From 0c8d58ca30e1b50712d29fdbf2ddef1bdb6804fc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Fri, 30 Dec 2022 14:19:44 -0800 Subject: [PATCH] fuzzy: test fuzzing xattr block mappings Fuzz the block mappings of extended attributes to see what happens. Signed-off-by: Darrick J. Wong Reviewed-by: Zorro Lang Signed-off-by: Zorro Lang --- common/fuzzy | 16 ++++++++++++++++ tests/xfs/736 | 48 +++++++++++++++++++++++++++++++++++++++++++++++ tests/xfs/736.out | 10 ++++++++++ tests/xfs/737 | 48 +++++++++++++++++++++++++++++++++++++++++++++++ tests/xfs/737.out | 10 ++++++++++ tests/xfs/738 | 48 +++++++++++++++++++++++++++++++++++++++++++++++ tests/xfs/738.out | 10 ++++++++++ 7 files changed, 190 insertions(+) create mode 100755 tests/xfs/736 create mode 100644 tests/xfs/736.out create mode 100755 tests/xfs/737 create mode 100644 tests/xfs/737.out create mode 100755 tests/xfs/738 create mode 100644 tests/xfs/738.out diff --git a/common/fuzzy b/common/fuzzy index dfd50b1f..224139d8 100644 --- a/common/fuzzy +++ b/common/fuzzy @@ -565,6 +565,22 @@ _scratch_xfs_set_dir_fuzz_types() { SCRATCH_XFS_DIR_FUZZ_TYPES=(BLOCK LEAF LEAFN NODE) } +# Sets the array SCRATCH_XFS_XATTR_FUZZ_TYPES to the list of xattr formats +# available for fuzzing. Each list item must match one of the /ATTR.FMT_* +# files created by the fs population code. Users can override this by setting +# SCRATCH_XFS_LIST_FUZZ_XATTRTYPE in the environment. BTREE is omitted here +# because that refers to the fork format and does not affect the extended +# attribute structure at all. +_scratch_xfs_set_xattr_fuzz_types() { + if [ -n "${SCRATCH_XFS_LIST_FUZZ_XATTRTYPE}" ]; then + mapfile -t SCRATCH_XFS_XATTR_FUZZ_TYPES < \ + <(echo "${SCRATCH_XFS_LIST_FUZZ_XATTRTYPE}" | tr '[ ,]' '[\n\n]') + return + fi + + SCRATCH_XFS_XATTR_FUZZ_TYPES=(EXTENTS_REMOTE3K EXTENTS_REMOTE4K LEAF NODE) +} + # Grab the list of available fuzzing verbs _scratch_xfs_list_fuzz_verbs() { if [ -n "${SCRATCH_XFS_LIST_FUZZ_VERBS}" ]; then diff --git a/tests/xfs/736 b/tests/xfs/736 new file mode 100755 index 00000000..4a6c4687 --- /dev/null +++ b/tests/xfs/736 @@ -0,0 +1,48 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2022 Oracle. All Rights Reserved. +# +# FS QA Test No. 736 +# +# Populate a XFS filesystem and fuzz the attr mappings of every xattr type. +# Use xfs_scrub to fix the corruption. +# +. ./common/preamble +_begin_fstest dangerous_fuzzers dangerous_scrub dangerous_online_repair + +_register_cleanup "_cleanup" BUS + +# Import common functions. +. ./common/filter +. ./common/populate +. ./common/fuzzy + +# real QA test starts here +_supported_fs xfs +_require_scratch_xfs_fuzz_fields + +echo "Format and populate" +_scratch_populate_cached nofill > $seqres.full 2>&1 + +_scratch_xfs_set_xattr_fuzz_types + +# Now fuzz the block maps of each xattr type. +for attrtype in "${SCRATCH_XFS_XATTR_FUZZ_TYPES[@]}"; do + echo "Fuzz block map for ${attrtype}" | tee -a $seqres.full + + # Restore a correct copy of the filesystem before we start a round of + # fuzzing. This avoids corruption errors from xfs_db when + # _scratch_xfs_fuzz_metadata probes the xattr block fields. + __scratch_xfs_fuzz_mdrestore + + _scratch_mount + inum=$(stat -c '%i' $SCRATCH_MNT/ATTR.FMT_${attrtype}) + _scratch_unmount + + _scratch_xfs_fuzz_metadata 'a*.bmx' 'online' "inode ${inum}" >> $seqres.full + echo "Done fuzzing attr map ${attrtype}" +done + +# success, all done +status=0 +exit diff --git a/tests/xfs/736.out b/tests/xfs/736.out new file mode 100644 index 00000000..444e618d --- /dev/null +++ b/tests/xfs/736.out @@ -0,0 +1,10 @@ +QA output created by 736 +Format and populate +Fuzz block map for EXTENTS_REMOTE3K +Done fuzzing attr map EXTENTS_REMOTE3K +Fuzz block map for EXTENTS_REMOTE4K +Done fuzzing attr map EXTENTS_REMOTE4K +Fuzz block map for LEAF +Done fuzzing attr map LEAF +Fuzz block map for