From patchwork Tue Mar 14 21:23:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9624549 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 31A9560244 for ; Tue, 14 Mar 2017 21:24:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2338B26E81 for ; Tue, 14 Mar 2017 21:24:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 15EC8285CF; Tue, 14 Mar 2017 21:24:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 766EA285CC for ; Tue, 14 Mar 2017 21:24:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750997AbdCNVYW (ORCPT ); Tue, 14 Mar 2017 17:24:22 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:36411 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751015AbdCNVYU (ORCPT ); Tue, 14 Mar 2017 17:24:20 -0400 Received: by mail-pf0-f195.google.com with SMTP id j5so20522284pfb.3 for ; Tue, 14 Mar 2017 14:24:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=6xIrjHK4guKMIU4pHHvZbbFi9WHqK4lJeeEh+EUtphg=; b=AvSueLw6CoSC+TWkfr5OHnT223TT+JU2M7z0t1XeDlU7+FxVm289aP6DaX4VNzrliw mymky/wPhPSai+dYcicbxMbf+IuyIVxICf6sUaZD2lY2WUAyiv0vh0qpbXJLo9f0uC9H yg1Y+gmYCpVAxyy5QUAOwwTEHkbRNE00ioWQK/yUwK/wpFFx715ckYQ84KWzbGjXMfR6 l8m4V8mfjxChr4x0zAw5OqiLkB7IMDfGFCEn01Tkm1bIaMrwJ1RAW8G5okbwQcJankIt B1g5RAMJhGXtFJy8W1Urw3XFlfkowaEQJ2er1G+ro4JNPEP5IaEWo29q4eudF1OMG/Cq 6mGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=6xIrjHK4guKMIU4pHHvZbbFi9WHqK4lJeeEh+EUtphg=; b=HwOwkTuz4AubWefWY88sN6igo4VAsoaOZ8tS9m+h2fEVoJOXvXjgNwTe8RdoftTa5n v6AVDlvV6KtIPMmWmsr+DdBPIqy/U4g0goFlDgw2NQWSAcwFlweEHqlEmk4pVVlMWMie S0bagAd6vGGFX1g1QR/Nzjn8fzJYK1BwQv10YcBMWos2T8Sedx+7ZXX2dQdc2JXKBmi1 JcoXENkfid69v4qbnBFcKJmr8jaFYItQlKU9mwVyyDuOn6KSW1pE160bnLQy6TSY+bdJ 8BRAg77ep1kEohmWb/frKfVWEQDX1AyiavLzc30BzGHkYqJ7RwHLvhBlTWJAbBeJiH+C 2pMQ== X-Gm-Message-State: AMke39nSWXdqGM5hatXEt4WVu8CfwlooTin1iUdEfQrTHLyHjZvEMOgfPsG0selMs4zhTA== X-Received: by 10.99.188.10 with SMTP id q10mr45821347pge.106.1489526654054; Tue, 14 Mar 2017 14:24:14 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.131]) by smtp.gmail.com with ESMTPSA id f78sm40240714pfe.116.2017.03.14.14.24.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Mar 2017 14:24:13 -0700 (PDT) From: Eric Biggers To: fstests@vger.kernel.org Cc: Eric Biggers , Theodore Ts'o , Jaegeuk Kim , Richard Weinberger Subject: [PATCH] generic/397: test renaming encrypted files without key Date: Tue, 14 Mar 2017 14:23:58 -0700 Message-Id: <20170314212358.46169-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.0.367.g23dc2f6d3c-goog Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Update generic/397 to test another behavior when accessing encrypted files without the key: renames should be forbidden, even though they may be possible cryptographically. Test both a regular rename and a cross rename. (It happens that generic/398 also covers the cross rename case, but it's primarily for a different reason.) Cc: Theodore Ts'o Cc: Jaegeuk Kim Cc: Richard Weinberger Signed-off-by: Eric Biggers --- tests/generic/397 | 13 +++++++++++++ tests/generic/397.out | 2 ++ 2 files changed, 15 insertions(+) diff --git a/tests/generic/397 b/tests/generic/397 index 7077d048..0d3ab4c1 100755 --- a/tests/generic/397 +++ b/tests/generic/397 @@ -46,6 +46,7 @@ _cleanup() . ./common/rc . ./common/filter . ./common/encrypt +. ./common/renameat2 # remove previous $seqres.full before test rm -f $seqres.full @@ -56,6 +57,7 @@ _supported_os Linux _require_scratch_encryption _require_xfs_io_command "set_encpolicy" _require_command "$KEYCTL_PROG" keyctl +_requires_renameat2 _new_session_keyring @@ -135,6 +137,17 @@ mkdir $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scrat ln -s foo $SCRATCH_MNT/edir/newlink |& filter_create_errors | _filter_scratch ln -s foo $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch +# Try to rename files in the encrypted directory. This should fail with ENOKEY. +# As noted above, encrypted filenames are unpredictable, so this needs to be +# written in a way that does not assume any particular filenames. +# Regression test for: +# 173b8439e1ba ("ext4: don't allow encrypted operations without keys") +# 363fa4e078cb ("f2fs: don't allow encrypted operations without keys") +efile1=$(find $SCRATCH_MNT/edir -maxdepth 1 -type f | head -1) +efile2=$(find $SCRATCH_MNT/edir -maxdepth 1 -type f | tail -1) +mv $efile1 $efile2 |& _filter_scratch | sed 's|edir/[a-zA-Z0-9+,_]\+|edir/FILENAME|g' +src/renameat2 -x $efile1 $efile2 + # Delete the encrypted directory (should succeed) rm -r $SCRATCH_MNT/edir stat $SCRATCH_MNT/edir |& _filter_scratch diff --git a/tests/generic/397.out b/tests/generic/397.out index 2f55c5d6..3cf57aab 100644 --- a/tests/generic/397.out +++ b/tests/generic/397.out @@ -10,4 +10,6 @@ mkdir: cannot create directory 'SCRATCH_MNT/edir/newdir': Required key not avail mkdir: cannot create directory 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available ln: failed to create symbolic link 'SCRATCH_MNT/edir/newlink': Required key not available ln: failed to create symbolic link 'SCRATCH_MNT/edir/0123456789abcdef': Required key not available +mv: cannot move 'SCRATCH_MNT/edir/FILENAME' to 'SCRATCH_MNT/edir/FILENAME': Required key not available +Required key not available stat: cannot stat 'SCRATCH_MNT/edir': No such file or directory