2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
7 # Test that no-key dentries are revalidated after adding a key. Regression test
9 # 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
11 # Furthermore, test that no-key dentries are *not* revalidated after "revoking"
12 # a key. This used to be done, but it was broken and was removed by:
13 # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key revocation")
15 # Also test for a race condition bug in 28b4c263961c, fixed by:
16 # 03a8bb0e53d9 ("ext4/fscrypto: avoid RCU lookup in d_revalidate")
18 # Note: the following fix for another race in 28b4c263961c should be applied as
19 # well, though we don't test for it because it's very difficult to reproduce:
20 # 3d43bcfef5f0 ("ext4 crypto: use dget_parent() in ext4_d_revalidate()")
23 _begin_fstest auto encrypt
25 # Import common functions.
29 # real QA test starts here
31 _require_scratch_encryption
32 _require_command "$KEYCTL_PROG" keyctl
33 _require_test_program "t_encrypted_d_revalidate"
35 # Set up an encrypted directory
36 _scratch_mkfs_encrypted &>> $seqres.full
39 keydesc=$(_generate_key_descriptor)
40 raw_key=$(_generate_raw_encryption_key)
41 mkdir $SCRATCH_MNT/edir
42 _add_session_encryption_key $keydesc $raw_key
43 _set_encpolicy $SCRATCH_MNT/edir $keydesc
45 # Create two files in the directory: one whose name is valid in the base64
46 # format used in no-key filenames, and one whose name is not. The exact
47 # filenames *should* be irrelevant, but due to yet another bug, ->lookup() in an
48 # encrypted directory without the key returned ERR_PTR(-ENOENT) rather than NULL
49 # if the name was not a valid no-key name, causing a negative dentry to not be
50 # created. For the purpose of this test, we want at least one negative dentry
51 # to be created, so just create both types of name.
52 echo contents_@@@ > $SCRATCH_MNT/edir/@@@ # not valid base64
53 echo contents_abcd > $SCRATCH_MNT/edir/abcd # valid base64
57 echo "--- Contents of files using plaintext names:"
58 cat $SCRATCH_MNT/edir/@@@ |& _filter_scratch
59 cat $SCRATCH_MNT/edir/abcd |& _filter_scratch
60 echo "--- Contents of files using no-key names:"
61 cat ${nokey_names[@]} |& _filter_scratch | _filter_nokey_filenames edir
64 show_directory_with_key()
66 echo "--- Directory listing:"
67 find $SCRATCH_MNT/edir -mindepth 1 | sort | _filter_scratch
71 # View the directory without the encryption key. The plaintext names shouldn't
72 # exist, but 'cat' each to verify this, which also should create negative
73 # dentries. The no-key names are unpredictable by design, but verify that the
74 # correct number of them are listed by readdir, and save them for later.
76 echo "***** Without encryption key *****"
77 _unlink_session_encryption_key $keydesc
79 echo "--- Directory listing:"
80 nokey_names=( $(find $SCRATCH_MNT/edir -mindepth 1 | sort) )
81 printf '%s\n' "${nokey_names[@]}" | \
82 _filter_scratch | _filter_nokey_filenames edir
85 # Without remounting or dropping caches, add the encryption key and view the
86 # directory again. Now the plaintext names should all be there, and the no-key
87 # names should be gone. Make sure to 'cat' all the names to test for stale
90 echo "***** With encryption key *****"
91 _add_session_encryption_key $keydesc $raw_key
92 show_directory_with_key
94 # Test for ->d_revalidate() race conditions.
96 echo "***** Race conditions *****"
97 $here/src/t_encrypted_d_revalidate $SCRATCH_MNT/edir
98 rm -rf $SCRATCH_MNT/edir/dir
100 # Now open the files to pin them in the inode cache (needed to make the test
101 # reliable), then revoke the encryption key. This should no longer cause the
102 # files to be presented in no-key form immediately.
104 echo "***** After key revocation *****"
106 exec 3<$SCRATCH_MNT/edir
107 exec 4<$SCRATCH_MNT/edir/@@@
108 exec 5<$SCRATCH_MNT/edir/abcd
109 _revoke_session_encryption_key $keydesc
110 show_directory_with_key