From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Bin Meng <bmeng.cn@gmail.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"qemu-devel@nongnu.org Developers" <qemu-devel@nongnu.org>,
Bin Meng <bin.meng@windriver.com>,
Juan Quintela <quintela@redhat.com>,
Laurent Vivier <lvivier@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Huth <thuth@redhat.com>
Subject: Re: [PATCH v2 35/39] tests/qtest: migration-test: Skip running some TLS cases for win32
Date: Wed, 28 Sep 2022 08:07:22 +0100 [thread overview]
Message-ID: <YzPyqhI2oDnbNhmg@redhat.com> (raw)
In-Reply-To: <CAEUhbmVHYN4MM3XqTb_4i_5Wm-xa7ZrH6CysnqukVfVC5gLFUQ@mail.gmail.com>
On Wed, Sep 28, 2022 at 02:03:28PM +0800, Bin Meng wrote:
> Hi Daniel,
>
> On Tue, Sep 27, 2022 at 11:40 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > On Thu, Sep 22, 2022 at 07:54:05PM +0800, Bin Meng wrote:
> > > On Thu, Sep 22, 2022 at 6:39 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
> > > >
> > > > On Thu, Sep 22, 2022 at 10:47:26AM +0800, Bin Meng wrote:
> > > > > On Thu, Sep 22, 2022 at 1:23 AM Daniel P. Berrangé <berrange@redhat.com> wrote:
> > > > > >
> > > > > > On Wed, Sep 21, 2022 at 05:51:33PM +0100, Dr. David Alan Gilbert wrote:
> > > > > > > * Bin Meng (bmeng.cn@gmail.com) wrote:
> > > > > > > > From: Bin Meng <bin.meng@windriver.com>
> > > > > > > >
> > > > > > > > Some migration test cases use TLS to communicate, but they fail on
> > > > > > > > Windows with the following error messages:
> > > > > > > >
> > > > > > > > qemu-system-x86_64: TLS handshake failed: Insufficient credentials for that request.
> > > > > > > > qemu-system-x86_64: TLS handshake failed: Error in the pull function.
> > > > > > > > query-migrate shows failed migration: TLS handshake failed: Error in the pull function.
> > > > > > > >
> > > > > > > > Disable them temporarily.
> > > > > > > >
> > > > > > > > Signed-off-by: Bin Meng <bin.meng@windriver.com>
> > > > > > > > ---
> > > > > > > > I am not familar with the gnutls and simply enabling the gnutls debug
> > > > > > > > output does not give me an immedidate hint on why it's failing on
> > > > > > > > Windows. Disable these cases for now until someone or maintainers
> > > > > > > > who may want to test this on Windows.
> > > > > > >
> > > > > > > Copying in Dan Berrange, he's our expert on weird TLS failures.
> > > > > >
> > > > > > Seems to match this:
> > > > > >
> > > > > > https://gnutls.org/faq.html#key-usage-violation2
> > > > > >
> > > > > > which suggests we have a configuration mis-match.
> > > > > >
> > > > > > I'm surprised to see you are only needing to disable the TLS PSK tests,
> > > > > > not the TLS x509 tests.
> > > > >
> > > > > The TLS x509 qtests all passed.
> > > > >
> > > > > >
> > > > > > I'd like to know if tests/unit/test-crypto-tlssession passes.
> > > > >
> > > > > These unit tests currently are not built on Windows as they simply
> > > > > don't build due to usage of socketpair().
> > > >
> > > > Doh, yes, that's rather annoying, as debugging this problem in the
> > > > unit tests would be easier than in qtests.
> > > >
> > > > > > If so, it might suggest we are missing 'priority: NORMAL' property
> > > > > > when configuring TLS creds for the migration test.
