/zero
==10693==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 19 ahci-test /x86_64/ahci/io/pio/lba28/short/low
==10699==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 20 ahci-test /x86_64/ahci/io/pio/lba28/short/high
==10705==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10705==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffedbc2c000; bottom 0x7fb1597fe000; size: 0x004d8242e000 (332897902592)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 21 ahci-test /x86_64/ahci/io/pio/lba48/simple/zero
==10711==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10711==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd02465000; bottom 0x7fc63cbfe000; size: 0x0036c5867000 (235242156032)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 22 ahci-test /x86_64/ahci/io/pio/lba48/simple/low
==10717==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10717==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd9a189000; bottom 0x7f3600ffe000; size: 0x00c79918b000 (857267023872)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 23 ahci-test /x86_64/ahci/io/pio/lba48/simple/high
==10723==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10723==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe1ed41000; bottom 0x7fc9f29fe000; size: 0x00342c343000 (224079917056)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 24 ahci-test /x86_64/ahci/io/pio/lba48/double/zero
==10729==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10729==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc859ea000; bottom 0x7f335e9fe000; size: 0x00c926fec000 (863942656000)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 25 ahci-test /x86_64/ahci/io/pio/lba48/double/low
==10735==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10735==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffeb2a66000; bottom 0x7f2954dfe000; size: 0x00d55dc68000 (916401324032)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 26 ahci-test /x86_64/ahci/io/pio/lba48/double/high
==10741==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10741==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffca9feb000; bottom 0x7f62653fe000; size: 0x009a44bed000 (662578319360)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 27 ahci-test /x86_64/ahci/io/pio/lba48/long/zero
==10747==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10747==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe762a5000; bottom 0x7f4d137fe000; size: 0x00b162aa7000 (761864548352)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-qht /qht/mode/default
PASS 2 test-qht /qht/mode/resize
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-qht-par -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-qht-par"
PASS 28 ahci-test /x86_64/ahci/io/pio/lba48/long/low
==10759==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10759==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc4c4d3000; bottom 0x7fe4f07fe000; size: 0x00175bcd5000 (100324429824)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-qht-par /qht/parallel/2threads-0%updates-1s
PASS 29 ahci-test /x86_64/ahci/io/pio/lba48/long/high
PASS 2 test-qht-par /qht/parallel/2threads-20%updates-1s
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-bitops -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-bitops"
==10776==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-bitops /bitops/sextract32
PASS 2 test-bitops /bitops/sextract64
PASS 3 test-bitops /bitops/half_shuffle32
---
PASS 8 check-qom-proplist /qom/proplist/delchild
PASS 9 check-qom-proplist /qom/resolve/partial
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-qemu-opts -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-qemu-opts"
==10807==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-qemu-opts /qemu-opts/find_unknown_opts
PASS 2 test-qemu-opts /qemu-opts/find_opts
PASS 3 test-qemu-opts /qemu-opts/opts_create
---
PASS 4 test-crypto-hash /crypto/hash/digest
PASS 5 test-crypto-hash /crypto/hash/base64
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-crypto-hmac -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-crypto-hmac"
==10830==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-crypto-hmac /crypto/hmac/iov
PASS 2 test-crypto-hmac /crypto/hmac/alloc
PASS 3 test-crypto-hmac /crypto/hmac/prealloc
---
PASS 32 ahci-test /x86_64/ahci/io/pio/lba48/short/high
PASS 1 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/perfectserver
PASS 2 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/perfectclient
==10860==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodca1
PASS 33 ahci-test /x86_64/ahci/io/dma/lba28/fragmented
PASS 4 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodca2
==10866==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodca3
PASS 6 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/badca1
PASS 7 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/badca2
PASS 8 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/badca3
PASS 34 ahci-test /x86_64/ahci/io/dma/lba28/retry
PASS 9 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver1
==10872==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver2
PASS 35 ahci-test /x86_64/ahci/io/dma/lba28/simple/zero
==10878==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 11 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver3
PASS 36 ahci-test /x86_64/ahci/io/dma/lba28/simple/low
PASS 12 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver4
==10884==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 13 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver5
PASS 37 ahci-test /x86_64/ahci/io/dma/lba28/simple/high
PASS 14 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver6
==10890==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 15 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/goodserver7
PASS 16 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/badserver1
PASS 17 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/badserver2
---
PASS 39 test-crypto-tlscredsx509 /qcrypto/tlscredsx509/missingclient
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-crypto-tlssession -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-crypto-tlssession"
PASS 38 ahci-test /x86_64/ahci/io/dma/lba28/double/zero
==10901==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-crypto-tlssession /qcrypto/tlssession/psk
PASS 2 test-crypto-tlssession /qcrypto/tlssession/basicca
PASS 39 ahci-test /x86_64/ahci/io/dma/lba28/double/low
PASS 3 test-crypto-tlssession /qcrypto/tlssession/differentca
==10907==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 test-crypto-tlssession /qcrypto/tlssession/altname1
PASS 5 test-crypto-tlssession /qcrypto/tlssession/altname2
PASS 40 ahci-test /x86_64/ahci/io/dma/lba28/double/high
PASS 6 test-crypto-tlssession /qcrypto/tlssession/altname3
==10913==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 test-crypto-tlssession /qcrypto/tlssession/altname4
PASS 8 test-crypto-tlssession /qcrypto/tlssession/altname5
PASS 41 ahci-test /x86_64/ahci/io/dma/lba28/long/zero
PASS 9 test-crypto-tlssession /qcrypto/tlssession/altname6
==10919==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 test-crypto-tlssession /qcrypto/tlssession/wildcard1
PASS 11 test-crypto-tlssession /qcrypto/tlssession/wildcard2
PASS 42 ahci-test /x86_64/ahci/io/dma/lba28/long/low
PASS 12 test-crypto-tlssession /qcrypto/tlssession/wildcard3
PASS 13 test-crypto-tlssession /qcrypto/tlssession/wildcard4
==10925==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 14 test-crypto-tlssession /qcrypto/tlssession/wildcard5
PASS 43 ahci-test /x86_64/ahci/io/dma/lba28/long/high
==10931==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 15 test-crypto-tlssession /qcrypto/tlssession/wildcard6
PASS 44 ahci-test /x86_64/ahci/io/dma/lba28/short/zero
==10937==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 16 test-crypto-tlssession /qcrypto/tlssession/cachain
PASS 45 ahci-test /x86_64/ahci/io/dma/lba28/short/low
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-qga -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-qga"
==10944==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 46 ahci-test /x86_64/ahci/io/dma/lba28/short/high
PASS 1 test-qga /qga/sync-delimited
PASS 2 test-qga /qga/sync
---
PASS 15 test-qga /qga/invalid-cmd
PASS 16 test-qga /qga/invalid-args
PASS 17 test-qga /qga/fsfreeze-status
==10955==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 47 ahci-test /x86_64/ahci/io/dma/lba48/simple/zero
PASS 18 test-qga /qga/blacklist
PASS 19 test-qga /qga/config
PASS 20 test-qga /qga/guest-exec
PASS 21 test-qga /qga/guest-exec-invalid
==10963==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 22 test-qga /qga/guest-get-osinfo
PASS 23 test-qga /qga/guest-get-host-name
PASS 24 test-qga /qga/guest-get-timezone
---
PASS 7 test-util-sockets /socket/fd-pass/num/bad
PASS 8 test-util-sockets /socket/fd-pass/num/nocli
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-authz-simple -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-authz-simple"
==10988==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-authz-simple /authz/simple
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-authz-list -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-authz-list"
PASS 1 test-authz-list /auth/list/complex
---
PASS 4 test-io-channel-file /io/channel/pipe/sync
PASS 5 test-io-channel-file /io/channel/pipe/async
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-io-channel-tls -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-io-channel-tls"
==11051==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-io-channel-tls /qio/channel/tls/basic
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-io-channel-command -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-io-channel-command"
PASS 1 test-io-channel-command /io/channel/command/fifo/sync
---
PASS 3 test-base64 /util/base64/not-nul-terminated
PASS 4 test-base64 /util/base64/invalid-chars
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-crypto-pbkdf -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-crypto-pbkdf"
==11097==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-crypto-pbkdf /crypto/pbkdf/rfc3962/sha1/iter1
PASS 2 test-crypto-pbkdf /crypto/pbkdf/rfc3962/sha1/iter2
PASS 3 test-crypto-pbkdf /crypto/pbkdf/rfc3962/sha1/iter1200a
---
PASS 1 test-logging /logging/parse_range
PASS 2 test-logging /logging/parse_path
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-replication -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-replication"
==11132==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11138==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-replication /replication/primary/read
PASS 2 test-replication /replication/primary/write
PASS 52 ahci-test /x86_64/ahci/io/dma/lba48/double/high
==11147==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 test-replication /replication/primary/start
PASS 4 test-replication /replication/primary/stop
PASS 5 test-replication /replication/primary/do_checkpoint
PASS 6 test-replication /replication/primary/get_error_all
PASS 53 ahci-test /x86_64/ahci/io/dma/lba48/long/zero
PASS 7 test-replication /replication/secondary/read
==11153==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 test-replication /replication/secondary/write
PASS 54 ahci-test /x86_64/ahci/io/dma/lba48/long/low
==11159==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11138==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc9b908000; bottom 0x7fd9c32fc000; size: 0x0022d860c000 (149659107328)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 55 ahci-test /x86_64/ahci/io/dma/lba48/long/high
==11185==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 9 test-replication /replication/secondary/start
PASS 56 ahci-test /x86_64/ahci/io/dma/lba48/short/zero
==11191==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 57 ahci-test /x86_64/ahci/io/dma/lba48/short/low
==11197==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 test-replication /replication/secondary/stop
PASS 58 ahci-test /x86_64/ahci/io/dma/lba48/short/high
==11203==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 59 ahci-test /x86_64/ahci/io/ncq/simple
==11209==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 11 test-replication /replication/secondary/do_checkpoint
PASS 60 ahci-test /x86_64/ahci/io/ncq/retry
PASS 12 test-replication /replication/secondary/get_error_all
==11215==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-bufferiszero -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-bufferiszero"
PASS 61 ahci-test /x86_64/ahci/flush/simple
==11225==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 62 ahci-test /x86_64/ahci/flush/retry
==11231==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11236==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 63 ahci-test /x86_64/ahci/flush/migrate
==11245==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11250==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 64 ahci-test /x86_64/ahci/migrate/sanity
==11260==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11265==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 65 ahci-test /x86_64/ahci/migrate/dma/simple
==11274==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11279==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 66 ahci-test /x86_64/ahci/migrate/dma/halted
==11288==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11293==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 67 ahci-test /x86_64/ahci/migrate/ncq/simple
==11302==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11307==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 68 ahci-test /x86_64/ahci/migrate/ncq/halted
==11316==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 69 ahci-test /x86_64/ahci/cdrom/eject
==11321==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 70 ahci-test /x86_64/ahci/cdrom/dma/single
==11327==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-bufferiszero /cutils/bufferiszero
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-uuid -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-uuid"
PASS 71 ahci-test /x86_64/ahci/cdrom/dma/multi
---
PASS 1 test-qapi-util /qapi/util/qapi_enum_parse
PASS 2 test-qapi-util /qapi/util/parse_qapi_name
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-qgraph -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-qgraph"
==11338==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-qgraph /qgraph/init_nop
PASS 2 test-qgraph /qgraph/test_machine
PASS 3 test-qgraph /qgraph/test_contains
---
PASS 22 test-qgraph /qgraph/test_test_in_path
PASS 23 test-qgraph /qgraph/test_double_edge
PASS 72 ahci-test /x86_64/ahci/cdrom/pio/single
==11356==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==11356==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc4e18c000; bottom 0x7f8185ffe000; size: 0x007ac818e000 (527343083520)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 73 ahci-test /x86_64/ahci/cdrom/pio/multi
==11362==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 74 ahci-test /x86_64/ahci/cdrom/pio/bcl
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/hd-geo-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="hd-geo-test"
PASS 1 hd-geo-test /x86_64/hd-geo/ide/none
==11376==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 hd-geo-test /x86_64/hd-geo/ide/drive/cd_0
==11382==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/blank
==11388==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/lba
==11394==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/chs
==11400==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 hd-geo-test /x86_64/hd-geo/ide/device/mbr/blank
==11406==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 hd-geo-test /x86_64/hd-geo/ide/device/mbr/lba
==11412==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 hd-geo-test /x86_64/hd-geo/ide/device/mbr/chs
==11418==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 9 hd-geo-test /x86_64/hd-geo/ide/device/user/chs
==11423==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 hd-geo-test /x86_64/hd-geo/ide/device/user/chst
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/boot-order-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="boot-order-test"
PASS 1 boot-order-test /x86_64/boot-order/pc
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11491==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 bios-tables-test /x86_64/acpi/piix4
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11497==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 bios-tables-test /x86_64/acpi/q35
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11503==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 bios-tables-test /x86_64/acpi/piix4/bridge
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11509==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 bios-tables-test /x86_64/acpi/piix4/ipmi
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11515==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 bios-tables-test /x86_64/acpi/piix4/cpuhp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11522==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 bios-tables-test /x86_64/acpi/piix4/memhp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11528==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 bios-tables-test /x86_64/acpi/piix4/numamem
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11534==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 bios-tables-test /x86_64/acpi/piix4/dimmpxm
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11543==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 9 bios-tables-test /x86_64/acpi/q35/bridge
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11549==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 bios-tables-test /x86_64/acpi/q35/mmio64
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11555==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 11 bios-tables-test /x86_64/acpi/q35/ipmi
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11561==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 12 bios-tables-test /x86_64/acpi/q35/cpuhp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11568==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 13 bios-tables-test /x86_64/acpi/q35/memhp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11574==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 14 bios-tables-test /x86_64/acpi/q35/numamem
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11580==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 15 bios-tables-test /x86_64/acpi/q35/dimmpxm
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/boot-serial-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="boot-serial-test"
PASS 1 boot-serial-test /x86_64/boot-serial/isapc
---
PASS 1 i440fx-test /x86_64/i440fx/defaults
PASS 2 i440fx-test /x86_64/i440fx/pam
PASS 3 i440fx-test /x86_64/i440fx/firmware/bios
==11664==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 i440fx-test /x86_64/i440fx/firmware/pflash
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/fw_cfg-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="fw_cfg-test"
PASS 1 fw_cfg-test /x86_64/fw_cfg/signature
---
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/drive_del-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="drive_del-test"
PASS 1 drive_del-test /x86_64/drive_del/without-dev
PASS 2 drive_del-test /x86_64/drive_del/after_failed_device_add
==11752==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 drive_del-test /x86_64/blockdev/drive_del_device_del
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/wdt_ib700-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="wdt_ib700-test"
PASS 1 wdt_ib700-test /x86_64/wdt_ib700/pause
---
PASS 1 usb-hcd-uhci-test /x86_64/uhci/pci/init
PASS 2 usb-hcd-uhci-test /x86_64/uhci/pci/port1
PASS 3 usb-hcd-uhci-test /x86_64/uhci/pci/hotplug
==11947==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 usb-hcd-uhci-test /x86_64/uhci/pci/hotplug/usb-storage
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/usb-hcd-xhci-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="usb-hcd-xhci-test"
PASS 1 usb-hcd-xhci-test /x86_64/xhci/pci/init
PASS 2 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug
==11956==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug/usb-uas
PASS 4 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug/usb-ccid
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/cpu-plug-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="cpu-plug-test"
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12062==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 vmgenid-test /x86_64/vmgenid/vmgenid/set-guid
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12068==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 vmgenid-test /x86_64/vmgenid/vmgenid/set-guid-auto
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12074==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 vmgenid-test /x86_64/vmgenid/vmgenid/query-monitor
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/tpm-crb-swtpm-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="tpm-crb-swtpm-test"
SKIP 1 tpm-crb-swtpm-test /x86_64/tpm/crb-swtpm/test # SKIP swtpm not in PATH or missing --tpm2 support
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12179==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12184==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 migration-test /x86_64/migration/fd_proto
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12192==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12197==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 migration-test /x86_64/migration/postcopy/unix
PASS 5 migration-test /x86_64/migration/postcopy/recovery
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12227==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12232==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 migration-test /x86_64/migration/precopy/unix
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12241==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12246==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 migration-test /x86_64/migration/precopy/tcp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12255==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==12260==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 migration-test /x86_64/migration/xbzrle/unix
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/test-x86-cpuid-compat -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-x86-cpuid-compat"
PASS 1 test-x86-cpuid-compat /x86/cpuid/parsing-plus-minus
---
PASS 6 numa-test /x86_64/numa/pc/dynamic/cpu
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/qmp-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="qmp-test"
PASS 1 qmp-test /x86_64/qmp/protocol
==12589==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 qmp-test /x86_64/qmp/oob
PASS 3 qmp-test /x86_64/qmp/preconfig
PASS 4 qmp-test /x86_64/qmp/missing-any-arg
---
PASS 5 device-introspect-test /x86_64/device/introspect/abstract-interfaces
=================================================================
==12837==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x557b91372b6e in calloc (/tmp/qemu-test/build/x86_64-softmmu/qemu-system-x86_64+0x19f9b6e)
---
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 2 allocation(s).
/tmp/qemu-test/src/tests/libqtest.c:137: kill_qemu() tried to terminate QEMU process but encountered exit status 1
ERROR - too few tests run (expected 6, got 5)
make: *** [/tmp/qemu-test/src/tests/Makefile.include:896: check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
The full log is available at
http://patchew.org/logs/20190703224707.12437-1-eblake@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
On 04.07.19 00:47, Eric Blake wrote: > Although you generally won't use encryption with a Unix socket (after > all, everything is local, so why waste the CPU power), there are > situations in testsuites where Unix sockets are much nicer than TCP > sockets. Since nbdkit allows encryption over both types of sockets, > it makes sense for qemu-nbd to do likewise. Hmm. The code is simple enough, so I don’t see a good reason not to. > The restriction has been present since its introduction in commits > 145614a1 and 75822a12 (v2.6), where the former documented the > limitation but did not provide any additional explanation why it was > added; but looking closer, it seems the most likely reason is that > x509 verification requires a hostname. But we can do the same as > migration did, and add a tls-hostname parameter to supply that > information. > > Signed-off-by: Eric Blake <eblake@redhat.com> > > --- > > Since this is now adding a new qemu-nbd command-line option, as well > as new QMP for blockdev-add, it has missed 4.1 softfreeze and should > probably be delayed to 4.2. > > RFC: The test is racy - it sometimes passes, and sometimes fails with: > > == check TLS with authorization over Unix == > qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error > -qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error > +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort Well, the first thing is that over TCP, the reference output shows that it should indeed fail with ECONNABORTED. So to me it seems like EIO is actually the wrong error code. Um, also, a perhaps stupid question: Why is there no passing test for client authorization? > I suspect that there is a bug in the qio TLS channel code when it > comes to handling a failed TLS handshake, which results in the racy > output. I'll need help solving that first. It might also be nice if > we had a bit more visibility into the gnutls error message when TLS > handshake fails. Well, what I can see is that the error code comes from qcrypto_tls_session_read(). You get ECONNABORTED for GNUTLS_E_PREMATURE_TERMINATION, and EIO for GNUTLS_E_PULL_ERROR (under default; but that’s the error that appears if it isn’t PREMATURE_TERMINATION). So I suppose you get ECONNABORTED if the first read happens after the RST is received (or the equivalent on Unix sockets, I have no idea how they work on the low level); and you get EIO if you try to read before that (because the TLS connection has just not been established successfully). I have experimented a bit, but unfortunately couldn’t find anything to change the test results in any way... :/ > --- > qemu-nbd.texi | 3 ++ > qapi/block-core.json | 5 ++ > block/nbd.c | 27 +++++++++-- > qemu-nbd.c | 26 ++++++++--- > tests/qemu-iotests/233 | 94 ++++++++++++++++++++++++++++++++++++-- > tests/qemu-iotests/233.out | 61 +++++++++++++++++++++++-- > tests/qemu-iotests/group | 2 +- > 7 files changed, 198 insertions(+), 20 deletions(-) > > diff --git a/qemu-nbd.texi b/qemu-nbd.texi > index 7f55657722bd..764518baef84 100644 > --- a/qemu-nbd.texi > +++ b/qemu-nbd.texi > @@ -123,6 +123,9 @@ Store the server's process ID in the given file. > Specify the ID of a qauthz object previously created with the > --object option. This will be used to authorize connecting users > against their x509 distinguished name. > +@item --tls-hostname=NAME > +When using list mode with TLS over a Unix socket, supply the hostname > +to use during validation of the server's x509 certificate. > @item -v, --verbose > Display extra debugging information. > @item -h, --help qemu-nbd.c has some parameter documentation, too. Maybe this option should be listed there. > diff --git a/qapi/block-core.json b/qapi/block-core.json > index 0d43d4f37c1a..95da0d44c220 100644 > --- a/qapi/block-core.json > +++ b/qapi/block-core.json > @@ -3856,6 +3856,10 @@ > # > # @tls-creds: TLS credentials ID > # > +# @tls-hostname: Hostname of the server, required only when using x509 based > +# TLS credentials when @server lacks a hostname (such as > +# using a Unix socket). (Since 4.1) Well, 4.2 now. > +# > # @x-dirty-bitmap: A "qemu:dirty-bitmap:NAME" string to query in place of > # traditional "base:allocation" block status (see > # NBD_OPT_LIST_META_CONTEXT in the NBD protocol) (since 3.0) [...] > diff --git a/block/nbd.c b/block/nbd.c > index 81edabbf35ed..ce3db21190ce 100644 > --- a/block/nbd.c > +++ b/block/nbd.c [...] > @@ -1624,12 +1629,25 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, > goto error; > } > > - /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ > - if (s->saddr->type != SOCKET_ADDRESS_TYPE_INET) { > - error_setg(errp, "TLS only supported over IP sockets"); > + switch (s->saddr->type) { > + case SOCKET_ADDRESS_TYPE_INET: > + hostname = s->saddr->u.inet.host; > + if (qemu_opt_get(opts, "tls-hostname")) { > + error_setg(errp, "tls-hostname not required with inet socket"); This is more “not allowed”, right? (Actually, why not? We could make the information from @server a default, but this would override it. Maybe useful just for testing, but why not.) > + goto error; > + } > + break; > + case SOCKET_ADDRESS_TYPE_UNIX: > + hostname = qemu_opt_get(opts, "tls-hostname"); Shouldn’t we check that @hostname is non-NULL? As far as I read the code now, if this option doesn’t exist, “<null>” will be used as the hostname somewhere down the stack. Which probably gives a weird error. > + break; > + default: > + /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ > + error_setg(errp, "TLS only supported over IP or Unix sockets"); > goto error; > } > - hostname = s->saddr->u.inet.host; > + } else if (qemu_opt_get(opts, "tls-hostname")) { > + error_setg(errp, "tls-hostname not supported without tls-creds"); > + goto error; > } > > /* NBD handshake */ [...] > diff --git a/qemu-nbd.c b/qemu-nbd.c > index a8cb39e51043..40ea1e299dc7 100644 > --- a/qemu-nbd.c > +++ b/qemu-nbd.c [...] > @@ -931,18 +937,22 @@ int main(int argc, char **argv) > } > > if (tlscredsid) { > - if (sockpath) { > - error_report("TLS is only supported with IPv4/IPv6"); > - exit(EXIT_FAILURE); > - } > if (device) { > error_report("TLS is not supported with a host device"); > exit(EXIT_FAILURE); > } > if (tlsauthz && list) { > - error_report("TLS authorization is incompatible with export list"); > + error_report("TLS authorization is incompatible with --list"); > exit(EXIT_FAILURE); > } > + if (tlshost) { > + if (!list) { > + error_report("TLS hostname