From: Boris Burkov <boris@bur.io>
To: fstests@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-btrfs@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH v5 1/4] btrfs: test btrfs specific fsverity corruption
Date: Mon, 13 Sep 2021 11:44:34 -0700 [thread overview]
Message-ID: <b8b1aa031b1e2bbf97085ddaa77c1e3f120bdc28.1631558495.git.boris@bur.io> (raw)
In-Reply-To: <cover.1631558495.git.boris@bur.io>
There are some btrfs specific fsverity scenarios that don't map
neatly onto the tests in generic/574 like holes, inline extents,
and preallocated extents. Cover those in a btrfs specific test.
This test relies on the btrfs implementation of fsverity in the patch:
btrfs: initial fsverity support
and on btrfs-corrupt-block for corruption in the patches titled:
btrfs-progs: corrupt generic item data with btrfs-corrupt-block
btrfs-progs: expand corrupt_file_extent in btrfs-corrupt-block
Signed-off-by: Boris Burkov <boris@bur.io>
---
common/btrfs | 5 ++
common/config | 1 +
common/verity | 9 +++
tests/btrfs/290 | 165 ++++++++++++++++++++++++++++++++++++++++++++
tests/btrfs/290.out | 25 +++++++
5 files changed, 205 insertions(+)
create mode 100755 tests/btrfs/290
create mode 100644 tests/btrfs/290.out
diff --git a/common/btrfs b/common/btrfs
index ac880bdd..45f07b1d 100644
--- a/common/btrfs
+++ b/common/btrfs
@@ -445,3 +445,8 @@ _scratch_btrfs_is_zoned()
[ `_zone_type ${SCRATCH_DEV}` != "none" ] && return 0
return 1
}
+
+_require_btrfs_corrupt_block()
+{
+ _require_command "$BTRFS_CORRUPT_BLOCK_PROG" btrfs-corrupt-block
+}
diff --git a/common/config b/common/config
index 164381b7..fa061958 100644
--- a/common/config
+++ b/common/config
@@ -294,6 +294,7 @@ export BTRFS_UTIL_PROG=$(type -P btrfs)
export BTRFS_SHOW_SUPER_PROG=$(type -P btrfs-show-super)
export BTRFS_CONVERT_PROG=$(type -P btrfs-convert)
export BTRFS_TUNE_PROG=$(type -P btrfstune)
+export BTRFS_CORRUPT_BLOCK_PROG=$(type -P btrfs-corrupt-block)
export XFS_FSR_PROG=$(type -P xfs_fsr)
export MKFS_NFS_PROG="false"
export MKFS_CIFS_PROG="false"
diff --git a/common/verity b/common/verity
index 38eea157..7eb8d9b9 100644
--- a/common/verity
+++ b/common/verity
@@ -3,11 +3,17 @@
#
# Functions for setting up and testing fs-verity
+. common/btrfs
+
_require_scratch_verity()
{
_require_scratch
_require_command "$FSVERITY_PROG" fsverity
+ if [ $FSTYP == "btrfs" ]; then
+ _require_btrfs_corrupt_block
+ fi
+
if ! _scratch_mkfs_verity &>>$seqres.full; then
# ext4: need e2fsprogs v1.44.5 or later (but actually v1.45.2+
# is needed for some tests to pass, due to an e2fsck bug)
@@ -147,6 +153,9 @@ _scratch_mkfs_verity()
ext4|f2fs)
_scratch_mkfs -O verity
;;
+ btrfs)
+ _scratch_mkfs
+ ;;
*)
_notrun "No verity support for $FSTYP"
;;
diff --git a/tests/btrfs/290 b/tests/btrfs/290
new file mode 100755
index 00000000..52dc1784
--- /dev/null
+++ b/tests/btrfs/290
@@ -0,0 +1,165 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2021 Facebook, Inc. All Rights Reserved.
+#
+# FS QA Test 290
+#
+# Test btrfs support for fsverity.
+# This test extends the generic fsverity testing by corrupting inline extents,
+# preallocated extents, holes, and the Merkle descriptor in a btrfs-aware way.
+#
+. ./common/preamble
+_begin_fstest auto quick verity
+
+# Import common functions.
