socat bug with SSL "file transfers"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
socat (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I'm running ganeti 3.0.1 on Ubuntu 20.04, and running into issues with moving instances between host nodes. Under the hood, this use socat to copy the disk data from one node to another. In 20.04, the copy seems to copy nearly all the data, but then at the very end it fails with:
Wed Jul 14 19:57:00 2021 - WARNING: import 'import-
Wed Jul 14 19:57:00 2021 disk/0 failed to receive data: Exited with status 1 (recent output: dd: warning: partial read (65494 bytes); suggest iflag=fullblock
The copy seems to be almost 2MB short, expected size is 21,978,152,960 the copy above reports it copied 21,976,203,264
I've tried to isolate this down to a reproducable test case that does not require ganeti, but I don't seem to have the socat chops to make it happen. I'll list what I have so far down below.
I believe this is an issue with socat version 1.7.3.3-2 because:
- If I install socat_1.
- On the socat website ( http://
The actual commands being run by ganeti are:
bash -o errexit -o pipefail -c { echo -E -n M=b0f141f7085de
and:
bash -o errexit -o pipefail -c /usr/bin/socat -ls -d -d -b1048576 -u OPENSSL-
I tried to simplify this down to a pair of socat commands like this:
/usr/bin/socat -ls -d -d -b1048576 -u OPENSSL-
dd if=/usr/bin/perl bs=1048576 | /usr/bin/socat -ls -d -d -b1048576 -u stdin OPENSSL:
But this fails with: "ioctl(6, IOCTL_VM_
I'm going to be just installing the 21.04 socat package on my ganeti+20.04 systems, as so far in my testing that seems to be working fine and will prevent me from having to pin the 18.04 packages.
summary: |
- socat bug with SSL "filte transfers" + socat bug with SSL "file transfers" |
In the socat git repository, if you diff tag 1.7.4.0 to 1.7.4.1, you see this:
+Corrections: STREAM_ TO_SERVER
...
+ Under certain conditions OpenSSL stream connections, in particular bulk
+ data transfer in unidirectional mode, failed during transfer or near
+ its with Connection reset by peer on receiver side.
+ This happened with Socat versions 1.7.3.3 to 1.7.4.0. Reasons were
+ lazy SSL shutdown handling on the sender side in combination with
+ SSL_MODE_AUTO_RETRY turned off.
+ Fix: After SSH_shutdown but before socket shutdown call SSL_read()
+ Test: OPENSSL_
+ Fixes Red Hat issue 1870279.