From patchwork Fri Nov  4 06:47:40 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers@kernel.org>
X-Patchwork-Id: 13031420
Return-Path: <linux-fscrypt-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 317B0C4167B
	for <linux-fscrypt@archiver.kernel.org>;
 Fri,  4 Nov 2022 06:48:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231538AbiKDGso (ORCPT
        <rfc822;linux-fscrypt@archiver.kernel.org>);
        Fri, 4 Nov 2022 02:48:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36766 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231637AbiKDGsA (ORCPT
        <rfc822;linux-fscrypt@vger.kernel.org>);
        Fri, 4 Nov 2022 02:48:00 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FC5E2B1A6;
        Thu,  3 Nov 2022 23:47:58 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 41011B82B48;
        Fri,  4 Nov 2022 06:47:57 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1323C433D6;
        Fri,  4 Nov 2022 06:47:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1667544475;
        bh=b27OYM/+hlWczjScDxB/0S+sCR4s1dol8LzHKDGPVGU=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=tw6/CwPOg2illMVqgB59lHPw9wbDw/ubRtCkx9RDLoH2ANYrrQIUeK7CdQY7VLdpA
         5D2UgZLGkbgUMo7Nwj1j+rJHcmpiCcmOGhCU4ye9GutH/rqyVzk5riUuaurh4OmkgP
         OlIK/xC98hzC1VTcrFrf6Eo3HIsixR5XQEiGHUDGzOGf07G888hVmiygOnBCVAV8dB
         rtO2ydrYY26g+Qn8H1YcB5efdg+1Oktec9TOnsxDjXf10bStbkvOmAgPugTpjXVAN4
         +dPkp1+ag5GrVa6EKWe58wAXq8MjGDyizjcFQz/Hpgrlrt+KF6aufMxszU73BK23//
         +ACi96PRA2TWA==
From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: Andrey Albershteyn <aalbersh@redhat.com>,
        linux-fscrypt@vger.kernel.org
Subject: [xfstests PATCH 1/3] common/verity: fix _fsv_have_hash_algorithm()
 with required signatures
Date: Thu,  3 Nov 2022 23:47:40 -0700
Message-Id: <20221104064742.167326-2-ebiggers@kernel.org>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <20221104064742.167326-1-ebiggers@kernel.org>
References: <20221104064742.167326-1-ebiggers@kernel.org>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-fscrypt.vger.kernel.org>
X-Mailing-List: linux-fscrypt@vger.kernel.org

From: Eric Biggers <ebiggers@google.com>

_fsv_have_hash_algorithm() uses _fsv_enable() without a signature, so it
always fails when called while fs.verity.require_signatures=1.  This
happens in generic/577, which tests file signing.  This wasn't noticed
because it just made part of generic/577 always be skipped.

Fix this by making _fsv_have_hash_algorithm() temporarily set
fs.verity.require_signatures to 0.

Since the previous value needs to be restored afterwards, whether it is
0 or 1, also make some changes to the fs.verity.require_signatures
helper functions to allow the restoration of the previous value, rather
than the value that existed at the beginning of the test.

Finally, make a couple related cleanups: make _fsv_have_hash_algorithm()
always delete the file it works with, and also update the similar code
in _require_scratch_verity().

Reported-by: Andrey Albershteyn <aalbersh@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 common/verity | 69 ++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 46 insertions(+), 23 deletions(-)

diff --git a/common/verity b/common/verity
index 65a39d3e..4a9c9872 100644
--- a/common/verity
+++ b/common/verity
@@ -44,12 +44,13 @@ _require_scratch_verity()
 	# doesn't work on ext3-style filesystems.  So, try actually using it.
 	echo foo > $SCRATCH_MNT/tmpfile
 	_disable_fsverity_signatures
-	if ! _fsv_enable $SCRATCH_MNT/tmpfile; then
-		_restore_fsverity_signatures
+	_fsv_enable $SCRATCH_MNT/tmpfile
+	local status=$?
+	_restore_prev_fsverity_signatures
+	rm -f $SCRATCH_MNT/tmpfile
+	if (( $status != 0 )); then
 		_notrun "$FSTYP verity isn't usable by default with these mkfs options"
 	fi
-	_restore_fsverity_signatures
-	rm -f $SCRATCH_MNT/tmpfile
 
 	_scratch_unmount
 
@@ -104,30 +105,52 @@ _fsv_load_cert()
 # Disable mandatory signatures for fs-verity files, if they are supported.
 _disable_fsverity_signatures()
 {
-	if [ -e /proc/sys/fs/verity/require_signatures ]; then
-		if [ -z "$FSVERITY_SIG_CTL_ORIG" ]; then
-			FSVERITY_SIG_CTL_ORIG=$(</proc/sys/fs/verity/require_signatures)
-		fi
-		echo 0 > /proc/sys/fs/verity/require_signatures
-	fi
+	_set_fsverity_require_signatures 0
 }
 
 # Enable mandatory signatures for fs-verity files.
 # This assumes that _require_fsverity_builtin_signatures() was called.
 _enable_fsverity_signatures()
 {
-	if [ -z "$FSVERITY_SIG_CTL_ORIG" ]; then
-		FSVERITY_SIG_CTL_ORIG=$(</proc/sys/fs/verity/require_signatures)
-	fi
-	echo 1 > /proc/sys/fs/verity/require_signatures
+	_set_fsverity_require_signatures 1
 }
 
-# Restore the original signature verification setting.
+# Restore the original value of fs.verity.require_signatures, i.e. the value it
+# had at the beginning of the test.
 _restore_fsverity_signatures()
 {
-        if [ -n "$FSVERITY_SIG_CTL_ORIG" ]; then
-                echo "$FSVERITY_SIG_CTL_ORIG" > /proc/sys/fs/verity/require_signatures
-        fi
+	if [ -n "$FSVERITY_SIG_CTL_ORIG" ]; then
+		_set_fsverity_require_signatures "$FSVERITY_SIG_CTL_ORIG"
+	fi
+}
+
+# Restore the previous value of fs.verity.require_signatures, i.e. the value it
+# had just before it was last written to.
+_restore_prev_fsverity_signatures()
+{
+	if [ -n "$FSVERITY_SIG_CTL_PREV" ]; then
+		_set_fsverity_require_signatures "$FSVERITY_SIG_CTL_PREV"
+	fi
+}
+
+_set_fsverity_require_signatures()
+{
+	local newval=$1
+	if [ ! -e /proc/sys/fs/verity/require_signatures ]; then
+		# If the kernel doesn't support fs.verity.require_signatures,
+		# then trying to disable it is fine, but enabling it is not.
+		if [ "$newval" != 0 ]; then
+			# Forgot to call _require_fsverity_builtin_signatures().
+			_fail "fs.verity.require_signatures is missing"
+		fi
+		return
+	fi
+	local oldval=$(</proc/sys/fs/verity/require_signatures)
+	FSVERITY_SIG_CTL_PREV=$oldval
+	if [ -z "$FSVERITY_SIG_CTL_ORIG" ]; then
+		FSVERITY_SIG_CTL_ORIG=$oldval
+	fi
+	echo "$newval" > /proc/sys/fs/verity/require_signatures
 }
 
 # Require userspace and kernel support for 'fsverity dump_metadata'.
@@ -245,14 +268,14 @@ _fsv_have_hash_algorithm()
 	local hash_alg=$1
 	local test_file=$2
 
+	_disable_fsverity_signatures
 	rm -f $test_file
 	head -c 4096 /dev/zero > $test_file
-	if ! _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full; then
-		# no kernel support
-		return 1
-	fi
+	_fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full
+	local status=$?
+	_restore_prev_fsverity_signatures
 	rm -f $test_file
-	return 0
+	return $status
 }
 
 #