#! /bin/bash # SPDX-License-Identifier: GPL-2.0 # Copyright 2018 Google LLC # # FS QA Test generic/574 # # Test corrupting verity files. This test corrupts various parts of the # contents of a verity file, or parts of its Merkle tree, by writing directly to # the block device. It verifies that this causes I/O errors when the relevant # part of the contents is later read by any means. # seq=`basename $0` seqres=$RESULT_DIR/$seq echo "QA output created by $seq" here=`pwd` tmp=/tmp/$$ status=1 # failure is the default! trap "_cleanup; exit \$status" 0 1 2 3 15 _cleanup() { cd / _restore_fsverity_signatures rm -f $tmp.* } # get standard environment, filters and checks . ./common/rc . ./common/filter . ./common/verity # remove previous $seqres.full before test rm -f $seqres.full # real QA test starts here _supported_fs generic _supported_os Linux _require_scratch_verity _disable_fsverity_signatures _scratch_mkfs_verity &>> $seqres.full _scratch_mount fsv_orig_file=$SCRATCH_MNT/file fsv_file=$SCRATCH_MNT/file.fsv setup_zeroed_file() { local len=$1 local sparse=$2 if $sparse; then dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$len \ status=none else head -c $len /dev/zero > $fsv_orig_file fi cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file md5sum $fsv_file |& _filter_scratch } filter_sigbus() { sed -e 's/.*Bus error.*/Bus error/' } round_up_to_page_boundary() { local n=$1 local page_size=$(get_page_size) echo $(( (n + page_size - 1) & ~(page_size - 1) )) } corruption_test() { local file_len=$1 local zap_offset=$2 local zap_len=$3 local is_merkle_tree=${4:-false} # if true, zap tree instead of data local use_sparse_file=${5:-false} local page_aligned_eof=$(round_up_to_page_boundary $file_len) local measurement if $is_merkle_tree; then local corrupt_func=_fsv_scratch_corrupt_merkle_tree else local corrupt_func=_fsv_scratch_corrupt_bytes fi local msg="Corruption test:" msg+=" file_len=$file_len" if $use_sparse_file; then msg+=" (sparse)" fi msg+=" zap_offset=$zap_offset" if $is_merkle_tree; then msg+=" (in Merkle tree)" fi msg+=" zap_len=$zap_len" _fsv_scratch_begin_subtest "$msg" setup_zeroed_file $file_len $use_sparse_file cmp $fsv_file $fsv_orig_file echo "Corrupting bytes..." head -c $zap_len /dev/zero | tr '\0' X \ | $corrupt_func $fsv_file $zap_offset echo "Validating corruption (reading full file)..." _scratch_cycle_mount md5sum $fsv_file |& _filter_scratch echo "Validating corruption (direct I/O)..." _scratch_cycle_mount dd if=$fsv_file bs=$FSV_BLOCK_SIZE iflag=direct status=none \ of=/dev/null |& _filter_scratch if ! $is_merkle_tree; then echo "Validating corruption (reading just corrupted part)..." dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ of=/dev/null status=none |& _filter_scratch fi echo "Validating corruption (reading full file via mmap)..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ -c 'mread 0 $file_len'" |& filter_sigbus if ! $is_merkle_tree; then echo "Validating corruption (reading just corrupted part via mmap)..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ -c 'mread $zap_offset $zap_len'" |& filter_sigbus fi } # Note: these tests just overwrite some bytes without checking their original # values. Therefore, make sure to overwrite at least 5 or so bytes, to make it # nearly guaranteed that there will be a change -- even when the test file is # encrypted due to the test_dummy_encryption mount option being specified. corruption_test 131072 0 5 corruption_test 131072 4091 5 corruption_test 131072 65536 65536 corruption_test 131072 131067 5 # Non-zeroed bytes in the final partial block beyond EOF should cause reads to # fail too. Such bytes would be visible via mmap(). corruption_test 130999 131000 72 # Merkle tree corruption. corruption_test 200000 100 10 true # Sparse file. Corrupting the Merkle tree should still cause reads to fail, # i.e. the filesystem must verify holes. corruption_test 200000 100 10 true true # success, all done status=0 exit