Potential kTLS issue with TLS-PSK, GnuTLS + Rawhide - how to debug it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Daiki & Frantisek,

There's a new error that is appearing in the libnbd test suite when
testing TLS-PSK.  Regular TLS (with X.509 certs) works fine.  It seems
to have started since I upgraded the kernel on my machine from 5.19.0 ->
6.1.0, and I think it is related to kTLS.

You may be able to reproduce it fairly easily in Fedora Rawhide, or in
Fedora 37 by upgrading the kernel, nbdkit and libnbd to Rawhide versions.

  $ uname -a
  Linux pick.home.annexia.org 6.1.0-0.rc6.46.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Nov 21 16:07:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

  $ nbdkit --version
  nbdkit 1.33.3 (nbdkit-1.33.3-1.fc38)
  $ nbdinfo --version
  nbdinfo 1.15.7
  libnbd 1.15.7

To reproduce it:

  $ psktool -u bob -p keys.psk
  Generating a random key for user 'bob'
  Key stored to keys.psk

  $ nbdkit --tls=require --tls-psk=keys.psk null \
           --run 'nbdinfo "nbds://bob@localhost/?tls-psk-file=keys.psk" '
  nbdkit: null[1]: error: gnutls_record_recv: Error in the pull function.
  nbdkit: null[1]: error: reading option: conn->recv: Input/output error
  nbdinfo: nbd_connect_uri: gnutls_record_recv: Error in the pull function.

For lots more debugging, use this command instead:

  $ nbdkit -fv --tls=require --tls-psk=keys.psk \
               -D nbdkit.tls.log=99 -D nbdkit.tls.session=1 null \
               --run 'LIBNBD_DEBUG=1 nbdinfo "nbds://bob@localhost/?tls-psk-file=keys.psk" '

The reason I believe it is related to kTLS is because if I do:

  # modprobe -r tls

then the error goes away.  Loading the module makes the error appear
again.  (Note that the module appears to be loaded on boot, so this
error will happen for all Rawhide users unless they take special
action.)

Are there ways to debug kTLS?  It seems like there is no kernel output
related to the above failure.

Are there ways to override GnuTLS automatic detection of kTLS, to
temporarily disable it, even when the kernel module is loaded?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux