2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/421
7 # Test revoking an encryption key during concurrent I/O. Regression test for
8 # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key
12 seqres=$RESULT_DIR/$seq
13 echo "QA output created by $seq"
17 status=1 # failure is the default!
18 trap "_cleanup; exit \$status" 0 1 2 3 15
26 # get standard environment, filters and checks
31 # remove previous $seqres.full before test
34 # real QA test starts here
36 _require_scratch_encryption
37 _require_command "$KEYCTL_PROG" keyctl
40 _scratch_mkfs_encrypted &>> $seqres.full
43 dir=$SCRATCH_MNT/encrypted_dir
46 # 4 processes, 2 MB per process
50 # Create an encrypted file and sync its data to disk.
53 keydesc=$(_generate_session_encryption_key)
54 _set_encpolicy $dir $keydesc
55 $XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
57 # Create processes to read from the encrypted file. Use fadvise to wipe the
58 # pagecache before each read, ensuring that each read actually does decryption.
59 for ((proc = 0; proc < nproc; proc++)); do
61 range="$((proc * slice))M ${slice}M"
62 while [ ! -e $tmp.done ]; do
63 $XFS_IO_PROG $file -c "fadvise -d $range" \
64 -c "pread $range" &> /dev/null
69 # Wait a second for the readers to start up.
72 # Revoke the encryption key.
73 keyid=$(_revoke_session_encryption_key $keydesc)
75 # Now try to open the file again. In buggy kernels this caused concurrent
76 # readers to crash with a NULL pointer dereference during decryption.
78 # Note that the fix also made filenames stop "immediately" reverting to their
79 # ciphertext on key revocation. Therefore, the name of the file we're opening
80 # here may be in either plaintext or ciphertext depending on the kernel version,
81 # and ciphertext names are unpredictable anyway, so just use 'find' to find it.
82 cat "$(find $dir -type f)" > /dev/null
84 # Wait for readers to exit