From patchwork Wed Mar 2 17:49:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 63C61C433EF for ; Wed, 2 Mar 2022 17:54:47 +0000 (UTC) Received: from localhost ([::1]:48598 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTBW-0005uY-GN for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:54:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53900) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT79-0006CF-50 for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:15 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:51266) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT77-0008CZ-Iu for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z5N+ypWR28fOuZs48xWZjrvWy1P1WPlDvMHQasYd180=; b=LSFBt7X0DKtQjXCWhc/1iPQKIhT54ue2fk4h5h6MXRCM44/JhAdNaNeaaFGBE3/9kvy1nG cUq0CWi/21CEh5fmPl5m+uwkB0goNhjyLhIj0yjbobpzd3h8m/PJuBDIlmNzqmEHxSj/sj YmKzID9/u1GktA3eLkGgR2Tie61FTfo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-253-fdqRNxhjNQ6T5zadHJgvbQ-1; Wed, 02 Mar 2022 12:50:01 -0500 X-MC-Unique: fdqRNxhjNQ6T5zadHJgvbQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 201011006AA5 for ; Wed, 2 Mar 2022 17:50:00 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id D4E6E8000B; Wed, 2 Mar 2022 17:49:57 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 01/18] tests: fix encoding of IP addresses in x509 certs Date: Wed, 2 Mar 2022 17:49:15 +0000 Message-Id: <20220302174932.2692378-2-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" We need to encode just the address bytes, not the whole struct sockaddr data. Add a test case to validate that we're matching on SAN IP addresses correctly. Signed-off-by: Daniel P. Berrangé --- tests/unit/crypto-tls-x509-helpers.c | 16 +++++++++++++--- tests/unit/test-crypto-tlssession.c | 11 +++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/tests/unit/crypto-tls-x509-helpers.c b/tests/unit/crypto-tls-x509-helpers.c index fc609b3fd4..e9937f60d8 100644 --- a/tests/unit/crypto-tls-x509-helpers.c +++ b/tests/unit/crypto-tls-x509-helpers.c @@ -168,9 +168,19 @@ test_tls_get_ipaddr(const char *addrstr, hints.ai_flags = AI_NUMERICHOST; g_assert(getaddrinfo(addrstr, NULL, &hints, &res) == 0); - *datalen = res->ai_addrlen; - *data = g_new(char, *datalen); - memcpy(*data, res->ai_addr, *datalen); + if (res->ai_family == AF_INET) { + struct sockaddr_in *in = (struct sockaddr_in *)res->ai_addr; + *datalen = sizeof(in->sin_addr); + *data = g_new(char, *datalen); + memcpy(*data, &in->sin_addr, *datalen); + } else if (res->ai_family == AF_INET6) { + struct sockaddr_in6 *in = (struct sockaddr_in6 *)res->ai_addr; + *datalen = sizeof(in->sin6_addr); + *data = g_new(char, *datalen); + memcpy(*data, &in->sin6_addr, *datalen); + } else { + g_assert_not_reached(); + } freeaddrinfo(res); } diff --git a/tests/unit/test-crypto-tlssession.c b/tests/unit/test-crypto-tlssession.c index 5f0da9192c..a6935d8497 100644 --- a/tests/unit/test-crypto-tlssession.c +++ b/tests/unit/test-crypto-tlssession.c @@ -512,12 +512,19 @@ int main(int argc, char **argv) false, true, "wiki.qemu.org", NULL); TEST_SESS_REG(altname4, cacertreq.filename, + servercertalt1req.filename, clientcertreq.filename, + false, false, "192.168.122.1", NULL); + TEST_SESS_REG(altname5, cacertreq.filename, + servercertalt1req.filename, clientcertreq.filename, + false, false, "fec0::dead:beaf", NULL); + + TEST_SESS_REG(altname6, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, true, "qemu.org", NULL); - TEST_SESS_REG(altname5, cacertreq.filename, + TEST_SESS_REG(altname7, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "www.qemu.org", NULL); - TEST_SESS_REG(altname6, cacertreq.filename, + TEST_SESS_REG(altname8, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "wiki.qemu.org", NULL); From patchwork Wed Mar 2 17:49:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766468 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ECA86C433F5 for ; Wed, 2 Mar 2022 17:57:46 +0000 (UTC) Received: from localhost ([::1]:56778 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTEQ-0003GF-1X for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:57:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53930) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7H-0006Rg-63 for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:24 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:34769) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7E-0008D4-Gz for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VNx6yWmKOO0HuFmJx2n8vK8T6Ew+0YXur15a2cQYZJg=; b=dezdwUPd58aLZPtbp8VY2SmGANluAIKAlfin/quif/BBQzUqUzHFn39WzrjCBTkDW9nio9 TMyfxaDCpPB2dM0LSnMhNV0WdrbzSl4PHwABzZm5iH9kSJhPj8nukeJQjVGH0wTTTgh1IM HWp8AHyUbKvwAg7fmFSzPyrNF8HpnaI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-461-BUrfLECqPA2Xhf5VIOeFRw-1; Wed, 02 Mar 2022 12:50:18 -0500 X-MC-Unique: BUrfLECqPA2Xhf5VIOeFRw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EAC381091DA0 for ; Wed, 2 Mar 2022 17:50:17 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id A306B8000B; Wed, 2 Mar 2022 17:50:00 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 02/18] tests: improve error message when saving TLS PSK file fails Date: Wed, 2 Mar 2022 17:49:16 +0000 Message-Id: <20220302174932.2692378-3-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu --- tests/unit/crypto-tls-psk-helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-psk-helpers.c index 7f8a488961..4bea7c6fa2 100644 --- a/tests/unit/crypto-tls-psk-helpers.c +++ b/tests/unit/crypto-tls-psk-helpers.c @@ -30,7 +30,7 @@ void test_tls_psk_init(const char *pskfile) fp = fopen(pskfile, "w"); if (fp == NULL) { - g_critical("Failed to create pskfile %s", pskfile); + g_critical("Failed to create pskfile %s: %s", pskfile, strerror(errno)); abort(); } /* Don't do this in real applications! Use psktool. */ From patchwork Wed Mar 2 17:49:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 89EB6C433F5 for ; Wed, 2 Mar 2022 17:53:42 +0000 (UTC) Received: from localhost ([::1]:45392 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTAT-0003gz-Lh for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:53:41 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53942) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7J-0006Rv-6N for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:28 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:52452) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7G-0008DF-VL for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tQhBHb4bJo72pge2LXUa3Ej7WpFOSezL46al+uGaRoI=; b=ZQrtoS9e1ed2v6ThFaN3sgTkoCeX+tnEmR7ksC+1f6E8KTIvnJSrJcO5g7bGA5sRK9JcJ+ BIj5x/QmDTgGoliIWgpwChFYhF1zXkP2jbZTLDOZBdXwwlgprFdPXo2GxjaWYV3vT6gEwg VWAHeSSw6luANKXghmeLfmVmexGGlGc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-5-pZyM1n2yNiGBFxWljRLHlw-1; Wed, 02 Mar 2022 12:50:21 -0500 X-MC-Unique: pZyM1n2yNiGBFxWljRLHlw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7025C5200 for ; Wed, 2 Mar 2022 17:50:20 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4FB2C8000B; Wed, 2 Mar 2022 17:50:18 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 03/18] tests: support QTEST_TRACE env variable Date: Wed, 2 Mar 2022 17:49:17 +0000 Message-Id: <20220302174932.2692378-4-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" When debugging failing qtests it is useful to be able to turn on trace output to stderr. The QTEST_TRACE env variable contents get injected as a '-trace ' command line arg Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu Reviewed-by: Thomas Huth --- tests/qtest/libqtest.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index 41f4da4e54..a85f8a6d05 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -260,6 +260,9 @@ QTestState *qtest_init_without_qmp_handshake(const char *extra_args) gchar *qmp_socket_path; gchar *command; const char *qemu_binary = qtest_qemu_binary(); + const char *trace = g_getenv("QTEST_TRACE"); + g_autofree char *tracearg = trace ? + g_strdup_printf("-trace %s ", trace) : g_strdup(""); s = g_new(QTestState, 1); @@ -282,14 +285,15 @@ QTestState *qtest_init_without_qmp_handshake(const char *extra_args) qtest_add_abrt_handler(kill_qemu_hook_func, s); - command = g_strdup_printf("exec %s " + command = g_strdup_printf("exec %s %s" "-qtest unix:%s " "-qtest-log %s " "-chardev socket,path=%s,id=char0 " "-mon chardev=char0,mode=control " "-display none " "%s" - " -accel qtest", qemu_binary, socket_path, + " -accel qtest", + qemu_binary, tracearg, socket_path, getenv("QTEST_LOG") ? "/dev/fd/2" : "/dev/null", qmp_socket_path, extra_args ?: ""); From patchwork Wed Mar 2 17:49:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766496 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 81400C433F5 for ; Wed, 2 Mar 2022 18:10:21 +0000 (UTC) Received: from localhost ([::1]:33994 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTQa-0001WH-DQ for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:10:20 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54336) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8O-0008WP-2T for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:37042) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8M-00011K-Kk for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243490; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=13L5k8cooikzxaRIOASsHvRhHdAXKKgr7Z69SQ1V+NI=; b=Ao0KmdVQlkcNtlV5nENyxuD5ItA1IYTokL0q2cHJ70xeaMDhjJFcgQjSYjQoMP5DU5P8bP TUbvCCcJq8SMwS581FxsjSSJSDffk9IunzduXSskW6iLE35lA4OsYFJJanwyLN0tvKZcL1 HdmsP8qVyg6yk08qo+BuUFwuUPefTVk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-373-coubCmu4OZmRl0t9-AYlHw-1; Wed, 02 Mar 2022 12:50:33 -0500 X-MC-Unique: coubCmu4OZmRl0t9-AYlHw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 40ADC1091DA1 for ; Wed, 2 Mar 2022 17:50:32 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2E5B80019; Wed, 2 Mar 2022 17:50:20 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 04/18] tests: print newline after QMP response in qtest logs Date: Wed, 2 Mar 2022 17:49:18 +0000 Message-Id: <20220302174932.2692378-5-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The QMP commands have a trailing newline, but the response does not. This makes the qtest logs hard to follow as the next QMP command appears in the same line as the previous QMP response. Signed-off-by: Daniel P. Berrangé Reviewed-by: Thomas Huth --- tests/qtest/libqtest.