Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix open AF_INET sockets in s2n_self_talk_ktls_test.c #4852

Merged
merged 9 commits into from
Nov 12, 2024
Merged

fix: fix open AF_INET sockets in s2n_self_talk_ktls_test.c #4852

merged 9 commits into from
Nov 12, 2024

Conversation

boquan-fang
Copy link
Contributor

@boquan-fang boquan-fang commented Oct 18, 2024
edited
Loading

Resolved issues:

Partially solve #4005. Detected opened AF_INET sockets in s2n_self_talk_ktls_test.c.

Description of changes:

  • Remove fork in s2n_new_inet_socket_pair, and do connect and accept in the same process.
  • Close a file fd, that was left opened.

Call-outs:

  • This problem is detected while running the open fds check.
    • The result shows such leak in Ubuntu 22 and 24 (test results for awslc, openssl-3.0, and openssl-1.0.2).
    • Previous check on open fds were ran on Ubuntu 18. KTLS is not support on our Ubuntu 18 platform, so the test is skipped. Hence, such problem was not detected previously.

Removing fork doesn't change the test behavior.

Logical Explanations: Given that our sockets are initialized as blocking sockets, accept will be blocked and wait for its first connection request if no connection is previously requested. This behavior is specified in the man page for accept. With fork, if accept is called before connect, the parent process will be blocked and switch to child process where connect will be called. We can move the connect function call into the main process before accept to make sure the test will not be blocked. connect function doesn't expect accept to be called before it, so it won't block the process.

The purpose of s2n_new_inet_socket_pair is to set up io_pair's client and server with AF_INET sockets, so that io_pair can be used in the test for KTLS communications. The test behaviors won't be changed, as long as s2n_new_inet_socket_pair fulfills that purpose.

Concerns if the function failed: If such change makes s2n_new_inet_socket_pair failed, then unit tests running in CI will fail the test. Local test might still passes, since I didn't set the S2N_KTLS_TESTING_EXPECTED environment variable locally. Because of the check, the test might just ends if the s2n_new_inet_socket_pair fails.

s2n-tls/tests/unit/s2n_self_talk_ktls_test.c

Lines 168 to 175 in c58f23c

if (s2n_result_is_error(s2n_new_inet_socket_pair(&io_pair))) {
/* We should be able to setup AF_INET sockets everywhere, but if
* we can't, don't block the build unless the build explicitly expects
* to be able to test ktls.
*/
EXPECT_FALSE(ktls_expected);
END_TEST();
}

However, that would leads to a very small number of tests passed, since this check is located at the beginning of the test. I checked the number of tests that passed after the change which is 682, that means the function didn't failed and the test is fully executed.

Testing:

  • Test it locally, and all opened AF_INET sockets are closed in s2n_self_talk_ktls_test.c.
  • Test it in codebuild with the newly proposed open fds check.
  • The test for this PR is ran in a branch which has valgrind open fds check.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Oct 18, 2024
@boquan-fang boquan-fang marked this pull request as ready for review October 18, 2024 00:31
goatgoose
goatgoose reviewed Oct 21, 2024
View reviewed changes
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
fix: address PR comments
53b9365 
* do open and close `file` whenever that is needed
@lrstewart lrstewart requested review from lrstewart and removed request for jmayclin October 23, 2024 00:49
lrstewart
lrstewart reviewed Oct 23, 2024
View reviewed changes
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
Boquan Fang added 3 commits October 28, 2024 16:55
ci: remove ZERO_TO_DEFER_CLEANUP
fa6512e
address PR comments:
d8aa198 
* move file open down to Test: s2n_sendfile and close it immediately
  after that test.
    * Hence we will only need to open the file once
fix format issue
4d6b954 
* there should be a line to separate close file and the for loop test
goatgoose
goatgoose reviewed Oct 31, 2024
View reviewed changes
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
tests/unit/s2n_self_talk_ktls_test.c Outdated Show resolved Hide resolved
Boquan Fang added 2 commits October 31, 2024 21:25
@boquan-fang boquan-fang mentioned this pull request Nov 8, 2024
Merged
@boquan-fang boquan-fang enabled auto-merge (squash) November 11, 2024 23:26
@boquan-fang boquan-fang merged commit db1589d into aws:main Nov 12, 2024
37 checks passed
@boquan-fang boquan-fang mentioned this pull request Nov 12, 2024
Closed
8 tasks
@boquan-fang boquan-fang mentioned this pull request Nov 13, 2024
Open
@BrewTestBot BrewTestBot mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@boquan-fang @goatgoose @lrstewart