From patchwork Thu Nov 17 19:47:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9435259 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3B1CF60471 for ; Thu, 17 Nov 2016 19:48:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 27DBD296B1 for ; Thu, 17 Nov 2016 19:48:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1C41D296B5; Thu, 17 Nov 2016 19:48:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6DC57296B1 for ; Thu, 17 Nov 2016 19:48:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753959AbcKQTss (ORCPT ); Thu, 17 Nov 2016 14:48:48 -0500 Received: from mail-pf0-f175.google.com ([209.85.192.175]:34508 "EHLO mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754080AbcKQTss (ORCPT ); Thu, 17 Nov 2016 14:48:48 -0500 Received: by mail-pf0-f175.google.com with SMTP id c4so38572220pfb.1 for ; Thu, 17 Nov 2016 11:48:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JThp2uSJ+o8pAQiMpAxk7qN8Hc4PHoW0rUCtlfVuaEY=; b=eDmnVoAIDnriqt7OphPFub65sRW/WevboVAeRAEDTzndM6XMTTw4VXrHpR6QKosa+5 vsU8IeHfO2KzxzDspCPHk2d0iwzrfdGC8bGkW/0izfpXe7cLM1Ogd5o+AVcXMO8FA1wy +f0DYrFOBIwmigHk7DHekI6xuxVQhMotqrC3CJI6IpEaqcykrY4L/SiPMWkBCRb9rNIm pPcXPgQt9i1L+Z9bbbXDfch0lsbQdnN+nSy7TgcqsGb6ZXVJZJBmqgj7TNiUC1gaO6OB ARODOIAj0pRY4SR+LtSzJMI2KaIWCVECEku5flim91Fk1iR1bY8Ki8Zv8V6xH2PueuB8 C0xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JThp2uSJ+o8pAQiMpAxk7qN8Hc4PHoW0rUCtlfVuaEY=; b=m/T0KrDv8p0aIPkviHhsQmRTMUhDSmNIbs05gTwAiGit6z49keRiHtxXdIxpVexTvq JG2y6EdJvT0/z8oZ4Y5SknjuGW58xymtuXY2G2kvOnF8QruQiIdMwG1Y6BRhRlN5zslV E+207fS3HFNrKMDKvXK2iMuocMcQJlT6E0Yqy6bf0ToVIo6w13jxvrWNdehwW/5v2UDG NUmoJBs09+Gc/yCsJraZrxNke/fKwq1h585lYhMzhNal8l+WRFa5l6davluu+51K2M2+ m1eOHh/CJlBRaWbNopl+rKc4/f6SVQOvJxb1o3bYkrJK8sQBSpCr3fAJxG5PVvQSXhun F2/w== X-Gm-Message-State: ABUngvfBUmlLQHupOoaVE8Kl/iZIzrySQ+j2ZN2YLoWG2BqBN3Zt2IeyCU4kJu0E0lpXQT3G X-Received: by 10.99.163.1 with SMTP id s1mr10607146pge.120.1479412114658; Thu, 17 Nov 2016 11:48:34 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.154]) by smtp.gmail.com with ESMTPSA id l7sm10163665pfg.35.2016.11.17.11.48.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 17 Nov 2016 11:48:33 -0800 (PST) From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs@vger.kernel.org, "Theodore Y . Ts'o" , Jaegeuk Kim , Richard Weinberger , David Gstir , Eric Biggers Subject: [PATCH 4/4] generic: test locking when setting encryption policy Date: Thu, 17 Nov 2016 11:47:07 -0800 Message-Id: <1479412027-34416-5-git-send-email-ebiggers@google.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1479412027-34416-1-git-send-email-ebiggers@google.com> References: <1479412027-34416-1-git-send-email-ebiggers@google.com> Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This test tries to reproduce (with a moderate chance of success on ext4) a race condition where a file could be created in a directory concurrently to an encryption policy being set on that directory, causing the directory to become corrupted. Signed-off-by: Eric Biggers --- src/fscrypt_util.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++ tests/generic/402 | 39 ++++++++++++++++++++ tests/generic/402.out | 2 ++ tests/generic/group | 1 + 4 files changed, 140 insertions(+) create mode 100755 tests/generic/402 create mode 100644 tests/generic/402.out diff --git a/src/fscrypt_util.c b/src/fscrypt_util.c index 9428cb4..5ca0996 100644 --- a/src/fscrypt_util.c +++ b/src/fscrypt_util.c @@ -19,11 +19,13 @@ * along with this program; if not, see . */ +#include #include #include #include #include #include +#include #include #include #include @@ -97,6 +99,7 @@ usage(void) " fscrypt_util rm_key KEYDESC\n" " fscrypt_util set_policy KEYDESC DIR\n" " fscrypt_util test_ioctl_validation DIR\n" +" fscrypt_util test_set_policy_locking DIR\n" ); exit(2); } @@ -357,6 +360,100 @@ static int test_ioctl_validation(int argc, char **argv) return 0; } +struct subdir_thread_args { + pthread_cond_t cond; + pthread_mutex_t mutex; + char *subdir; + bool done; +}; + +static void *subdir_thrproc(void *arg) +{ + struct subdir_thread_args *args = arg; + + pthread_mutex_lock(&args->mutex); + while (!args->done) { + pthread_cond_wait(&args->cond, &args->mutex); + mkdir(args->subdir, 0755); + } + pthread_mutex_unlock(&args->mutex); + return NULL; +} + +/* + * Test that FS_IOC_SET_ENCRYPTION_POLICY is correctly serialized with regard to + * creation of new files in the directory. + * + * To test this we repeatedly attempt to create a subdirectory concurrently with + * setting an encryption policy on the parent directory. After each attempt, we + * do readdir() on the directory. readdir() should always succeed regardless of + * whether the directory ended up with an encryption policy or not. But without + * the proper locking of the directory inode, on ext4 it sometimes failed with + * EUCLEAN, and the filesystem was also left in an inconsistent state for fsck. + */ +static int test_set_policy_locking(int argc, char **argv) +{ + const char *dir; + struct subdir_thread_args args; + pthread_t subdir_thread; + struct fscrypt_policy policy; + int i; + + if (argc != 1) + usage(); + dir = argv[0]; + + args.subdir = malloc(strlen(dir) + 8); + sprintf(args.subdir, "%s/subdir", dir); + pthread_cond_init(&args.cond, NULL); + pthread_mutex_init(&args.mutex, NULL); + args.done = false; + + if (pthread_create(&subdir_thread, NULL, subdir_thrproc, &args) != 0) + die("Unable to create thread"); + + init_policy_default(&policy); + + for (i = 0; i < 20000; i++) { + int fd; + DIR *d; + + rmdir(args.subdir); + rmdir(dir); + mkdir(dir, 0755); + fd = open(dir, O_RDONLY); + pthread_mutex_lock(&args.mutex); + pthread_cond_signal(&args.cond); + pthread_mutex_unlock(&args.mutex); + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) != 0 && + errno != ENOTEMPTY) { + die_errno("Unexpected error from " + "FS_IOC_SET_ENCRYPTION_POLICY"); + } + d = fdopendir(fd); + if (!d) + die_errno("Unexpected fdopendir() error"); + errno = 0; + while (readdir(d) != NULL) + ; + if (errno != 0) + die_errno("Unexpected readdir() error"); + closedir(d); + } + + pthread_mutex_lock(&args.mutex); + args.done = true; + pthread_cond_signal(&args.cond); + pthread_mutex_unlock(&args.mutex); + + if (pthread_join(subdir_thread, NULL) != 0) + die("Unable to join thread"); + + free(args.subdir); + printf("%s: test_set_policy_locking passed\n", dir); + return 0; +} + static const struct command { const char *name; int (*func)(int, char **); @@ -365,6 +462,7 @@ static const struct command { {"rm_key", rm_key}, {"set_policy", set_policy}, {"test_ioctl_validation", test_ioctl_validation}, + {"test_set_policy_locking", test_set_policy_locking}, {NULL, NULL} }; diff --git a/tests/generic/402 b/tests/generic/402 new file mode 100755 index 0000000..e26c0c9 --- /dev/null +++ b/tests/generic/402 @@ -0,0 +1,39 @@ +#!/bin/bash +# FS QA Test generic/402 +# +# The FS_IOC_SET_ENCRYPTION_POLICY ioctl must be correctly serialized with +# regard to creation of new files in the directory. Regression test for +# 8906a8223ad4: "fscrypto: lock inode while setting encryption policy". +# +#----------------------------------------------------------------------- +# Copyright (C) 2016 Google, Inc. +# +# Author: Eric Biggers +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +#----------------------------------------------------------------------- + +seq=`basename $0` +seqres=$RESULT_DIR/$seq +echo "QA output created by $seq" + +. ./common/encrypt + +_begin_encryption_test + +cd $SCRATCH_MNT +mkdir dir +$FSCRYPT_UTIL test_set_policy_locking dir + +exit 0 diff --git a/tests/generic/402.out b/tests/generic/402.out new file mode 100644 index 0000000..947e830 --- /dev/null +++ b/tests/generic/402.out @@ -0,0 +1,2 @@ +QA output created by 402 +dir: test_set_policy_locking passed diff --git a/tests/generic/group b/tests/generic/group index ab4edae..ed6b926 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -394,3 +394,4 @@ 389 auto quick acl 400 auto quick encrypt 401 auto quick encrypt +402 auto encrypt