qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 48b858: iotests: fix expected output from gnu


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 48b858: iotests: fix expected output from gnutls
Date: Mon, 09 Sep 2024 09:06:23 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 48b8583698d96d6290726400789fcd51c55691b1
      
https://github.com/qemu/qemu/commit/48b8583698d96d6290726400789fcd51c55691b1
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M tests/qemu-iotests/233.out

  Log Message:
  -----------
  iotests: fix expected output from gnutls

Error reporting from gnutls was improved by:

  commit 57941c9c86357a6a642f9ee3279d881df4043b6d
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Fri Mar 15 14:07:58 2024 +0000

    crypto: push error reporting into TLS session I/O APIs

This has the effect of changing the output from one of the NBD
tests.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: c72cab5ad9f849bbcfcf4be7952b8b8946cc626e
      
https://github.com/qemu/qemu/commit/c72cab5ad9f849bbcfcf4be7952b8b8946cc626e
  Author: Tiago Pasqualini <tiago.pasqualini@canonical.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/pbkdf.c

  Log Message:
  -----------
  crypto: run qcrypto_pbkdf2_count_iters in a new thread

CPU time accounting in the kernel has been demonstrated to have a
sawtooth pattern[1][2]. This can cause the getrusage system call to
not be as accurate as we are expecting, which can cause this calculation
to stall.

The kernel discussions shows that this inaccuracy happens when CPU time
gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
in a fresh thread to avoid this inaccuracy. It also adds a sanity check
to fail the process if CPU time is not accounted.

[1] 
https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
[2] 
https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534

Resolves: #2398
Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: e6c09ea4f9e5f8af92a6453642b84b9efd52892f
      
https://github.com/qemu/qemu/commit/e6c09ea4f9e5f8af92a6453642b84b9efd52892f
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/pbkdf-gcrypt.c
    M crypto/pbkdf-gnutls.c

  Log Message:
  -----------
  crypto: check gnutls & gcrypt support the requested pbkdf hash

Both gnutls and gcrypt can be configured to exclude support for certain
algorithms via a runtime check against system crypto policies. Thus it
is not sufficient to have a compile time test for hash support in their
pbkdf implementations.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: b0fe44b56b6d02e6f57577cdf69dfb54fd6ada99
      
https://github.com/qemu/qemu/commit/b0fe44b56b6d02e6f57577cdf69dfb54fd6ada99
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M tests/unit/meson.build
    M tests/unit/test-crypto-pbkdf.c

  Log Message:
  -----------
  tests/unit: always build the pbkdf crypto unit test

The meson rules were excluding the pbkdf crypto test when gnutls was the
crypto backend. It was then excluded again in #if statements in the test
file.

Rather than update these conditions, remove them all, and use the result
of the qcrypto_pbkdf_supports() function to determine whether to skip
test registration.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: ebe0302ac822da214f347f6cc37a73139660bed8
      
https://github.com/qemu/qemu/commit/ebe0302ac822da214f347f6cc37a73139660bed8
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M tests/unit/test-crypto-pbkdf.c

  Log Message:
  -----------
  tests/unit: build pbkdf test on macOS

Add CONFIG_DARWIN to the pbkdf test build condition, since we have a way
to measure CPU time on this platform since commit bf98afc75efedf1.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 586ac2c67d707c2588766c5195d94fa553cc25af
      
https://github.com/qemu/qemu/commit/586ac2c67d707c2588766c5195d94fa553cc25af
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/cipher-nettle.c.inc

  Log Message:
  -----------
  crypto: avoid leak of ctx when bad cipher mode is given

Fixes: Coverity CID 1546884
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 41162dd6ee5bc8bfd73f549d6bddd24e9b205c18
      
https://github.com/qemu/qemu/commit/41162dd6ee5bc8bfd73f549d6bddd24e9b205c18
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/cipher-nettle.c.inc

  Log Message:
  -----------
  crypto: use consistent error reporting pattern for unsupported cipher modes

Not all paths in qcrypto_cipher_ctx_new() were correctly distinguishing
between valid user input for cipher mode (which should report a user
facing error), vs program logic errors (which should assert).

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 5d04de7de54e163b056980be10ee1c281a600276
      
https://github.com/qemu/qemu/commit/5d04de7de54e163b056980be10ee1c281a600276
  Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/hash.c
    M include/crypto/hash.h

  Log Message:
  -----------
  crypto: Define macros for hash algorithm digest lengths

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 9893da71b274cc16f9a5fc18b94896f4887bcc2d
      
https://github.com/qemu/qemu/commit/9893da71b274cc16f9a5fc18b94896f4887bcc2d
  Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/hash-glib.c

  Log Message:
  -----------
  crypto: Support SHA384 hash when using glib

QEMU requires minimum glib version 2.66.0 as per the root meson.build
file and per glib documentation[1] G_CHECKSUM_SHA384 is available since
2.51.

