Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24614

[RHEL9][chardev] qemu hit core dump while using TLS server from host to guest

    • qemu-kvm-8.2.0-10.el9_4
    • Yes
    • Important
    • Regression, CustomerScenariosInitiative
    • sst_virtualization_hwe
    • ssg_virtualization
    • 29
    • 30
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Approved Exception
    • Bug Fix
    • Hide
      .QEMU creates core dump while using a TLS channel from host to guest machine

      If you use a TLS channel to connect a serial port or console of a KVM guest to another program, it does not work reliably. Consequently, on the `s390x` architecture, the guest or `qemu-kvm` process could crash unexpectedly if the host machine sends more data by using the TLS channel than the processing capacity of the guest machine. Additionally, on `x86` and `aarch64` architectures, the data stream between other programs and `qemu-kvm` can drop bytes if connected over the TLS channel. With this fix, the connection works reliably over TLS channels.
      Show
      .QEMU creates core dump while using a TLS channel from host to guest machine If you use a TLS channel to connect a serial port or console of a KVM guest to another program, it does not work reliably. Consequently, on the `s390x` architecture, the guest or `qemu-kvm` process could crash unexpectedly if the host machine sends more data by using the TLS channel than the processing capacity of the guest machine. Additionally, on `x86` and `aarch64` architectures, the data stream between other programs and `qemu-kvm` can drop bytes if connected over the TLS channel. With this fix, the connection works reliably over TLS channels.
    • Done
    • All
    • None

      What were you trying to do that didn't work?

      I've try to launch QEMU with a serial port as TLS server from host to guest

      Please provide the package NVR for which bug is seen:

      host kernel version: kernel-5.14.0-408.el9.s390x

      guest kernel version: kernel-5.14.0-408.el9.s390x/ kernel-5.14.0-417.el9.s390x

      qemu-kvm version: qemu-kvm-8.2.0-2.el9.s390x

      libvirt version: libvirt-9.9.0-1.el9.s390x

      gnutls-utils version: gnutls-utils-3.8.2-2.el9.s390x

      How reproducible:

      100%

      Steps to reproduce

      1. set up the TLS certification and active the TILS server on host
        1. # cd /etc/pki/qemu && gnutls-serv --echo --x509cafile ca-cert.pem --x509keyfile server-key.pem --x509certfile server-cert.pem -p 8338
      2. Launch QEMU with a serial port as TLS client
        1.     -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=client \
              -chardev socket,id=tls_chardev,host=l47,port=8338,tls-creds=tls0 \
              -device sclpconsole,chardev=tls_chardev,id=tls_serial \

      Expected results

      guest could boot up successfully and TLS could work well

      Actual results

      QEMU 8.2.0 monitor - type 'help' for more information

      (qemu) qemu-kvm: ../hw/char/sclpconsole.c:73: void chr_read(void *, const uint8_t *, int): Assertion `size <= SIZE_BUFFER_VT220 - scon->iov_data_len' failed.
      test.sh: line 27:  3927 Aborted                 (core dumped) /usr/libexec/qemu-kvm -name 'avocado-vt-vm1' -sandbox on -machine s390-ccw-virtio,memory-backend=mem-machine_mem -nodefaults -vga none -m 11264 -object '{"size": 11811160064, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}' -smp 6,maxcpus=6,cores=3,threads=1,sockets=2 -cpu 'host' -chardev socket,id=qmp_id_qmpmonitor1,server=on,path=/tmp/bfuqmp,wait=off -device '{"id": "virtio_scsi_ccw0", "driver": "virtio-scsi-ccw"}' -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kar/vt_test_images/rhel940-s390x-virtio-scsi.qcow2", "cache": {"direct": true, "no-flush": false}}' -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache":

      {"direct": true, "no-flush": false}

      , "file": "file_image1"}' -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' -device '{"driver": "virtio-net-ccw", "mac": "9a:72:85:dc:3e:a0", "id": "idUeHSyk", "netdev": "idUlHvBp"}' -netdev '{"id": "idUlHvBp", "type": "tap", "vhost": true}' -nographic -rtc base=utc,clock=host -boot strict=on -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=client -chardev socket,id=tls_chardev,host=l47,port=8338,tls-creds=tls0 -device sclpconsole,chardev=tls_chardev,id=tls_serial -enable-kvm -device '{"driver": "virtio-mouse-ccw", "id": "input_mouse1"}' -device '{"driver": "virtio-keyboard-ccw", "id": "input_keyboard1"}' -monitor stdio
      gnutls-utils-3.8.2-2.el9.s390x

              bfu@redhat.com Leo Fu
              bfu@redhat.com Leo Fu
              Thomas Huth Thomas Huth
              Leo Fu Leo Fu
              Mayur Patil Mayur Patil
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: