qemu-e2k/chardev
Thomas Huth 462945cd22 chardev/char-socket: Fix TLS io channels sending too much data to the backend
Commit ffda5db65a ("io/channel-tls: fix handling of bigger read buffers")
changed the behavior of the TLS io channels to schedule a second reading
attempt if there is still incoming data pending. This caused a regression
with backends like the sclpconsole that check in their read function that
the sender does not try to write more bytes to it than the device can
currently handle.

The problem can be reproduced like this:

 1) In one terminal, do this:

  mkdir qemu-pki
  cd qemu-pki
  openssl genrsa 2048 > ca-key.pem
  openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem
  # enter some dummy value for the cert
  openssl genrsa 2048 > server-key.pem
  openssl req -new -x509 -nodes -days 365000 -key server-key.pem \
    -out server-cert.pem
  # enter some other dummy values for the cert

  gnutls-serv --echo --x509cafile ca-cert.pem --x509keyfile server-key.pem \
              --x509certfile server-cert.pem -p 8338

 2) In another terminal, do this:

  wget https://download.fedoraproject.org/pub/fedora-secondary/releases/39/Cloud/s390x/images/Fedora-Cloud-Base-39-1.5.s390x.qcow2

  qemu-system-s390x -nographic -nodefaults \
    -hda Fedora-Cloud-Base-39-1.5.s390x.qcow2 \
    -object tls-creds-x509,id=tls0,endpoint=client,verify-peer=false,dir=$PWD/qemu-pki \
    -chardev socket,id=tls_chardev,host=localhost,port=8338,tls-creds=tls0 \
    -device sclpconsole,chardev=tls_chardev,id=tls_serial

QEMU then aborts after a second or two with:

  qemu-system-s390x: ../hw/char/sclpconsole.c:73: chr_read: Assertion
   `size <= SIZE_BUFFER_VT220 - scon->iov_data_len' failed.
 Aborted (core dumped)

It looks like the second read does not trigger the chr_can_read() function
to be called before the second read, which should normally always be done
before sending bytes to a character device to see how much it can handle,
so the s->max_size in tcp_chr_read() still contains the old value from the
previous read. Let's make sure that we use the up-to-date value by calling
tcp_chr_read_poll() again here.

Fixes: ffda5db65a ("io/channel-tls: fix handling of bigger read buffers")
Buglink: https://issues.redhat.com/browse/RHEL-24614
Reviewed-by: "Daniel P. Berrangé" <berrange@redhat.com>
Message-ID: <20240229104339.42574-1-thuth@redhat.com>
Reviewed-by: Antoine Damhet <antoine.damhet@blade-group.com>
Tested-by: Antoine Damhet <antoine.damhet@blade-group.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2024-03-01 08:27:33 +01:00
..
baum.c replace TABs with spaces 2023-03-20 12:43:50 +01:00
char-console.c
char-fd.c
char-fe.c chardev: use bool for fe_is_open 2024-01-12 13:23:48 +00:00
char-file.c chardev: Allow setting file chardev input file on the command line 2023-04-20 06:50:11 +02:00
char-hmp-cmds.c char: Move HMP commands from monitor/ to chardev/ 2023-02-04 07:56:54 +01:00
char-io.c
char-mux.c
char-null.c
char-parallel.c chardev/parallel: Don't close stdin on inappropriate device 2024-02-14 07:44:38 +01:00
char-pipe.c
char-pty.c chardev/char-pty: Avoid losing bytes when the other side just (re-)connected 2023-10-03 15:40:09 +04:00
char-ringbuf.c
char-serial.c
char-socket.c chardev/char-socket: Fix TLS io channels sending too much data to the backend 2024-03-01 08:27:33 +01:00
char-stdio.c
char-udp.c
char-win-stdio.c chardev/char-win-stdio: Support VT sequences on Windows 11 host 2023-06-27 17:08:56 +02:00
char-win.c
char.c chardev: use bool for fe_is_open 2024-01-12 13:23:48 +00:00
chardev-internal.h
meson.build chardev/parallel: Don't close stdin on inappropriate device 2024-02-14 07:44:38 +01:00
msmouse.c ui/input: Constify QemuInputHandler structure 2023-10-19 23:13:28 +02:00
spice.c ui/spice: Require spice-server >= 0.14.0 2023-01-19 13:30:01 +01:00
testdev.c
trace-events
trace.h
wctablet.c ui/input: Constify QemuInputHandler structure 2023-10-19 23:13:28 +02:00