2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
7 # Test that encrypted dentries are revalidated after adding a key.
9 # 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
11 # Furthermore, test that encrypted directories are *not* revalidated after
12 # "revoking" a key. This used to be done, but it was broken and was removed by:
13 # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key revocation")
15 # Also test for a race condition bug in 28b4c263961c, fixed by:
16 # 03a8bb0e53d9 ("ext4/fscrypto: avoid RCU lookup in d_revalidate")
18 # Note: the following fix for another race in 28b4c263961c should be applied as
19 # well, though we don't test for it because it's very difficult to reproduce:
20 # 3d43bcfef5f0 ("ext4 crypto: use dget_parent() in ext4_d_revalidate()")
23 seqres=$RESULT_DIR/$seq
24 echo "QA output created by $seq"
28 status=1 # failure is the default!
29 trap "_cleanup; exit \$status" 0 1 2 3 15
37 # get standard environment, filters and checks
42 # remove previous $seqres.full before test
45 # real QA test starts here
48 _require_scratch_encryption
49 _require_xfs_io_command "set_encpolicy"
50 _require_command "$KEYCTL_PROG" keyctl
51 _require_test_program "t_encrypted_d_revalidate"
53 # Set up an encrypted directory
54 _scratch_mkfs_encrypted &>> $seqres.full
57 keydesc=$(_generate_key_descriptor)
58 raw_key=$(_generate_raw_encryption_key)
59 mkdir $SCRATCH_MNT/edir
60 _add_encryption_key $keydesc $raw_key
61 $XFS_IO_PROG -c "set_encpolicy $keydesc" $SCRATCH_MNT/edir
63 # Create two files in the directory: one whose name is valid in the base64
64 # format used for encoding ciphertext filenames, and one whose name is not. The
65 # exact filenames *should* be irrelevant, but due to yet another bug, ->lookup()
66 # in an encrypted directory without the key returned ERR_PTR(-ENOENT) rather
67 # than NULL if the name was not valid ciphertext, causing a negative dentry to
68 # not be created. For the purpose of this test, we want at least one negative
69 # dentry to be created, so just create both types of name.
70 echo contents_@@@ > $SCRATCH_MNT/edir/@@@ # not valid base64
71 echo contents_abcd > $SCRATCH_MNT/edir/abcd # valid base64
73 filter_ciphertext_filenames()
75 _filter_scratch | sed 's|edir/[a-zA-Z0-9+,_]\+|edir/ENCRYPTED_NAME|g'
80 echo "--- Contents of files using plaintext names:"
81 cat $SCRATCH_MNT/edir/@@@ |& _filter_scratch
82 cat $SCRATCH_MNT/edir/abcd |& _filter_scratch
83 echo "--- Contents of files using ciphertext names:"
84 cat ${ciphertext_names[@]} |& filter_ciphertext_filenames
87 show_directory_with_key()
89 echo "--- Directory listing:"
90 find $SCRATCH_MNT/edir -mindepth 1 | sort | _filter_scratch
94 # View the directory without the encryption key. The plaintext names shouldn't
95 # exist, but 'cat' each to verify this, which also should create negative
96 # dentries. The ciphertext names are unpredictable by design, but verify that
97 # the correct number of them are listed by readdir, and save them for later.
99 echo "***** Without encryption key *****"
100 _unlink_encryption_key $keydesc
102 echo "--- Directory listing:"
103 ciphertext_names=( $(find $SCRATCH_MNT/edir -mindepth 1 | sort) )
104 printf '%s\n' "${ciphertext_names[@]}" | filter_ciphertext_filenames
107 # Without remounting or dropping caches, add the encryption key and view the
108 # directory again. Now the plaintext names should all be there, and the
109 # ciphertext names should be gone. Make sure to 'cat' all the names to test for
112 echo "***** With encryption key *****"
113 _add_encryption_key $keydesc $raw_key
114 show_directory_with_key
116 # Test for ->d_revalidate() race conditions.
118 echo "***** Race conditions *****"
119 $here/src/t_encrypted_d_revalidate $SCRATCH_MNT/edir
120 rm -rf $SCRATCH_MNT/edir/dir
122 # Now open the files to pin them in the inode cache (needed to make the test
123 # reliable), then revoke the encryption key. This should no longer cause the
124 # files to be presented in ciphertext form immediately.
126 echo "***** After key revocation *****"
128 exec 3<$SCRATCH_MNT/edir
129 exec 4<$SCRATCH_MNT/edir/@@@
130 exec 5<$SCRATCH_MNT/edir/abcd
131 _revoke_encryption_key $keydesc
132 show_directory_with_key