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index a85f8a6d05..79c3edcf4b 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -629,6 +629,9 @@ QDict *qmp_fd_receive(int fd) } json_message_parser_feed(&qmp.parser, &c, 1); } + if (log) { + g_assert(write(2, "\n", 1) == 1); + } json_message_parser_destroy(&qmp.parser); return qmp.response; From patchwork Wed Mar 2 17:49:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3E47DC433EF for ; Wed, 2 Mar 2022 17:53:34 +0000 (UTC) Received: from localhost ([::1]:45114 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTAL-0003UB-Dk for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:53:33 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53986) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7X-0006YR-B3 for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:39 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:47857) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7V-0008FM-8T for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RFVD8I5EulyUZT0V3ZlirHWb+BNB0ZKwZrsrOuLBmUA=; b=Oal8CaT9Qy6RPPBdgMEnS7NfoQxQW+VODadpTx70JQvo+h0N3ennAncyv5FmsCJkuO+3eq S+wqD9IqPegWgb/DbVY75MYkcu/wxPADw66RbErnKB8vrG/6OmwKL4v2yyOMpScUL+6WCA p9miZqLYcAxzhLnWSD6ofxxcnBB/Lpo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-638-CRUaBONZOGqg6DkW_8jObQ-1; Wed, 02 Mar 2022 12:50:35 -0500 X-MC-Unique: CRUaBONZOGqg6DkW_8jObQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 894E25218 for ; Wed, 2 Mar 2022 17:50:34 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 96C3380011; Wed, 2 Mar 2022 17:50:32 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 05/18] tests: add more helper macros for creating TLS x509 certs Date: Wed, 2 Mar 2022 17:49:19 +0000 Message-Id: <20220302174932.2692378-6-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" These macros are more suited to the general consumers of certs in the test suite, where we don't need to exercise every single possible permutation. Signed-off-by: Daniel P. Berrangé --- tests/unit/crypto-tls-x509-helpers.h | 53 ++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h index cf6329e653..247e7160eb 100644 --- a/tests/unit/crypto-tls-x509-helpers.h +++ b/tests/unit/crypto-tls-x509-helpers.h @@ -26,6 +26,9 @@ #include +#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client" +#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client" + /* * This contains parameter about how to generate * certificates. @@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile); }; \ test_tls_generate_cert(&varname, NULL) +# define TLS_ROOT_REQ_SIMPLE(varname, fname) \ + QCryptoTLSTestCertReq varname = { \ + .filename = fname, \ + .cn = "qemu-CA", \ + .basicConstraintsEnable = true, \ + .basicConstraintsCritical = true, \ + .basicConstraintsIsCA = true, \ + .keyUsageEnable = true, \ + .keyUsageCritical = true, \ + .keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \ + }; \ + test_tls_generate_cert(&varname, NULL) + +# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \ + QCryptoTLSTestCertReq varname = { \ + .filename = fname, \ + .cn = cname, \ + .basicConstraintsEnable = true, \ + .basicConstraintsCritical = true, \ + .basicConstraintsIsCA = false, \ + .keyUsageEnable = true, \ + .keyUsageCritical = true, \ + .keyUsageValue = \ + GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \ + .keyPurposeEnable = true, \ + .keyPurposeCritical = true, \ + .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \ + }; \ + test_tls_generate_cert(&varname, cavarname.crt) + +# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \ + hostname, ipaddr) \ + QCryptoTLSTestCertReq varname = { \ + .filename = fname, \ + .cn = hostname ? hostname : ipaddr, \ + .altname1 = hostname, \ + .ipaddr1 = ipaddr, \ + .basicConstraintsEnable = true, \ + .basicConstraintsCritical = true, \ + .basicConstraintsIsCA = false, \ + .keyUsageEnable = true, \ + .keyUsageCritical = true, \ + .keyUsageValue = \ + GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \ + .keyPurposeEnable = true, \ + .keyPurposeCritical = true, \ + .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \ + }; \ + test_tls_generate_cert(&varname, cavarname.crt) + extern const asn1_static_node pkix_asn1_tab[]; #endif From patchwork Wed Mar 2 17:49:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B0316C433EF for ; Wed, 2 Mar 2022 17:56:32 +0000 (UTC) Received: from localhost ([::1]:53722 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTDD-00017u-L6 for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:56:31 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54014) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7b-0006fU-Nu for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:43 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:55888) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7Z-0008Fu-EZ for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243440; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tvHFBbRTmwVPlF5r2fbx7Pmn4LhPvDqieoQ/2PM/D40=; b=Pcb66iqagHL/5OEvKWxTYD4ZeIKdKWkbMYP1tz49yova1tgTZnbMTSKPkVD+zDx1o5RMfv FyTgqTuHvHJcwmkPz8XL25/0BPlsSWTHF58g6mE5LOjwVaoiVYt6NXR7c9THudkmgxdiIF /X4w3iEjbtOqLlZVAmCQtJXD9PMQVuU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-317-pWHA4S--MDGa1Cq8vjysFg-1; Wed, 02 Mar 2022 12:50:37 -0500 X-MC-Unique: pWHA4S--MDGa1Cq8vjysFg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F2B4C1854E26 for ; Wed, 2 Mar 2022 17:50:36 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id E1C538000B; Wed, 2 Mar 2022 17:50:34 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 06/18] crypto: mandate a hostname when checking x509 creds on a client Date: Wed, 2 Mar 2022 17:49:20 +0000 Message-Id: <20220302174932.2692378-7-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Currently the TLS session object assumes that the caller will always provide a hostname when using x509 creds on a client endpoint. This relies on the caller to detect and report an error if the user has configured QEMU with x509 credentials on a UNIX socket. The migration code has such a check, but it is too broad, reporting an error when the user has configured QEMU with PSK credentials on a UNIX socket, where hostnames are irrelevant. Putting the check into the TLS session object credentials validation code ensures we report errors in only the scenario that matters. Signed-off-by: Daniel P. Berrangé --- crypto/tlssession.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index a8db8c76d1..b302d835d2 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -373,6 +373,12 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, session->hostname); goto error; } + } else { + if (session->creds->endpoint == + QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { + error_setg(errp, "No hostname for certificate validation"); + goto error; + } } } From patchwork Wed Mar 2 17:49:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766459 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3B015C433EF for ; Wed, 2 Mar 2022 17:52:33 +0000 (UTC) Received: from localhost ([::1]:41664 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPT9M-00015Z-BA for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:52:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54016) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7b-0006fW-Ow for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:43 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:29521) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7a-0008G3-4p for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243441; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ivqX3reEgW0Ybx2wFwyhYb/t8wsrnYVRvzeaNB0ctU8=; b=g/EV5KojS8Qy8djCtfl8/cKKx660jFx0BVNi0WsFVUqok5Q49DqJyok2mWcuNXTEDRcYhZ mikUSc9CWGzz1bzrCoWbz0CR/6cRnpFo58vfHKPx0J/Xhzhfst9W0wRvXCFgJmWdtALbBq xS4Wd1e2xjdMAwd44mcPbdadHcqMhQc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-477-lYYo7ybpNf67jsZOWGjD9g-1; Wed, 02 Mar 2022 12:50:40 -0500 X-MC-Unique: lYYo7ybpNf67jsZOWGjD9g-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BC2FF1854E26 for ; Wed, 2 Mar 2022 17:50:39 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6D0CF80014; Wed, 2 Mar 2022 17:50:37 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX socket Date: Wed, 2 Mar 2022 17:49:21 +0000 Message-Id: <20220302174932.2692378-8-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The migration TLS code has a check mandating that a hostname be available when starting a TLS session. This is expected when using x509 credentials, but is bogus for PSK and anonymous credentials as neither involve hostname validation. The TLS crdentials object gained suitable error reporting in the case of TLS with x509 credentials, so there is no longer any need for the migration code to do its own (incorrect) validation. Signed-off-by: Daniel P. Berrangé --- migration/tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/migration/tls.c b/migration/tls.c index ca1ea3bbdd..32c384a8b6 100644 --- a/migration/tls.c +++ b/migration/tls.c @@ -137,10 +137,6 @@ QIOChannelTLS *migration_tls_client_create(MigrationState *s, if (s->parameters.tls_hostname && *s->parameters.tls_hostname) { hostname = s->parameters.tls_hostname; } - if (!hostname) { - error_setg(errp, "No hostname available for TLS"); - return NULL; - } tioc = qio_channel_tls_new_client( ioc, creds, hostname, errp); From patchwork Wed Mar 2 17:49:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E0195C43217 for ; Wed, 2 Mar 2022 18:00:21 +0000 (UTC) Received: from localhost ([::1]:36834 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTGu-0000ah-SF for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:00:20 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54030) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7e-0006k4-Pf for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:48 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:43296) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7d-0008GP-4z for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oGZAWtFatd+vPWYjMpBXLDrBH8xG7IV8NMmk/m+YAjY=; b=FLXLUzFigx1aK1+JDTZBSTfLOjs1xXlnW6Pkv3PAUWUUcTnEiSFAInQ8FiLYLJUmj+BICv 2LUnGsTBHlHWBKIE4P40NA+aH6CjoD0mm19F6PZPEbRvSRRyAripKk2YA2F8ci58PzvsV9 pJ41EqvEHVaj9J3qmhWn3isH/XE2P2A= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-370--2DORGt3MTm0hVA62I0qmw-1; Wed, 02 Mar 2022 12:50:43 -0500 X-MC-Unique: -2DORGt3MTm0hVA62I0qmw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8586F1091DA0 for ; Wed, 2 Mar 2022 17:50:42 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 411D780012; Wed, 2 Mar 2022 17:50:39 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 08/18] tests: merge code for UNIX and TCP migration pre-copy tests Date: Wed, 2 Mar 2022 17:49:22 +0000 Message-Id: <20220302174932.2692378-9-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The test cases differ only in the URI they provide to the migration commands, and the ability to set the dirty_ring mode. This code is trivially merged into a common helper. Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu --- roms/seabios | 2 +- tests/qtest/migration-test.c | 86 ++++++++++++++++-------------------- 2 files changed, 40 insertions(+), 48 deletions(-) diff --git a/roms/seabios b/roms/seabios index 6a62e0cb0d..2dd4b9b3f8 160000 --- a/roms/seabios +++ b/roms/seabios @@ -1 +1 @@ -Subproject commit 6a62e0cb0dfe9cd28b70547dbea5caf76847c3a9 +Subproject commit 2dd4b9b3f84019668719344b40dba79d681be41c diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 7b42f6fd90..c1058dc944 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -796,19 +796,34 @@ static void test_baddest(void) test_migrate_end(from, to, false); } -static void test_precopy_unix_common(bool dirty_ring) +/* + * Common helper for running a precopy migration test + * + * @listen_uri: the URI for the dst QEMU to listen on + * @connect_uri: the URI for the src QEMU to connect to + * @dirty_ring: true to use dirty ring tracking + * + * If @connect_uri is NULL, then it will query the dst + * QEMU for its actual listening address and use that + * as the connect address. This allows for dynamically + * picking a free TCP port. + */ +static void test_precopy_common(const char *listen_uri, + const char *connect_uri, + bool dirty_ring) { - g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); MigrateStart *args = migrate_start_new(); + g_autofree char *local_connect_uri = NULL; QTestState *from, *to; args->use_dirty_ring = dirty_ring; - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, listen_uri, args)) { return; } - /* We want to pick a speed slow enough that the test completes + /* + * We want to pick a speed slow enough that the test completes * quickly, but that it doesn't complete precopy even on a slow * machine, so also set the downtime. */ @@ -820,7 +835,12 @@ static void test_precopy_unix_common(bool dirty_ring) /* Wait for the first serial output from the source */ wait_for_serial("src_serial"); - migrate_qmp(from, uri, "{}"); + if (!connect_uri) { + local_connect_uri = migrate_get_socket_address(to, "socket-address"); + connect_uri = local_connect_uri; + } + + migrate_qmp(from, connect_uri, "{}"); wait_for_migration_pass(from); @@ -838,16 +858,23 @@ static void test_precopy_unix_common(bool dirty_ring) test_migrate_end(from, to, true); } +static void test_precopy_unix_common(bool dirty_ring) +{ + g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); + + test_precopy_common(uri, + uri, + dirty_ring); +} + static void test_precopy_unix(void) { - /* Using default dirty logging */ - test_precopy_unix_common(false); + test_precopy_unix_common(false /* dirty_ring */); } static void test_precopy_unix_dirty_ring(void) { - /* Using dirty ring tracking */ - test_precopy_unix_common(true); + test_precopy_unix_common(true /* dirty_ring */); } #if 0 @@ -942,44 +969,9 @@ static void test_xbzrle_unix(void) static void test_precopy_tcp(void) { - MigrateStart *args = migrate_start_new(); - g_autofree char *uri = NULL; - QTestState *from, *to; - - if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge*/ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); - - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); - - uri = migrate_get_socket_address(to, "socket-address"); - - migrate_qmp(from, uri, "{}"); - - wait_for_migration_pass(from); - - migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); - - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); - - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - - test_migrate_end(from, to, true); + test_precopy_common("tcp:127.0.0.1:0", + NULL, /* connect_uri */ + false /* dirty_ring */); } static void test_migrate_fd_proto(void) From patchwork Wed Mar 2 17:49:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6A6A3C433EF for ; Wed, 2 Mar 2022 17:59:40 +0000 (UTC) Received: from localhost ([::1]:33770 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTGF-0006q6-Cz for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:59:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54096) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7v-0007Ru-KG for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:03 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:30769) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7t-0008OA-Mr for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xk2bg+w+t479K7e12gxC03cc6fYtP7mFlXQG4+v/d0I=; b=L99fI1nndbPrfMnljqpUFz3X0O+CS4X/huTeplW9TBdDNCkXU4KuMWqGTeNp/O4HVx5SuF V1ree90KFP1puh9XefBlScPxYKZBVgABldZNSKPIZE0rb7NsBMVTQNmkuwrq9nvroLNy4P Qn5PqCCF6vBnDL97/er7U/IkqMz2n3U= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-119-jzOhRhMsPFyL2pIEA1n8kQ-1; Wed, 02 Mar 2022 12:51:00 -0500 X-MC-Unique: jzOhRhMsPFyL2pIEA1n8kQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2BACF5200 for ; Wed, 2 Mar 2022 17:50:59 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0422C8000B; Wed, 2 Mar 2022 17:50:42 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 09/18] tests: introduce ability to provide hooks for migration precopy test Date: Wed, 2 Mar 2022 17:49:23 +0000 Message-Id: <20220302174932.2692378-10-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" There are alot of different scenarios to test with migration due to the wide number of parameters and capabilities available. To enable sharing of the basic precopy test scenario, we need to be able to set arbitrary parameters and capabilities before the migration is initiated, but don't want to have all this logic in the common helper function. Solve this by defining two hooks that can be provided by the test case, one before migration starts and one after migration finishes. Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu --- tests/qtest/migration-test.c | 41 ++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index c1058dc944..2f2059cebc 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -796,11 +796,37 @@ static void test_baddest(void) test_migrate_end(from, to, false); } +/* + * A hook that runs after the src and dst QEMUs have been + * created, but before the migration is started. This can + * be used to set migration parameters and capabilities. + * + * Returns: NULL, or a pointer to opaque state to be + * later passed to the TestMigrateFinishHook + */ +typedef void * (*TestMigrateStartHook)(QTestState *from, + QTestState *to); + +/* + * A hook that runs after the migration has finished, + * regardless of whether it succeeded or failed, but + * before QEMU has terminated (unless it self-terminated + * due to migration error) + * + * @opaque is a pointer to state previously returned + * by the TestMigrateStartHook if any, or NULL. + */ +typedef void (*TestMigrateFinishHook)(QTestState *from, + QTestState *to, + void *opaque); + /* * Common helper for running a precopy migration test * * @listen_uri: the URI for the dst QEMU to listen on * @connect_uri: the URI for the src QEMU to connect to + * @start_hook: (optional) callback to run at start to set migration parameters + * @finish_hook: (optional) callback to run at finish to cleanup * @dirty_ring: true to use dirty ring tracking * * If @connect_uri is NULL, then it will query the dst @@ -810,11 +836,14 @@ static void test_baddest(void) */ static void test_precopy_common(const char *listen_uri, const char *connect_uri, + TestMigrateStartHook start_hook, + TestMigrateFinishHook finish_hook, bool dirty_ring) { MigrateStart *args = migrate_start_new(); g_autofree char *local_connect_uri = NULL; QTestState *from, *to; + void *data_hook = NULL; args->use_dirty_ring = dirty_ring; @@ -832,6 +861,10 @@ static void test_precopy_common(const char *listen_uri, /* 1GB/s */ migrate_set_parameter_int(from, "max-bandwidth", 1000000000); + if (start_hook) { + data_hook = start_hook(from, to); + } + /* Wait for the first serial output from the source */ wait_for_serial("src_serial"); @@ -855,6 +888,10 @@ static void test_precopy_common(const char *listen_uri, wait_for_serial("dest_serial"); wait_for_migration_complete(from); + if (finish_hook) { + finish_hook(from, to, data_hook); + } + test_migrate_end(from, to, true); } @@ -864,6 +901,8 @@ static void test_precopy_unix_common(bool dirty_ring) test_precopy_common(uri, uri, + NULL, /* start_hook */ + NULL, /* finish_hook */ dirty_ring); } @@ -971,6 +1010,8 @@ static void test_precopy_tcp(void) { test_precopy_common("tcp:127.0.0.1:0", NULL, /* connect_uri */ + NULL, /* start_hook */ + NULL, /* finish_hook */ false /* dirty_ring */); } From patchwork Wed Mar 2 17:49:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8743DC433F5 for ; Wed, 2 Mar 2022 18:04:20 +0000 (UTC) Received: from localhost ([::1]:45190 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTKl-0006XM-Hk for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:04:19 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54122) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7y-0007UE-Iq for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:08 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:27790) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7w-0008Qn-JS for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W1RhqUzRrgQUzFff9VRw1AZE7aQy+mwpEY4rc2EbVgw=; b=Jj3BTfyF5lKp9AyzvGiY47uVrty1X83AzP+2rtx6li6FVU02Hg4K+uXwebnDls3k5pAonD 8QG8nqMbVDOMxejHdW0Vw0SzxeXpoo0jq5hI5/Ck9JyYD3yyTLXCHB0Gq5/ACfk5j+TxoC vBYyZeZYqUhHZKiDLmnHnM7MNIy3lkU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-279-oAPtlbE4OYW6NGNepOkvPg-1; Wed, 02 Mar 2022 12:51:02 -0500 X-MC-Unique: oAPtlbE4OYW6NGNepOkvPg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7D4695200 for ; Wed, 2 Mar 2022 17:51:01 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 818088000B; Wed, 2 Mar 2022 17:50:59 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 10/18] tests: switch migration FD passing test to use common precopy helper Date: Wed, 2 Mar 2022 17:49:24 +0000 Message-Id: <20220302174932.2692378-11-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The combination of the start and finish hooks allow the FD passing code to use the precopy helper Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu --- tests/qtest/migration-test.c | 55 +++++++++++++----------------------- 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 2f2059cebc..2082c58e8b 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1015,31 +1015,12 @@ static void test_precopy_tcp(void) false /* dirty_ring */); } -static void test_migrate_fd_proto(void) +static void *test_migrate_fd_start_hook(QTestState *from, + QTestState *to) { - MigrateStart *args = migrate_start_new(); - QTestState *from, *to; + QDict *rsp; int ret; int pair[2]; - QDict *rsp; - const char *error_desc; - - if (test_migrate_start(&from, &to, "defer", args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge */ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); - - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); /* Create two connected sockets for migration */ ret = socketpair(PF_LOCAL, SOCK_STREAM, 0, pair); @@ -1064,17 +1045,15 @@ static void test_migrate_fd_proto(void) qobject_unref(rsp); close(pair[1]); - /* Start migration to the 2nd socket*/ - migrate_qmp(from, "fd:fd-mig", "{}"); - - wait_for_migration_pass(from); - - migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); + return NULL; +} - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); +static void test_migrate_fd_finish_hook(QTestState *from, + QTestState *to, + void *opaque) +{ + QDict *rsp; + const char *error_desc; /* Test closing fds */ /* We assume, that QEMU removes named fd from its list, @@ -1092,11 +1071,15 @@ static void test_migrate_fd_proto(void) error_desc = qdict_get_str(qdict_get_qdict(rsp, "error"), "desc"); g_assert_cmpstr(error_desc, ==, "File descriptor named 'fd-mig' not found"); qobject_unref(rsp); +} - /* Complete migration */ - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - test_migrate_end(from, to, true); +static void test_migrate_fd_proto(void) +{ + test_precopy_common("defer", + "fd:fd-mig", + test_migrate_fd_start_hook, + test_migrate_fd_finish_hook, + false /* dirty_ring */); } static void do_test_validate_uuid(MigrateStart *args, bool should_fail) From patchwork Wed Mar 2 17:49:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766490 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B55F8C433F5 for ; Wed, 2 Mar 2022 18:07:18 +0000 (UTC) Received: from localhost ([::1]:53568 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTNc-00046W-Io for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:07:17 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54170) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT81-0007VG-Pp for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:10 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:29044) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT7y-00007F-Tz for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243466; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B3meqorGqJZo7c0U7Q1uHKQ5b/cTHVIUmhiF9bz5lTo=; b=gWSGY46OKjDKA7oG829Kidd8Mxw75gsDtYywveqT43qx6xGyhxA3ixuOzGKx/0KVOdDMt/ Q20QwAhkACBayU6K9mBWMnMKAELUZ2Rl0eEPsLcRmDmOGUcnDt0dRgKJt/cMe894Q5BQIp 0EbFYz0OKRTzBTqzOOgQyfZ9C9pwOYE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-328-6GKXYG_7N6Sp7hy2Vuzhrg-1; Wed, 02 Mar 2022 12:51:05 -0500 X-MC-Unique: 6GKXYG_7N6Sp7hy2Vuzhrg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 77D69824FA7 for ; Wed, 2 Mar 2022 17:51:04 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 061488000B; Wed, 2 Mar 2022 17:51:01 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 11/18] tests: expand the migration precopy helper to support failures Date: Wed, 2 Mar 2022 17:49:25 +0000 Message-Id: <20220302174932.2692378-12-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The migration precopy testing helper function always expects the migration to run to a completion state. There will be test scenarios for TLS where expect either the client or server to fail the migration. This expands the helper to cope with these scenarios. Signed-off-by: Daniel P. Berrangé --- tests/qtest/migration-test.c | 47 +++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 2082c58e8b..e40b408988 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -827,17 +827,32 @@ typedef void (*TestMigrateFinishHook)(QTestState *from, * @connect_uri: the URI for the src QEMU to connect to * @start_hook: (optional) callback to run at start to set migration parameters * @finish_hook: (optional) callback to run at finish to cleanup + * @expect_fail: true if we expect migration to fail + * @dst_quit: true if we expect the dst QEMU to quit with an + * abnormal exit status on failure * @dirty_ring: true to use dirty ring tracking * * If @connect_uri is NULL, then it will query the dst * QEMU for its actual listening address and use that * as the connect address. This allows for dynamically * picking a free TCP port. + * + * If @expect_fail is true then we expect the migration process to + * fail instead of completing. There can be a variety of reasons + * and stages in which this may happen. If a failure is expected + * to happen at time of establishing the connection, then @dst_quit + * should be false to indicate that the dst QEMU is espected to + * stay running and accept future migration connections. If a + * failure is expected to happen while processing the migration + * stream, then @dst_quit should be true to indicate that the + * dst QEMU is expected to quit with non-zero exit status */ static void test_precopy_common(const char *listen_uri, const char *connect_uri, TestMigrateStartHook start_hook, TestMigrateFinishHook finish_hook, + bool expect_fail, + bool dst_quit, bool dirty_ring) { MigrateStart *args = migrate_start_new(); @@ -875,24 +890,32 @@ static void test_precopy_common(const char *listen_uri, migrate_qmp(from, connect_uri, "{}"); - wait_for_migration_pass(from); + if (expect_fail) { + wait_for_migration_fail(from, !dst_quit); - migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); + if (dst_quit) { + qtest_set_expected_status(to, 1); + } + } else { + wait_for_migration_pass(from); - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } + migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); - qtest_qmp_eventwait(to, "RESUME"); + if (!got_stop) { + qtest_qmp_eventwait(from, "STOP"); + } - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); + qtest_qmp_eventwait(to, "RESUME"); + + wait_for_serial("dest_serial"); + wait_for_migration_complete(from); + } if (finish_hook) { finish_hook(from, to, data_hook); } - test_migrate_end(from, to, true); + test_migrate_end(from, to, !expect_fail); } static void test_precopy_unix_common(bool dirty_ring) @@ -903,6 +926,8 @@ static void test_precopy_unix_common(bool dirty_ring) uri, NULL, /* start_hook */ NULL, /* finish_hook */ + false, /* expect_fail */ + false, /* dst_quit */ dirty_ring); } @@ -1012,6 +1037,8 @@ static void test_precopy_tcp(void) NULL, /* connect_uri */ NULL, /* start_hook */ NULL, /* finish_hook */ + false, /* expect_fail */ + false, /* dst_quit */ false /* dirty_ring */); } @@ -1079,6 +1106,8 @@ static void test_migrate_fd_proto(void) "fd:fd-mig", test_migrate_fd_start_hook, test_migrate_fd_finish_hook, + false, /* expect_fail */ + false, /* dst_quit */ false /* dirty_ring */); } From patchwork Wed Mar 2 17:49:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A8B3CC433EF for ; Wed, 2 Mar 2022 17:57:43 +0000 (UTC) Received: from localhost ([::1]:56430 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTEM-00030N-ML for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:57:42 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT83-0007Xy-Nb for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:42456) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT81-0000Oe-P7 for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243469; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uOruPkQi8K/44g0hXMqLEBmP9bCzgxTKBctVxlVUQLU=; b=fWyPHW9synpyIYg33999LhiTKzqJkvq9ShuV/GHEryE+kJz2pKnYvzvQB+R8a5xqKxSZyZ jXb1WFmMWvNV0lhfVEdEXMsu+sqQN29kJ3kuU+vNMRvYtv3KYZbe8ArEJT8xhMvhRvxDGl oZnt8fFe7unFs4S5hZ0MncjxTaQkamE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-615-IpMBsM2vN86PyB_zRY4cew-1; Wed, 02 Mar 2022 12:51:08 -0500 X-MC-Unique: IpMBsM2vN86PyB_zRY4cew-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2CF7E1006AA6 for ; Wed, 2 Mar 2022 17:51:07 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id E6E3F8000B; Wed, 2 Mar 2022 17:51:04 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 12/18] tests: add migration tests of TLS with PSK credentials Date: Wed, 2 Mar 2022 17:49:26 +0000 Message-Id: <20220302174932.2692378-13-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This validates that we correctly handle migration success and failure scenarios when using TLS with pre shared keys. Signed-off-by: Daniel P. Berrangé --- roms/seabios | 2 +- tests/qtest/meson.build | 7 +- tests/qtest/migration-test.c | 180 ++++++++++++++++++++++++++-- tests/unit/crypto-tls-psk-helpers.c | 18 ++- tests/unit/crypto-tls-psk-helpers.h | 1 + 5 files changed, 190 insertions(+), 18 deletions(-) diff --git a/roms/seabios b/roms/seabios index 2dd4b9b3f8..6a62e0cb0d 160000 --- a/roms/seabios +++ b/roms/seabios @@ -1 +1 @@ -Subproject commit 2dd4b9b3f84019668719344b40dba79d681be41c +Subproject commit 6a62e0cb0dfe9cd28b70547dbea5caf76847c3a9 diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index f33d84d19b..a95bb5def3 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -276,13 +276,18 @@ endif tpmemu_files = ['tpm-emu.c', 'tpm-util.c', 'tpm-tests.c'] +migration_files = [files('migration-helpers.c')] +if gnutls.found() + migration_files += [files('../unit/crypto-tls-psk-helpers.c'), gnutls] +endif + qtests = { 'bios-tables-test': [io, 'boot-sector.c', 'acpi-utils.c', 'tpm-emu.c'], 'cdrom-test': files('boot-sector.c'), 'dbus-vmstate-test': files('migration-helpers.c') + dbus_vmstate1, 'erst-test': files('erst-test.c'), 'ivshmem-test': [rt, '../../contrib/ivshmem-server/ivshmem-server.c'], - 'migration-test': files('migration-helpers.c'), + 'migration-test': migration_files, 'pxe-test': files('boot-sector.c'), 'qos-test': [chardev, io, qos_test_ss.apply(config_host, strict: false).sources()], 'tpm-crb-swtpm-test': [io, tpmemu_files], diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index e40b408988..744a9f8123 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -23,9 +23,13 @@ #include "qapi/qapi-visit-sockets.h" #include "qapi/qobject-input-visitor.h" #include "qapi/qobject-output-visitor.h" +#include "crypto/tlscredspsk.h" #include "migration-helpers.h" #include "tests/migration/migration-test.h" +#ifdef CONFIG_GNUTLS +# include "tests/unit/crypto-tls-psk-helpers.h" +#endif /* For dirty ring test; so far only x86_64 is supported */ #if defined(__linux__) && defined(HOST_X86_64) @@ -658,6 +662,100 @@ static void test_migrate_end(QTestState *from, QTestState *to, bool test_dest) cleanup("dest_serial"); } +#ifdef CONFIG_GNUTLS +struct TestMigrateTLSPSKData { + char *workdir; + char *workdiralt; + char *pskfile; + char *pskfilealt; +}; + +static void * +test_migrate_tls_psk_start_common(QTestState *from, + QTestState *to, + bool mismatch) +{ + struct TestMigrateTLSPSKData *data = + g_new0(struct TestMigrateTLSPSKData, 1); + QDict *rsp; + + data->workdir = g_strdup_printf("%s/tlscredspsk0", tmpfs); + data->pskfile = g_strdup_printf("%s/%s", data->workdir, + QCRYPTO_TLS_CREDS_PSKFILE); + mkdir(data->workdir, 0700); + test_tls_psk_init(data->pskfile); + + if (mismatch) { + data->workdiralt = g_strdup_printf("%s/tlscredspskalt0", tmpfs); + data->pskfilealt = g_strdup_printf("%s/%s", data->workdiralt, + QCRYPTO_TLS_CREDS_PSKFILE); + mkdir(data->workdiralt, 0700); + test_tls_psk_init_alt(data->pskfilealt); + } + + rsp = wait_command(from, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-psk'," + " 'id': 'tlscredspsk0'," + " 'endpoint': 'client'," + " 'dir': %s," + " 'username': 'qemu'} }", + data->workdir); + qobject_unref(rsp); + + rsp = wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-psk'," + " 'id': 'tlscredspsk0'," + " 'endpoint': 'server'," + " 'dir': %s } }", + mismatch ? data->workdiralt : data->workdir); + qobject_unref(rsp); + + migrate_set_parameter_str(from, "tls-creds", "tlscredspsk0"); + migrate_set_parameter_str(to, "tls-creds", "tlscredspsk0"); + + return data; +} + +static void * +test_migrate_tls_psk_start_match(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_psk_start_common(from, to, false); +} + +static void * +test_migrate_tls_psk_start_mismatch(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_psk_start_common(from, to, true); +} + +static void +test_migrate_tls_psk_finish(QTestState *from, + QTestState *to, + void *opaque) +{ + struct TestMigrateTLSPSKData *data = opaque; + + test_tls_psk_cleanup(data->pskfile); + if (data->pskfilealt) { + test_tls_psk_cleanup(data->pskfilealt); + } + rmdir(data->workdir); + if (data->workdiralt) { + rmdir(data->workdiralt); + } + + g_free(data->workdiralt); + g_free(data->pskfilealt); + g_free(data->workdir); + g_free(data->pskfile); + g_free(data); +} +#endif /* CONFIG_GNUTLS */ + static int migrate_postcopy_prepare(QTestState **from_ptr, QTestState **to_ptr, MigrateStart *args) @@ -918,27 +1016,45 @@ static void test_precopy_common(const char *listen_uri, test_migrate_end(from, to, !expect_fail); } -static void test_precopy_unix_common(bool dirty_ring) + +static void test_precopy_unix_common(TestMigrateStartHook start_hook, + TestMigrateFinishHook finish_hook, + bool expect_fail, + bool dirty_ring) { g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); test_precopy_common(uri, uri, - NULL, /* start_hook */ - NULL, /* finish_hook */ - false, /* expect_fail */ + start_hook, + finish_hook, + expect_fail, false, /* dst_quit */ dirty_ring); } -static void test_precopy_unix(void) +static void test_precopy_unix_plain(void) { - test_precopy_unix_common(false /* dirty_ring */); + test_precopy_unix_common(NULL, /* start_hook */ + NULL, /* finish_hook */ + false, /* expect_fail */ + false /* dirty_ring */); +} + +static void test_precopy_unix_tls_psk(void) +{ + test_precopy_unix_common(test_migrate_tls_psk_start_match, + test_migrate_tls_psk_finish, + false, /* expect_fail */ + false /* dirty_ring */); } static void test_precopy_unix_dirty_ring(void) { - test_precopy_unix_common(true /* dirty_ring */); + test_precopy_unix_common(NULL, /* start_hook */ + NULL, /* finish_hook */ + false, /* clientReject */ + true /* dirty_ring */); } #if 0 @@ -1031,17 +1147,43 @@ static void test_xbzrle_unix(void) test_xbzrle(uri); } -static void test_precopy_tcp(void) +static void test_precopy_tcp_common(TestMigrateStartHook start_hook, + TestMigrateFinishHook finish_hook, + bool expect_fail) { test_precopy_common("tcp:127.0.0.1:0", NULL, /* connect_uri */ - NULL, /* start_hook */ - NULL, /* finish_hook */ - false, /* expect_fail */ + start_hook, + finish_hook, + expect_fail, false, /* dst_quit */ false /* dirty_ring */); } + +static void test_precopy_tcp_plain(void) +{ + test_precopy_tcp_common(NULL, /* start_hook */ + NULL, /* finish_hook */ + false /* expect_fail */); +} + +#ifdef CONFIG_GNUTLS +static void test_precopy_tcp_tls_psk_match(void) +{ + test_precopy_tcp_common(test_migrate_tls_psk_start_match, + test_migrate_tls_psk_finish, + false /* expect_fail */); +} + +static void test_precopy_tcp_tls_psk_mismatch(void) +{ + test_precopy_tcp_common(test_migrate_tls_psk_start_mismatch, + test_migrate_tls_psk_finish, + true /* expect_fail */); +} +#endif /* CONFIG_GNUTLS */ + static void *test_migrate_fd_start_hook(QTestState *from, QTestState *to) { @@ -1505,8 +1647,20 @@ int main(int argc, char **argv) qtest_add_func("/migration/postcopy/unix", test_postcopy); qtest_add_func("/migration/postcopy/recovery", test_postcopy_recovery); qtest_add_func("/migration/bad_dest", test_baddest); - qtest_add_func("/migration/precopy/unix", test_precopy_unix); - qtest_add_func("/migration/precopy/tcp", test_precopy_tcp); + qtest_add_func("/migration/precopy/unix/plain", test_precopy_unix_plain); +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/precopy/unix/tls/psk", + test_precopy_unix_tls_psk); +#endif /* CONFIG_GNUTLS */ + + qtest_add_func("/migration/precopy/tcp/plain", test_precopy_tcp_plain); +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/precopy/tcp/tls/psk/match", + test_precopy_tcp_tls_psk_match); + qtest_add_func("/migration/precopy/tcp/tls/psk/mismatch", + test_precopy_tcp_tls_psk_mismatch); +#endif /* CONFIG_GNUTLS */ + /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ qtest_add_func("/migration/xbzrle/unix", test_xbzrle_unix); qtest_add_func("/migration/fd_proto", test_migrate_fd_proto); diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-psk-helpers.c index 4bea7c6fa2..511e08cc9c 100644 --- a/tests/unit/crypto-tls-psk-helpers.c +++ b/tests/unit/crypto-tls-psk-helpers.c @@ -24,7 +24,8 @@ #include "crypto-tls-psk-helpers.h" #include "qemu/sockets.h" -void test_tls_psk_init(const char *pskfile) +static void +test_tls_psk_init_common(const char *pskfile, const char *user, const char *key) { FILE *fp; @@ -33,11 +34,22 @@ void test_tls_psk_init(const char *pskfile) g_critical("Failed to create pskfile %s: %s", pskfile, strerror(errno)); abort(); } - /* Don't do this in real applications! Use psktool. */ - fprintf(fp, "qemu:009d5638c40fde0c\n"); + fprintf(fp, "%s:%s\n", user, key); fclose(fp); } +void test_tls_psk_init(const char *pskfile) +{ + /* Don't hard code a key like this in real applications! Use psktool. */ + test_tls_psk_init_common(pskfile, "qemu", "009d5638c40fde0c"); +} + +void test_tls_psk_init_alt(const char *pskfile) +{ + /* Don't hard code a key like this in real applications! Use psktool. */ + test_tls_psk_init_common(pskfile, "qemu", "10ffa6a2c42f0388"); +} + void test_tls_psk_cleanup(const char *pskfile) { unlink(pskfile); diff --git a/tests/unit/crypto-tls-psk-helpers.h b/tests/unit/crypto-tls-psk-helpers.h index faa645c629..67f8bdda71 100644 --- a/tests/unit/crypto-tls-psk-helpers.h +++ b/tests/unit/crypto-tls-psk-helpers.h @@ -24,6 +24,7 @@ #include void test_tls_psk_init(const char *keyfile); +void test_tls_psk_init_alt(const char *keyfile); void test_tls_psk_cleanup(const char *keyfile); #endif From patchwork Wed Mar 2 17:49:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E1F72C433F5 for ; Wed, 2 Mar 2022 18:00:19 +0000 (UTC) Received: from localhost ([::1]:36626 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTGt-0000SZ-4V for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:00:19 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54228) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT87-0007Z7-GC for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:16 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:37024) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT84-0000TI-U0 for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243472; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6LQElUWXWVDqSqnr6NtBRmmBdsIJSLXg8swzAqhGGcw=; b=GhzXuTGUio2Rk48fWTeMTp7kflE+qDEAWxOwnLDzlNsvJdC5GgMF/hXX1l86drfpmB4yrB QVsSNRjSVIJBeX//4yVXqqRwyA2hOqRtvDfxQUyylq8Oh1EgdRtNmJpZsyO/DI1CAnKipI 5mXuWh1pL7pglcvt17t4NReodeNy5K0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-619-SWmhrSJCNJSnj-54dG84kA-1; Wed, 02 Mar 2022 12:51:10 -0500 X-MC-Unique: SWmhrSJCNJSnj-54dG84kA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A03991854E21 for ; Wed, 2 Mar 2022 17:51:09 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9A9768000B; Wed, 2 Mar 2022 17:51:07 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 13/18] tests: add migration tests of TLS with x509 credentials Date: Wed, 2 Mar 2022 17:49:27 +0000 Message-Id: <20220302174932.2692378-14-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This validates that we correctly handle migration success and failure scenarios when using TLS with x509 certificates. There are quite a few different scenarios that matter in relation to hostname validation. Signed-off-by: Daniel P. Berrangé --- meson.build | 1 + tests/qtest/meson.build | 5 + tests/qtest/migration-test.c | 366 +++++++++++++++++++++++++++++++++-- 3 files changed, 361 insertions(+), 11 deletions(-) diff --git a/meson.build b/meson.build index 8df40bfac4..06d2175bdf 100644 --- a/meson.build +++ b/meson.build @@ -1548,6 +1548,7 @@ config_host_data.set('CONFIG_KEYUTILS', keyutils.found()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) +config_host_data.set('CONFIG_TASN1', tasn1.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private') diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index a95bb5def3..91dc36fb9b 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -279,6 +279,11 @@ tpmemu_files = ['tpm-emu.c', 'tpm-util.c', 'tpm-tests.c'] migration_files = [files('migration-helpers.c')] if gnutls.found() migration_files += [files('../unit/crypto-tls-psk-helpers.c'), gnutls] + + if tasn1.found() + migration_files += [files('../unit/crypto-tls-x509-helpers.c', + '../unit/pkix_asn1_tab.c'), tasn1] + endif endif qtests = { diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 744a9f8123..4040443caa 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -29,6 +29,9 @@ #include "tests/migration/migration-test.h" #ifdef CONFIG_GNUTLS # include "tests/unit/crypto-tls-psk-helpers.h" +# ifdef CONFIG_TASN1 +# include "tests/unit/crypto-tls-x509-helpers.h" +# endif #endif /* For dirty ring test; so far only x86_64 is supported */ @@ -754,6 +757,237 @@ test_migrate_tls_psk_finish(QTestState *from, g_free(data->pskfile); g_free(data); } + +#ifdef CONFIG_TASN1 +struct TestMigrateTLSX509Data { + char *workdir; + char *keyfile; + char *cacert; + char *servercert; + char *serverkey; + char *clientcert; + char *clientkey; +}; + +static void * +test_migrate_tls_x509_start_common(QTestState *from, + QTestState *to, + bool verifyclient, + bool clientcert, + bool hostileclient, + bool authzclient, + const char *certhostname, + const char *certipaddr) +{ + struct TestMigrateTLSX509Data *data = + g_new0(struct TestMigrateTLSX509Data, 1); + QDict *rsp; + + data->workdir = g_strdup_printf("%s/tlscredsx5090", tmpfs); + data->keyfile = g_strdup_printf("%s/key.pem", data->workdir); + + data->cacert = g_strdup_printf("%s/ca-cert.pem", data->workdir); + data->serverkey = g_strdup_printf("%s/server-key.pem", data->workdir); + data->servercert = g_strdup_printf("%s/server-cert.pem", data->workdir); + if (clientcert) { + data->clientkey = g_strdup_printf("%s/client-key.pem", data->workdir); + data->clientcert = g_strdup_printf("%s/client-cert.pem", data->workdir); + } + + mkdir(data->workdir, 0700); + + test_tls_init(data->keyfile); + g_assert(link(data->keyfile, data->serverkey) == 0); + if (clientcert) { + g_assert(link(data->keyfile, data->clientkey) == 0); + } + + TLS_ROOT_REQ_SIMPLE(cacertreq, data->cacert); + if (clientcert) { + TLS_CERT_REQ_SIMPLE_CLIENT(servercertreq, cacertreq, + hostileclient ? + QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME : + QCRYPTO_TLS_TEST_CLIENT_NAME, + data->clientcert); + } + + TLS_CERT_REQ_SIMPLE_SERVER(clientcertreq, cacertreq, + data->servercert, + certhostname, certipaddr); + + rsp = wait_command(from, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-x509'," + " 'id': 'tlscredsx509client0'," + " 'endpoint': 'client'," + " 'dir': %s," + " 'sanity-check': true," + " 'verify-peer': true} }", + data->workdir); + qobject_unref(rsp); + migrate_set_parameter_str(from, "tls-creds", "tlscredsx509client0"); + if (certhostname) { + migrate_set_parameter_str(from, "tls-hostname", certhostname); + } + + rsp = wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-x509'," + " 'id': 'tlscredsx509server0'," + " 'endpoint': 'server'," + " 'dir': %s," + " 'sanity-check': true," + " 'verify-peer': %i} }", + data->workdir, verifyclient); + qobject_unref(rsp); + migrate_set_parameter_str(to, "tls-creds", "tlscredsx509server0"); + + if (authzclient) { + rsp = wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'authz-simple'," + " 'id': 'tlsauthz0'," + " 'identity': %s} }", + "CN=" QCRYPTO_TLS_TEST_CLIENT_NAME); + migrate_set_parameter_str(to, "tls-authz", "tlsauthz0"); + } + + return data; +} + +/* + * The normal case: match server's cert hostname against + * whatever host we were telling QEMU to connect to (if any) + */ +static void * +test_migrate_tls_x509_start_default_host(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + true, /* clientcert */ + false, /* hostileclient */ + false, /* authzclient */ + NULL, + "127.0.0.1"); +} + +/* + * The unusual case: the server's cert is different from + * the address we're telling QEMU to connect to (if any), + * so we must give QEMU an explicit hostname to validate + */ +static void * +test_migrate_tls_x509_start_override_host(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + true, /* clientcert */ + false, /* hostileclient */ + false, /* authzclient */ + "qemu.org", + NULL); +} + +/* + * The unusual case: the server's cert is different from + * the address we're telling QEMU to connect to, and so we + * expect the client to reject the server + */ +static void * +test_migrate_tls_x509_start_mismatch_host(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + true, /* clientcert */ + false, /* hostileclient */ + false, /* authzclient */ + NULL, + "10.0.0.1"); +} + +static void * +test_migrate_tls_x509_start_friendly_client(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + true, /* clientcert */ + false, /* hostileclient */ + true, /* authzclient */ + NULL, + "127.0.0.1"); +} + +static void * +test_migrate_tls_x509_start_hostile_client(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + true, /* clientcert */ + true, /* hostileclient */ + true, /* authzclient */ + NULL, + "127.0.0.1"); +} + +/* + * The case with no client certificate presented, + * and no server verification + */ +static void * +test_migrate_tls_x509_start_allow_anonymous_client(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + false, /* verifyclient */ + false, /* clientcert */ + false, /* hostileclient */ + false, /* authzclient */ + NULL, + "127.0.0.1"); +} + +/* + * The case with no client certificate presented, + * and server verification rejecting + */ +static void * +test_migrate_tls_x509_start_reject_anonymous_client(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_x509_start_common(from, to, + true, /* verifyclient */ + false, /* clientcert */ + false, /* hostileclient */ + false, /* authzclient */ + NULL, + "127.0.0.1"); +} + +static void +test_migrate_tls_x509_finish(QTestState *from, + QTestState *to, + void *opaque) +{ + struct TestMigrateTLSX509Data *data = opaque; + + test_tls_cleanup(data->keyfile); + unlink(data->cacert); + unlink(data->servercert); + unlink(data->serverkey); + unlink(data->clientcert); + unlink(data->clientkey); + rmdir(data->workdir); + + g_free(data->workdir); + g_free(data->keyfile); + g_free(data); +} +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ static int migrate_postcopy_prepare(QTestState **from_ptr, @@ -1020,6 +1254,7 @@ static void test_precopy_common(const char *listen_uri, static void test_precopy_unix_common(TestMigrateStartHook start_hook, TestMigrateFinishHook finish_hook, bool expect_fail, + bool dst_quit, bool dirty_ring) { g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); @@ -1029,7 +1264,7 @@ static void test_precopy_unix_common(TestMigrateStartHook start_hook, start_hook, finish_hook, expect_fail, - false, /* dst_quit */ + dst_quit, dirty_ring); } @@ -1038,24 +1273,49 @@ static void test_precopy_unix_plain(void) test_precopy_unix_common(NULL, /* start_hook */ NULL, /* finish_hook */ false, /* expect_fail */ + false, /* dst_quit */ false /* dirty_ring */); } +static void test_precopy_unix_dirty_ring(void) +{ + test_precopy_unix_common(NULL, /* start_hook */ + NULL, /* finish_hook */ + false, /* clientReject */ + false, /* dst_quit */ + true /* dirty_ring */); +} + +#ifdef CONFIG_GNUTLS static void test_precopy_unix_tls_psk(void) { test_precopy_unix_common(test_migrate_tls_psk_start_match, test_migrate_tls_psk_finish, false, /* expect_fail */ + false, /* dst_quit */ false /* dirty_ring */); } -static void test_precopy_unix_dirty_ring(void) +#ifdef CONFIG_TASN1 +static void test_precopy_unix_tls_x509_default_host(void) { - test_precopy_unix_common(NULL, /* start_hook */ - NULL, /* finish_hook */ - false, /* clientReject */ - true /* dirty_ring */); + test_precopy_unix_common(test_migrate_tls_x509_start_default_host, + test_migrate_tls_x509_finish, + true, /* expect_fail */ + true, /* dst_quit */ + false /* dirty_ring */); +} + +static void test_precopy_unix_tls_x509_override_host(void) +{ + test_precopy_unix_common(test_migrate_tls_x509_start_override_host, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false, /* dst_quit */ + false /* dirty_ring */); } +#endif /* CONFIG_TASN1 */ +#endif /* CONFIG_GNUTLS */ #if 0 /* Currently upset on aarch64 TCG */ @@ -1149,14 +1409,15 @@ static void test_xbzrle_unix(void) static void test_precopy_tcp_common(TestMigrateStartHook start_hook, TestMigrateFinishHook finish_hook, - bool expect_fail) + bool expect_fail, + bool dst_quit) { test_precopy_common("tcp:127.0.0.1:0", NULL, /* connect_uri */ start_hook, finish_hook, expect_fail, - false, /* dst_quit */ + dst_quit, false /* dirty_ring */); } @@ -1165,7 +1426,8 @@ static void test_precopy_tcp_plain(void) { test_precopy_tcp_common(NULL, /* start_hook */ NULL, /* finish_hook */ - false /* expect_fail */); + false, /* expect_fail */ + false /* dst_quit */); } #ifdef CONFIG_GNUTLS @@ -1173,15 +1435,75 @@ static void test_precopy_tcp_tls_psk_match(void) { test_precopy_tcp_common(test_migrate_tls_psk_start_match, test_migrate_tls_psk_finish, - false /* expect_fail */); + false, /* expect_fail */ + false /* dst_quit */); } static void test_precopy_tcp_tls_psk_mismatch(void) { test_precopy_tcp_common(test_migrate_tls_psk_start_mismatch, test_migrate_tls_psk_finish, - true /* expect_fail */); + true, /* expect_fail */ + false /* dst_quit */); +} + +#ifdef CONFIG_TASN1 +static void test_precopy_tcp_tls_x509_default_host(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_default_host, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_override_host(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_override_host, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_mismatch_host(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_mismatch_host, + test_migrate_tls_x509_finish, + true, /* expect_fail */ + true /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_friendly_client(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_friendly_client, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_hostile_client(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_hostile_client, + test_migrate_tls_x509_finish, + true, /* expect_quit */ + false /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_allow_anonymous_client(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_allow_anonymous_client, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_precopy_tcp_tls_x509_reject_anonymous_client(void) +{ + test_precopy_tcp_common(test_migrate_tls_x509_start_reject_anonymous_client, + test_migrate_tls_x509_finish, + true, /* expect_fail */ + false /* dst_quit */); } +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ static void *test_migrate_fd_start_hook(QTestState *from, @@ -1651,6 +1973,12 @@ int main(int argc, char **argv) #ifdef CONFIG_GNUTLS qtest_add_func("/migration/precopy/unix/tls/psk", test_precopy_unix_tls_psk); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/precopy/unix/tls/x509/default-host", + test_precopy_unix_tls_x509_default_host); + qtest_add_func("/migration/precopy/unix/tls/x509/override-host", + test_precopy_unix_tls_x509_override_host); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ qtest_add_func("/migration/precopy/tcp/plain", test_precopy_tcp_plain); @@ -1659,6 +1987,22 @@ int main(int argc, char **argv) test_precopy_tcp_tls_psk_match); qtest_add_func("/migration/precopy/tcp/tls/psk/mismatch", test_precopy_tcp_tls_psk_mismatch); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/precopy/tcp/tls/x509/default-host", + test_precopy_tcp_tls_x509_default_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/override-host", + test_precopy_tcp_tls_x509_override_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/mismatch-host", + test_precopy_tcp_tls_x509_mismatch_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/friendly-client", + test_precopy_tcp_tls_x509_friendly_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/hostile-client", + test_precopy_tcp_tls_x509_hostile_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/allow-anonymous-client", + test_precopy_tcp_tls_x509_allow_anonymous_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/reject-anonymous-client", + test_precopy_tcp_tls_x509_reject_anonymous_client); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ From patchwork Wed Mar 2 17:49:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766500 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E35BC433EF for ; Wed, 2 Mar 2022 18:13:45 +0000 (UTC) Received: from localhost ([::1]:43022 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTTr-0007uU-VO for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:13:44 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54400) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8X-0000Sm-LA for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:33604) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8V-00013H-Sc for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IQjfg5aIgrM2Dt2SlWrzzlkf5Ue3Yymh+B34IciuF8Y=; b=D6NfRsSx9o/u4dL72XwrImHSUZ5UzvIOwqdC++6IwJvDUN7FtlJekhhTB4fUdA9U+Ah5LO c/FeJ2kC6eKOKNnyZtVq+3f9UymY1RYW7RPfrYw95IAZkxdSg4SjGbo3mnaX9tBbPvTcPW t+LTfGDWFySwRfELI8pIoOX0CdrbpeI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-669-JZEeHF5bPoGVf2jwH0c86Q-1; Wed, 02 Mar 2022 12:51:38 -0500 X-MC-Unique: JZEeHF5bPoGVf2jwH0c86Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 722F951F6 for ; Wed, 2 Mar 2022 17:51:37 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 032FF8000B; Wed, 2 Mar 2022 17:51:09 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 14/18] tests: convert XBZRLE migration test to use common helper Date: Wed, 2 Mar 2022 17:49:28 +0000 Message-Id: <20220302174932.2692378-15-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Most of the XBZRLE migration test logic is common with the rest of the precopy tests, so it can use the helper with just one small tweak. Signed-off-by: Daniel P. Berrangé --- tests/qtest/migration-test.c | 70 ++++++++++++++---------------------- 1 file changed, 26 insertions(+), 44 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 4040443caa..9896fcb134 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1162,6 +1162,7 @@ typedef void (*TestMigrateFinishHook)(QTestState *from, * @expect_fail: true if we expect migration to fail * @dst_quit: true if we expect the dst QEMU to quit with an * abnormal exit status on failure + * @iterations: number of migration passes to wait for * @dirty_ring: true to use dirty ring tracking * * If @connect_uri is NULL, then it will query the dst @@ -1185,6 +1186,7 @@ static void test_precopy_common(const char *listen_uri, TestMigrateFinishHook finish_hook, bool expect_fail, bool dst_quit, + unsigned int iterations, bool dirty_ring) { MigrateStart *args = migrate_start_new(); @@ -1229,7 +1231,9 @@ static void test_precopy_common(const char *listen_uri, qtest_set_expected_status(to, 1); } } else { - wait_for_migration_pass(from); + while (iterations--) { + wait_for_migration_pass(from); + } migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); @@ -1255,6 +1259,7 @@ static void test_precopy_unix_common(TestMigrateStartHook start_hook, TestMigrateFinishHook finish_hook, bool expect_fail, bool dst_quit, + unsigned int iterations, bool dirty_ring) { g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); @@ -1265,6 +1270,7 @@ static void test_precopy_unix_common(TestMigrateStartHook start_hook, finish_hook, expect_fail, dst_quit, + iterations, dirty_ring); } @@ -1274,6 +1280,7 @@ static void test_precopy_unix_plain(void) NULL, /* finish_hook */ false, /* expect_fail */ false, /* dst_quit */ + 1, /* iterations */ false /* dirty_ring */); } @@ -1283,6 +1290,7 @@ static void test_precopy_unix_dirty_ring(void) NULL, /* finish_hook */ false, /* clientReject */ false, /* dst_quit */ + 1, /* iterations */ true /* dirty_ring */); } @@ -1293,6 +1301,7 @@ static void test_precopy_unix_tls_psk(void) test_migrate_tls_psk_finish, false, /* expect_fail */ false, /* dst_quit */ + 1, /* iterations */ false /* dirty_ring */); } @@ -1303,6 +1312,7 @@ static void test_precopy_unix_tls_x509_default_host(void) test_migrate_tls_x509_finish, true, /* expect_fail */ true, /* dst_quit */ + 1, /* iterations */ false /* dirty_ring */); } @@ -1312,6 +1322,7 @@ static void test_precopy_unix_tls_x509_override_host(void) test_migrate_tls_x509_finish, false, /* expect_fail */ false, /* dst_quit */ + 1, /* iterations */ false /* dirty_ring */); } #endif /* CONFIG_TASN1 */ @@ -1354,57 +1365,26 @@ static void test_ignore_shared(void) } #endif -static void test_xbzrle(const char *uri) +static void * +test_migrate_xbzrle_start(QTestState *from, + QTestState *to) { - MigrateStart *args = migrate_start_new(); - QTestState *from, *to; - - if (test_migrate_start(&from, &to, uri, args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge*/ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); - migrate_set_parameter_int(from, "xbzrle-cache-size", 33554432); migrate_set_capability(from, "xbzrle", true); migrate_set_capability(to, "xbzrle", true); - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); - migrate_qmp(from, uri, "{}"); - - wait_for_migration_pass(from); - /* Make sure we have 2 passes, so the xbzrle cache gets a workout */ - wait_for_migration_pass(from); - - /* 1000ms should converge */ - migrate_set_parameter_int(from, "downtime-limit", 1000); - - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); - - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - - test_migrate_end(from, to, true); + return NULL; } -static void test_xbzrle_unix(void) +static void test_precopy_unix_xbzrle(void) { - g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs); - - test_xbzrle(uri); + test_precopy_unix_common(test_migrate_xbzrle_start, + NULL, /* finish_hook */ + false, /* expect_fail */ + false, /* dst_quit */ + 2, /* iterations */ + false /* dirty_ring */); } static