#! /bin/bash # SPDX-License-Identifier: GPL-2.0 # Copyright (c) 2017 Google, Inc. All Rights Reserved. # # FS QA Test No. 429 # # Test that encrypted dentries are revalidated after adding a key. # Regression test for: # 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key") # # Furthermore, test that encrypted directories are *not* revalidated after # "revoking" a key. This used to be done, but it was broken and was removed by: # 1b53cf9815bb ("fscrypt: remove broken support for detecting keyring key revocation") # # Also test for a race condition bug in 28b4c263961c, fixed by: # 03a8bb0e53d9 ("ext4/fscrypto: avoid RCU lookup in d_revalidate") # # Note: the following fix for another race in 28b4c263961c should be applied as # well, though we don't test for it because it's very difficult to reproduce: # 3d43bcfef5f0 ("ext4 crypto: use dget_parent() in ext4_d_revalidate()") # seq=`basename $0` seqres=$RESULT_DIR/$seq echo "QA output created by $seq" here=`pwd` tmp=/tmp/$$ status=1 # failure is the default! trap "_cleanup; exit \$status" 0 1 2 3 15 _cleanup() { cd / rm -f $tmp.* } # get standard environment, filters and checks . ./common/rc . ./common/filter . ./common/encrypt # remove previous $seqres.full before test rm -f $seqres.full # real QA test starts here _supported_fs generic _require_scratch_encryption _require_command "$KEYCTL_PROG" keyctl _require_test_program "t_encrypted_d_revalidate" # Set up an encrypted directory _scratch_mkfs_encrypted &>> $seqres.full _scratch_mount _new_session_keyring keydesc=$(_generate_key_descriptor) raw_key=$(_generate_raw_encryption_key) mkdir $SCRATCH_MNT/edir _add_session_encryption_key $keydesc $raw_key _set_encpolicy $SCRATCH_MNT/edir $keydesc # Create two files in the directory: one whose name is valid in the base64 # format used for encoding ciphertext filenames, and one whose name is not. The # exact filenames *should* be irrelevant, but due to yet another bug, ->lookup() # in an encrypted directory without the key returned ERR_PTR(-ENOENT) rather # than NULL if the name was not valid ciphertext, causing a negative dentry to # not be created. For the purpose of this test, we want at least one negative # dentry to be created, so just create both types of name. echo contents_@@@ > $SCRATCH_MNT/edir/@@@ # not valid base64 echo contents_abcd > $SCRATCH_MNT/edir/abcd # valid base64 filter_ciphertext_filenames() { _filter_scratch | sed 's|edir/[a-zA-Z0-9+,_]\+|edir/ENCRYPTED_NAME|g' } show_file_contents() { echo "--- Contents of files using plaintext names:" cat $SCRATCH_MNT/edir/@@@ |& _filter_scratch cat $SCRATCH_MNT/edir/abcd |& _filter_scratch echo "--- Contents of files using ciphertext names:" cat ${ciphertext_names[@]} |& filter_ciphertext_filenames } show_directory_with_key() { echo "--- Directory listing:" find $SCRATCH_MNT/edir -mindepth 1 | sort | _filter_scratch show_file_contents } # View the directory without the encryption key. The plaintext names shouldn't # exist, but 'cat' each to verify this, which also should create negative # dentries. The ciphertext names are unpredictable by design, but verify that # the correct number of them are listed by readdir, and save them for later. echo echo "***** Without encryption key *****" _unlink_session_encryption_key $keydesc _scratch_cycle_mount echo "--- Directory listing:" ciphertext_names=( $(find $SCRATCH_MNT/edir -mindepth 1 | sort) ) printf '%s\n' "${ciphertext_names[@]}" | filter_ciphertext_filenames show_file_contents # Without remounting or dropping caches, add the encryption key and view the # directory again. Now the plaintext names should all be there, and the # ciphertext names should be gone. Make sure to 'cat' all the names to test for # stale dentries. echo echo "***** With encryption key *****" _add_session_encryption_key $keydesc $raw_key show_directory_with_key # Test for ->d_revalidate() race conditions. echo echo "***** Race conditions *****" $here/src/t_encrypted_d_revalidate $SCRATCH_MNT/edir rm -rf $SCRATCH_MNT/edir/dir # Now open the files to pin them in the inode cache (needed to make the test # reliable), then revoke the encryption key. This should no longer cause the # files to be presented in ciphertext form immediately. echo echo "***** After key revocation *****" ( exec 3<$SCRATCH_MNT/edir exec 4<$SCRATCH_MNT/edir/@@@ exec 5<$SCRATCH_MNT/edir/abcd _revoke_session_encryption_key $keydesc show_directory_with_key ) # success, all done status=0 exit