is only for use with --list"); > + exit(EXIT_FAILURE); > + } > + } else { > + tlshost = bindto; Again, I wonder whether there should be a nice error message here if bindto is NULL. > + } > tlscreds = nbd_get_tls_creds(tlscredsid, list, &local_err); > if (local_err) { > error_report("Failed to get TLS creds %s", [...] > diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out > index 9b46284ab0de..b86bee020649 100644 > --- a/tests/qemu-iotests/233.out > +++ b/tests/qemu-iotests/233.out [...] > +== check TLS works over Unix == > +image: nbd+unix://?socket=SOCKET > +file format: nbd > +virtual size: 64 MiB (67108864 bytes) > +disk size: unavailable This has worked surprisingly well considering you did not pass tls-hostname. On the same note: If I remove the tls-hostname option from the “perform I/O over TLS” test, it keeps working. > +image: nbd+unix://?socket=SOCKET > +file format: nbd > +virtual size: 64 MiB (67108864 bytes) > +disk size: unavailable > +qemu-nbd: Certificate does not match the hostname 0.0.0.0 Yeah, that’s a weird error message. I think it could be better. Max > +exports available: 1 > + export: '' > + size: 67108864 > + flags: 0x4ed ( flush fua trim zeroes df cache ) > + min block: 1 > + opt block: 4096 > + max block: 33554432 > + available meta contexts: 1 > + base:allocation
On Wed, Jul 03, 2019 at 05:47:07PM -0500, Eric Blake wrote: > Although you generally won't use encryption with a Unix socket (after > all, everything is local, so why waste the CPU power), there are > situations in testsuites where Unix sockets are much nicer than TCP > sockets. Since nbdkit allows encryption over both types of sockets, > it makes sense for qemu-nbd to do likewise. > > The restriction has been present since its introduction in commits > 145614a1 and 75822a12 (v2.6), where the former documented the > limitation but did not provide any additional explanation why it was > added; but looking closer, it seems the most likely reason is that > x509 verification requires a hostname. But we can do the same as > migration did, and add a tls-hostname parameter to supply that > information. Yes, the x509 cert validation is precisely the reason. The client must validate the hostname it is connecting to, against the x509 certificate received from the server. If it doesn't use IP, then it had no hostnmae to validate the cert against. Since that time though, we added support for PSK credentials with TLS which requires no hostname validation, so the restriction no longer makes sense. Adding ability to set a tls-hostname parameter further enables its use with x509 credentials. > RFC: The test is racy - it sometimes passes, and sometimes fails with: > > == check TLS with authorization over Unix == > qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error > -qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error > +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort It is a bit complex to debug this because unfortunately gnutls API doesn't allow us to propagate the root cause error accurately. We return ECONNABORTED when GNUTLS reports GNUTLS_E_PREMATURE_TERMINATION. It reports this when it tries to read a packet header and gets EOF from the socket. We return EIO in other cases where there's no GNUTLS error code we want to handle explicitly. With some debugging I find that GNUTLS is returned GNUTLS_E_PULL_ERROR which is a generic code it returns whenever the read() callback fails for a reason which isn't EAGAIN. With more debugging I find the original recvfrom() is returning ECONNRESET, so this is basically just another name for EOF. I'm curious why we see EOF sometimes and ECONNRESET at other times. I disabled the qio_channel_shutdown call on the server and that just changed to a different race. Now we sometimes get ECONNRESET, and sometimes get EIO when trying to send the first NBD option header instead. > I suspect that there is a bug in the qio TLS channel code when it > comes to handling a failed TLS handshake, which results in the racy > output. I'll need help solving that first. It might also be nice if > we had a bit more visibility into the gnutls error message when TLS > handshake fails. I'm not sure there is a bug - it feels like there's just a few different shutdown scenarios we can hit based on timing, due to the fact there is no synchronization with the client when we drop the connection if authz fails. > @@ -1624,12 +1629,25 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, > goto error; > } > > - /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ > - if (s->saddr->type != SOCKET_ADDRESS_TYPE_INET) { > - error_setg(errp, "TLS only supported over IP sockets"); > + switch (s->saddr->type) { > + case SOCKET_ADDRESS_TYPE_INET: > + hostname = s->saddr->u.inet.host; > + if (qemu_opt_get(opts, "tls-hostname")) { > + error_setg(errp, "tls-hostname not required with inet socket"); > + goto error; > + } We don't need to forbid this. Consider if you have setup an SSH tunnel from localhost:someport, over to your remote server. NBD will get told to connect to localhost, but will need to validate the cert against the real remote hostname. > + break; > + case SOCKET_ADDRESS_TYPE_UNIX: > + hostname = qemu_opt_get(opts, "tls-hostname"); > + break; > + default: > + /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ > + error_setg(errp, "TLS only supported over IP or Unix sockets"); > goto error; > } I don't think we need any of this switch, instead just something like thus: hostname = qemu_opt_get(opts, "tls-hostname"); if (!hostname) { if (s->saddr->type == SOCKET_ADDRESS_TYPE_INET) { hostname = s->sadddr->u.inet.host; } else { error_setg(errp, "tls-hostname is required for non-IP sockets"); goto error; } } > - hostname = s->saddr->u.inet.host; > + } else if (qemu_opt_get(opts, "tls-hostname")) { > + error_setg(errp, "tls-hostname not supported without tls-creds"); > + goto error; > } > > /* NBD handshake */ > @@ -1752,6 +1770,7 @@ static const char *const nbd_strong_runtime_opts[] = { > "port", > "export", > "tls-creds", > + "tls-hostname", > "server.", > > NULL > diff --git a/qemu-nbd.c b/qemu-nbd.c > index a8cb39e51043..40ea1e299dc7 100644 > --- a/qemu-nbd.c > +++ b/qemu-nbd.c > @@ -62,6 +62,7 @@ > #define QEMU_NBD_OPT_FORK 263 > #define QEMU_NBD_OPT_TLSAUTHZ 264 > #define QEMU_NBD_OPT_PID_FILE 265 > +#define QEMU_NBD_OPT_TLSHOST 266 > > #define MBR_SIZE 512 > > @@ -76,6 +77,7 @@ static int nb_fds; > static QIONetListener *server; > static QCryptoTLSCreds *tlscreds; > static const char *tlsauthz; > +static const char *tlshost; > > static void usage(const char *name) > { > @@ -640,6 +642,7 @@ int main(int argc, char **argv) > { "description", required_argument, NULL, 'D' }, > { "tls-creds", required_argument, NULL, QEMU_NBD_OPT_TLSCREDS }, > { "tls-authz", required_argument, NULL, QEMU_NBD_OPT_TLSAUTHZ }, > + { "tls-hostname", required_argument, NULL, QEMU_NBD_OPT_TLSHOST }, > { "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS }, > { "trace", required_argument, NULL, 'T' }, > { "fork", no_argument, NULL, QEMU_NBD_OPT_FORK }, > @@ -864,6 +867,9 @@ int main(int argc, char **argv) > case QEMU_NBD_OPT_TLSAUTHZ: > tlsauthz = optarg; > break; > + case QEMU_NBD_OPT_TLSHOST: > + tlshost = optarg; > + break; > case QEMU_NBD_OPT_FORK: > fork_process = true; > break; > @@ -931,18 +937,22 @@ int main(int argc, char **argv) > } > > if (tlscredsid) { > - if (sockpath) { > - error_report("TLS is only supported with IPv4/IPv6"); > - exit(EXIT_FAILURE); > - } > if (device) { > error_report("TLS is not supported with a host device"); > exit(EXIT_FAILURE); > } > if (tlsauthz && list) { > - error_report("TLS authorization is incompatible with export list"); > + error_report("TLS authorization is incompatible with --list"); > exit(EXIT_FAILURE); > } > + if (tlshost) { > + if (!list) { > + error_report("TLS hostname is only for use with --list"); > + exit(EXIT_FAILURE); > + } > + } else { > + tlshost = bindto; I was a bit confused by the "bindto" name being used as the hostname to connect to for the --list client. Perhas we should rename it to something neutral - just hostname perhaps. > + } > tlscreds = nbd_get_tls_creds(tlscredsid, list, &local_err); > if (local_err) { > error_report("Failed to get TLS creds %s", > @@ -954,11 +964,15 @@ int main(int argc, char **argv) > error_report("--tls-authz is not permitted without --tls-creds"); > exit(EXIT_FAILURE); > } > + if (tlshost) { > + error_report("--tls-hostname is not permitted without --tls-creds"); > + exit(EXIT_FAILURE); > + } > } > > if (list) { > saddr = nbd_build_socket_address(sockpath, bindto, port); > - return qemu_nbd_client_list(saddr, tlscreds, bindto); > + return qemu_nbd_client_list(saddr, tlscreds, tlshost); > } > > #if !HAVE_NBD_DEVICE Regards, Daniel
On Fri, Jul 05, 2019 at 11:31:51AM +0200, Max Reitz wrote: > On 04.07.19 00:47, Eric Blake wrote: > > diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out > > index 9b46284ab0de..b86bee020649 100644 > > --- a/tests/qemu-iotests/233.out > > +++ b/tests/qemu-iotests/233.out > > [...] > > > +== check TLS works over Unix == > > +image: nbd+unix://?socket=SOCKET > > +file format: nbd > > +virtual size: 64 MiB (67108864 bytes) > > +disk size: unavailable > > This has worked surprisingly well considering you did not pass tls-hostname. > > On the same note: If I remove the tls-hostname option from the “perform > I/O over TLS” test, it keeps working. Yeah, that's a bug in crypto/tlssession.c. It is assuming that the hostname will always be provided for sessions in client mode, which was valid previously as all sessions were TCP based. ie it assumed that if hostname was NULL, it was doing server side certificate validation. That assumption is bogus now we allow sessions on non-TCP, so we must fix the code thus: @@ -365,6 +367,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, goto error; } } + if (!session->hostname && + session->creds->endpoint == + QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { + error_setg(errp, + "No hostname available to validate against " + "server's x509 certificate"); + goto error; + } if (session->hostname) { if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) { error_setg(errp, Regards, Daniel
On Wed, Jul 03, 2019 at 05:47:07PM -0500, Eric Blake wrote: > +== check TLS works over Unix == > +image: nbd+unix://?socket=SOCKET > +file format: nbd > +virtual size: 64 MiB (67108864 bytes) > +disk size: unavailable > +image: nbd+unix://?socket=SOCKET > +file format: nbd > +virtual size: 64 MiB (67108864 bytes) > +disk size: unavailable > +qemu-nbd: Certificate does not match the hostname 0.0.0.0 Seeing 0.0.0.0 is very odd since we don't specify that on the CLI anywhere. It looks like this is a side effect of reusing the "bindto" variable in --list mode, getting the default bind address of 0.0.0.0. We should ensure that this variable defaults to NULL when in --list mode I think, which will probably highlight the tlssession.c bug i mentioned. Regards, Daniel
On 7/5/19 4:31 AM, Max Reitz wrote: > On 04.07.19 00:47, Eric Blake wrote: >> Although you generally won't use encryption with a Unix socket (after >> all, everything is local, so why waste the CPU power), there are >> situations in testsuites where Unix sockets are much nicer than TCP >> sockets. Since nbdkit allows encryption over both types of sockets, >> it makes sense for qemu-nbd to do likewise. > > Hmm. The code is simple enough, so I don’t see a good reason not to. > > Um, also, a perhaps stupid question: Why is there no passing test for > client authorization? > Not a stupid question. It's copy-and-paste from the existing test over TCP, which Dan added in b25e12daf without any additional successful test I guess the earlier tests in the file are the success cases, and this just checks that authz restrictions cover the expected failure case of something that would succeed without authz? Or maybe that commit really is incomplete?
diff --git a/qemu-nbd.texi b/qemu-nbd.texi index 7f55657722bd..764518baef84 100644 --- a/qemu-nbd.texi +++ b/qemu-nbd.texi @@ -123,6 +123,9 @@ Store the server's process ID in the given file. Specify the ID of a qauthz object previously created with the --object option. This will be used to authorize connecting users against their x509 distinguished name. +@item --tls-hostname=NAME +When using list mode with TLS over a Unix socket, supply the hostname +to use during validation of the server's x509 certificate. @item -v, --verbose Display extra debugging information. @item -h, --help diff --git a/qapi/block-core.json b/qapi/block-core.json index 0d43d4f37c1a..95da0d44c220 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3856,6 +3856,10 @@ # # @tls-creds: TLS credentials ID # +# @tls-hostname: Hostname of the server, required only when using x509 based +# TLS credentials when @server lacks a hostname (such as +# using a Unix socket). (Since 4.1) +# # @x-dirty-bitmap: A "qemu:dirty-bitmap:NAME" string to query in place of # traditional "base:allocation" block status (see # NBD_OPT_LIST_META_CONTEXT in the NBD protocol) (since 3.0) @@ -3866,6 +3870,7 @@ 'data': { 'server': 'SocketAddress', '*export': 'str', '*tls-creds': 'str', + '*tls-hostname': 'str', '*x-dirty-bitmap': 'str' } } ## diff --git a/block/nbd.c b/block/nbd.c index 81edabbf35ed..ce3db21190ce 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -1577,6 +1577,11 @@ static QemuOptsList nbd_runtime_opts = { .type = QEMU_OPT_STRING, .help = "ID of the TLS credentials to use", }, + { + .name = "tls-hostname", + .type = QEMU_OPT_STRING, + .help = "hostname for x509 TLS credentials of target host", + }, { .name = "x-dirty-bitmap", .type = QEMU_OPT_STRING, @@ -1624,12 +1629,25 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, goto