NODE +Done fuzzing attr map NODE diff --git a/tests/xfs/737 b/tests/xfs/737 new file mode 100755 index 00000000..6fc0bba4 --- /dev/null +++ b/tests/xfs/737 @@ -0,0 +1,48 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2022 Oracle. All Rights Reserved. +# +# FS QA Test No. 737 +# +# Populate a XFS filesystem and fuzz the attr mappings of every xattr type. +# Use xfs_repair to fix the corruption. +# +. ./common/preamble +_begin_fstest dangerous_fuzzers dangerous_scrub dangerous_repair + +_register_cleanup "_cleanup" BUS + +# Import common functions. +. ./common/filter +. ./common/populate +. ./common/fuzzy + +# real QA test starts here +_supported_fs xfs +_require_scratch_xfs_fuzz_fields + +echo "Format and populate" +_scratch_populate_cached nofill > $seqres.full 2>&1 + +_scratch_xfs_set_xattr_fuzz_types + +# Now fuzz the block maps of each xattr type. +for attrtype in "${SCRATCH_XFS_XATTR_FUZZ_TYPES[@]}"; do + echo "Fuzz block map for ${attrtype}" | tee -a $seqres.full + + # Restore a correct copy of the filesystem before we start a round of + # fuzzing. This avoids corruption errors from xfs_db when + # _scratch_xfs_fuzz_metadata probes the xattr block fields. + __scratch_xfs_fuzz_mdrestore + + _scratch_mount + inum=$(stat -c '%i' $SCRATCH_MNT/ATTR.FMT_${attrtype}) + _scratch_unmount + + _scratch_xfs_fuzz_metadata 'a*.bmx' 'offline' "inode ${inum}" >> $seqres.full + echo "Done fuzzing attr map ${attrtype}" +done + +# success, all done +status=0 +exit diff --git a/tests/xfs/737.out b/tests/xfs/737.out new file mode 100644 index 00000000..7ee0f0c6 --- /dev/null +++ b/tests/xfs/737.out @@ -0,0 +1,10 @@ +QA output created by 737 +Format and populate +Fuzz block map for EXTENTS_REMOTE3K +Done fuzzing attr map EXTENTS_REMOTE3K +Fuzz block map for EXTENTS_REMOTE4K +Done fuzzing attr map EXTENTS_REMOTE4K +Fuzz block map for LEAF +Done fuzzing attr map LEAF +Fuzz block map for NODE +Done fuzzing attr map NODE diff --git a/tests/xfs/738 b/tests/xfs/738 new file mode 100755 index 00000000..e2f8a9c3 --- /dev/null +++ b/tests/xfs/738 @@ -0,0 +1,48 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2022 Oracle. All Rights Reserved. +# +# FS QA Test No. 738 +# +# Populate a XFS filesystem and fuzz the attr mappings of every xattr type. +# Do not fix the filesystem, to test metadata verifiers. +# +. ./common/preamble +_begin_fstest dangerous_fuzzers dangerous_scrub dangerous_norepair + +_register_cleanup "_cleanup" BUS + +# Import common functions. +. ./common/filter +. ./common/populate +. ./common/fuzzy + +# real QA test starts here +_supported_fs xfs +_require_scratch_xfs_fuzz_fields + +echo "Format and populate" +_scratch_populate_cached nofill > $seqres.full 2>&1 + +_scratch_xfs_set_xattr_fuzz_types + +# Now fuzz the block maps of each xattr type. +for attrtype in "${SCRATCH_XFS_XATTR_FUZZ_TYPES[@]}"; do + echo "Fuzz block map for ${attrtype}" | tee -a $seqres.full + + # Restore a correct copy of the filesystem before we start a round of + # fuzzing. This avoids corruption errors from xfs_db when + # _scratch_xfs_fuzz_metadata probes the xattr block fields. + __scratch_xfs_fuzz_mdrestore + + _scratch_mount + inum=$(stat -c '%i' $SCRATCH_MNT/ATTR.FMT_${attrtype}) + _scratch_unmount + + _scratch_xfs_fuzz_metadata 'a*.bmx' 'none' "inode ${inum}" >> $seqres.full + echo "Done fuzzing attr map ${attrtype}" +done + +# success, all done +status=0 +exit diff --git a/tests/xfs/738.out b/tests/xfs/738.out new file mode 100644 index 00000000..e0cf9f59 --- /dev/null +++ b/tests/xfs/738.out @@ -0,0 +1,10 @@ +QA output created by 738 +Format and populate +Fuzz block map for EXTENTS_REMOTE3K +Done fuzzing attr map EXTENTS_REMOTE3K +Fuzz block map for EXTENTS_REMOTE4K +Done fuzzing attr map EXTENTS_REMOTE4K +Fuzz block map for LEAF +Done fuzzing attr map LEAF +Fuzz block map for NODE +Done fuzzing attr map NODE -- 2.39.5