> > > > >
> > > > > I did the following changes but the error is still the same:
> > > >
> > > > >
> > > > > diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
> > > > > index dbee9b528a..c1e3f11873 100644
> > > > > --- a/tests/qtest/migration-test.c
> > > > > +++ b/tests/qtest/migration-test.c
> > > > > @@ -788,7 +788,8 @@ test_migrate_tls_psk_start_common(QTestState *from,
> > > > > " 'id': 'tlscredspsk0',"
> > > > > " 'endpoint': 'client',"
> > > > > " 'dir': %s,"
> > > > > - " 'username': 'qemu'} }",
> > > > > + " 'username': 'qemu',"
> > > > > + " 'priority': 'NORMAL'} }",
> > > > > data->workdir);
> > > > > qobject_unref(rsp);
> > > > > @@ -797,7 +798,8 @@ test_migrate_tls_psk_start_common(QTestState *from,
> > > > > " 'arguments': { 'qom-type': 'tls-creds-psk',"
> > > > > " 'id': 'tlscredspsk0',"
> > > > > " 'endpoint': 'server',"
> > > > > - " 'dir': %s } }",
> > > > > + " 'dir': %s,"
> > > > > + " 'priority': 'NORMAL'} }",
> > > > > mismatch ? data->workdiralt : data->workdir);
> > > > > qobject_unref(rsp);
> > > > >
> > > > > I am not sure whether I did the right changes.
> > > >
> > > >
> > > > That ought to have been sufficient, if priority strings were the
> > > > problem.
> > > >
> > > >
> > > > I think we'd need the debug output from gnutls - could you edit crypto/init.c
> > > > and uncomment the '#define DEBUG_GNUTLS' line near the top.
> > > >
> > > > If you can post the output you get from a single migration-test test case
> > > > involving PSK, it might be enough to diagnose why gnutls is failing.
> > > >
> > >
> > > Here is the output:
> > >
> > > # Start of tls tests
> > > # starting QEMU: ./qemu-system-x86_64 -qtest
> > > unix:D:\msys64\tmp/qtest-18480.sock -qtest-log nul -chardev
> > > socket,path=D:\msys64\tmp/qtest-18480.qmp,id=char0 -mon
> > > chardev=char0,mode=control -display none -accel kvm -accel t
> > > cg -name source,debug-threads=on -m 150M -serial
> > > file:D:\msys64\tmp\migration-test-A5WJS1/src_serial -drive
> > > file=D:\msys64\tmp\migration-test-A5WJS1/bootsect,format=raw -accel
> > > qtest
> > > qemu: thread naming not supported on this host
> > > # starting QEMU: ./qemu-system-x86_64 -qtest
> > > unix:D:\msys64\tmp/qtest-18480.sock -qtest-log nul -chardev
> > > socket,path=D:\msys64\tmp/qtest-18480.qmp,id=char0 -mon
> > > chardev=char0,mode=control -display none -accel kvm -accel t
> > > cg -name target,debug-threads=on -m 150M -serial
> > > file:D:\msys64\tmp\migration-test-A5WJS1/dest_serial -incoming
> > > unix:D:\msys64\tmp\migration-test-A5WJS1/migsocket -drive
> > > file=D:\msys64\tmp\migration-test-A5WJS1/bootsect,f
> > > ormat=raw -accel qtest
> >
> > Comparing to running the same test on my machine.....
> >
> > > 4: EXT[0000015bb1dd2c50]: Sending extension Supported Versions/43 (9 bytes)
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Post Handshake Auth/49)
> > > for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Safe
> > > Renegotiation/65281) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Sending extension Safe Renegotiation/65281 (1 bytes)
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Server Name
> > > Indication/0) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Cookie/44) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Early Data/42) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (PSK Key Exchange
> > > Modes/45) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Record Size Limit/28)
> > > for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Sending extension Record Size Limit/28 (2 bytes)
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Maximum Record Size/1)
> > > for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Compress
> > > Certificate/27) for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (ClientHello Padding/21)
> > > for 'client hello'
> > > 4: EXT[0000015bb1dd2c50]: Preparing extension (Pre Shared Key/41) for
> > > 'client hello'
> >
> > Right here is missing two items:
> >
> > 4: EXT[0x55bd0c660d30]: sent PSK identity 'qemu' (0)
> > 4: EXT[0x55bd0c660d30]: Sending extension Pre Shared Key/41 (47 bytes)
> >
> > So it appears the client is not sendnig the PSK credentials
> >
> > > 4: HSK[0000015bb1dd2c50]: CLIENT HELLO was queued [343 bytes]
> > > 5: REC[0000015bb1dd2c50]: Preparing Packet Handshake(22) with length:
> > > 343 and min pad: 0
> > > 9: ENC[0000015bb1dd2c50]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
> > > 5: REC[0000015bb1dd2c50]: Sent Packet[1] Handshake(22) in epoch 0 and
> > > length: 348
> >
> > I believe there are probably two issues - first we're igonring the
> > return value of gnutls_psk_set_client_credentials() and I have a feeling
> > that is reporting an error.
>
> Indeed gnutls_psk_set_client_credentials() fails with "Error in
> parsing." message.
>
> > Second, when we write the PSK credentials out
> > to disk, we're not using binary mode, so I think UNIX line endings are
> > getting turned into DOS line endings, and when we later load the PSK
> > credentials there's a stray \r present that probably breaks
> > gnutls_psk_set_client_credentials.
>
> I think that's what happened.
>
> >
> > Could you try this patch and see if it makes the PSK tests work for
> > migration-test:
>
> Yes, this patch fixed the TLS test cases in the migration-test on Windows!
>
> Thank you very much for the help!
>
> Would you mind sending the patches on your own, or you want me to
> include them in the next version of this series?
I'll send my patch formally and CC you.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-09-28 7:29 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-20 10:31 [PATCH v2 00/39] tests/qtest: Enable running qtest on Windows Bin Meng
2022-09-20 10:31 ` [PATCH v2 01/39] tests: Change to use g_mkdir() Bin Meng
2022-09-22 19:32 ` Marc-André Lureau
2022-09-23 1:09 ` Bin Meng
2022-09-23 18:02 ` Thomas Huth
2022-09-26 8:21 ` Daniel P. Berrangé
2022-09-20 10:31 ` [PATCH v2 02/39] tests/qtest: i440fx-test: Rewrite create_blob_file() to be portable Bin Meng
2022-09-22 19:34 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 03/39] block: Unify the get_tmp_filename() implementation Bin Meng
2022-09-22 19:38 ` Marc-André Lureau
2022-09-24 8:09 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 04/39] semihosting/arm-compat-semi: Avoid using hardcoded /tmp Bin Meng
2022-09-23 16:20 ` Alex Bennée
2022-09-20 10:31 ` [PATCH v2 05/39] tcg: " Bin Meng
2022-09-23 16:20 ` Alex Bennée
2022-09-20 10:31 ` [PATCH v2 06/39] util/qemu-sockets: Use g_get_tmp_dir() to get the directory for temporary files Bin Meng
2022-09-20 10:31 ` [PATCH v2 07/39] tests: Avoid using hardcoded /tmp in test cases Bin Meng
2022-09-22 19:46 ` Marc-André Lureau
2022-09-23 4:43 ` Markus Armbruster
2022-09-20 10:31 ` [PATCH v2 08/39] block/vvfat: Unify the mkdir() call Bin Meng
2022-09-22 19:47 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 09/39] fsdev/virtfs-proxy-helper: Use g_mkdir() Bin Meng
2022-09-20 13:42 ` Christian Schoenebeck
2022-09-20 10:31 ` [PATCH v2 10/39] hw/usb: dev-mtp: " Bin Meng
2022-09-20 11:20 ` Gerd Hoffmann
2022-09-20 10:31 ` [PATCH v2 11/39] tests/qtest: Skip running virtio-net-test cases that require socketpair() for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 12/39] tests/qtest: Build test-filter-{mirror, redirector} cases for posix only Bin Meng
2022-09-20 10:31 ` [PATCH v2 13/39] tests/qtest: qmp-test: Skip running test_qmp_oob for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 14/39] accel/qtest: Implement a portable qtest accelerator Bin Meng
2022-09-20 10:31 ` [PATCH v2 15/39] tests/qtest: libqtest: Adapt global_qtest declaration for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 16/39] tests/qtest: Use send/recv for socket communication Bin Meng
2022-09-22 19:52 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 17/39] tests/qtest: libqtest: Exclude the *_fds APIs for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 18/39] tests/qtest: libqtest: Install signal handler via signal() Bin Meng
2022-09-22 19:55 ` Marc-André Lureau
2022-09-23 17:54 ` Thomas Huth
2022-09-20 10:31 ` [PATCH v2 19/39] tests/qtest: Support libqtest to build and run on Windows Bin Meng
2022-09-22 19:59 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 20/39] tests/qtest: {ahci, ide}-test: Use relative path for temporary files for win32 Bin Meng
2022-09-22 20:02 ` Marc-André Lureau
2022-09-23 20:00 ` John Snow
2022-09-20 10:31 ` [PATCH v2 21/39] tests/qtest: bios-tables-test: Adapt the case " Bin Meng
2022-09-20 10:31 ` [PATCH v2 22/39] tests/qtest: migration-test: Disable IO redirection " Bin Meng
2022-09-22 20:04 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 23/39] tests/qtest: ide-test: Open file in binary mode Bin Meng
2022-09-20 10:31 ` [PATCH v2 24/39] tests/qtest: virtio-net-failover: Disable migration tests for win32 Bin Meng
2022-09-22 20:05 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 25/39] chardev/char-file: Add FILE_SHARE_WRITE when openning the file " Bin Meng
2022-09-22 20:09 ` Marc-André Lureau
2022-09-24 8:10 ` Bin Meng
2022-09-25 5:19 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 26/39] tests/qtest: migration-test: Make sure QEMU process "to" exited after migration is canceled Bin Meng
2022-09-21 16:29 ` Dr. David Alan Gilbert
2022-09-21 16:50 ` Daniel P. Berrangé
2022-09-21 21:54 ` Marc-André Lureau
2022-09-22 3:29 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 27/39] hw/ppc: spapr: Use qemu_vfree() to free spapr->htab Bin Meng
2022-09-20 10:31 ` [PATCH v2 28/39] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure Bin Meng
2022-09-20 11:17 ` Cédric Le Goater
2022-09-20 15:40 ` Daniel Henrique Barboza
2022-09-21 0:14 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 29/39] tests/qtest: microbit-test: Fix socket access for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 30/39] tests/qtest: libqtest: Replace the call to close a socket with closesocket() Bin Meng
2022-09-20 10:31 ` [PATCH v2 31/39] tests/qtest: libqtest: Correct the timeout unit of blocking receive calls for win32 Bin Meng
2022-09-20 10:31 ` [PATCH v2 32/39] io/channel-watch: Drop a superfluous '#ifdef WIN32' Bin Meng
2022-09-20 10:31 ` [PATCH v2 33/39] io/channel-watch: Drop the unnecessary cast Bin Meng
2022-09-22 20:13 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 34/39] io/channel-watch: Fix socket watch on Windows Bin Meng
2022-09-20 10:31 ` [PATCH v2 35/39] tests/qtest: migration-test: Skip running some TLS cases for win32 Bin Meng
2022-09-21 16:51 ` Dr. David Alan Gilbert
2022-09-21 17:23 ` Daniel P. Berrangé
2022-09-22 2:47 ` Bin Meng
2022-09-22 10:39 ` Daniel P. Berrangé
2022-09-22 11:54 ` Bin Meng
2022-09-27 15:40 ` Daniel P. Berrangé
2022-09-28 6:03 ` Bin Meng
2022-09-28 7:07 ` Daniel P. Berrangé [this message]
2022-09-22 20:16 ` Marc-André Lureau
2022-09-20 10:31 ` [PATCH v2 36/39] .gitlab-ci.d/windows.yml: Increase the timeout to 90 minutes Bin Meng
2022-09-23 16:22 ` Alex Bennée
2022-09-23 17:50 ` Thomas Huth
2022-09-24 1:13 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 37/39] .gitlab-ci.d/windows.yml: Display meson test logs Bin Meng
2022-09-20 10:31 ` [PATCH v2 38/39] tests/qtest: Enable qtest build on Windows Bin Meng
2022-09-22 20:18 ` Marc-André Lureau
2022-09-24 8:13 ` Bin Meng
2022-09-20 10:31 ` [PATCH v2 39/39] docs/devel: testing: Document writing portable test cases Bin Meng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YzPyqhI2oDnbNhmg@redhat.com \
--to=berrange@redhat.com \
--cc=bin.meng@windriver.com \
--cc=bmeng.cn@gmail.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.