error; } - /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ - if (s->saddr->type != SOCKET_ADDRESS_TYPE_INET) { - error_setg(errp, "TLS only supported over IP sockets"); + switch (s->saddr->type) { + case SOCKET_ADDRESS_TYPE_INET: + hostname = s->saddr->u.inet.host; + if (qemu_opt_get(opts, "tls-hostname")) { + error_setg(errp, "tls-hostname not required with inet socket"); + goto error; + } + break; + case SOCKET_ADDRESS_TYPE_UNIX: + hostname = qemu_opt_get(opts, "tls-hostname"); + break; + default: + /* TODO SOCKET_ADDRESS_KIND_FD where fd has AF_INET or AF_INET6 */ + error_setg(errp, "TLS only supported over IP or Unix sockets"); goto error; } - hostname = s->saddr->u.inet.host; + } else if (qemu_opt_get(opts, "tls-hostname")) { + error_setg(errp, "tls-hostname not supported without tls-creds"); + goto error; } /* NBD handshake */ @@ -1752,6 +1770,7 @@ static const char *const nbd_strong_runtime_opts[] = { "port", "export", "tls-creds", + "tls-hostname", "server.", NULL diff --git a/qemu-nbd.c b/qemu-nbd.c index a8cb39e51043..40ea1e299dc7 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -62,6 +62,7 @@ #define QEMU_NBD_OPT_FORK 263 #define QEMU_NBD_OPT_TLSAUTHZ 264 #define QEMU_NBD_OPT_PID_FILE 265 +#define QEMU_NBD_OPT_TLSHOST 266 #define MBR_SIZE 512 @@ -76,6 +77,7 @@ static int nb_fds; static QIONetListener *server; static QCryptoTLSCreds *tlscreds; static const char *tlsauthz; +static const char *tlshost; static void usage(const char *name) { @@ -640,6 +642,7 @@ int main(int argc, char **argv) { "description", required_argument, NULL, 'D' }, { "tls-creds", required_argument, NULL, QEMU_NBD_OPT_TLSCREDS }, { "tls-authz", required_argument, NULL, QEMU_NBD_OPT_TLSAUTHZ }, + { "tls-hostname", required_argument, NULL, QEMU_NBD_OPT_TLSHOST }, { "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS }, { "trace", required_argument, NULL, 'T' }, { "fork", no_argument, NULL, QEMU_NBD_OPT_FORK }, @@ -864,6 +867,9 @@ int main(int argc, char **argv) case QEMU_NBD_OPT_TLSAUTHZ: tlsauthz = optarg; break; + case QEMU_NBD_OPT_TLSHOST: + tlshost = optarg; + break; case QEMU_NBD_OPT_FORK: fork_process = true; break; @@ -931,18 +937,22 @@ int main(int argc, char **argv) } if (tlscredsid) { - if (sockpath) { - error_report("TLS is only supported with IPv4/IPv6"); - exit(EXIT_FAILURE); - } if (device) { error_report("TLS is not supported with a host device"); exit(EXIT_FAILURE); } if (tlsauthz && list) { - error_report("TLS authorization is incompatible with export list"); + error_report("TLS authorization is incompatible with --list"); exit(EXIT_FAILURE); } + if (tlshost) { + if (!list) { + error_report("TLS hostname is only for use with --list"); + exit(EXIT_FAILURE); + } + } else { + tlshost = bindto; + } tlscreds = nbd_get_tls_creds(tlscredsid, list, &local_err); if (local_err) { error_report("Failed to get TLS creds %s", @@ -954,11 +964,15 @@ int main(int argc, char **argv) error_report("--tls-authz is not permitted without --tls-creds"); exit(EXIT_FAILURE); } + if (tlshost) { + error_report("--tls-hostname is not permitted without --tls-creds"); + exit(EXIT_FAILURE); + } } if (list) { saddr = nbd_build_socket_address(sockpath, bindto, port); - return qemu_nbd_client_list(saddr, tlscreds, bindto); + return qemu_nbd_client_list(saddr, tlscreds, tlshost); } #if !HAVE_NBD_DEVICE diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index a5c17c39639d..1891a3a65084 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -30,7 +30,7 @@ _cleanup() { nbd_server_stop _cleanup_test_img - # If we aborted early we want to see this log for diagnosis + # If we aborted early we want to see these logs for diagnosis test -f "$TEST_DIR/server.log" && cat "$TEST_DIR/server.log" rm -f "$TEST_DIR/server.log" tls_x509_cleanup @@ -67,7 +67,7 @@ _make_test_img 64M $QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" | _filter_qemu_io echo -echo "== check TLS client to plain server fails ==" +echo "== check TLS client to plain TCP server fails ==" nbd_server_start_tcp_socket -f $IMGFMT "$TEST_IMG" 2> "$TEST_DIR/server.log" obj=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 @@ -80,7 +80,7 @@ $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \ nbd_server_stop echo -echo "== check plain client to TLS server fails ==" +echo "== check plain client to TLS TCP server fails ==" nbd_server_start_tcp_socket \ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ @@ -91,7 +91,7 @@ $QEMU_IMG info nbd://localhost:$nbd_tcp_port 2>&1 | sed "s/$nbd_tcp_port/PORT/g" $QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port echo -echo "== check TLS works ==" +echo "== check TLS works over TCP ==" obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 obj2=tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 $QEMU_IMG info --image-opts --object $obj1 \ @@ -123,7 +123,7 @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' --image-opts \ $QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io echo -echo "== check TLS with authorization ==" +echo "== check TLS with authorization over TCP ==" nbd_server_stop @@ -145,6 +145,90 @@ $QEMU_IMG info --image-opts \ driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \ 2>&1 | sed "s/$nbd_tcp_port/PORT/g" +nbd_server_stop + +echo +echo "== check TLS client to plain Unix server fails ==" +nbd_server_start_unix_socket -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" + +obj=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj --tls-creds=tls0 + +nbd_server_stop + +echo +echo "== check plain client to TLS Unix server fails ==" + +nbd_server_start_unix_socket \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --tls-creds tls0 \ + -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" + +$QEMU_IMG info nbd+unix://\?socket=$nbd_unix_socket \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" +$QEMU_NBD_PROG -L -k $nbd_unix_socket + +echo +echo "== check TLS works over Unix ==" +obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 +obj2=tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj1 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" +$QEMU_IMG info --image-opts --object $obj2 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 --tls-creds=tls0 +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 --tls-creds=tls0 \ + --tls-hostname=localhost + +echo +echo "== check TLS with different CA fails ==" +obj=tls-creds-x509,dir=${tls_dir}/client2,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj \ + --tls-creds=tls0 --tls-hostname=localhost + +echo +echo "== perform I/O over TLS ==" +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT +$QEMU_IO -c 'r -P 0x22 1m 1m' -c 'w -P 0x33 1m 1m' --image-opts \ + --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | _filter_qemu_io + +$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x33 1m 1m' "$TEST_IMG" | _filter_qemu_io + +echo +echo "== check TLS with authorization over Unix ==" + +nbd_server_stop + +nbd_server_start_unix_socket \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object "authz-simple,id=authz0,identity=CN=localhost,, \ + O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \ + --tls-authz authz0 \ + --tls-creds tls0 \ + -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" + +$QEMU_IMG info --image-opts \ + --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" + +$QEMU_IMG info --image-opts \ + --object tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0,tls-hostname=localhost \ + 2>&1 | sed "s,$nbd_unix_socket,SOCKET,g" + +nbd_server_stop + echo echo "== final server log ==" cat "$TEST_DIR/server.log" diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out index 9b46284ab0de..b86bee020649 100644 --- a/tests/qemu-iotests/233.out +++ b/tests/qemu-iotests/233.out @@ -13,19 +13,19 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 wrote 1048576/1048576 bytes at offset 1048576 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -== check TLS client to plain server fails == +== check TLS client to plain TCP server fails == qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) server reported: TLS not configured qemu-nbd: Denied by server for option 5 (starttls) server reported: TLS not configured -== check plain client to TLS server fails == +== check plain client to TLS TCP server fails == qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 8 (structured reply) server reported: Option 0x8 not permitted before TLS qemu-nbd: TLS negotiation required before option 8 (structured reply) server reported: Option 0x8 not permitted before TLS -== check TLS works == +== check TLS works over TCP == image: nbd://127.0.0.1:PORT file format: nbd virtual size: 64 MiB (67108864 bytes) @@ -56,13 +56,66 @@ wrote 1048576/1048576 bytes at offset 1048576 read 1048576/1048576 bytes at offset 1048576 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -== check TLS with authorization == +== check TLS with authorization over TCP == qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort +== check TLS client to plain Unix server fails == +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Denied by server for option 5 (starttls) +server reported: TLS not configured +qemu-nbd: Denied by server for option 5 (starttls) +server reported: TLS not configured + +== check plain client to TLS Unix server fails == +qemu-img: Could not open 'nbd+unix://?socket=SOCKET': TLS negotiation required before option 8 (structured reply) +server reported: Option 0x8 not permitted before TLS +qemu-nbd: TLS negotiation required before option 8 (structured reply) +server reported: Option 0x8 not permitted before TLS + +== check TLS works over Unix == +image: nbd+unix://?socket=SOCKET +file format: nbd +virtual size: 64 MiB (67108864 bytes) +disk size: unavailable +image: nbd+unix://?socket=SOCKET +file format: nbd +virtual size: 64 MiB (67108864 bytes) +disk size: unavailable +qemu-nbd: Certificate does not match the hostname 0.0.0.0 +exports available: 1 + export: '' + size: 67108864 + flags: 0x4ed ( flush fua trim zeroes df cache ) + min block: 1 + opt block: 4096 + max block: 33554432 + available meta contexts: 1 + base:allocation + +== check TLS with different CA fails == +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': The certificate hasn't got a known issuer +qemu-nbd: The certificate hasn't got a known issuer + +== perform I/O over TLS == +read 1048576/1048576 bytes at offset 1048576 +1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 1048576/1048576 bytes at offset 1048576 +1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 1048576/1048576 bytes at offset 1048576 +1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== check TLS with authorization over Unix == +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error + == final server log == qemu-nbd: option negotiation failed: Verify failed: No certificate was found. qemu-nbd: option negotiation failed: Verify failed: No certificate was found. qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client1,L=R'lyeh,C=South Pacific is denied qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client3,L=R'lyeh,C=South Pacific is denied +qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort +qemu-nbd: option negotiation failed: Verify failed: No certificate was found. +qemu-nbd: option negotiation failed: Verify failed: No certificate was found. +qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client1,L=R'lyeh,C=South Pacific is denied +qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client3,L=R'lyeh,C=South Pacific is denied *** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index b34c8e3c0c6d..7d02363f14bd 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -245,7 +245,7 @@ 229 auto quick 231 auto quick 232 quick -233 auto quick +233 auto 234 quick migration 235 quick 236 quick
Although you generally won't use encryption with a Unix socket (after all, everything is local, so why waste the CPU power), there are situations in testsuites where Unix sockets are much nicer than TCP sockets. Since nbdkit allows encryption over both types of sockets, it makes sense for qemu-nbd to do likewise. The restriction has been present since its introduction in commits 145614a1 and 75822a12 (v2.6), where the former documented the limitation but did not provide any additional explanation why it was added; but looking closer, it seems the most likely reason is that x509 verification requires a hostname. But we can do the same as migration did, and add a tls-hostname parameter to supply that information. Signed-off-by: Eric Blake <eblake@redhat.com> --- Since this is now adding a new qemu-nbd command-line option, as well as new QMP for blockdev-add, it has missed 4.1 softfreeze and should probably be delayed to 4.2. RFC: The test is racy - it sometimes passes, and sometimes fails with: == check TLS with authorization over Unix == qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error -qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Input/output error +qemu-img: Could not open 'driver=nbd,path=SOCKET,tls-creds=tls0,tls-hostname=localhost': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort I suspect that there is a bug in the qio TLS channel code when it comes to handling a failed TLS handshake, which results in the racy output. I'll need help solving that first. It might also be nice if we had a bit more visibility into the gnutls error message when TLS handshake fails. --- qemu-nbd.texi | 3 ++ qapi/block-core.json | 5 ++ block/nbd.c | 27 +++++++++-- qemu-nbd.c | 26 ++++++++--- tests/qemu-iotests/233 | 94 ++++++++++++++++++++++++++++++++++++-- tests/qemu-iotests/233.out | 61 +++++++++++++++++++++++-- tests/qemu-iotests/group | 2 +- 7 files changed, 198 insertions(+), 20 deletions(-)