2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/421
7 # Test revoking an encryption key during concurrent I/O. Regression test for
8 # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key
12 seqres=$RESULT_DIR/$seq
13 echo "QA output created by $seq"
17 status=1 # failure is the default!
18 trap "_cleanup; exit \$status" 0 1 2 3 15
26 # get standard environment, filters and checks
31 # remove previous $seqres.full before test
34 # real QA test starts here
37 _require_scratch_encryption
38 _require_xfs_io_command "set_encpolicy"
39 _require_command "$KEYCTL_PROG" keyctl
42 _scratch_mkfs_encrypted &>> $seqres.full
45 dir=$SCRATCH_MNT/encrypted_dir
48 # 4 processes, 2 MB per process
52 # Create an encrypted file and sync its data to disk.
55 keydesc=$(_generate_encryption_key)
56 $XFS_IO_PROG -c "set_encpolicy $keydesc" $dir
57 $XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
59 # Create processes to read from the encrypted file. Use fadvise to wipe the
60 # pagecache before each read, ensuring that each read actually does decryption.
61 for ((proc = 0; proc < nproc; proc++)); do
63 range="$((proc * slice))M ${slice}M"
64 while [ ! -e $tmp.done ]; do
65 $XFS_IO_PROG $file -c "fadvise -d $range" \
66 -c "pread $range" &> /dev/null
71 # Wait a second for the readers to start up.
74 # Revoke the encryption key.
75 keyid=$(_revoke_encryption_key $keydesc)
77 # Now try to open the file again. In buggy kernels this caused concurrent
78 # readers to crash with a NULL pointer dereference during decryption.
80 # Note that the fix also made filenames stop "immediately" reverting to their
81 # ciphertext on key revocation. Therefore, the name of the file we're opening
82 # here may be in either plaintext or ciphertext depending on the kernel version,
83 # and ciphertext names are unpredictable anyway, so just use 'find' to find it.
84 cat "$(find $dir -type f)" > /dev/null
86 # Wait for readers to exit