void test_precopy_tcp_common(TestMigrateStartHook start_hook, @@ -1418,6 +1398,7 @@ static void test_precopy_tcp_common(TestMigrateStartHook start_hook, finish_hook, expect_fail, dst_quit, + 1, /* iterations */ false /* dirty_ring */); } @@ -1572,6 +1553,7 @@ static void test_migrate_fd_proto(void) test_migrate_fd_finish_hook, false, /* expect_fail */ false, /* dst_quit */ + 1, /* iterations */ false /* dirty_ring */); } @@ -1970,6 +1952,7 @@ int main(int argc, char **argv) qtest_add_func("/migration/postcopy/recovery", test_postcopy_recovery); qtest_add_func("/migration/bad_dest", test_baddest); qtest_add_func("/migration/precopy/unix/plain", test_precopy_unix_plain); + qtest_add_func("/migration/precopy/unix/xbzrle", test_precopy_unix_xbzrle); #ifdef CONFIG_GNUTLS qtest_add_func("/migration/precopy/unix/tls/psk", test_precopy_unix_tls_psk); @@ -2006,7 +1989,6 @@ int main(int argc, char **argv) #endif /* CONFIG_GNUTLS */ /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ - qtest_add_func("/migration/xbzrle/unix", test_xbzrle_unix); qtest_add_func("/migration/fd_proto", test_migrate_fd_proto); qtest_add_func("/migration/validate_uuid", test_validate_uuid); qtest_add_func("/migration/validate_uuid_error", test_validate_uuid_error); From patchwork Wed Mar 2 17:49:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 24991C433FE for ; Wed, 2 Mar 2022 18:04:19 +0000 (UTC) Received: from localhost ([::1]:45098 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTKk-0006Ti-4o for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:04:18 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54414) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8a-0000Ty-He for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:44 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:44463) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8Z-00013f-1H for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HOSD65cbx7molMxuaFiyiTdouej8/JNOD7T7qrLJiA8=; b=Q9iE9FHUXyKVLFSzbMz+Fifd8tIMbaKY1//7Vrg1pfg43UzeOyR3MAcJ+U89bFQX0x1ZaV HTmyRGeYjOBN1dpZ7dhKyaWvkut+14fZH8cp3W6gRKdR4gz1v3Q4MiR2FD9YWuIkGjkOio l76yBiRtW6B+NTq3U+oQLywNuDV/kYI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-630-omcqZVFDM221wz65nKpZ-A-1; Wed, 02 Mar 2022 12:51:41 -0500 X-MC-Unique: omcqZVFDM221wz65nKpZ-A-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7C817824FA9 for ; Wed, 2 Mar 2022 17:51:40 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id CD6378000B; Wed, 2 Mar 2022 17:51:37 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 15/18] tests: convert multifd migration tests to use common helper Date: Wed, 2 Mar 2022 17:49:29 +0000 Message-Id: <20220302174932.2692378-16-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Most of the multifd migration test logic is common with the rest of the precopy tests, so it can use the helper without difficulty. The only exception of the multifd cancellation test which tries to run multiple migrations in a row. Signed-off-by: Daniel P. Berrangé --- tests/qtest/migration-test.c | 75 +++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 9896fcb134..7c69268aa8 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1716,26 +1716,12 @@ static void test_migrate_auto_converge(void) test_migrate_end(from, to, true); } -static void test_multifd_tcp(const char *method) +static void * +test_migration_precopy_tcp_multifd_start_common(QTestState *from, + QTestState *to, + const char *method) { - MigrateStart *args = migrate_start_new(); - QTestState *from, *to; QDict *rsp; - g_autofree char *uri = NULL; - - if (test_migrate_start(&from, &to, "defer", args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge*/ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); migrate_set_parameter_int(from, "multifd-channels", 16); migrate_set_parameter_int(to, "multifd-channels", 16); @@ -1751,41 +1737,58 @@ static void test_multifd_tcp(const char *method) " 'arguments': { 'uri': 'tcp:127.0.0.1:0' }}"); qobject_unref(rsp); - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); - - uri = migrate_get_socket_address(to, "socket-address"); - - migrate_qmp(from, uri, "{}"); + return NULL; +} - wait_for_migration_pass(from); +static void * +test_migration_precopy_tcp_multifd_start(QTestState *from, + QTestState *to) +{ + return test_migration_precopy_tcp_multifd_start_common(from, to, "none"); +} - migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); +static void * +test_migration_precopy_tcp_multifd_zlib_start(QTestState *from, + QTestState *to) +{ + return test_migration_precopy_tcp_multifd_start_common(from, to, "zlib"); +} - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); +#ifdef CONFIG_ZSTD +static void * +test_migration_precopy_tcp_multifd_zstd_start(QTestState *from, + QTestState *to) +{ + return test_migration_precopy_tcp_multifd_start_common(from, to, "zstd"); +} +#endif /* CONFIG_ZSTD */ - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - test_migrate_end(from, to, true); +static void test_multifd_tcp_common(TestMigrateStartHook start_hook) +{ + test_precopy_common("defer", + NULL, /* connect_uri */ + start_hook, + NULL, /* finish_hook */ + false, /* expect_fail */ + false, /* dst_quit */ + 1, /* iterations */ + false /* dirty_ring */); } static void test_multifd_tcp_none(void) { - test_multifd_tcp("none"); + test_multifd_tcp_common(test_migration_precopy_tcp_multifd_start); } static void test_multifd_tcp_zlib(void) { - test_multifd_tcp("zlib"); + test_multifd_tcp_common(test_migration_precopy_tcp_multifd_zlib_start); } #ifdef CONFIG_ZSTD static void test_multifd_tcp_zstd(void) { - test_multifd_tcp("zstd"); + test_multifd_tcp_common(test_migration_precopy_tcp_multifd_zstd_start); } #endif From patchwork Wed Mar 2 17:49:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6799BC4332F for ; Wed, 2 Mar 2022 18:02:57 +0000 (UTC) Received: from localhost ([::1]:42110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTJQ-0004Pk-EB for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:02:56 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8g-0000fa-NX for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:52 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:60615) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8f-00017N-4L for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1PD6iur7JlTnLW5DNO2YlWsDiOaLEQJa+ikoPJ5LJB8=; b=UGRaYKKE4YPZUXJDBbXv7dCeSA8lQ6T7pN4pohLaq9uuYmNFmip52a86kYVcAYiMzM7XQz Onf8Tf0yKrD/hN3u8MErrLXcZv+wmkxGjPLc5CT0mxN0hfkbTvRtTENnzM67piGC2jI71D u+LpDXFVPml3vEfRNFxlgsrMxgouLQQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-581-SWzqt4AdNneRzkLX2Zn7sA-1; Wed, 02 Mar 2022 12:51:45 -0500 X-MC-Unique: SWzqt4AdNneRzkLX2Zn7sA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8E11951DF for ; Wed, 2 Mar 2022 17:51:44 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id F37E38000B; Wed, 2 Mar 2022 17:51:41 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 16/18] tests: add multifd migration tests of TLS with PSK credentials Date: Wed, 2 Mar 2022 17:49:30 +0000 Message-Id: <20220302174932.2692378-17-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This validates that we correctly handle multifd migration success and failure scenarios when using TLS with pre shared keys. Signed-off-by: Daniel P. Berrangé --- tests/qtest/migration-test.c | 94 ++++++++++++++++++++++++++++-------- 1 file changed, 75 insertions(+), 19 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 7c69268aa8..506c6996e0 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1717,9 +1717,9 @@ static void test_migrate_auto_converge(void) } static void * -test_migration_precopy_tcp_multifd_start_common(QTestState *from, - QTestState *to, - const char *method) +test_migrate_precopy_tcp_multifd_start_common(QTestState *from, + QTestState *to, + const char *method) { QDict *rsp; @@ -1741,25 +1741,25 @@ test_migration_precopy_tcp_multifd_start_common(QTestState *from, } static void * -test_migration_precopy_tcp_multifd_start(QTestState *from, - QTestState *to) +test_migrate_precopy_tcp_multifd_start(QTestState *from, + QTestState *to) { - return test_migration_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); } static void * -test_migration_precopy_tcp_multifd_zlib_start(QTestState *from, - QTestState *to) +test_migrate_precopy_tcp_multifd_zlib_start(QTestState *from, + QTestState *to) { - return test_migration_precopy_tcp_multifd_start_common(from, to, "zlib"); + return test_migrate_precopy_tcp_multifd_start_common(from, to, "zlib"); } #ifdef CONFIG_ZSTD static void * -test_migration_precopy_tcp_multifd_zstd_start(QTestState *from, - QTestState *to) +test_migrate_precopy_tcp_multifd_zstd_start(QTestState *from, + QTestState *to) { - return test_migration_precopy_tcp_multifd_start_common(from, to, "zstd"); + return test_migrate_precopy_tcp_multifd_start_common(from, to, "zstd"); } #endif /* CONFIG_ZSTD */ @@ -1777,18 +1777,64 @@ static void test_multifd_tcp_common(TestMigrateStartHook start_hook) static void test_multifd_tcp_none(void) { - test_multifd_tcp_common(test_migration_precopy_tcp_multifd_start); + test_multifd_tcp_common(test_migrate_precopy_tcp_multifd_start); } static void test_multifd_tcp_zlib(void) { - test_multifd_tcp_common(test_migration_precopy_tcp_multifd_zlib_start); + test_multifd_tcp_common(test_migrate_precopy_tcp_multifd_zlib_start); } #ifdef CONFIG_ZSTD static void test_multifd_tcp_zstd(void) { - test_multifd_tcp_common(test_migration_precopy_tcp_multifd_zstd_start); + test_multifd_tcp_common(test_migrate_precopy_tcp_multifd_zstd_start); +} +#endif + +#ifdef CONFIG_GNUTLS +static void test_multifd_tcp_tls_common(TestMigrateStartHook start_hook, + TestMigrateFinishHook finish_hook, + bool expect_fail) +{ + test_precopy_common("defer", + NULL, /* connect_uri */ + start_hook, + finish_hook, + expect_fail, + false, /* dst_quit */ + 1, /* iterations */ + false /* dirty_ring */); +} + +static void * +test_migrate_multifd_tcp_tls_psk_start_match(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_psk_start_match(from, to); +} + +static void * +test_migrate_multifd_tcp_tls_psk_start_mismatch(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_psk_start_mismatch(from, to); +} + +static void test_multifd_tcp_tls_psk_match(void) +{ + test_multifd_tcp_tls_common(test_migrate_multifd_tcp_tls_psk_start_match, + test_migrate_tls_psk_finish, + false /* expect_fail */); +} + +static void test_multifd_tcp_tls_psk_mismatch(void) +{ + test_multifd_tcp_tls_common(test_migrate_multifd_tcp_tls_psk_start_mismatch, + test_migrate_tls_psk_finish, + true /* expect_fail */); } #endif @@ -2001,12 +2047,22 @@ int main(int argc, char **argv) test_validate_uuid_dst_not_set); qtest_add_func("/migration/auto_converge", test_migrate_auto_converge); - qtest_add_func("/migration/multifd/tcp/none", test_multifd_tcp_none); - qtest_add_func("/migration/multifd/tcp/cancel", test_multifd_tcp_cancel); - qtest_add_func("/migration/multifd/tcp/zlib", test_multifd_tcp_zlib); + qtest_add_func("/migration/multifd/tcp/plain/none", + test_multifd_tcp_none); + qtest_add_func("/migration/multifd/tcp/plain/cancel", + test_multifd_tcp_cancel); + qtest_add_func("/migration/multifd/tcp/plain/zlib", + test_multifd_tcp_zlib); #ifdef CONFIG_ZSTD - qtest_add_func("/migration/multifd/tcp/zstd", test_multifd_tcp_zstd); + qtest_add_func("/migration/multifd/tcp/plain/zstd", + test_multifd_tcp_zstd); #endif +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/multifd/tcp/tls/psk/match", + test_multifd_tcp_tls_psk_match); + qtest_add_func("/migration/multifd/tcp/tls/psk/mismatch", + test_multifd_tcp_tls_psk_mismatch); +#endif /* CONFIG_GNUTLS */ if (kvm_dirty_ring_supported()) { qtest_add_func("/migration/dirty_ring", From patchwork Wed Mar 2 17:49:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 858A7C433F5 for ; Wed, 2 Mar 2022 18:07:24 +0000 (UTC) Received: from localhost ([::1]:53594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTNj-00047N-MH for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 13:07:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54458) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8i-0000gT-9w for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:52 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:55031) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8g-00018Q-Jz for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243509; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+jkcmz3cyufu2+xCWvAltsycGM41zrPK5y7iuNUmPGw=; b=A5BR2YXV955PH0yff3eIL2qPUWTdm2cdBT7uWlo78g9b1iB6rrlasNIb2gY4PSud3xuSEe fc8LYR+k9VXkYlPT0mV0R52UPOKOX3c2va8NUeAOQ5ylLyaU4Jhv4QoOjJT+KokX8NZr08 wpiO4rJ/5KR94w3HgWC4vcSSxdmsSEw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-128-67cZUztBP_Cz_LKfmn6MGg-1; Wed, 02 Mar 2022 12:51:48 -0500 X-MC-Unique: 67cZUztBP_Cz_LKfmn6MGg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AA686824FA6 for ; Wed, 2 Mar 2022 17:51:47 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1363D80019; Wed, 2 Mar 2022 17:51:44 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 17/18] tests: add multifd migration tests of TLS with x509 credentials Date: Wed, 2 Mar 2022 17:49:31 +0000 Message-Id: <20220302174932.2692378-18-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This validates that we correctly handle multifd migration success and failure scenarios when using TLS with x509 certificates. There are quite a few different scenarios that matter in relation to hostname validation, but we skip a couple as we can assume that the non-multifd coverage applies to some extent. Signed-off-by: Daniel P. Berrangé --- tests/qtest/migration-test.c | 135 ++++++++++++++++++++++++++++++++--- 1 file changed, 126 insertions(+), 9 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 506c6996e0..95ae843e1b 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1795,20 +1795,21 @@ static void test_multifd_tcp_zstd(void) #ifdef CONFIG_GNUTLS static void test_multifd_tcp_tls_common(TestMigrateStartHook start_hook, TestMigrateFinishHook finish_hook, - bool expect_fail) + bool expect_fail, + bool dst_quit) { test_precopy_common("defer", NULL, /* connect_uri */ start_hook, finish_hook, expect_fail, - false, /* dst_quit */ + dst_quit, 1, /* iterations */ false /* dirty_ring */); } static void * -test_migrate_multifd_tcp_tls_psk_start_match(QTestState *from, +test_migrate_multifd_tls_psk_start_match(QTestState *from, QTestState *to) { test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); @@ -1816,27 +1817,131 @@ test_migrate_multifd_tcp_tls_psk_start_match(QTestState *from, } static void * -test_migrate_multifd_tcp_tls_psk_start_mismatch(QTestState *from, +test_migrate_multifd_tls_psk_start_mismatch(QTestState *from, QTestState *to) { test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); return test_migrate_tls_psk_start_mismatch(from, to); } +#ifdef CONFIG_TASN1 +static void * +test_migrate_multifd_tls_x509_start_default_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_default_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_override_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_override_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_mismatch_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_mismatch_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_allow_anonymous_client(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_allow_anonymous_client(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_reject_anonymous_client(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_reject_anonymous_client(from, to); +} +#endif /* CONFIG_TASN1 */ + static void test_multifd_tcp_tls_psk_match(void) { - test_multifd_tcp_tls_common(test_migrate_multifd_tcp_tls_psk_start_match, + test_multifd_tcp_tls_common(test_migrate_multifd_tls_psk_start_match, test_migrate_tls_psk_finish, - false /* expect_fail */); + false, /* expect_fail */ + false /* dst_quit */); } static void test_multifd_tcp_tls_psk_mismatch(void) { - test_multifd_tcp_tls_common(test_migrate_multifd_tcp_tls_psk_start_mismatch, + test_multifd_tcp_tls_common(test_migrate_multifd_tls_psk_start_mismatch, test_migrate_tls_psk_finish, - true /* expect_fail */); + true, /* expect_fail */ + false /* dst_quit */); } -#endif + +#ifdef CONFIG_TASN1 +static void test_multifd_tcp_tls_x509_default_host(void) +{ + test_multifd_tcp_tls_common( + test_migrate_multifd_tls_x509_start_default_host, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_multifd_tcp_tls_x509_override_host(void) +{ + test_multifd_tcp_tls_common( + test_migrate_multifd_tls_x509_start_override_host, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_multifd_tcp_tls_x509_mismatch_host(void) +{ + /* + * This has different behaviour to the non-multifd case. + * + * In non-multifd case when client aborts due to mismatched + * cert host, the server has already started trying to load + * migration state, and so it exits with I/O failure. + * + * In multifd case when client aborts due to mismatched + * cert host, the server is still waiting for the other + * multifd connections to arrive so hasn't started trying + * to load migration state, and thus just aborts the migration + * without exiting + */ + test_multifd_tcp_tls_common( + test_migrate_multifd_tls_x509_start_mismatch_host, + test_migrate_tls_x509_finish, + true, /* expect_fail */ + false /* dst_quit */); +} + +static void test_multifd_tcp_tls_x509_allow_anonymous_client(void) +{ + test_multifd_tcp_tls_common( + test_migrate_multifd_tls_x509_start_allow_anonymous_client, + test_migrate_tls_x509_finish, + false, /* expect_fail */ + false /* dst_quit */); +} + +static void test_multifd_tcp_tls_x509_reject_anonymous_client(void) +{ + test_multifd_tcp_tls_common( + test_migrate_multifd_tls_x509_start_reject_anonymous_client, + test_migrate_tls_x509_finish, + true, /* expect_fail */ + false /* dst_quit */); +} +#endif /* CONFIG_TASN1 */ +#endif /* CONFIHG_GNUTLS */ /* * This test does: @@ -2062,6 +2167,18 @@ int main(int argc, char **argv) test_multifd_tcp_tls_psk_match); qtest_add_func("/migration/multifd/tcp/tls/psk/mismatch", test_multifd_tcp_tls_psk_mismatch); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/multifd/tcp/tls/x509/default-host", + test_multifd_tcp_tls_x509_default_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/override-host", + test_multifd_tcp_tls_x509_override_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/mismatch-host", + test_multifd_tcp_tls_x509_mismatch_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/allow-anonymous-client", + test_multifd_tcp_tls_x509_allow_anonymous_client); + qtest_add_func("/migration/multifd/tcp/tls/x509/reject-anonymous-client", + test_multifd_tcp_tls_x509_reject_anonymous_client); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ if (kvm_dirty_ring_supported()) { From patchwork Wed Mar 2 17:49:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7CBB4C433EF for ; Wed, 2 Mar 2022 17:55:07 +0000 (UTC) Received: from localhost ([::1]:49974 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPTBq-0006qC-IB for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:55:06 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54474) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8k-0000l7-Aw for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:55 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:30388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT8i-00019a-PX for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:51:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sXDgHtapIpCIpuSDcqYvBFbDx8zlsNS0y92rvrQTmW4=; b=YGoMEwD9AWCumFUORvRSxtceV3z+A77w2DtZhvqThBlEchxsV1KS5+SyuCGNKGl8G58eUv O8cZfIx+d7j0QetIuoVKuRzCHPt5trgjyxqxBL1V4amF41K8S/pxkeTivWGgYDCCtC3lDt x1SHhqH+RqrEFBh5UfVZEOYND5/ZXGg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-39-c40RZQzhNQ-hXSw7Wf96yQ-1; Wed, 02 Mar 2022 12:51:51 -0500 X-MC-Unique: c40RZQzhNQ-hXSw7Wf96yQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 28C2F1006AA5 for ; Wed, 2 Mar 2022 17:51:50 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 333A880019; Wed, 2 Mar 2022 17:51:47 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 18/18] tests: ensure migration status isn't reported as failed Date: Wed, 2 Mar 2022 17:49:32 +0000 Message-Id: <20220302174932.2692378-19-berrange@redhat.com> In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com> References: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Various methods in the migration test call 'query_migrate' to fetch the current status and then access a particular field. Almost all of these cases expect the migration to be in a non-failed state. In the case of 'wait_for_migration_pass' in particular, if the status is 'failed' then it will get into an infinite loop. By validating that the status is not 'failed' the test suite will assert rather than hang when getting into an unexpected state. Signed-off-by: Daniel P. Berrangé Reviewed-by: Peter Xu --- tests/qtest/migration-helpers.c | 13 +++++++++++++ tests/qtest/migration-helpers.h | 1 + tests/qtest/migration-test.c | 6 +++--- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/tests/qtest/migration-helpers.c b/tests/qtest/migration-helpers.c index 4ee26014b7..a6aa59e4e6 100644 --- a/tests/qtest/migration-helpers.c +++ b/tests/qtest/migration-helpers.c @@ -107,6 +107,19 @@ QDict *migrate_query(QTestState *who) return wait_command(who, "{ 'execute': 'query-migrate' }"); } +QDict *migrate_query_not_failed(QTestState *who) +{ + const char *status; + QDict *rsp = migrate_query(who); + status = qdict_get_str(rsp, "status"); + if (g_str_equal(status, "failed")) { + g_printerr("query-migrate shows failed migration: %s\n", + qdict_get_str(rsp, "error-desc")); + } + g_assert(!g_str_equal(status, "failed")); + return rsp; +} + /* * Note: caller is responsible to free the returned object via * g_free() after use diff --git a/tests/qtest/migration-helpers.h b/tests/qtest/migration-helpers.h index d63bba9630..b710ece67e 100644 --- a/tests/qtest/migration-helpers.h +++ b/tests/qtest/migration-helpers.h @@ -26,6 +26,7 @@ GCC_FMT_ATTR(3, 4) void migrate_qmp(QTestState *who, const char *uri, const char *fmt, ...); QDict *migrate_query(QTestState *who); +QDict *migrate_query_not_failed(QTestState *who); void wait_for_migration_status(QTestState *who, const char *goal, const char **ungoals); diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 95ae843e1b..3570a7895c 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -181,7 +181,7 @@ static int64_t read_ram_property_int(QTestState *who, const char *property) QDict *rsp_return, *rsp_ram; int64_t result; - rsp_return = migrate_query(who); + rsp_return = migrate_query_not_failed(who); if (!qdict_haskey(rsp_return, "ram")) { /* Still in setup */ result = 0; @@ -198,7 +198,7 @@ static int64_t read_migrate_property_int(QTestState *who, const char *property) QDict *rsp_return; int64_t result; - rsp_return = migrate_query(who); + rsp_return = migrate_query_not_failed(who); result = qdict_get_try_int(rsp_return, property, 0); qobject_unref(rsp_return); return result; @@ -213,7 +213,7 @@ static void read_blocktime(QTestState *who) { QDict *rsp_return; - rsp_return = migrate_query(who); + rsp_return = migrate_query_not_failed(who); g_assert(qdict_haskey(rsp_return, "postcopy-blocktime")); qobject_unref(rsp_return); }