On Tue, May 05, 2015 at 04:54:44PM +0200, Kashyap Chamarthy wrote: [. . .]
> While running QEMU as TLS server, the TLS handshake completes > successfully when connected via `gnutls-cli`. > > However, when using QEMU as client to connect to an existing GnuTLS > server, I notice a segmentation fault: > > $ /home/kashyapc/build/tls-qemu/x86_64-softmmu/qemu-system-x86_64 \ > -nodefconfig -nodefaults -device sga -display none \ > -chardev socket,id=s0,host=localhost,port=9000,tls-cred=tls0 \ > -device isa-serial,chardev=s0 \ > -object > qcrypto-tls-creds,id=tls0,credtype=x509,endpoint=client,dir=/export/security/gnutls > Segmentation fault (core dumped) Some debugging with `gdb` below. QEMU was built with: ./configure --target-list=x86_64-softmmu --enable-debug make -j4 Stack traces: $ gdb /home/kashyapc/build/tls-qemu/x86_64-softmmu/qemu-system-x86_64 [. . .] (gdb) run -nodefconfig -nodefaults -device sga -display none -chardev socket,id=s0,host=localhost,port=9000,tls-cred=tls0 -device isa-serial,chardev=s0 -object qcrypto-tls-creds,id=tls0,credtype=x509,endpoint=client,dir=/export/security/gnutls Starting program: /home/kashyapc/build/tls-qemu/x86_64-softmmu/qemu-system-x86_64 -nodefconfig -nodefaults -device sga -display none -chardev socket,id=s0,host=localhost,port=9000,tls-cred=tls0 -device isa-serial,chardev=s0 -object qcrypto-tls-creds,id=tls0,credtype=x509,endpoint=client,dir=/export/security/gnutls [. . .] Program received signal SIGSEGV, Segmentation fault. __strstr_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:40 40 movdqu (%rdi), %xmm3 (gdb) thread apply all bt full Thread 2 (Thread 0x7fffe4fcc700 (LWP 5393)): #0 0x00007ffff6bce8fd in nanosleep () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff64f1de8 in g_usleep () at /lib64/libglib-2.0.so.0 #2 0x00005555559d32d7 in call_rcu_thread (opaque=0x0) at /home/kashyapc/tinker-space/qemu/util/rcu.c:228 tries = 0 n = 0 node = 0x7ffff7fd19a0 #3 0x00007ffff6bc652a in start_thread (arg=0x7fffe4fcc700) at pthread_create.c:310 __res = <optimized out> pd = 0x7fffe4fcc700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737035159296, 3180389637749088242, 140737488345857, 4096, 140737035159296, 140737035160000, -3180444589616128014, -3180404459381186574}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #4 0x00007fffeea0979d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 ---Type <return> to continue, or q <return> to quit--- Thread 1 (Thread 0x7ffff7f89bc0 (LWP 5389)): #0 0x00007fffee9ae6dd in __strstr_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:40 #1 0x00007ffff1c6b370 in _gnutls_url_is_known () at /lib64/libgnutls.so.28 #2 0x00007ffff1c6b3d9 in gnutls_certificate_set_x509_key_file2 () at /lib64/libgnutls.so.28 #3 0x00005555559aba85 in qcrypto_tls_creds_load_x509 (creds=0x55555639ac60, errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/crypto/tlscreds.c:728 cacert = 0x55555639a8c0 "/export/security/gnutls/ca-cert.pem" cacrl = 0x0 cert = 0x0 key = 0x0 dhparams = 0x0 ret = 1 rv = -1 #4 0x00005555559abdb2 in qcrypto_tls_creds_load (creds=0x55555639ac60, errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/crypto/tlscreds.c:820 #5 0x00005555559abf30 in qcrypto_tls_creds_prop_set_loaded (obj=0x55555639ac60, value=true, errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/crypto/tlscreds.c:888 creds = 0x55555639ac60 __func__ = "qcrypto_tls_creds_prop_set_loaded" #6 0x00005555558cec1c in property_set_bool (obj=0x55555639ac60, v=0x55555639b4d0, opaque=0x55555639ad40, name=0x555555a59695 "loaded", errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/qom/object.c:1600 prop = 0x55555639ad40 value = true local_err = 0x0 ---Type <return> to continue, or q <return> to quit--- #7 0x00005555558cd485 in object_property_set (obj=0x55555639ac60, v=0x55555639b4d0, name=0x555555a59695 "loaded", errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/qom/object.c:901 prop = 0x55555639ad60 #8 0x00005555558cfa47 in object_property_set_qobject (obj=0x55555639ac60, value=0x55555639b200, name=0x555555a59695 "loaded", errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/qom/qom-qobject.c:24 mi = 0x55555639b4d0 #9 0x00005555558cd6f4 in object_property_set_bool (obj=0x55555639ac60, value=true, name=0x555555a59695 "loaded", errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/qom/object.c:969 qbool = 0x55555639b200 #10 0x00005555559ac2e5 in qcrypto_tls_creds_complete (uc=0x55555639ac60, errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/crypto/tlscreds.c:1018 #11 0x00005555558d0899 in user_creatable_complete (obj=0x55555639ac60, errp=0x7fffffffd8d8) at /home/kashyapc/tinker-space/qemu/qom/object_interfaces.c:17 ucc = 0x5555563702f0 uc = 0x55555639ac60 __func__ = "user_creatable_complete" #12 0x0000555555750201 in object_add (type=0x55555639a8f0 "qcrypto-tls-creds", id=0x55555639a850 "tls0", qdict=0x5555563997b0, v=0x5555563996a0, errp=0x7fffffffd920) at /home/kashyapc/tinker-space/qemu/qmp.c:659 obj = 0x55555639ac60 klass = 0x555556370050 e = 0x0 local_err = 0x0 #13 0x0000555555736a2d in object_create (opts=0x55555638a7e0, opaque=0x55555573684e <object_create_phase1>) at /home/kashyapc/tinker-space/qemu/vl.c:2644 err = 0x0 type = 0x55555639a8f0 "qcrypto-tls-creds" ---Type <return> to continue, or q <return> to quit--- id = 0x55555639a850 "tls0" dummy = 0x55555639aaf0 ov = 0x5555563996a0 pdict = 0x5555563997b0 type_predicate = 0x55555573684e <object_create_phase1> #14 0x00005555559d08e0 in qemu_opts_foreach (list=0x555555e12ee0 <qemu_object_opts>, func=0x5555557368aa <object_create>, opaque=0x55555573684e <object_create_phase1>, abort_on_failure=0) at /home/kashyapc/tinker-space/qemu/util/qemu-option.c:1059 loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffde10, prev = 0x555556315300 <std_loc>} opts = 0x55555638a7e0 rc = 0 #15 0x000055555573a273 in main (argc=13, argv=0x7fffffffddb8, envp=0x7fffffffde28) at /home/kashyapc/tinker-space/qemu/vl.c:4039 i = 21845 snapshot = 0 linux_boot = 3 initrd_filename = 0xffff800000002441 <error: Cannot access memory at address 0xffff800000002441> kernel_filename = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff> kernel_cmdline = 0x555556345060 "\241x\244UUU" boot_order = 0x0 boot_once = 0x0 ds = 0x7fffffffdbbf cyls = 0 ---Type <return> to continue, or q <return> to quit--- heads = 0 secs = 0 translation = 0 hda_opts = 0x0 opts = 0x55555638aa50 machine_opts = 0xffffffffffffffff icount_opts = 0x0 olist = 0x0 optind = 13 optarg = 0x0 loadvm = 0x0 machine_class = 0x55555637ac70 cpu_model = 0x0 vga_model = 0x0 qtest_chrdev = 0x0 qtest_log = 0x0 pid_file = 0x0 incoming = 0x0 show_vnc_port = 0 defconfig = false userconfig = true ---Type <return> to continue, or q <return> to quit--- log_mask = 0x0 log_file = 0x0 mem_trace = {malloc = 0x5555557366c1 <malloc_and_trace>, realloc = 0x5555557366f6 <realloc_and_trace>, free = 0x55555573673a <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0} trace_events = 0x0 trace_file = 0x0 maxram_size = 134217728 ram_slots = 0 vmstate_dump_file = 0x0 main_loop_err = 0x0 err = 0x0 __func__ = "main" -- /kashyap