2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/421
7 # Test revoking an encryption key during concurrent I/O. Regression test for
8 # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key
12 _begin_fstest auto quick encrypt dangerous
14 # Import common functions.
18 # real QA test starts here
20 _require_scratch_encryption
21 _require_command "$KEYCTL_PROG" keyctl
24 _scratch_mkfs_encrypted &>> $seqres.full
27 dir=$SCRATCH_MNT/encrypted_dir
30 # 4 processes, 2 MB per process
34 # Create an encrypted file and sync its data to disk.
37 keydesc=$(_generate_session_encryption_key)
38 _set_encpolicy $dir $keydesc
39 $XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
41 # Create processes to read from the encrypted file. Use fadvise to wipe the
42 # pagecache before each read, ensuring that each read actually does decryption.
43 for ((proc = 0; proc < nproc; proc++)); do
45 range="$((proc * slice))M ${slice}M"
46 while [ ! -e $tmp.done ]; do
47 $XFS_IO_PROG $file -c "fadvise -d $range" \
48 -c "pread $range" &> /dev/null
53 # Wait a second for the readers to start up.
56 # Revoke the encryption key.
57 keyid=$(_revoke_session_encryption_key $keydesc)
59 # Now try to open the file again. In buggy kernels this caused concurrent
60 # readers to crash with a NULL pointer dereference during decryption.
62 # Note that the fix also made filenames stop "immediately" reverting to their
63 # ciphertext on key revocation. Therefore, the name of the file we're opening
64 # here may be in either plaintext or ciphertext depending on the kernel version,
65 # and ciphertext names are unpredictable anyway, so just use 'find' to find it.
66 cat "$(find $dir -type f)" > /dev/null
68 # Wait for readers to exit