[1] https://docs.gtk.org/glib/enum.ChecksumType.html

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c
      
https://github.com/qemu/qemu/commit/10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c
  Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/meson.build
    A crypto/x509-utils.c
    A include/crypto/x509-utils.h

  Log Message:
  -----------
  crypto: Introduce x509 utils

An utility function for getting fingerprint from X.509 certificate
has been introduced. Implementation only provided using gnutls.

Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
[DB: fixed missing gnutls_x509_crt_deinit in success path]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 7bbadc60b58b742494555f06cd342311ddab9351
      
https://github.com/qemu/qemu/commit/7bbadc60b58b742494555f06cd342311ddab9351
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-09-09 (Mon, 09 Sep 2024)

  Changed paths:
    M crypto/cipher-nettle.c.inc
    M crypto/hash-glib.c
    M crypto/hash.c
    M crypto/meson.build
    M crypto/pbkdf-gcrypt.c
    M crypto/pbkdf-gnutls.c
    M crypto/pbkdf.c
    A crypto/x509-utils.c
    M include/crypto/hash.h
    A include/crypto/x509-utils.h
    M tests/qemu-iotests/233.out
    M tests/unit/meson.build
    M tests/unit/test-crypto-pbkdf.c

  Log Message:
  -----------
  Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu 
into staging

Various crypto fixes

 * Support sha384 with glib crypto backend
 * Improve error reporting for unsupported cipher modes
 * Avoid memory leak when bad cipher mode is given
 * Run pbkdf tests on macOS
 * Runtime check for pbkdf hash impls with gnutls & gcrypt
 * Avoid hangs counter pbkdf iterations on some Linux kernels
   by using a throwaway thread for benchmarking performance
 * Fix iotests expected output from gnutls errors

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmbfAy4ACgkQvobrtBUQ
# T99ZLhAAomQ7GeUNYM2/Fh9VptSAy9nddp7WwMd2egTZ+wPMnvalxXiMupf0WNzb
# 3CJtXojeNCCV8PtBuTmlCmLg+HxFA+zQgkizS9WqUOMies54woGrwQCUIlyez1Au
# Y2+9GbRRrkJA860R1aK2EJI5C2ofJf+CJd/nWSxsTzZSPu6Iu3V9ZahSdAq8o96R
# AMh//6MOuX5pauyTYLXL3jpxEJEM4YjQ/+AF8D5FYustcN1Icjv2KPL1PArwUOTe
# m1NZtcWLxZpmis5vXO8davMbB16bda6YUxuBQ++pFlF3ars7U2JldZ4DIqECAKkI
# sxtw6Wq/IjdVwyJLj/+c7CX3/T1p4IuJ8ch6sfVnQz1KUf2NxPtBwSXqQneLUa2G
# b46swxL695nCBYkbcfgWYfL5BaU1b0W8Xkk4sRoTNN5tDcYOuE9nMTMu71pHifmz
# 1itkxvLdLkwH7mxzTAxVV+vdQk3KiXlmt42/hOJMgAC3WRp2JJsEv64Jpq9huooA
# a+7fM5c2r3b77q7hjIwp8X6HmNehCt2KQiGvn0DvMmqb22r/RT9VzE89iNhPNSUx
# rCj7b2+19Xrfe1wxwl07GJ7yUXX4XIcphH66iO9nu1RQDBATqNSiJ/dHCfP9iiEP
# 7PHf4krOSzA+wL67FP+u8x0sVhpPmbPRvU8VW4+D+Av91TK5wo0=
# =wLAZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 09 Sep 2024 15:16:14 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu:
  crypto: Introduce x509 utils
  crypto: Support SHA384 hash when using glib
  crypto: Define macros for hash algorithm digest lengths
  crypto: use consistent error reporting pattern for unsupported cipher modes
  crypto: avoid leak of ctx when bad cipher mode is given
  tests/unit: build pbkdf test on macOS
  tests/unit: always build the pbkdf crypto unit test
  crypto: check gnutls & gcrypt support the requested pbkdf hash
  crypto: run qcrypto_pbkdf2_count_iters in a new thread
  iotests: fix expected output from gnutls

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/f2aee60305a1...7bbadc60b58b

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications



reply via email to

[Prev in Thread] Current Thread [Next in Thread]