mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Eric Biggers
881eccda82
For conciseness in tests, add helper functions that wrap the xfs_io commands 'set_encpolicy' and 'get_encpolicy'. Then update all encryption tests to use them. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: Eryu Guan <guaneryu@gmail.com>
93 lines
2.3 KiB
Bash
Executable File
93 lines
2.3 KiB
Bash
Executable File
#! /bin/bash
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
# Copyright (c) 2017 Google, Inc. All Rights Reserved.
|
|
#
|
|
# FS QA Test generic/421
|
|
#
|
|
# Test revoking an encryption key during concurrent I/O. Regression test for
|
|
# 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key
|
|
# revocation").
|
|
#
|
|
seq=`basename $0`
|
|
seqres=$RESULT_DIR/$seq
|
|
echo "QA output created by $seq"
|
|
|
|
here=`pwd`
|
|
tmp=/tmp/$$
|
|
status=1 # failure is the default!
|
|
trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
|
|
_cleanup()
|
|
{
|
|
cd /
|
|
rm -f $tmp.*
|
|
}
|
|
|
|
# get standard environment, filters and checks
|
|
. ./common/rc
|
|
. ./common/filter
|
|
. ./common/encrypt
|
|
|
|
# remove previous $seqres.full before test
|
|
rm -f $seqres.full
|
|
|
|
# real QA test starts here
|
|
_supported_fs generic
|
|
_supported_os Linux
|
|
_require_scratch_encryption
|
|
_require_command "$KEYCTL_PROG" keyctl
|
|
|
|
_new_session_keyring
|
|
_scratch_mkfs_encrypted &>> $seqres.full
|
|
_scratch_mount
|
|
|
|
dir=$SCRATCH_MNT/encrypted_dir
|
|
file=$dir/file
|
|
|
|
# 4 processes, 2 MB per process
|
|
nproc=4
|
|
slice=2
|
|
|
|
# Create an encrypted file and sync its data to disk.
|
|
rm -rf $dir
|
|
mkdir $dir
|
|
keydesc=$(_generate_encryption_key)
|
|
_set_encpolicy $dir $keydesc
|
|
$XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
|
|
|
|
# Create processes to read from the encrypted file. Use fadvise to wipe the
|
|
# pagecache before each read, ensuring that each read actually does decryption.
|
|
for ((proc = 0; proc < nproc; proc++)); do
|
|
(
|
|
range="$((proc * slice))M ${slice}M"
|
|
while [ ! -e $tmp.done ]; do
|
|
$XFS_IO_PROG $file -c "fadvise -d $range" \
|
|
-c "pread $range" &> /dev/null
|
|
done
|
|
) &
|
|
done
|
|
|
|
# Wait a second for the readers to start up.
|
|
sleep 1
|
|
|
|
# Revoke the encryption key.
|
|
keyid=$(_revoke_encryption_key $keydesc)
|
|
|
|
# Now try to open the file again. In buggy kernels this caused concurrent
|
|
# readers to crash with a NULL pointer dereference during decryption.
|
|
#
|
|
# Note that the fix also made filenames stop "immediately" reverting to their
|
|
# ciphertext on key revocation. Therefore, the name of the file we're opening
|
|
# here may be in either plaintext or ciphertext depending on the kernel version,
|
|
# and ciphertext names are unpredictable anyway, so just use 'find' to find it.
|
|
cat "$(find $dir -type f)" > /dev/null
|
|
|
|
# Wait for readers to exit
|
|
touch $tmp.done
|
|
wait
|
|
|
|
# success, all done
|
|
echo "Didn't crash!"
|
|
status=0
|
|
exit
|