+. ./common/filter
+. ./common/verity
+
+# real QA test starts here
+_supported_fs btrfs
+_require_scratch_verity
+_require_scratch_nocheck
+_require_odirect
+_require_xfs_io_command "falloc"
+
+get_ino() {
+ local file=$1
+ stat -c "%i" $file
+}
+
+validate() {
+ local f=$1
+ local sz=$(_get_filesize $f)
+ # buffered io
+ echo $(basename $f)
+ $XFS_IO_PROG -rc "pread -q 0 $sz" $f 2>&1 | _filter_scratch
+ # direct io
+ $XFS_IO_PROG -rdc "pread -q 0 $sz" $f 2>&1 | _filter_scratch
+}
+
+# corrupt the data portion of an inline extent
+corrupt_inline() {
+ local f=$SCRATCH_MNT/inl
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 42" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ # inline data starts at disk_bytenr
+ # overwrite the first u64 with random bogus junk
+ $BTRFS_CORRUPT_BLOCK_PROG -i $ino -x 0 -f disk_bytenr $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# preallocate a file, then corrupt it by changing it to a regular file
+corrupt_prealloc_to_reg() {
+ local f=$SCRATCH_MNT/prealloc
+ $XFS_IO_PROG -fc "falloc 0 12k" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ # set extent type from prealloc (2) to reg (1)
+ $BTRFS_CORRUPT_BLOCK_PROG -i $ino -x 0 -f type -v 1 $SCRATCH_DEV >/dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# corrupt a regular file by changing the type to preallocated
+corrupt_reg_to_prealloc() {
+ local f=$SCRATCH_MNT/reg
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ # set type from reg (1) to prealloc (2)
+ $BTRFS_CORRUPT_BLOCK_PROG -i $ino -x 0 -f type -v 2 $SCRATCH_DEV >/dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# corrupt a file by punching a hole
+corrupt_punch_hole() {
+ local f=$SCRATCH_MNT/punch
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ # make a new extent in the middle, sync so the writes don't coalesce
+ $XFS_IO_PROG -c sync $SCRATCH_MNT
+ $XFS_IO_PROG -fc "pwrite -q -S 0x59 4096 4096" $f
+ _fsv_enable $f
+ _scratch_unmount
+ # change disk_bytenr to 0, representing a hole
+ $BTRFS_CORRUPT_BLOCK_PROG -i $ino -x 4096 -f disk_bytenr -v 0 $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# plug hole
+corrupt_plug_hole() {
+ local f=$SCRATCH_MNT/plug
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ $XFS_IO_PROG -fc "falloc 4k 4k" $f
+ _fsv_enable $f
+ _scratch_unmount
+ # change disk_bytenr to some value, plugging the hole
+ $BTRFS_CORRUPT_BLOCK_PROG -i $ino -x 4096 -f disk_bytenr -v 13639680 $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# corrupt the fsverity descriptor item indiscriminately (causes EINVAL)
+corrupt_verity_descriptor() {
+ local f=$SCRATCH_MNT/desc
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ # key for the descriptor item is <inode, BTRFS_VERITY_DESC_ITEM_KEY, 1>,
+ # 88 is X. So we write 5 Xs to the start of the descriptor
+ $BTRFS_CORRUPT_BLOCK_PROG -r 5 -I $ino,36,1 -v 88 -o 0 -b 5 $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# specifically target the root hash in the descriptor (causes EIO)
+corrupt_root_hash() {
+ local f=$SCRATCH_MNT/roothash
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ $BTRFS_CORRUPT_BLOCK_PROG -r 5 -I $ino,36,1 -v 88 -o 16 -b 1 $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# corrupt the Merkle tree data itself
+corrupt_merkle_tree() {
+ local f=$SCRATCH_MNT/merkle
+ $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $f
+ local ino=$(get_ino $f)
+ _fsv_enable $f
+ _scratch_unmount
+ # key for the descriptor item is <inode, BTRFS_VERITY_MERKLE_ITEM_KEY, 0>,
+ # 88 is X. So we write 5 Xs to somewhere in the middle of the first
+ # merkle item
+ $BTRFS_CORRUPT_BLOCK_PROG -r 5 -I $ino,37,0 -v 88 -o 100 -b 5 $SCRATCH_DEV > /dev/null 2>&1
+ _scratch_mount
+ validate $f
+}
+
+# real QA test starts here
+_scratch_mkfs >/dev/null
+_scratch_mount
+
+corrupt_inline
+corrupt_prealloc_to_reg
+corrupt_reg_to_prealloc
+corrupt_punch_hole
+corrupt_plug_hole
+corrupt_verity_descriptor
+corrupt_root_hash
+corrupt_merkle_tree
+
+status=0
+exit
diff --git a/tests/btrfs/290.out b/tests/btrfs/290.out
new file mode 100644
index 00000000..056b114b
--- /dev/null
+++ b/tests/btrfs/290.out
@@ -0,0 +1,25 @@
+QA output created by 290
+inl
+pread: Input/output error
+pread: Input/output error
+prealloc
+pread: Input/output error
+pread: Input/output error
+reg
+pread: Input/output error
+pread: Input/output error
+punch
+pread: Input/output error
+pread: Input/output error
+plug
+pread: Input/output error
+pread: Input/output error
+desc
+SCRATCH_MNT/desc: Invalid argument
+SCRATCH_MNT/desc: Invalid argument
+roothash
+pread: Input/output error
+pread: Input/output error
+merkle
+pread: Input/output error
+pread: Input/output error
--
2.33.0
next prev parent reply other threads:[~2021-09-13 18:44 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 18:44 [PATCH v5 0/4] tests for btrfs fsverity Boris Burkov
2021-09-13 18:44 ` Boris Burkov [this message]
2021-09-13 18:44 ` [PATCH v5 2/4] generic/574: corrupt btrfs merkle tree data Boris Burkov
2021-09-13 18:44 ` [PATCH v5 3/4] btrfs: test verity orphans with dmlogwrites Boris Burkov
2021-09-13 18:44 ` [PATCH v5 4/4] generic: test fs-verity EFBIG scenarios Boris Burkov
2021-09-16 21:18 ` Eric Biggers
2022-02-08 2:20 ` [PATCH v5 0/4] tests for btrfs fsverity Eric Biggers
2022-02-08 22:34 ` Boris Burkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8b1aa031b1e2bbf97085ddaa77c1e3f120bdc28.1631558495.git.boris@bur.io \
--to=boris@bur.io \
--cc=fstests@vger.kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).