Re: [PATCH v9 2/5] common/verity: support btrfs in generic fsverity tests

[Eric Biggers <ebiggers@kernel.org>]

On Tue, Apr 26, 2022 at 03:40:13PM -0700, Boris Burkov wrote:
> diff --git a/common/verity b/common/verity
> index d58cad90..8cde2737 100644
> --- a/common/verity
> +++ b/common/verity
> @@ -3,6 +3,13 @@
>  #
>  # Functions for setting up and testing fs-verity
>  
> +. common/btrfs
> +# btrfs will return IO errors on corrupted data with or without fs-verity.
> +# to really test fs-verity, use nodatasum.
> +if [ "$FSTYP" == "btrfs" ]; then
> +	export MOUNT_OPTIONS="-o nodatasum"
> +fi

Shouldn't this append to MOUNT_OPTIONS rather than replacing it?

> diff --git a/tests/generic/574 b/tests/generic/574
> index 17fdea52..680cece3 100755
> --- a/tests/generic/574
> +++ b/tests/generic/574
> @@ -126,6 +126,41 @@ corruption_test()
>  	fi
>  }
>  
> +# xfs_io mread's output is parseable by xxd -r, except it has an extra space
> +# after the colon. Output the number of non zero characters in the parsed contents.
> +filter_mread() {
> +	sed 's/:  /: /' | xxd -r | sed 's/\x0//g' | wc -c
> +}
> +
> +# this expects to see stdout + stderr passed through filter_sigbus and filter_mread.
> +# Outputs "OK" on a bus error or 0 non-zero characters counted by mread.
> +filter_eof_block() {
> +	sed 's/^Bus error$/OK/' | sed 's/^0$/OK/'
> +}
> +
> +# some filesystems return zeros in the last block past EOF, regardless of
> +# their contents. Handle those with a special test that accepts either zeros
> +# or SIGBUS on an mmap+read of that block.
> +corrupt_eof_block_test() {
> +	local file_len=$1
> +	local zap_len=$2
> +	local page_aligned_eof=$(round_up_to_page_boundary $file_len)
> +	local eof_page_start=$((page_aligned_eof - $(get_page_size)))
> +	local corrupt_func=_fsv_scratch_corrupt_bytes

The corrupt_func variable is unnecessary.

> +	_fsv_scratch_begin_subtest "Corruption test: EOF block"
> +	setup_zeroed_file $file_len false
> +	cmp $fsv_file $fsv_orig_file
> +	echo "Corrupting bytes..."
> +	head -c $zap_len /dev/zero | tr '\0' X \
> +		| $corrupt_func $fsv_file $((file_len + 1))
> +
> +	echo "Validating corruption or zeros (reading eof block via mmap)..."
> +	bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \
> +		-c 'mmap -r $eof_page_start $(get_page_size)' \
> +		-c 'mread -v $eof_page_start $(get_page_size)'" \
> +		|& filter_mread | filter_sigbus | filter_eof_block
> +}
> +

This actually causes the test to stop checking for the string "Bus error"
because it sends the output through 'xxd -r' first, which turns anything that
isn't valid 'xxd' input into all zeroed bytes, which passes the test.  So
"Bus error" will still pass, but lots of other random strings will pass too.

Also, I don't think we can assume that the xxd program is available, as it's
part of the vim package.  This would be the first use of xxd in xfstests.

Instead, how about dumping the output to a file $tmp.out, then checking if
either of the following is true:

   - The output contains the string "Bus error".
   - The contents of the output matches that of the same xfs_io command executed
     on the same region of a file containing all zeroes.

Also, it might be a bit simpler to use $file_len as the $zap_offset (instead of
$file_len + 1), and just reading $zap_len bytes starting at $file_len.  The
mread doesn't need to be page aligned; only the mmap needs to be, and that can
just be from 0 to page_aligned_eof.  That would also avoid the page/block
ambiguity where the comments are talking about the "EOF block", but the code is
actually reading a whole page.

>  # Non-zeroed bytes in the final partial block beyond EOF should cause reads to
> -# fail too.  Such bytes would be visible via mmap().
> -corruption_test 130999 131000 72
> +# fail too.  Such bytes could be visible via mmap().
> +corrupt_eof_block_test 130999 72

The above comment is now outdated.  Maybe just remove it and improve the comment
above corrupt_eof_block_test().

- Eric