Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32167

qemu NBD server code can fail negotiating TLS on multiple exports

    • None
    • Moderate
    • rhel-sst-virtualization-storage
    • ssg_virtualization
    • 5
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      See the following upstream qemu thread about a scenario where serving multiple NBD exports over TLS can cause qemu to corrupt its list of pending coroutines:

      https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg06825.html

      I am not sure how easy it is to trip the issue without multiple exports, although I am confident that the issue can only trip when TLS is requested.  However, libvirt uses NBD with TLS for disk migration, so it is probably that migrating a guest with many disks would set up such a scenario.

      Please provide the package NVR for which bug is seen:

      qemu-kvm-8.2.0-1.el9

      How reproducible:

      Difficult to reproduce without gdb or adding assertions to the qemu source code

      Steps to reproduce

      1. export multiple disks over NBD with TLS
      2. connect clients to those disks quickly enough that the network load makes it more likely that the TLS handshake gets interrupted, triggering the code path where qemu as NBD server attempts to spawn a main loop and call poll() while still inside the coroutine handling the upgrade to TLS based on the client's NBD_OPT_STARTTLS command

      Expected results

      coroutines should never poll; the result of pausing the coroutine led to corruption of the list of pending coroutines

      Actual results

      since qemu is already in coroutine context when serving an NBD connection, any interruption in the TLS upgrade should resume that same coroutine rather than spawn a separate poll loop. Upstream patch proposed:

      https://lists.gnu.org/archive/html/qemu-devel/2024-04/msg00886.html

              eblake_redhat Eric Blake
              eblake_redhat Eric Blake
              virt-maint virt-maint
              Aihua Liang Aihua Liang
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: