* [PATCH 1/2] generic/244: remove extra junk
From: Eric Sandeen @ 2016-12-22 1:23 UTC (permalink / raw)
To: Eric Sandeen, fstests
In-Reply-To: <8c91051e-8a78-cb20-d926-ea86e5b4645a@sandeen.net>
Lots of pointless mounting & unmounting & quotaon etc,
get rid of it.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
diff --git a/tests/generic/244 b/tests/generic/244
index 0b50438..36c632e 100755
--- a/tests/generic/244
+++ b/tests/generic/244
@@ -54,18 +54,11 @@ _supported_os Linux
_require_quota
_require_scratch
-scratch_unmount 2>/dev/null
_scratch_mkfs >> $seqres.full 2>&1
-_scratch_mount "-o usrquota,grpquota"
-quotacheck -u -g $SCRATCH_MNT 2>/dev/null
-quotaon $SCRATCH_MNT 2>/dev/null
-_scratch_unmount
TYPES="u g"
MOUNT_OPTIONS="-o usrquota,grpquota"
-
_qmount
-quotaon $SCRATCH_MNT 2>/dev/null
# Ok, do we even have GETNEXTQUOTA? Querying ID 0 should work.
$here/src/test-nextquota -i 0 -u -d $SCRATCH_DEV &> $seqres.full || \
^ permalink raw reply related
* [PATCH V2] generic/395: test GETNEXTQUOTA near INT_MAX
From: Eric Sandeen @ 2016-12-22 1:11 UTC (permalink / raw)
To: Eric Sandeen, fstests
In-Reply-To: <a3c43ff2-c641-aba4-b10e-781a3f3c86e3@redhat.com>
XFS kernel code had a bug where GETNEXTQUOTA-type
quotactls requesting an ID near UINT_MAX could overflow
and return 0 as the "next" active ID.
This test checks that by creating an active quota near
UINT_MAX, then asking for the next one after it.
The proper answer is ENOENT, but if we wrap we'll return
ID 0.
This also changes test-nextquota.c so that it checks
both GETNEXTQUOTA and XGETNEXTQUOTA even if one fails;
it stores the failure conditions and returns 1 if either
of them fails.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
V2: cleanups from Eryu's review.
Eryu - I need to send a _require_getnextquota patch, and some
other cleanups to 244, similar to your review of this test
(I copied this test from 244).
I'll do that in reply to this patch, hopfully tonight, yet.
diff --git a/src/test-nextquota.c b/src/test-nextquota.c
index ba4de27..73c63d8 100644
--- a/src/test-nextquota.c
+++ b/src/test-nextquota.c
@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
int cmd;
int type = -1, typeflag = 0;
int verbose = 0;
+ int retval = 0;
uint id = 0, idflag = 0;
char *device = NULL;
char *tmp;
@@ -140,30 +141,32 @@ int main(int argc, char *argv[])
cmd = QCMD(Q_GETNEXTQUOTA, type);
if (quotactl(cmd, device, id, (void *)&dqb) < 0) {
perror("Q_GETNEXTQUOTA");
- return 1;
+ retval = 1;
+ } else {
+ /*
+ * We only print id and inode limits because
+ * block count varies depending on fs block size, etc;
+ * this is just a sanity test that we can retrieve the quota,
+ * and inode limits have the same units across both calls.
+ */
+ printf("id %u\n", dqb.dqb_id);
+ printf("ihard %llu\n",
+ (unsigned long long)dqb.dqb_ihardlimit);
+ printf("isoft %llu\n",
+ (unsigned long long)dqb.dqb_isoftlimit);
}
- /*
- * We only print id and inode limits because
- * block count varies depending on fs block size, etc;
- * this is just a sanity test that we can retrieve the quota,
- * and inode limits have the same units across both calls.
- */
- printf("id %u\n", dqb.dqb_id);
- printf("ihard %llu\n", (unsigned long long)dqb.dqb_ihardlimit);
- printf("isoft %llu\n", (unsigned long long)dqb.dqb_isoftlimit);
-
if (verbose)
printf("====Q_XGETNEXTQUOTA====\n");
cmd = QCMD(Q_XGETNEXTQUOTA, USRQUOTA);
if (quotactl(cmd, device, id, (void *)&xqb) < 0) {
perror("Q_XGETNEXTQUOTA");
- return 1;
+ retval = 1;
+ } else {
+ printf("id %u\n", xqb.d_id);
+ printf("ihard %llu\n", xqb.d_ino_hardlimit);
+ printf("isoft %llu\n", xqb.d_ino_softlimit);
}
- printf("id %u\n", xqb.d_id);
- printf("ihard %llu\n", xqb.d_ino_hardlimit);
- printf("isoft %llu\n", xqb.d_ino_softlimit);
-
- return 0;
+ return retval;
}
diff --git a/tests/generic/395 b/tests/generic/395
new file mode 100755
index 0000000..cc4a93e
--- /dev/null
+++ b/tests/generic/395
@@ -0,0 +1,94 @@
+#! /bin/bash
+# FS QA Test 394
+#
+# test out high quota ids retrieved by Q_GETNEXTQUOTA
+# Request for next ID near 2^32 should not wrap to 0
+#
+# Designed to use the new Q_GETNEXTQUOTA quotactl
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/quota
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+_supported_fs generic
+_supported_os Linux
+_require_quota
+_require_scratch
+
+_scratch_mkfs >> $seqres.full 2>&1
+
+MOUNT_OPTIONS="-o usrquota,grpquota"
+
+_qmount
+
+# Ok, do we even have GETNEXTQUOTA? Querying ID 0 should work.
+$here/src/test-nextquota -i 0 -u -d $SCRATCH_DEV &> $seqres.full || \
+ _notrun "No GETNEXTQUOTA support"
+
+echo "Launch all quotas"
+
+# We want to create a block of quotas for an id very near
+# 2^32, then ask for the next quota after it. The returned
+# ID should not overflow to 0.
+
+# Populate with 2^32-4
+ID=4294967292
+setquota -u $ID $ID $ID $ID $ID $SCRATCH_MNT
+touch ${SCRATCH_MNT}/${ID}
+chown ${ID} ${SCRATCH_MNT}/${ID}
+
+# remount just for kicks, make sure we get it off disk
+_scratch_unmount
+_qmount
+quotaon $SCRATCH_MNT 2>/dev/null
+
+# Ask for the next quota after $ID; should get nothing back
+# If kernelspace wraps, we'll get 0 back.
+for TYPE in u g; do
+ let NEXT=ID+1
+ echo "Ask for ID after $NEXT expecting nothing"
+ $here/src/test-nextquota -i $NEXT -${TYPE} -d $SCRATCH_DEV
+done
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/395.out b/tests/generic/395.out
new file mode 100644
index 0000000..bcd87ec
--- /dev/null
+++ b/tests/generic/395.out
@@ -0,0 +1,8 @@
+QA output created by 395
+Launch all quotas
+Ask for ID after 4294967293 expecting nothing
+Q_GETNEXTQUOTA: No such file or directory
+Q_XGETNEXTQUOTA: No such file or directory
+Ask for ID after 4294967293 expecting nothing
+Q_GETNEXTQUOTA: No such file or directory
+Q_XGETNEXTQUOTA: No such file or directory
diff --git a/tests/generic/group b/tests/generic/group
index 20b31ef..e9d3e4a 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -397,3 +397,4 @@
392 auto quick metadata
393 auto quick rw
394 auto quick
+395 auto quick quota
^ permalink raw reply related
* Re: [PATCH v4 6/6] generic: test for weaknesses in filesystem encryption
From: Eric Biggers @ 2016-12-21 21:36 UTC (permalink / raw)
To: Eryu Guan
Cc: fstests, Theodore Ts'o, Jaegeuk Kim, Richard Weinberger,
David Gstir, Michael Halcrow, Eric Sandeen, Eric Biggers,
linux-xfs
In-Reply-To: <20161219072628.GC1859@eguan.usersys.redhat.com>
On Mon, Dec 19, 2016 at 03:26:28PM +0800, Eryu Guan wrote:
>
> Can you please send an updated patch 6/6? Otherwise the whole series
> look good to me! I'm going to let the patchset sit in the list for
> another week and push them out to upstream in next fstests update, if
> there's no further comments from others.
>
> Thanks,
> Eryu
I just changed patch 6/6 but I went ahead and sent out v5 of the series so that
people don't mix up the different patches.
+Cc linux-xfs@vger.kernel.org
Also, would it be possible to get the xfs_io patch merged into xfsprogs at about
the same time? Ultimately, both the xfstests and xfsprogs changes are needed to
run the new tests; without the xfsprogs change they'll all be skipped.
Thanks,
Eric
^ permalink raw reply
* [PATCH v5 3/6] generic: test validation of encryption policy structure
From: Eric Biggers @ 2016-12-21 21:21 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Add an xfstest which verifies the kernel performs basic validation of
the encryption policy structure.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/401 | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/401.out | 18 +++++++++++
tests/generic/group | 1 +
3 files changed, 101 insertions(+)
create mode 100755 tests/generic/401
create mode 100644 tests/generic/401.out
diff --git a/tests/generic/401 b/tests/generic/401
new file mode 100755
index 0000000..1c9d964
--- /dev/null
+++ b/tests/generic/401
@@ -0,0 +1,82 @@
+#! /bin/bash
+# FS QA Test generic/401
+#
+# Test that FS_IOC_SET_ENCRYPTION_POLICY correctly validates the fscrypt_policy
+# structure that userspace passes to it.
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/encrypt
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch_encryption
+_require_xfs_io_command "set_encpolicy"
+
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+dir=$SCRATCH_MNT/dir
+mkdir $dir
+
+echo -e "\n*** Invalid contents encryption mode ***"
+$XFS_IO_PROG -c "set_encpolicy -c 0xFF" $dir |& _filter_scratch
+
+echo -e "\n*** Invalid filenames encryption mode ***"
+$XFS_IO_PROG -c "set_encpolicy -n 0xFF" $dir |& _filter_scratch
+
+echo -e "\n*** Invalid flags ***"
+$XFS_IO_PROG -c "set_encpolicy -f 0xFF" $dir |& _filter_scratch
+
+echo -e "\n*** Invalid policy version ***"
+$XFS_IO_PROG -c "set_encpolicy -v 0xFF" $dir |& _filter_scratch
+
+# Currently, the only supported combination of modes is AES-256-XTS for contents
+# and AES-256-CTS for filenames. Nothing else should be accepted.
+echo -e "\n*** Invalid combinations of modes ***"
+$XFS_IO_PROG -c "set_encpolicy -c AES-256-CTS -n AES-256-CTS" $dir |& _filter_scratch
+$XFS_IO_PROG -c "set_encpolicy -c AES-256-CTS -n AES-256-XTS" $dir |& _filter_scratch
+$XFS_IO_PROG -c "set_encpolicy -c AES-256-XTS -n AES-256-XTS" $dir |& _filter_scratch
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/401.out b/tests/generic/401.out
new file mode 100644
index 0000000..ea349cc
--- /dev/null
+++ b/tests/generic/401.out
@@ -0,0 +1,18 @@
+QA output created by 401
+
+*** Invalid contents encryption mode ***
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+
+*** Invalid filenames encryption mode ***
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+
+*** Invalid flags ***
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+
+*** Invalid policy version ***
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+
+*** Invalid combinations of modes ***
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
+SCRATCH_MNT/dir: failed to set encryption policy: Invalid argument
diff --git a/tests/generic/group b/tests/generic/group
index 3ecd8e9..3fa745d 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -398,3 +398,4 @@
393 auto quick rw
394 auto quick
400 auto quick encrypt
+401 auto quick encrypt
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 2/6] generic: test setting and getting encryption policies
From: Eric Biggers @ 2016-12-21 21:21 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Several kernel bugs were recently fixed regarding the constraints for
setting encryption policies. Add tests for these cases and a few more.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/400 | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/400.out | 43 ++++++++++++++++
tests/generic/group | 1 +
3 files changed, 179 insertions(+)
create mode 100755 tests/generic/400
create mode 100644 tests/generic/400.out
diff --git a/tests/generic/400 b/tests/generic/400
new file mode 100755
index 0000000..9dbc024
--- /dev/null
+++ b/tests/generic/400
@@ -0,0 +1,135 @@
+#! /bin/bash
+# FS QA Test generic/400
+#
+# Test setting and getting encryption policies.
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/encrypt
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch_encryption
+_require_xfs_io_command "get_encpolicy"
+_require_xfs_io_command "set_encpolicy"
+_require_user
+
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+
+check_no_policy()
+{
+ # When a file is unencrypted, FS_IOC_GET_ENCRYPTION_POLICY currently
+ # fails with ENOENT on ext4 but with ENODATA on f2fs. TODO: it's
+ # planned to consistently use ENODATA. For now this test accepts both.
+ $XFS_IO_PROG -c "get_encpolicy" $1 |&
+ sed -e 's/No such file or directory/No data available/'
+}
+
+# Should be able to set an encryption policy on an empty directory
+empty_dir=$SCRATCH_MNT/empty_dir
+echo -e "\n*** Setting encryption policy on empty directory ***"
+mkdir $empty_dir
+check_no_policy $empty_dir |& _filter_scratch
+$XFS_IO_PROG -c "set_encpolicy 0000111122223333" $empty_dir
+$XFS_IO_PROG -c "get_encpolicy" $empty_dir | _filter_scratch
+
+# Should be able to set the same policy again, but not a different one.
+# TODO: the error code for "already has a different policy" is planned to switch
+# from EINVAL to EEXIST. For now this test accepts both.
+echo -e "\n*** Setting encryption policy again ***"
+$XFS_IO_PROG -c "set_encpolicy 0000111122223333" $empty_dir
+$XFS_IO_PROG -c "get_encpolicy" $empty_dir | _filter_scratch
+$XFS_IO_PROG -c "set_encpolicy 4444555566667777" $empty_dir |& \
+ _filter_scratch | sed -e 's/Invalid argument/File exists/'
+$XFS_IO_PROG -c "get_encpolicy" $empty_dir | _filter_scratch
+
+# Should *not* be able to set an encryption policy on a nonempty directory
+nonempty_dir=$SCRATCH_MNT/nonempty_dir
+echo -e "\n*** Setting encryption policy on nonempty directory ***"
+mkdir $nonempty_dir
+touch $nonempty_dir/file
+$XFS_IO_PROG -c "set_encpolicy" $nonempty_dir |& _filter_scratch
+check_no_policy $nonempty_dir |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on a nondirectory file, even
+# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
+# encryption policy on directories".
+# TODO: the error code for "not a directory" is planned to switch from EINVAL to
+# ENOTDIR. For now this test accepts both.
+nondirectory=$SCRATCH_MNT/nondirectory
+echo -e "\n*** Setting encryption policy on nondirectory ***"
+touch $nondirectory
+$XFS_IO_PROG -c "set_encpolicy" $nondirectory |& \
+ _filter_scratch | sed -e 's/Invalid argument/Not a directory/'
+check_no_policy $nondirectory |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on another user's directory.
+# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
+# setting encryption policy".
+unauthorized_dir=$SCRATCH_MNT/unauthorized_dir
+echo -e "\n*** Setting encryption policy on another user's directory ***"
+mkdir $unauthorized_dir
+su $qa_user -c "$XFS_IO_PROG -c \"set_encpolicy\" $unauthorized_dir" |& \
+ _filter_scratch
+check_no_policy $unauthorized_dir |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on a directory on a
+# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
+# require write access to mount to set encryption policy". Test both a regular
+# readonly filesystem and a readonly bind mount of a read-write filesystem.
+echo -e "\n*** Setting encryption policy on readonly filesystem ***"
+mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
+_scratch_remount ro
+$XFS_IO_PROG -c "set_encpolicy" $SCRATCH_MNT/ro_dir |& _filter_scratch
+check_no_policy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_scratch_remount rw
+mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
+mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
+$XFS_IO_PROG -c "set_encpolicy" $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+check_no_policy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+umount $SCRATCH_MNT/ro_bind_mnt
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/400.out b/tests/generic/400.out
new file mode 100644
index 0000000..631c023
--- /dev/null
+++ b/tests/generic/400.out
@@ -0,0 +1,43 @@
+QA output created by 400
+
+*** Setting encryption policy on empty directory ***
+SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: 1 (AES-256-XTS)
+ Filenames encryption mode: 4 (AES-256-CTS)
+ Flags: 0x02
+
+*** Setting encryption policy again ***
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: 1 (AES-256-XTS)
+ Filenames encryption mode: 4 (AES-256-CTS)
+ Flags: 0x02
+SCRATCH_MNT/empty_dir: failed to set encryption policy: File exists
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: 1 (AES-256-XTS)
+ Filenames encryption mode: 4 (AES-256-CTS)
+ Flags: 0x02
+
+*** Setting encryption policy on nonempty directory ***
+SCRATCH_MNT/nonempty_dir: failed to set encryption policy: Directory not empty
+SCRATCH_MNT/nonempty_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy on nondirectory ***
+SCRATCH_MNT/nondirectory: failed to set encryption policy: Not a directory
+SCRATCH_MNT/nondirectory: failed to get encryption policy: No data available
+
+*** Setting encryption policy on another user's directory ***
+SCRATCH_MNT/unauthorized_dir: failed to set encryption policy: Permission denied
+SCRATCH_MNT/unauthorized_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy on readonly filesystem ***
+SCRATCH_MNT/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_dir: failed to get encryption policy: No data available
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to get encryption policy: No data available
diff --git a/tests/generic/group b/tests/generic/group
index 20b31ef..3ecd8e9 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -397,3 +397,4 @@
392 auto quick metadata
393 auto quick rw
394 auto quick
+400 auto quick encrypt
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 6/6] generic: test for weaknesses in filesystem encryption
From: Eric Biggers @ 2016-12-21 21:22 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Add an xfstest which can detect some basic crypto mistakes that would
reduce the confidentiality guarantee provided by filesystem encryption.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
common/config | 1 +
tests/generic/404 | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/404.out | 3 +
tests/generic/group | 1 +
4 files changed, 171 insertions(+)
create mode 100755 tests/generic/404
create mode 100644 tests/generic/404.out
diff --git a/common/config b/common/config
index 3727ec0..6cce7ce 100644
--- a/common/config
+++ b/common/config
@@ -203,6 +203,7 @@ export UUIDGEN_PROG="`set_prog_path uuidgen`"
export GETRICHACL_PROG="`set_prog_path getrichacl`"
export SETRICHACL_PROG="`set_prog_path setrichacl`"
export KEYCTL_PROG="`set_prog_path keyctl`"
+export XZ_PROG="`set_prog_path xz`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
diff --git a/tests/generic/404 b/tests/generic/404
new file mode 100755
index 0000000..dc16e2a
--- /dev/null
+++ b/tests/generic/404
@@ -0,0 +1,166 @@
+#! /bin/bash
+# FS QA Test generic/404
+#
+# Check for weaknesses in filesystem encryption involving the same ciphertext
+# being repeated. For file contents, we fill a small filesystem with large
+# files of 0's and verify the filesystem is incompressible. For filenames, we
+# create an identical symlink in two different directories and verify the
+# ciphertext filenames and symlink targets are different.
+#
+# This test can detect some basic cryptographic mistakes such as nonce reuse
+# (across files), initialization vector reuse (across blocks), or data somehow
+# being left in plaintext by accident. For example, it detects the
+# initialization vector reuse bug fixed in commit 02fc59a0d28f ("f2fs/crypto:
+# fix xts_tweak initialization").
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/encrypt
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch_encryption
+_require_xfs_io_command "set_encpolicy"
+_require_command "$XZ_PROG" xz
+_require_command "$KEYCTL_PROG" keyctl
+
+_new_session_keyring
+
+#
+# Set up a small filesystem containing an encrypted directory. 64 MB is enough
+# for both ext4 and f2fs (f2fs doesn't support a 32 MB filesystem). Before
+# creating the filesystem, zero out the needed portion of the device so that
+# existing data on the device doesn't contribute to the compressed size.
+#
+fs_size_in_mb=64
+fs_size=$((fs_size_in_mb * 1024 * 1024))
+dd if=/dev/zero of=$SCRATCH_DEV bs=$((1024 * 1024)) \
+ count=$fs_size_in_mb &>> $seqres.full
+MKFS_OPTIONS="$MKFS_OPTIONS -O encrypt" \
+ _scratch_mkfs_sized $fs_size &>> $seqres.full
+_scratch_mount
+
+keydesc=$(_generate_encryption_key)
+mkdir $SCRATCH_MNT/encrypted_dir
+$XFS_IO_PROG -c "set_encpolicy $keydesc" $SCRATCH_MNT/encrypted_dir
+
+# Create the "same" symlink in two different directories.
+# Later we'll check both the name and target of the symlink.
+mkdir $SCRATCH_MNT/encrypted_dir/subdir1
+mkdir $SCRATCH_MNT/encrypted_dir/subdir2
+ln -s symlink_target $SCRATCH_MNT/encrypted_dir/subdir1/symlink
+ln -s symlink_target $SCRATCH_MNT/encrypted_dir/subdir2/symlink
+
+#
+# Write files of 1 MB of all the same byte until we hit ENOSPC. Note that we
+# must not create sparse files, since the contents of sparse files are not
+# stored on-disk. Also, we create multiple files rather than one big file
+# because we want to test for reuse of per-file keys.
+#
+total_file_size=0
+i=1
+while true; do
+ file=$SCRATCH_MNT/encrypted_dir/file$i
+ if ! $XFS_IO_PROG -f $file -c 'pwrite 0 1M' &> $tmp.out; then
+ if ! grep -q 'No space left on device' $tmp.out; then
+ echo "FAIL: unexpected pwrite failure"
+ cat $tmp.out
+ elif [ -e $file ]; then
+ total_file_size=$((total_file_size + $(stat -c %s $file)))
+ fi
+ break
+ fi
+ total_file_size=$((total_file_size + $(stat -c %s $file)))
+ i=$((i + 1))
+ if [ $i -gt $fs_size_in_mb ]; then
+ echo "FAIL: filesystem never filled up!"
+ break
+ fi
+done
+
+# We shouldn't have been able to write more data than we had space for.
+if (( $total_file_size > $fs_size )); then
+ echo "FAIL: wrote $total_file_size bytes but should have only" \
+ "had space for $fs_size bytes at most"
+fi
+
+#
+# Unmount the filesystem and compute its compressed size. It must be no smaller
+# than the amount of data that was written; otherwise there was a compromise in
+# the confidentiality of the data. False positives should not be possible
+# because filesystem metadata will also contribute to the compressed size.
+#
+# Note: it's important to use a strong compressor such as xz which can detect
+# redundancy across most or all of the filesystem. We run xz with a 64 MB
+# sliding window but use some custom settings to make it faster and use less
+# memory than the '-9' preset. The memory needed with our settings will be
+# 64 * 6.5 = 416 MB; see xz(1).
+#
+_unlink_encryption_key $keydesc
+_scratch_unmount
+fs_compressed_size=$(head -c $fs_size $SCRATCH_DEV | \
+ xz --lzma2=dict=64M,mf=hc4,mode=fast,nice=16 | \
+ wc -c)
+
+if (( $fs_compressed_size < $total_file_size )); then
+ echo "FAIL: filesystem was compressible" \
+ "($total_file_size bytes => $fs_compressed_size bytes)"
+else
+ echo "PASS: ciphertexts were not repeated for contents"
+fi
+
+# Verify that encrypted filenames and symlink targets were not reused. Note
+# that since the ciphertexts should be unpredictable, we cannot simply include
+# the expected names in the expected output file.
+_scratch_mount
+find $SCRATCH_MNT/encrypted_dir -type l | wc -l
+link1=$(find $SCRATCH_MNT/encrypted_dir -type l | head -1)
+link2=$(find $SCRATCH_MNT/encrypted_dir -type l | tail -1)
+[ $(basename $link1) = $(basename $link2) ] && \
+ echo "Encrypted filenames were reused!"
+[ $(readlink $link1) = $(readlink $link2) ] && \
+ echo "Encrypted symlink targets were reused!"
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/404.out b/tests/generic/404.out
new file mode 100644
index 0000000..220edb4
--- /dev/null
+++ b/tests/generic/404.out
@@ -0,0 +1,3 @@
+QA output created by 404
+PASS: ciphertexts were not repeated for contents
+2
diff --git a/tests/generic/group b/tests/generic/group
index 15acd25..4f53068 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -401,3 +401,4 @@
401 auto quick encrypt
402 auto quick encrypt
403 auto quick encrypt
+404 auto encrypt
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 5/6] generic: test enforcement of one encryption policy per tree
From: Eric Biggers @ 2016-12-21 21:22 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Add an xfstest which verifies that the filesystem forbids operations
that would violate the constraint that all files in an encrypted
directory tree use the same encryption policy.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/403 | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/403.out | 45 ++++++++++++++
tests/generic/group | 1 +
3 files changed, 204 insertions(+)
create mode 100644 tests/generic/403
create mode 100644 tests/generic/403.out
diff --git a/tests/generic/403 b/tests/generic/403
new file mode 100644
index 0000000..0e06cc5
--- /dev/null
+++ b/tests/generic/403
@@ -0,0 +1,158 @@
+#! /bin/bash
+# FS QA Test generic/403
+#
+# Filesystem encryption is designed to enforce that a consistent encryption
+# policy is used within a given encrypted directory tree and that an encrypted
+# directory tree does not contain any unencrypted files. This test verifies
+# that filesystem operations that would violate this constraint fail with EPERM.
+# This does not test enforcement of this constraint on lookup, which is still
+# needed to detect offline changes.
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/encrypt
+. ./common/renameat2
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch_encryption
+_require_xfs_io_command "set_encpolicy"
+_requires_renameat2
+
+_new_session_keyring
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+
+# Set up two encrypted directories, with different encryption policies,
+# and one unencrypted directory.
+edir1=$SCRATCH_MNT/edir1
+edir2=$SCRATCH_MNT/edir2
+udir=$SCRATCH_MNT/udir
+mkdir $edir1 $edir2 $udir
+keydesc1=$(_generate_encryption_key)
+keydesc2=$(_generate_encryption_key)
+$XFS_IO_PROG -c "set_encpolicy $keydesc1" $edir1
+$XFS_IO_PROG -c "set_encpolicy $keydesc2" $edir2
+touch $edir1/efile1
+touch $edir2/efile2
+touch $udir/ufile
+
+
+# Test linking and moving an encrypted file into an encrypted directory with a
+# different encryption policy. Should fail with EPERM.
+
+echo -e "\n*** Link encrypted <= encrypted ***"
+ln $edir1/efile1 $edir2/efile1 |& _filter_scratch
+
+echo -e "\n*** Rename encrypted => encrypted ***"
+mv $edir1/efile1 $edir2/efile1 |& _filter_scratch
+
+
+# Test linking and moving an unencrypted file into an encrypted directory.
+# Should fail with EPERM.
+
+echo -e "\n\n*** Link unencrypted <= encrypted ***"
+ln $udir/ufile $edir1/ufile |& _filter_scratch
+
+echo -e "\n*** Rename unencrypted => encrypted ***"
+mv $udir/ufile $edir1/ufile |& _filter_scratch
+
+
+# Test linking and moving an encrypted file into an unencrypted directory.
+# Should succeed.
+
+echo -e "\n\n*** Link encrypted <= unencrypted ***"
+ln -v $edir1/efile1 $udir/efile1 |& _filter_scratch
+rm $udir/efile1 # undo
+
+echo -e "\n*** Rename encrypted => unencrypted ***"
+mv -v $edir1/efile1 $udir/efile1 |& _filter_scratch
+mv $udir/efile1 $edir1/efile1 # undo
+
+
+# Test moving a forbidden (unencrypted, or encrypted with a different encryption
+# policy) file into an encrypted directory via an exchange (cross rename)
+# operation. Should fail with EPERM.
+
+echo -e "\n\n*** Exchange encrypted <=> encrypted ***"
+src/renameat2 -x $edir1/efile1 $edir2/efile2 |& _filter_scratch
+
+echo -e "\n*** Exchange unencrypted <=> encrypted ***"
+src/renameat2 -x $udir/ufile $edir1/efile1 |& _filter_scratch
+
+echo -e "\n*** Exchange encrypted <=> unencrypted ***"
+src/renameat2 -x $edir1/efile1 $udir/ufile |& _filter_scratch
+
+
+# Test a file with a special type, i.e. not regular, directory, or symlink.
+# Since such files are not subject to encryption, there should be no
+# restrictions on linking or moving them into encrypted directories.
+
+echo -e "\n\n*** Special file tests ***"
+mkfifo $edir1/fifo
+mv -v $edir1/fifo $edir2/fifo | _filter_scratch
+mv -v $edir2/fifo $udir/fifo | _filter_scratch
+mv -v $udir/fifo $edir1/fifo | _filter_scratch
+mkfifo $udir/fifo
+src/renameat2 -x $udir/fifo $edir1/fifo
+ln -v $edir1/fifo $edir2/fifo | _filter_scratch
+rm $edir1/fifo $edir2/fifo $udir/fifo
+
+
+# Now test that *without* access to the encrypted key, we cannot use an exchange
+# (cross rename) operation to move a forbidden file into an encrypted directory.
+
+_unlink_encryption_key $keydesc1
+_unlink_encryption_key $keydesc2
+_scratch_cycle_mount
+efile1=$(find $edir1 -type f)
+efile2=$(find $edir2 -type f)
+
+echo -e "\n\n*** Exchange encrypted <=> encrypted without key ***"
+src/renameat2 -x $efile1 $efile2
+echo -e "\n*** Exchange encrypted <=> unencrypted without key ***"
+src/renameat2 -x $efile1 $udir/ufile
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/403.out b/tests/generic/403.out
new file mode 100644
index 0000000..22d3255
--- /dev/null
+++ b/tests/generic/403.out
@@ -0,0 +1,45 @@
+QA output created by 403
+
+*** Link encrypted <= encrypted ***
+ln: failed to create hard link 'SCRATCH_MNT/edir2/efile1' => 'SCRATCH_MNT/edir1/efile1': Operation not permitted
+
+*** Rename encrypted => encrypted ***
+mv: cannot move 'SCRATCH_MNT/edir1/efile1' to 'SCRATCH_MNT/edir2/efile1': Operation not permitted
+
+
+*** Link unencrypted <= encrypted ***
+ln: failed to create hard link 'SCRATCH_MNT/edir1/ufile' => 'SCRATCH_MNT/udir/ufile': Operation not permitted
+
+*** Rename unencrypted => encrypted ***
+mv: cannot move 'SCRATCH_MNT/udir/ufile' to 'SCRATCH_MNT/edir1/ufile': Operation not permitted
+
+
+*** Link encrypted <= unencrypted ***
+'SCRATCH_MNT/udir/efile1' => 'SCRATCH_MNT/edir1/efile1'
+
+*** Rename encrypted => unencrypted ***
+'SCRATCH_MNT/edir1/efile1' -> 'SCRATCH_MNT/udir/efile1'
+
+
+*** Exchange encrypted <=> encrypted ***
+Operation not permitted
+
+*** Exchange unencrypted <=> encrypted ***
+Operation not permitted
+
+*** Exchange encrypted <=> unencrypted ***
+Operation not permitted
+
+
+*** Special file tests ***
+'SCRATCH_MNT/edir1/fifo' -> 'SCRATCH_MNT/edir2/fifo'
+'SCRATCH_MNT/edir2/fifo' -> 'SCRATCH_MNT/udir/fifo'
+'SCRATCH_MNT/udir/fifo' -> 'SCRATCH_MNT/edir1/fifo'
+'SCRATCH_MNT/edir2/fifo' => 'SCRATCH_MNT/edir1/fifo'
+
+
+*** Exchange encrypted <=> encrypted without key ***
+Operation not permitted
+
+*** Exchange encrypted <=> unencrypted without key ***
+Operation not permitted
diff --git a/tests/generic/group b/tests/generic/group
index 8350af7..15acd25 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -400,3 +400,4 @@
400 auto quick encrypt
401 auto quick encrypt
402 auto quick encrypt
+403 auto quick encrypt
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 4/6] generic: test encrypted file access
From: Eric Biggers @ 2016-12-21 21:22 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Test accessing encrypted files and directories, both with and without
the encryption key.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/402 | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/402.out | 13 +++++
tests/generic/group | 1 +
3 files changed, 158 insertions(+)
create mode 100755 tests/generic/402
create mode 100644 tests/generic/402.out
diff --git a/tests/generic/402 b/tests/generic/402
new file mode 100755
index 0000000..8f37f9f
--- /dev/null
+++ b/tests/generic/402
@@ -0,0 +1,144 @@
+#! /bin/bash
+# FS QA Test generic/402
+#
+# Test accessing encrypted files and directories, both with and without the
+# encryption key. Access with the encryption key is more of a sanity check and
+# is not intended to fully test all the encrypted I/O paths; to do that you'd
+# need to run all the xfstests with encryption enabled. Access without the
+# encryption key, on the other hand, should result in some particular behaviors.
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+. ./common/encrypt
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch_encryption
+_require_xfs_io_command "set_encpolicy"
+_require_command "$KEYCTL_PROG" keyctl
+
+_new_session_keyring
+
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+
+mkdir $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
+keydesc=$(_generate_encryption_key)
+$XFS_IO_PROG -c "set_encpolicy $keydesc" $SCRATCH_MNT/edir
+for dir in $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir; do
+ touch $dir/empty > /dev/null
+ $XFS_IO_PROG -t -f -c "pwrite 0 4k" $dir/a > /dev/null
+ $XFS_IO_PROG -t -f -c "pwrite 0 33k" $dir/abcdefghijklmnopqrstuvwxyz > /dev/null
+ maxname=$(yes | head -255 | tr -d '\n') # 255 character filename
+ $XFS_IO_PROG -t -f -c "pwrite 0 1k" $dir/$maxname > /dev/null
+ ln -s a $dir/symlink
+ ln -s abcdefghijklmnopqrstuvwxyz $dir/symlink2
+ ln -s $maxname $dir/symlink3
+ mkdir $dir/subdir
+ mkdir $dir/subdir/subsubdir
+done
+# Diff encrypted directory with unencrypted reference directory
+diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
+# Cycle mount and diff again
+_scratch_cycle_mount
+diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
+
+#
+# Now try accessing the files without the encryption key. It should still be
+# possible to list the directory and remove files. But filenames should be
+# encrypted, and it should not be possible to read regular files or to create
+# new files or subdirectories.
+#
+# Note that we cannot simply use ls -R to verify the files because the encrypted
+# filenames are unpredictable. By design, the key used to encrypt a directory's
+# filenames is derived from the master key (the key in the keyring) and a nonce
+# generated by the kernel. Hence, the encrypted filenames will be different
+# every time this test is run, even if we were to put a fixed key into the
+# keyring instead of a random one. The same applies to symlink targets.
+#
+# TODO: there are some inconsistencies in which error codes are returned on
+# different kernel versions and filesystems when trying to create a file or
+# subdirectory without access to the parent directory's encryption key. It's
+# planned to consistently use ENOKEY, but for now make this test accept multiple
+# error codes...
+#
+
+filter_create_errors()
+{
+ sed -e 's/No such file or directory/Required key not available/' \
+ -e 's/Permission denied/Required key not available/' \
+ -e 's/Operation not permitted/Required key not available/'
+}
+
+_unlink_encryption_key $keydesc
+_scratch_cycle_mount
+
+# Check that unencrypted names aren't there
+stat $SCRATCH_MNT/edir/empty |& _filter_scratch
+stat $SCRATCH_MNT/edir/symlink |& _filter_scratch
+
+# Check that the correct numbers of files and subdirectories are there
+ls $SCRATCH_MNT/edir | wc -l
+find $SCRATCH_MNT/edir -mindepth 2 -maxdepth 2 -type d | wc -l
+
+# Try to read a nondirectory file (should fail with ENOKEY)
+md5sum $(find $SCRATCH_MNT/edir -maxdepth 1 -type f | head -1) |& \
+ cut -d ' ' -f3-
+
+# Try to create new files, directories, and symlinks in the encrypted directory,
+# both with and without using correctly base-64 encoded filenames. These should
+# all fail with ENOKEY.
+$XFS_IO_PROG -f $SCRATCH_MNT/edir/newfile |& filter_create_errors | _filter_scratch
+$XFS_IO_PROG -f $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
+mkdir $SCRATCH_MNT/edir/newdir |& filter_create_errors | _filter_scratch
+mkdir $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
+ln -s foo $SCRATCH_MNT/edir/newlink |& filter_create_errors | _filter_scratch
+ln -s foo $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
+
+# Delete the encrypted directory (should succeed)
+rm -r $SCRATCH_MNT/edir
+stat $SCRATCH_MNT/edir |& _filter_scratch
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/402.out b/tests/generic/402.out
new file mode 100644
index 0000000..8573474
--- /dev/null
+++ b/tests/generic/402.out
@@ -0,0 +1,13 @@
+QA output created by 402
+stat: cannot stat 'SCRATCH_MNT/edir/empty': No such file or directory
+stat: cannot stat 'SCRATCH_MNT/edir/symlink': No such file or directory
+8
+1
+Required key not available
+SCRATCH_MNT/edir/newfile: Required key not available
+SCRATCH_MNT/edir/0123456789abcdef: Required key not available
+mkdir: cannot create directory 'SCRATCH_MNT/edir/newdir': Required key not available
+mkdir: cannot create directory 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available
+ln: failed to create symbolic link 'SCRATCH_MNT/edir/newlink': Required key not available
+ln: failed to create symbolic link 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available
+stat: cannot stat 'SCRATCH_MNT/edir': No such file or directory
diff --git a/tests/generic/group b/tests/generic/group
index 3fa745d..8350af7 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -399,3 +399,4 @@
394 auto quick
400 auto quick encrypt
401 auto quick encrypt
+402 auto quick encrypt
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 1/6] generic: add utilities for testing filesystem encryption
From: Eric Biggers @ 2016-12-21 21:21 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
In-Reply-To: <1482355322-74978-1-git-send-email-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Add utility functions for testing filesystem-level encryption via the
common API currently supported by ext4 and f2fs, in development for
ubifs and planned for xfs. Setting and getting encryption policies will
use new commands being added to xfs_io, while adding and removing
encryption keys will use keyctl.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
common/config | 1 +
common/encrypt | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 147 insertions(+)
create mode 100644 common/encrypt
diff --git a/common/config b/common/config
index f0f08d2..3727ec0 100644
--- a/common/config
+++ b/common/config
@@ -202,6 +202,7 @@ export DEBUGFS_PROG="`set_prog_path debugfs`"
export UUIDGEN_PROG="`set_prog_path uuidgen`"
export GETRICHACL_PROG="`set_prog_path getrichacl`"
export SETRICHACL_PROG="`set_prog_path setrichacl`"
+export KEYCTL_PROG="`set_prog_path keyctl`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
diff --git a/common/encrypt b/common/encrypt
new file mode 100644
index 0000000..f09104d
--- /dev/null
+++ b/common/encrypt
@@ -0,0 +1,146 @@
+#-----------------------------------------------------------------------
+#
+# Common functions for testing filesystem-level encryption
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+
+_require_scratch_encryption()
+{
+ _require_scratch
+
+ _require_xfs_io_command "set_encpolicy"
+
+ # The 'test_dummy_encryption' mount option interferes with trying to use
+ # encryption for real, even if we are just trying to get/set policies
+ # and never put any keys in the keyring. So skip the real encryption
+ # tests if the 'test_dummy_encryption' mount option was specified.
+ _exclude_scratch_mount_option "test_dummy_encryption"
+
+ # Make a filesystem on the scratch device with the encryption feature
+ # enabled. If this fails then probably the userspace tools (e.g.
+ # e2fsprogs or f2fs-tools) are too old to understand encryption.
+ if ! _scratch_mkfs_encrypted &>>$seqres.full; then
+ _notrun "$FSTYP userspace tools do not support encryption"
+ fi
+
+ # Try to mount the filesystem. If this fails then either the kernel
+ # isn't aware of encryption, or the mkfs options were not compatible
+ # with encryption (e.g. ext4 with block size != PAGE_SIZE).
+ if ! _scratch_mount &>>$seqres.full; then
+ _notrun "kernel is unaware of $FSTYP encryption feature," \
+ "or mkfs options are not compatible with encryption"
+ fi
+
+ # The kernel may be aware of encryption without supporting it. For
+ # example, for ext4 this is the case with kernels configured with
+ # CONFIG_EXT4_FS_ENCRYPTION=n. Detect support for encryption by trying
+ # to set an encryption policy. (For ext4 we could instead check for the
+ # presence of /sys/fs/ext4/features/encryption, but this is broken on
+ # some older kernels and is ext4-specific anyway.)
+ mkdir $SCRATCH_MNT/tmpdir
+ if $XFS_IO_PROG -c set_encpolicy $SCRATCH_MNT/tmpdir \
+ 2>&1 >>$seqres.full | \
+ egrep -q 'Inappropriate ioctl for device|Operation not supported'
+ then
+ _notrun "kernel does not support $FSTYP encryption"
+ fi
+ rmdir $SCRATCH_MNT/tmpdir
+ _scratch_unmount
+}
+
+_scratch_mkfs_encrypted()
+{
+ case $FSTYP in
+ ext4|f2fs)
+ _scratch_mkfs -O encrypt
+ ;;
+ *)
+ _notrun "No encryption support for $FSTYP"
+ ;;
+ esac
+}
+
+# Give the invoking shell a new session keyring. This makes any keys we add to
+# the session keyring scoped to the lifetime of the test script.
+_new_session_keyring()
+{
+ $KEYCTL_PROG new_session >>$seqres.full
+}
+
+#
+# Generate a random encryption key, add it to the session keyring, and print out
+# the resulting key descriptor (example: "8bf798e1a494e1ec"). Requires the
+# keyctl program. It's assumed the caller has already set up a test-scoped
+# session keyring using _new_session_keyring.
+#
+_generate_encryption_key()
+{
+ # Generate a key descriptor (16 character hex string)
+ local keydesc=""
+ for ((i = 0; i < 8; i++)); do
+ keydesc="${keydesc}$(printf "%02x" $(( $RANDOM % 256 )))"
+ done
+
+ # Generate the actual encryption key (64 bytes)
+ local raw=""
+ for ((i = 0; i < 64; i++)); do
+ raw="${raw}\\x$(printf "%02x" $(( $RANDOM % 256 )))"
+ done
+
+ #
+ # Add the key to the session keyring. The required structure is:
+ #
+ # #define FS_MAX_KEY_SIZE 64
+ # struct fscrypt_key {
+ # u32 mode;
+ # u8 raw[FS_MAX_KEY_SIZE];
+ # u32 size;
+ # } __packed;
+ #
+ # The kernel ignores 'mode' but requires that 'size' be 64.
+ #
+ # Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key
+ # descriptor hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6
+ # and later) also allow the common key prefix "fscrypt:" in addition to
+ # their filesystem-specific key prefix ("ext4:", "f2fs:"). It would be
+ # nice to use the common key prefix, but for now use the filesystem-
+ # specific prefix to make it possible to test older kernels...
+ #
+ local big_endian=$(echo -ne '\x11' | od -tx2 | head -1 | \
+ cut -f2 -d' ' | cut -c1 )
+ if (( big_endian )); then
+ local mode='\x00\x00\x00\x00'
+ local size='\x00\x00\x00\x40'
+ else
+ local mode='\x00\x00\x00\x00'
+ local size='\x40\x00\x00\x00'
+ fi
+ echo -n -e "${mode}${raw}${size}" |
+ $KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full
+ echo $keydesc
+}
+
+# Unlink an encryption key from the session keyring, given its key descriptor.
+_unlink_encryption_key()
+{
+ local keydesc=$1
+ local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc)
+ $KEYCTL_PROG unlink $keyid >>$seqres.full
+}
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v5 0/6] Add filesystem-level encryption tests
From: Eric Biggers @ 2016-12-21 21:21 UTC (permalink / raw)
To: fstests
Cc: Theodore Ts'o, Jaegeuk Kim, Richard Weinberger, David Gstir,
Michael Halcrow, Eric Sandeen, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
This is the fifth revision of the patchset to add xfstests for
filesystem-level encryption. Patch 6/6 (generic/404) was adjusted to
address comments from Eryu Guan, and the patches were rebased onto the
latest xfstests master. Otherwise the patches are unchanged from v4.
The new tests are designed to run on any filesystem that implements the
"fscrypt" API, currently ext4, f2fs, and (merged for Linux 4.10) ubifs.
I've run all the new tests on both ext4 and f2fs. Currently, generic/403
is expected to fail due to kernel bugs, and I've sent kernel patches to
fix these. With the help of my patches to support ubifs in xfstests and
xfstests-bld, I've also run the new tests on ubifs, except for
generic/404 which doesn't work on ubifs yet. generic/402 and generic/403
also fail on ubifs, AFAICS due to kernel bugs.
Note that the new tests are designed to complement, not replace, doing a
full xfstests run with encryption enabled, which for ext4 can currently
be done by using the test_dummy_encryption mount option.
Changes since v4:
* generic/404: use $XFS_IO_PROG
* generic/404: document why we zero the device
Changes since v3:
* Replace _require_encryption with _require_scratch_encryption
* Move filesystem type check into _scratch_mkfs_encrypted
* Use _exclude_scratch_mount_option
* Never cd into $SCRATCH_MNT
* generic/403: uncomment test of exchange without key
* generic/403: test linking and renaming special file
* Send both stdout and stderr from mkfs to $seqres.full
Changes since v2:
* Use filesystem-specific key prefix rather than generic one
* Use a new keyring for each test
* Add a test for restrictions on moving and linking files
* Make "cryptographic weaknesses" test compatible with f2fs
* For now, accept both the old and new versions of certain error
codes which are planned to be changed
Changes since v1:
* Drop fscrypt_util test program and use new xfs_io commands and
keyctl instead (xfs_io patch sent separately)
* Updates to match xfstests coding style
* Move validation of policy structure into its own test
* Add test to detect some cryptographic weaknesses
* Drop ioctl locking test
Eric Biggers (6):
generic: add utilities for testing filesystem encryption
generic: test setting and getting encryption policies
generic: test validation of encryption policy structure
generic: test encrypted file access
generic: test enforcement of one encryption policy per tree
generic: test for weaknesses in filesystem encryption
common/config | 2 +
common/encrypt | 146 ++++++++++++++++++++++++++++++++++++++++++++
tests/generic/400 | 135 ++++++++++++++++++++++++++++++++++++++++
tests/generic/400.out | 43 +++++++++++++
tests/generic/401 | 82 +++++++++++++++++++++++++
tests/generic/401.out | 18 ++++++
tests/generic/402 | 144 +++++++++++++++++++++++++++++++++++++++++++
tests/generic/402.out | 13 ++++
tests/generic/403 | 158 +++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/403.out | 45 ++++++++++++++
tests/generic/404 | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/404.out | 3 +
tests/generic/group | 5 ++
13 files changed, 960 insertions(+)
create mode 100644 common/encrypt
create mode 100755 tests/generic/400
create mode 100644 tests/generic/400.out
create mode 100755 tests/generic/401
create mode 100644 tests/generic/401.out
create mode 100755 tests/generic/402
create mode 100644 tests/generic/402.out
create mode 100644 tests/generic/403
create mode 100644 tests/generic/403.out
create mode 100755 tests/generic/404
create mode 100644 tests/generic/404.out
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply
* [PATCH] xfstests-bld: remove dead code for gce-xfstests get-results
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
The 'gce-xfstests get-results' command was implemented in two places.
Remove the dead version.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/gce-xfstests | 15 ---------------
1 file changed, 15 deletions(-)
diff --git a/kvm-xfstests/gce-xfstests b/kvm-xfstests/gce-xfstests
index 8839ea2..2910ca4 100755
--- a/kvm-xfstests/gce-xfstests
+++ b/kvm-xfstests/gce-xfstests
@@ -308,21 +308,6 @@ case "$1" in
exec gcloud beta compute --project "$GCE_PROJECT" -q \
connect-to-serial-port --zone "$GCE_ZONE" $PORT "$2"
;;
- get-results)
- case "$2" in
- --failures|-F)
- OPT="-F"
- shift
- ;;
- esac
- tmpfile=$(mktemp)
- gcloud compute --project "$GCE_PROJECT" -q \
- copy-files "$2:/results/runtests.log" "$tmpfile" \
- --zone "$GCE_ZONE"
- "$DIR/get-results" "$OPT" "$tmpfile"
- /bin/rm -f "$tmpfile"
- exit 0
- ;;
create-image)
shift
"$DIR/test-appliance/gce-create-image" "$@"
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH] xfstests-bld: include xz-utils in kvm-xfstests appliance
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
xz will be needed by one of the new encryption tests. It was already
included in the gce-xfstests appliance, but it was missing from the
kvm-xfstests appliance.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/test-appliance/xfstests-packages | 1 +
1 file changed, 1 insertion(+)
diff --git a/kvm-xfstests/test-appliance/xfstests-packages b/kvm-xfstests/test-appliance/xfstests-packages
index 127897d..2041b9a 100644
--- a/kvm-xfstests/test-appliance/xfstests-packages
+++ b/kvm-xfstests/test-appliance/xfstests-packages
@@ -28,3 +28,4 @@ systemd-sysv
time
uuid-runtime
udev
+xz-utils
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH] xfstests-bld: remove redundant listing of GCE images
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
When a GCE image is created, the same information about the new image
was being printed by both 'gcloud compute images create' and 'gcloud
compute images list'. Fix this by removing the call to 'gcloud compute
images list'.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/test-appliance/gce-create-image | 1 -
1 file changed, 1 deletion(-)
diff --git a/kvm-xfstests/test-appliance/gce-create-image b/kvm-xfstests/test-appliance/gce-create-image
index 005cc8e..830dd5b 100755
--- a/kvm-xfstests/test-appliance/gce-create-image
+++ b/kvm-xfstests/test-appliance/gce-create-image
@@ -138,4 +138,3 @@ gcloud compute --project "$GCE_PROJECT" -q images create "$ROOT_FS-$DATECODE" \
--family "$ROOT_FS"
gcloud compute --project "$GCE_PROJECT" -q disks delete "$BLD_DISK" \
--zone "$GCE_ZONE" >& /dev/null &
-gcloud compute --project "$GCE_PROJECT" -q images list --filter="family=$ROOT_FS"
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH] xfstests-bld: include f2fs userspace tools in test appliances
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/test-appliance/gce-xfstests-bld.sh | 1 +
kvm-xfstests/test-appliance/xfstests-packages | 1 +
2 files changed, 2 insertions(+)
diff --git a/kvm-xfstests/test-appliance/gce-xfstests-bld.sh b/kvm-xfstests/test-appliance/gce-xfstests-bld.sh
index f041a95..c10645f 100644
--- a/kvm-xfstests/test-appliance/gce-xfstests-bld.sh
+++ b/kvm-xfstests/test-appliance/gce-xfstests-bld.sh
@@ -16,6 +16,7 @@ PACKAGES="bash-completion \
dump \
e3 \
ed \
+ f2fs-tools \
file \
gawk \
kexec-tools \
diff --git a/kvm-xfstests/test-appliance/xfstests-packages b/kvm-xfstests/test-appliance/xfstests-packages
index 33b1f05..127897d 100644
--- a/kvm-xfstests/test-appliance/xfstests-packages
+++ b/kvm-xfstests/test-appliance/xfstests-packages
@@ -9,6 +9,7 @@ dbus
dmsetup
dump
ed
+f2fs-tools
file
gawk
joe-jupp
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH] xfstests-bld: document how to add debian packages to GCE image
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Documentation/gce-xfstests.md | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/Documentation/gce-xfstests.md b/Documentation/gce-xfstests.md
index becc23d..1b7fa3e 100644
--- a/Documentation/gce-xfstests.md
+++ b/Documentation/gce-xfstests.md
@@ -306,12 +306,14 @@ to be unpacked into a directory in /tmp instead.
By default gce-xfstests uses the prebuilt image which is made
available via the xfstests-cloud project. However, if you want to
-build your own image, you must first build the xfstests tarball as
-described in the [instructions for building
-xfstests](building-xfstests.md). Then run the command "gce-xfstests
-create-image". This will create a new GCE image with a name such as
-"xfstests-201608132226" where 201608132226 indicates when the image
-was created (in this case, August 13, 2016 at 22:26).
+build your own image, you must first build a 64-bit (amd64) xfstests
+tarball as described in the [instructions for building
+xfstests](building-xfstests.md). Then copy any additional Debian
+packages, for the amd64 architecture, you want to include in the GCE
+image into the root directory of GS_BUCKET. Then run the command
+"gce-xfstests create-image". This will create a new GCE image with a
+name such as "xfstests-201608132226" where 201608132226 indicates when
+the image was created (in this case, August 13, 2016 at 22:26).
This image will be created as part of an image family called xfstests.
By default, when you start a test using gce-xfstests, the most
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* [PATCH v2] xfstests-bld: correct file permissions on test appliance files
From: Eric Biggers @ 2016-12-21 18:06 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: fstests, Eric Biggers
From: Eric Biggers <ebiggers@google.com>
The xfstests-bld repository may have been cloned with a umask that
masked out the other bits. When using --update-files in this situation
or when creating a GCE image, the VM ended up in a state where non-root
users were unable to execute anything, which made all tests using the
fsgqa user get skipped. Fix this by copying the r and x group bits to
the other bits when creating files.tar.gz. Also set the owner and group
to root while we're at it.
[v2: also fix gce-create-image]
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/gce-xfstests | 3 ++-
kvm-xfstests/kvm-xfstests | 3 ++-
kvm-xfstests/test-appliance/gce-create-image | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/kvm-xfstests/gce-xfstests b/kvm-xfstests/gce-xfstests
index 04eee78..8839ea2 100755
--- a/kvm-xfstests/gce-xfstests
+++ b/kvm-xfstests/gce-xfstests
@@ -471,7 +471,8 @@ then
exit 1
fi
(cd "$DIR/test-appliance"; \
- tar -X gce-exclude-files --exclude=etc -C files -cf - . | \
+ tar -X gce-exclude-files --exclude=etc -C files \
+ --owner=root --group=root --mode=o+g-w -cf - . | \
gzip -9n > $LOCAL_FILES)
get_local_hash "$LOCAL_FILES"
get_remote_hash "$GS_FILES"
diff --git a/kvm-xfstests/kvm-xfstests b/kvm-xfstests/kvm-xfstests
index fbdae7a..bcada9e 100755
--- a/kvm-xfstests/kvm-xfstests
+++ b/kvm-xfstests/kvm-xfstests
@@ -75,7 +75,8 @@ then
exit 1
fi
(cd "$DIR/test-appliance"; \
- tar -X kvm-exclude-files -C files -cf - . | \
+ tar -X kvm-exclude-files -C files \
+ --owner=root --group=root --mode=o+g-w -cf - . | \
gzip -9n > "$TDIR/files.tar.gz")
tar -r -f $VDH -C "$TDIR" files.tar.gz
rm -rf "$TDIR"
diff --git a/kvm-xfstests/test-appliance/gce-create-image b/kvm-xfstests/test-appliance/gce-create-image
index 56366d1..005cc8e 100755
--- a/kvm-xfstests/test-appliance/gce-create-image
+++ b/kvm-xfstests/test-appliance/gce-create-image
@@ -87,7 +87,8 @@ then
cat ../../*.ver > files/root/xfstests/git-versions
fi
-tar -X gce-exclude-files -C files -cf - . | gzip -9n > $t
+tar -X gce-exclude-files -C files --owner=root --group=root --mode=o+g-w \
+ -cf - . | gzip -9n > $t
GS_FILES_TARBALL=gs://$GS_BUCKET/files.tar.gz
if test -f files/root/xfstests/git-versions
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related
* Re: [PATCH] fstests: btrfs: Remove btrfs/047 since upstream don't accept stream-version
From: David Sterba @ 2016-12-21 14:27 UTC (permalink / raw)
To: Eryu Guan; +Cc: Qu Wenruo, linux-btrfs, fstests
In-Reply-To: <20161221023355.GM1859@eguan.usersys.redhat.com>
On Wed, Dec 21, 2016 at 10:33:55AM +0800, Eryu Guan wrote:
> On Tue, Dec 20, 2016 at 09:24:56AM +0800, Qu Wenruo wrote:
> > Btrfs upstream doesn't accept stream-version, so the test is never ran
> > on upstream kernel nor btrfs-progs.
> >
> > Just remove it.
> >
> > Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
>
> Looks fine to me, but I'd like to see an ack or review from btrfs
> developers.
We don't have ETA when the stream protocol version bump will happen. The
test can be added back later.
Reviewed-by: David Sterba <dsterba@suse.com>
^ permalink raw reply
* [PATCH v3 3/3] generic/396: test correct d_type values
From: Amir Goldstein @ 2016-12-21 13:50 UTC (permalink / raw)
To: Eryu Guan
Cc: Dave Chinner, Christoph Hellwig, Darrick J . Wong,
Theodore Ts'o, fstests
In-Reply-To: <1482239855-791-4-git-send-email-amir73il@gmail.com>
Verify correct d_type values of dir entries.
This test does NOT require that file system support the filetype feature.
It verifies that either all file types are reported as DT_UNKNOWN
or that all file types are reported correctly.
For fs for which we know how to test the filetype feature (xfs|ext*)
verify getting DT_UNKNOWN IFF filetype feature is disabled.
Special dir entries . and .. MAY be reported as DT_UNKNOWN IF filetype
feature is disabled (ext4), but MAY also be reported as DT_DIR in this
case (xfs).
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
tests/generic/396 | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/396.out | 9 +++++
tests/generic/group | 1 +
3 files changed, 103 insertions(+)
create mode 100755 tests/generic/396
create mode 100644 tests/generic/396.out
Added another test to the matrix, found another special case to handle:
ext4 vs. xfs returns DT_UNKNOWN for . and .. on ! _supports_filetype.
Fixes the test to correctly handle both cases.
Tested with tmpfs, ext2, ext4, xfs for d_type supported fs
Tested with xfs -m crc=0 -n ftype=0 for d_type unsupported fs
Tested with ext2/ext4 -O ^filetype for d_type unsupported fs
v3:
- allow DT_UNKNOWN type for . and .. when filetype feature is disabled (ext4)
v2:
- use helper to test for file type support
- allow DT_UNKNOWN type, but only for all files
- verify . and .. have DT_DIR type
v1:
- verify that d_type matches actual file type
diff --git a/tests/generic/396 b/tests/generic/396
new file mode 100755
index 0000000..0d4a17d
--- /dev/null
+++ b/tests/generic/396
@@ -0,0 +1,93 @@
+#! /bin/bash
+# FSQA Test No. 396
+#
+# Test filetype feature
+#
+# This test does NOT require that file system support the d_type feature.
+# It verifies that either all file types are reported as DT_UNKNOWN
+# or all file types are reported correctly.
+#
+# For fs for which we know how to test the filetype feature (xfs|ext*)
+# verify getting DT_UNKNOWN IFF feature is disabled.
+# Special dir entries . and .. MAY be reported as DT_UNKNOWN IF filetype
+# feature is disabled (ext4), but MAY also be reported as DT_DIR in this
+# case (xfs).
+#
+#-----------------------------------------------------------------------
+#
+# Copyright (C) 2016 CTERA Networks. All Rights Reserved.
+# Author: Amir Goldstein <amir73il@gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch
+
+rm -f $seqres.full
+
+_scratch_mkfs >>$seqres.full 2>&1
+
+_scratch_mount
+
+# Create our test files.
+testdir=$SCRATCH_MNT/find-by-type
+mkdir -p $testdir
+mkdir $testdir/d
+touch $testdir/f
+ln -s $testdir/f $testdir/l
+mknod $testdir/c c 1 1
+mknod $testdir/b b 1 1
+mknod $testdir/p p
+
+# Test d_type of . and ..
+# it must be DT_DIR on fs with filetype support and it could be
+# either DR_DIR or DT_UNKNOWN on fs without filetype support
+src/t_dir_type $testdir d | grep -F '.' | sort
+
+# Test that either all file types are unknown or all are correct
+if _supports_filetype $testdir; then
+ # print real file types
+ src/t_dir_type $testdir | grep -vF '.' | sort
+else
+ # print fake dir file type for . and .. if they are DT_UNKNOWN
+ src/t_dir_type $testdir u | grep -F '.' | \
+ awk '{ print $1, "d" }' | sort
+ # list unknown files and print filename as fake file type
+ src/t_dir_type $testdir u | grep -vF '.' | \
+ awk '{ print $1, $1 }' | sort
+fi
+
+status=0
+exit
diff --git a/tests/generic/396.out b/tests/generic/396.out
new file mode 100644
index 0000000..de11c24
--- /dev/null
+++ b/tests/generic/396.out
@@ -0,0 +1,9 @@
+QA output created by 396
+. d
+.. d
+b b
+c c
+d d
+f f
+l l
+p p
diff --git a/tests/generic/group b/tests/generic/group
index 20b31ef..24c242f 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -397,3 +397,4 @@
392 auto quick metadata
393 auto quick rw
394 auto quick
+396 auto quick
--
2.7.4
^ permalink raw reply related
* [PATCH] Revert "generic/38[3-6]: require project quota to be enabled on SCRATCH_DEV"
From: Eryu Guan @ 2016-12-21 3:26 UTC (permalink / raw)
To: fstests; +Cc: sandeen, Eryu Guan
Commit 23f60ef304d ("generic/38[3-6]: require project quota to be
enabled on SCRATCH_DEV") introduced a regression that leads
_require_projquota, which uses src/feature to call a quotactl,
operate before the filesystem is mounted, and results in tests not
run on XFS and ext4.
Revert the problematic patch first, because don't want to lose
project quota test coverage on XFS and ext4. We can fix the false
failure on ext3/2 later,
Reported-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
---
tests/generic/383 | 1 -
tests/generic/384 | 2 +-
tests/generic/385 | 2 +-
tests/generic/386 | 2 +-
4 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/tests/generic/383 b/tests/generic/383
index 93836ea..be5b19b 100755
--- a/tests/generic/383
+++ b/tests/generic/383
@@ -54,7 +54,6 @@ _require_xfs_quota_foreign
_scratch_mkfs >/dev/null 2>&1
_scratch_enable_pquota
-_require_prjquota $SCRATCH_DEV
do_project_test()
{
diff --git a/tests/generic/384 b/tests/generic/384
index 4784e47..452d26e 100755
--- a/tests/generic/384
+++ b/tests/generic/384
@@ -73,10 +73,10 @@ chmod a+rwx $seqres.full # arbitrary users will write here
_require_scratch
_scratch_mkfs >/dev/null 2>&1
_scratch_enable_pquota
-_require_prjquota $SCRATCH_DEV
_qmount_option "prjquota"
_qmount
+_require_prjquota $SCRATCH_DEV
report_quota()
{
diff --git a/tests/generic/385 b/tests/generic/385
index b7c5bd3..f07ae5d 100755
--- a/tests/generic/385
+++ b/tests/generic/385
@@ -71,9 +71,9 @@ quota_cmd="$XFS_QUOTA_PROG -D $tmp.projects -P $tmp.projid"
_scratch_mkfs >/dev/null 2>&1
_scratch_enable_pquota
-_require_prjquota $SCRATCH_DEV
_qmount_option "prjquota"
_qmount
+_require_prjquota $SCRATCH_DEV
#
# Create the project root
diff --git a/tests/generic/386 b/tests/generic/386
index 0ceb14d..3aede60 100755
--- a/tests/generic/386
+++ b/tests/generic/386
@@ -127,10 +127,10 @@ echo $proj_num:$proj_dir > "$my_projects"
_scratch_mkfs >> "$seqres.full" 2>&1
_scratch_enable_pquota
-_require_prjquota $SCRATCH_DEV
_qmount_option "prjquota"
_qmount
+_require_prjquota $SCRATCH_DEV
mkdir -p "${proj_dir}"
--
2.9.3
^ permalink raw reply related
* Re: [PATCH] fstests: btrfs: Remove btrfs/047 since upstream don't accept stream-version
From: Eryu Guan @ 2016-12-21 2:33 UTC (permalink / raw)
To: Qu Wenruo; +Cc: linux-btrfs, fstests
In-Reply-To: <20161220012456.19363-1-quwenruo@cn.fujitsu.com>
On Tue, Dec 20, 2016 at 09:24:56AM +0800, Qu Wenruo wrote:
> Btrfs upstream doesn't accept stream-version, so the test is never ran
> on upstream kernel nor btrfs-progs.
>
> Just remove it.
>
> Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Looks fine to me, but I'd like to see an ack or review from btrfs
developers.
Thanks,
Eryu
^ permalink raw reply
* Re: [PATCH] xfstests: fix build warnings and notify_others() bug
From: Ross Zwisler @ 2016-12-20 17:56 UTC (permalink / raw)
To: Ross Zwisler
Cc: fstests, Dave Chinner, Lukas Czerner, Allison Henderson,
Christoph Hellwig, Nathan Scott
In-Reply-To: <20161220175534.GA26994@linux.intel.com>
On Tue, Dec 20, 2016 at 10:55:34AM -0700, Ross Zwisler wrote:
> On Tue, Dec 06, 2016 at 09:04:01PM -0700, Ross Zwisler wrote:
> > This patch addresses the following build warnings:
> >
> > fsx.c: In function 'do_punch_hole':
> > fsx.c:940:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> > if (!quiet && testcalls > simulatedopcount)
> > ^~
> > fsx.c:942:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> > log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> > ^~~~
> > fsx.c:947:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> > if (!quiet && testcalls > simulatedopcount)
> > ^~
> > fsx.c:949:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> > log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> > ^~~~
> > fsx.c: In function 'do_zero_range':
> > fsx.c:995:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> > if (!quiet && testcalls > simulatedopcount)
> > ^~
> > fsx.c:997:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> > log4(OP_ZERO_RANGE, offset, length, FL_SKIPPED |
> > ^~~~
> > [CC] growfiles
> > growfiles.c: In function 'notify_others':
> > growfiles.c:1458:6: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> > if ( Forker_pids[ind] != Pid )
> > ^~
> > growfiles.c:1462:10: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> > kill(Forker_pids[ind], SIGUSR2);
> > ^~~~
> >
> > The warnings in fsx.c were just spacing issues of the form:
> >
> > if (length == 0) {
> > if (!quiet && testcalls > simulatedopcount)
> > prt("skipping zero length punch hole\n");
> > log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> > return;
> > }
> >
> > Where the log4() call just needs to be unindented. log4() calls elsewhere
> > in that same file are not protected with any sort of 'quiet' check, and
> > commonly follow prt() calls which are. See doread(), domapread(), etc.
> >
> > The warning from growfiles.c was actually a bug. notify_others() is
> > looping through the Forker_pids[] array and sending SIGUSR2 to all other
> > processes. However, with the current logic it only *logs* the kill for
> > other processes, and kills all other processes plus the Forker_pids[] entry
> > that matches 'Pid'.
> >
> > Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
> > Cc: Dave Chinner <david@fromorbit.com>
> > Cc: Lukas Czerner <lczerner@redhat.com>
> > Cc: Allison Henderson <achender@vnet.ibm.com>
> > Cc: Christoph Hellwig <hch@lst.de>
> > Cc: Nathan Scott <nathans@sgi.com>
>
> Ping on this patch.
Sorry, it was already applied. My apologies for the noise.
^ permalink raw reply
* Re: [PATCH] xfstests: fix build warnings and notify_others() bug
From: Ross Zwisler @ 2016-12-20 17:55 UTC (permalink / raw)
To: Ross Zwisler
Cc: fstests, Dave Chinner, Lukas Czerner, Allison Henderson,
Christoph Hellwig, Nathan Scott
In-Reply-To: <1481083441-4809-1-git-send-email-ross.zwisler@linux.intel.com>
On Tue, Dec 06, 2016 at 09:04:01PM -0700, Ross Zwisler wrote:
> This patch addresses the following build warnings:
>
> fsx.c: In function 'do_punch_hole':
> fsx.c:940:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> if (!quiet && testcalls > simulatedopcount)
> ^~
> fsx.c:942:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> ^~~~
> fsx.c:947:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> if (!quiet && testcalls > simulatedopcount)
> ^~
> fsx.c:949:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> ^~~~
> fsx.c: In function 'do_zero_range':
> fsx.c:995:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> if (!quiet && testcalls > simulatedopcount)
> ^~
> fsx.c:997:4: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> log4(OP_ZERO_RANGE, offset, length, FL_SKIPPED |
> ^~~~
> [CC] growfiles
> growfiles.c: In function 'notify_others':
> growfiles.c:1458:6: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
> if ( Forker_pids[ind] != Pid )
> ^~
> growfiles.c:1462:10: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
> kill(Forker_pids[ind], SIGUSR2);
> ^~~~
>
> The warnings in fsx.c were just spacing issues of the form:
>
> if (length == 0) {
> if (!quiet && testcalls > simulatedopcount)
> prt("skipping zero length punch hole\n");
> log4(OP_PUNCH_HOLE, offset, length, FL_SKIPPED);
> return;
> }
>
> Where the log4() call just needs to be unindented. log4() calls elsewhere
> in that same file are not protected with any sort of 'quiet' check, and
> commonly follow prt() calls which are. See doread(), domapread(), etc.
>
> The warning from growfiles.c was actually a bug. notify_others() is
> looping through the Forker_pids[] array and sending SIGUSR2 to all other
> processes. However, with the current logic it only *logs* the kill for
> other processes, and kills all other processes plus the Forker_pids[] entry
> that matches 'Pid'.
>
> Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
> Cc: Dave Chinner <david@fromorbit.com>
> Cc: Lukas Czerner <lczerner@redhat.com>
> Cc: Allison Henderson <achender@vnet.ibm.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Nathan Scott <nathans@sgi.com>
Ping on this patch.
^ permalink raw reply
* Re: [PATCH] generic/395: test GETNEXTQUOTA near INT_MAX
From: Eric Sandeen @ 2016-12-20 13:57 UTC (permalink / raw)
To: Eryu Guan, Eric Sandeen; +Cc: fstests
In-Reply-To: <20161220062532.GL1859@eguan.usersys.redhat.com>
On 12/20/16 12:25 AM, Eryu Guan wrote:
>> +
>> +# Ok, do we even have GETNEXTQUOTA? Querying ID 0 should work.
>> +$here/src/test-nextquota -i 0 -u -d $SCRATCH_DEV &> $seqres.full || \
>> + _notrun "No GETNEXTQUOTA support"
> Introduce a new _require rule? And generic/244 could use it too. Perhaps
> we need to put '_require_test_program "test-nextquota"' in the new
> require rule too.
Good point.
And the other stuff is just leftovers from 344 - sorry about that.
-Eric
> Thanks,
> Eryu
>
^ permalink raw reply
* [PATCH v2 3/3] generic/396: test correct d_type values
From: Amir Goldstein @ 2016-12-20 13:17 UTC (permalink / raw)
To: Eryu Guan
Cc: Dave Chinner, Christoph Hellwig, Darrick J . Wong, Miklos Szeredi,
fstests
In-Reply-To: <1482239855-791-1-git-send-email-amir73il@gmail.com>
Verify correct d_type values of dir entries.
This test does NOT require that file system support the filetype feature.
It verifies that either all file types are reported as DT_UNKNOWN
or that all file types are reported correctly.
For fs for which we know how to test the filetype feature (xfs|ext*)
verify getting DT_UNKNOWN IFF feature is disabled.
Verify special dir entries . and .. are always reported as DT_DIR.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
tests/generic/396 | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++
tests/generic/396.out | 9 ++++++
tests/generic/group | 1 +
3 files changed, 97 insertions(+)
create mode 100755 tests/generic/396
create mode 100644 tests/generic/396.out
diff --git a/tests/generic/396 b/tests/generic/396
new file mode 100755
index 0000000..fbd2e79
--- /dev/null
+++ b/tests/generic/396
@@ -0,0 +1,87 @@
+#! /bin/bash
+# FSQA Test No. 396
+#
+# Test filetype feature
+#
+# This test does NOT require that file system support the d_type feature.
+# It verifies that either all file types are reported as DT_UNKNOWN
+# or all file types are reported correctly.
+#
+# For fs for which we know how to test the filetype feature (xfs|ext*)
+# verify getting DT_UNKNOWN IFF feature is disabled.
+#
+# Verify special dir entries . and .. are always reported as DT_DIR.
+#
+#-----------------------------------------------------------------------
+#
+# Copyright (C) 2016 CTERA Networks. All Rights Reserved.
+# Author: Amir Goldstein <amir73il@gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+
+# real QA test starts here
+_supported_fs generic
+_supported_os Linux
+_require_scratch
+
+rm -f $seqres.full
+
+_scratch_mkfs >>$seqres.full 2>&1
+
+_scratch_mount
+
+# Create our test files.
+testdir=$SCRATCH_MNT/find-by-type
+mkdir -p $testdir
+mkdir $testdir/d
+touch $testdir/f
+ln -s $testdir/f $testdir/l
+mknod $testdir/c c 1 1
+mknod $testdir/b b 1 1
+mknod $testdir/p p
+
+# Test d_type DT_DIR for . and ..
+# this should be correct on all fs regardless of filetype feature
+src/t_dir_type $testdir d | grep -F '.' | sort
+
+# Test that either all file type are unknown or all are valid
+if _supports_filetype $testdir; then
+ # print real file types
+ src/t_dir_type $testdir | grep -vF '.' | sort
+else
+ # list unknown files and print filename as fake file type
+ src/t_dir_type $testdir u | awk '{ print $1, $1 }' | sort
+fi
+
+status=0
+exit
diff --git a/tests/generic/396.out b/tests/generic/396.out
new file mode 100644
index 0000000..de11c24
--- /dev/null
+++ b/tests/generic/396.out
@@ -0,0 +1,9 @@
+QA output created by 396
+. d
+.. d
+b b
+c c
+d d
+f f
+l l
+p p
diff --git a/tests/generic/group b/tests/generic/group
index 20b31ef..24c242f 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -397,3 +397,4 @@
392 auto quick metadata
393 auto quick rw
394 auto quick
+396 auto quick
--
2.7.4
^ permalink raw reply related
* [PATCH v2 2/3] common/rc: add generic file type support check
From: Amir Goldstein @ 2016-12-20 13:17 UTC (permalink / raw)
To: Eryu Guan
Cc: Dave Chinner, Christoph Hellwig, Darrick J . Wong, Miklos Szeredi,
fstests
In-Reply-To: <1482239855-791-1-git-send-email-amir73il@gmail.com>
_supports_filetype() helper checks if the filetype feature
is enabled for xfs and ext* file sytems.
Add a check for the generic case where we don't know
how to test file system filetype feature.
Introduce a helper utility t_dir_type that lists directory
entries filtered by file type.
Check for filetype feature by expecting to find no directory
entries listed as DT_UNKNOWN inside a test directory.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
.gitignore | 1 +
common/rc | 9 +++++
src/Makefile | 2 +-
src/t_dir_type.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 119 insertions(+), 1 deletion(-)
create mode 100644 src/t_dir_type.c
diff --git a/.gitignore b/.gitignore
index b8d13a0..7dcea14 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,6 +94,7 @@
/src/t_access_root
/src/t_dir_offset
/src/t_dir_offset2
+/src/t_dir_type
/src/t_futimens
/src/t_getcwd
/src/t_holes
diff --git a/common/rc b/common/rc
index 288517f..a779c50 100644
--- a/common/rc
+++ b/common/rc
@@ -278,6 +278,15 @@ _supports_filetype()
tune2fs -l $(df --output=source $dir | tail -1) | \
grep -q filetype
;;
+ *)
+ testfile=$dir/$$.ftype
+ touch $testfile
+ # look for DT_UNKNOWN files
+ unknowns=$(src/t_dir_type $dir u | wc -l)
+ rm $testfile
+ # 0 unknowns is success
+ return $unknowns
+ ;;
esac
}
diff --git a/src/Makefile b/src/Makefile
index 4056496..94d74aa 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -21,7 +21,7 @@ LINUX_TARGETS = xfsctl bstat t_mtab getdevicesize preallo_rw_pattern_reader \
stale_handle pwrite_mmap_blocked t_dir_offset2 seek_sanity_test \
seek_copy_test t_readdir_1 t_readdir_2 fsync-tester nsexec cloner \
renameat2 t_getcwd e4compact test-nextquota punch-alternating \
- attr-list-by-handle-cursor-test listxattr dio-interleaved
+ attr-list-by-handle-cursor-test listxattr dio-interleaved t_dir_type
SUBDIRS =
diff --git a/src/t_dir_type.c b/src/t_dir_type.c
new file mode 100644
index 0000000..344bef8
--- /dev/null
+++ b/src/t_dir_type.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2016 CTERA Networks. All Rights Reserved.
+ * Author: Amir Goldstein <amir73il@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * t_dir_type
+ *
+ * print directory entries, optionally filtered by d_type
+ *
+ * ./t_dir_type <path> [u|f|d|c|b|l|p|s|w]
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+
+struct linux_dirent64 {
+ uint64_t d_ino;
+ int64_t d_off;
+ unsigned short d_reclen;
+ unsigned char d_type;
+ char d_name[0];
+};
+
+#define DT_MASK 15
+#define DT_MAX 15
+unsigned char type_to_char[DT_MAX] = {
+ [DT_UNKNOWN] = 'u',
+ [DT_DIR] = 'd',
+ [DT_REG] = 'f',
+ [DT_LNK] = 'l',
+ [DT_CHR] = 'c',
+ [DT_BLK] = 'b',
+ [DT_FIFO] = 'p',
+ [DT_SOCK] = 's',
+ [DT_WHT] = 'w',
+};
+
+#define DT_CHAR(t) type_to_char[(t)&DT_MASK]
+
+#define BUF_SIZE 4096
+
+int
+main(int argc, char *argv[])
+{
+ int fd, nread;
+ char buf[BUF_SIZE];
+ struct linux_dirent64 *d;
+ int bpos;
+ int type = -1; /* -1 means all types */
+ int ret = 1;
+
+ fd = open(argv[1], O_RDONLY | O_DIRECTORY);
+ if (fd < 0) {
+ perror("open");
+ exit(EXIT_FAILURE);
+ }
+
+ if (argc > 2 && argv[2][0]) {
+ char t = argv[2][0];
+
+ for (type = DT_MAX-1; type >= 0; type--)
+ if (DT_CHAR(type) == t)
+ break;
+ /* no match ends up with type = -1 */
+ }
+
+ for ( ; ; ) {
+ nread = syscall(SYS_getdents64, fd, buf, BUF_SIZE);
+ if (nread == -1) {
+ perror("getdents");
+ exit(EXIT_FAILURE);
+ }
+
+ if (nread == 0)
+ break;
+
+ for (bpos = 0; bpos < nread;) {
+ d = (struct linux_dirent64 *) (buf + bpos);
+ if (type < 0 || type == (int)d->d_type) {
+ ret = 0;
+ printf("%s %c\n", d->d_name, DT_CHAR(d->d_type));
+ }
+ bpos += d->d_reclen;
+ }
+ }
+
+ return ret;
+}
--
2.7.4
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox