From patchwork Tue Apr 30 03:41:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648206 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AA5510965; Tue, 30 Apr 2024 03:41:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448464; cv=none; b=rV2knmKDisbrmXQwpcVMra4dUTZ6ZUNujRTTBn2YOPNIwNJbZlNRl9cG2kVVm8dqLWUnJmJp8de53GNgkqcXWFsKNnbcec2Rt9GjPbl/mFFkwYaGYboq0IAL1klHfrsbYeiWRBsKKk7uQnQR9MjzwwS/d2w8OAiPf7J85H/3KfU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448464; c=relaxed/simple; bh=iIsxbFH63ITqGDeXQxaMqJbJnq0+YrKoGIQSE3YOw+Y=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tlIk+8HKwzoV5NWD5lG7GwbAYB1nb35OB5tA2XFuvcNK3yvA+NiqrlYrHA7jA/Jmlw+uTp68726fJWP1UEMqUy95kUC5+uYBGA4gK7cS/HrIA8+fjrs40XTn1A5/3iow5QJ3doSs7HFAVN/ZRoFe9TPUgxaDzN8kMe9PmG/iH6s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=byrrU24b; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="byrrU24b" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DDA1AC116B1; Tue, 30 Apr 2024 03:41:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448463; bh=iIsxbFH63ITqGDeXQxaMqJbJnq0+YrKoGIQSE3YOw+Y=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=byrrU24bOYKeONrglv2pPtHp8NOopZqAOAY0fhBu4Tz9LsRglo2a4c/FkFxAFG/Js mfp/eIS//m6MqlgNNN57frvDY4C0JVi/tbNCC5KfpvWwRqtRgMV05VMlyKqfRsMzMV rFUD6UVgJk3U4RoaBCDaS1GttUGwWazM0QoJoj2LOR/UgxKGJ1UkdAetVe/Kfjpczl eOgFttYU0AlvnMWvkyfc3fFf75a0XvsmUjG827TJHKLvrW9u1peztZdX7vPtwdCheY EFy00BqbYL2RtWb614VpOb/HQsE6vlf8fSNLNa+RgkgaT0NfJpc570xImONWvnpsaj gxgmqoWsNMzxQ== Date: Mon, 29 Apr 2024 20:41:03 -0700 Subject: [PATCH 1/6] common/verity: enable fsverity for XFS From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: Andrey Albershteyn , fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444687994.962488.5112127418406573234.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn XFS supports verity and can be enabled for -g verity group. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- common/verity | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/common/verity b/common/verity index 59b67e1201..20408c8c0e 100644 --- a/common/verity +++ b/common/verity @@ -43,7 +43,16 @@ _require_scratch_verity() # The filesystem may be aware of fs-verity but have it disabled by # CONFIG_FS_VERITY=n. Detect support via sysfs. - if [ ! -e /sys/fs/$fstyp/features/verity ]; then + case $FSTYP in + xfs) + _scratch_unmount + _check_scratch_xfs_features VERITY &>>$seqres.full + _scratch_mount + ;; + *) + test -e /sys/fs/$fstyp/features/verity + esac + if [ ! $? ]; then _notrun "kernel $fstyp isn't configured with verity support" fi @@ -201,6 +210,9 @@ _scratch_mkfs_verity() ext4|f2fs) _scratch_mkfs -O verity ;; + xfs) + _scratch_mkfs -i verity + ;; btrfs) _scratch_mkfs ;; @@ -334,12 +346,19 @@ _fsv_scratch_corrupt_bytes() local lstart lend pstart pend local dd_cmds=() local cmd + local device=$SCRATCH_DEV sync # Sync to avoid unwritten extents cat > $tmp.bytes local end=$(( offset + $(_get_filesize $tmp.bytes ) )) + # If this is an xfs realtime file, switch @device to the rt device + if [ $FSTYP = "xfs" ]; then + $XFS_IO_PROG -r -c 'stat -v' "$file" | grep -q -w realtime && \ + device=$SCRATCH_RTDEV + fi + # For each extent that intersects the requested range in order, add a # command that writes the next part of the data to that extent. while read -r lstart lend pstart pend; do @@ -355,7 +374,7 @@ _fsv_scratch_corrupt_bytes() elif (( offset < lend )); then local len=$((lend - offset)) local seek=$((pstart + (offset - lstart))) - dd_cmds+=("head -c $len | dd of=$SCRATCH_DEV oflag=seek_bytes seek=$seek status=none") + dd_cmds+=("head -c $len | dd of=$device oflag=seek_bytes seek=$seek status=none") (( offset += len )) fi done < <($XFS_IO_PROG -r -c "fiemap $offset $((end - offset))" "$file" \ @@ -408,6 +427,22 @@ _fsv_scratch_corrupt_merkle_tree() done _scratch_mount ;; + xfs) + local ino=$(stat -c '%i' $file) + local attr_offset=$(( $offset % $FSV_BLOCK_SIZE )) + local attr_index=$(printf "%08d" $(( offset - attr_offset ))) + _scratch_unmount + # Attribute name is 8 bytes long (byte position of Merkle tree block) + _scratch_xfs_db -x -c "inode $ino" \ + -c "attr_modify -f -m 8 -o $attr_offset $attr_index \"BUG\"" \ + -c "ablock 0" -c "print" \ + >>$seqres.full + # In case bsize == 4096 and merkle block size == 1024, by + # modifying attribute with 'attr_modify we can corrupt quota + # account. Let's repair it + _scratch_xfs_repair >> $seqres.full 2>&1 + _scratch_mount + ;; *) _fail "_fsv_scratch_corrupt_merkle_tree() unimplemented on $FSTYP" ;; From patchwork Tue Apr 30 03:41:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648233 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3ED110799; Tue, 30 Apr 2024 03:41:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448480; cv=none; b=odBtZDndFOO0oy67yDedEr0+yLKHVss8QFo/SSFIht6b3683mdAHdQKQHL0g9LJy6Lj+oR7pvgzxzczL7KKfot5Gb3SER5r7qOEZ9Qd7sFeh+u9MGPXYGHsTRsqgt1g50ykbDX3gzYBnq+ea6Z6U6z7b/FssbudYBU0qOOpHMwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448480; c=relaxed/simple; bh=BNuhBfz8p90b3tugGpJQ21bYXxQIzLmERz5lJk6RXJg=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jMqQSdG8kFjZyqP69Se1LnPUrMvGtjCIc6pZ5Q9WLEo9sRXmKzb2NiaFqesXyDwNc0gaNEHIqlAHuA8w3Ib1hxXaImjewzTqvCfivXa1f8wuloQiT5eGUmcOi+ZiMnj0FI6s58ZqnUKKhsloP1BELUVniMvTI3ewm5c1mW7Rb9o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rUQnIYLw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rUQnIYLw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8637BC116B1; Tue, 30 Apr 2024 03:41:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448479; bh=BNuhBfz8p90b3tugGpJQ21bYXxQIzLmERz5lJk6RXJg=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rUQnIYLwKct0DckLry7PuJAIYDpyBlLa1e+AjfgI/yGVH+B+7rUoxDsHcRt+iQ+ZH JQQKpvI4kqDXkgWoTtJBPQ25sIsw/sztpG826CEwvqsHSj+W/JI2L1/IZOTzc1iNG1 eLg6yT9XqSo+Ep66L/IwEraaWUTjscxZ6oS9LiaEM1f7dL9NAieZWbAKhh7B6Mg3bA y05jzxzAt/YDwzXoKcuFaTi6kipbMELHU9giksmqREmNIQLfg4zt3aBHdEPDDyD8CM 8T5rlE5ICVI+WuQFLG2iItGIwdpu6blqhUb4kAyfoV3F8QnbwtsG/+t4Q9qCUxcja3 lxRiMHGxU0Vlg== Date: Mon, 29 Apr 2024 20:41:19 -0700 Subject: [PATCH 2/6] xfs/{021,122}: adapt to fsverity xattrs From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444688009.962488.1019465154475766682.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Adjust these tests to accomdate the use of xattrs to store fsverity metadata. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- tests/xfs/021 | 3 +++ tests/xfs/122.out | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/xfs/021 b/tests/xfs/021 index ef307fc064..dcecf41958 100755 --- a/tests/xfs/021 +++ b/tests/xfs/021 @@ -118,6 +118,7 @@ _scratch_xfs_db -r -c "inode $inum_1" -c "print a.sfattr" | \ perl -ne ' /\.secure/ && next; /\.parent/ && next; +/\.verity/ && next; print unless /^\d+:\[.*/;' echo "*** dump attributes (2)" @@ -128,6 +129,7 @@ _scratch_xfs_db -r -c "inode $inum_2" -c "a a.bmx[0].startblock" -c print \ | perl -ne ' s/,secure//; s/,parent//; +s/,verity//; s/info.hdr/info/; /hdr.info.crc/ && next; /hdr.info.bno/ && next; @@ -135,6 +137,7 @@ s/info.hdr/info/; /hdr.info.lsn/ && next; /hdr.info.owner/ && next; /\.parent/ && next; +/\.verity/ && next; s/^(hdr.info.magic =) 0x3bee/\1 0xfbee/; s/^(hdr.firstused =) (\d+)/\1 FIRSTUSED/; s/^(hdr.freemap\[0-2] = \[base,size]).*/\1 [FREEMAP..]/; diff --git a/tests/xfs/122.out b/tests/xfs/122.out index abd82e7142..019fe7545f 100644 --- a/tests/xfs/122.out +++ b/tests/xfs/122.out @@ -142,6 +142,7 @@ sizeof(struct xfs_scrub_vec) = 16 sizeof(struct xfs_scrub_vec_head) = 40 sizeof(struct xfs_swap_extent) = 64 sizeof(struct xfs_unmount_log_format) = 8 +sizeof(struct xfs_verity_merkle_key) = 8 sizeof(struct xfs_xmd_log_format) = 16 sizeof(struct xfs_xmi_log_format) = 88 sizeof(union xfs_rtword_raw) = 4 From patchwork Tue Apr 30 03:41:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648234 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5542311CBD; Tue, 30 Apr 2024 03:41:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448495; cv=none; b=hBdXrWB6rmfMPEIYBCmSxMht3YYhcpA23uumQWPndyLTGykFUsS/3KhNwHrTV9tc5U7BYtikasHmCZF3cX+MM/VNnl2T5a8d3fRpch9aySJl2QGd+I9DK/bBnC8eeEbA/Nn9eLsbffRWAhNBJWQ/GFRlwWmkldnHFVjavBRMMRM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448495; c=relaxed/simple; bh=jkDQ8eXsq+DHM5pSHVl9SYPETIT1FOlvO5lUtfN+v24=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TYEkG9YZa8l5llzdoZMyH6PKWGr/d/9t547KD9GWtYLZtL/y7ed5vddxfcXyro9BdTie/9XHX+uAGfowDEDgxN1clIeb0r97fGpf/AZ78GTEczbX9rqJCytf1rMSGZgksrJYq3JybPOEOMYJ0FzzPLLivN9nYO5SNmNu5Kd0DYQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JvMyL9O7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JvMyL9O7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 256E7C116B1; Tue, 30 Apr 2024 03:41:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448495; bh=jkDQ8eXsq+DHM5pSHVl9SYPETIT1FOlvO5lUtfN+v24=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=JvMyL9O7DtsHeJAuOtUlU/n6Ybj9+vv6utvj/TlMZkxtXsZHpWD6zLn6vge7cLfiP Y4heCy5FNJVa8EI+qVyB12bNrfyYv+77PofauYg5UdaMePiSwrzbuvFL48MHjxNwb2 SPBiSpbTdnlvyel+wCp+Pvu1ZK3gq3vIH0BUiqQMMcc4WEdL5UoMW88KWOhmT/8Ipe W6+puVd7ziXOUFLzu35w54ellSSFRu40frwUQHJo+/LwNJr0sATwH7bszNr+HhiX75 k/+9HpQdNy3T4Vw+7o/RO/I5GbnmHfWgIqWM1oJ65QIKgW+xci/rUK6s619g1k8pgy LtZV3FKHX01Zg== Date: Mon, 29 Apr 2024 20:41:34 -0700 Subject: [PATCH 3/6] xfs/122: adapt to fsverity From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444688024.962488.13214660928692324111.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Add fields for fsverity ondisk structures. Signed-off-by: Darrick J. Wong --- tests/xfs/122.out | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/xfs/122.out b/tests/xfs/122.out index 019fe7545f..22f36c0311 100644 --- a/tests/xfs/122.out +++ b/tests/xfs/122.out @@ -65,6 +65,7 @@ sizeof(struct xfs_agfl) = 36 sizeof(struct xfs_attr3_leaf_hdr) = 80 sizeof(struct xfs_attr3_leafblock) = 88 sizeof(struct xfs_attr3_rmt_hdr) = 56 +sizeof(struct xfs_attr3_rmtverity_hdr) = 36 sizeof(struct xfs_attr_sf_entry) = 3 sizeof(struct xfs_attr_sf_hdr) = 4 sizeof(struct xfs_attr_shortform) = 8 @@ -120,6 +121,7 @@ sizeof(struct xfs_log_dinode) = 176 sizeof(struct xfs_log_legacy_timestamp) = 8 sizeof(struct xfs_map_extent) = 32 sizeof(struct xfs_map_freesp) = 32 +sizeof(struct xfs_merkle_key) = 8 sizeof(struct xfs_parent_rec) = 12 sizeof(struct xfs_phys_extent) = 16 sizeof(struct xfs_refcount_key) = 4 From patchwork Tue Apr 30 03:41:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648235 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE41A1118C; Tue, 30 Apr 2024 03:41:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448511; cv=none; b=r5i1JrU0T/QfLrZcudXMv9qTRznepnbPzvM4VtFO9He2nDd1rqMyHTQgq+7U/trnL9tPfoi5Kuu8KrJG0vbcZajWeuvUdUnSaaJHenSYEWHVtbiQozc6kTtxIPvDKrZYgGeBKy2m1bDGg9SOcsltTjlhfdxv0L8A5i6mCTvGzxo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448511; c=relaxed/simple; bh=bQVYXStPWSHGBiJ6GLlj4Vn5t5hQyIXFN9y1dk7wLS4=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pzQGAAr2876hqeG271I5NMJmLFj/I4R3vrERb8xeNL8678cUTV8kKMGfaNj9cnhIVFBH2GqAyaGDbrfvzIOJ7gKG4iI3PyNH19tw9vcP/Vcl4pBOaQL8TZUEd5HJqc4NlnWA5L5hzQtfySWR8iO1svAOe2Cl1c+yzgSD0GEU/Iw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FhFB6ms5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FhFB6ms5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB208C116B1; Tue, 30 Apr 2024 03:41:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448510; bh=bQVYXStPWSHGBiJ6GLlj4Vn5t5hQyIXFN9y1dk7wLS4=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FhFB6ms5zPGV6cd/YhXXHIdnYcyqBJUakX+csiwyls57JOMePlNCsCuKYUK+xt3Vm 8cwpB1uuNgLUCkw4JKJWg1ei8vZbflOOVkcEnJA3wGDWG4K68HbO5Ay5DaGpnjXYQb 81an9VK0CwhT3fwbViQYNodbRYbyoz53sWWraEqAEyd+4xMTcxjS5CPXZipzZoB6cw L0H08GSth8sfMAOlAIMjhznlZ6K9Ahee6ss5GdhykT8VzldPXNkkhQxn8h0Gzeum75 LxazmVvnUhmC8FPgcrMoDkTgN7GzHjWZnbzeXacdOTE1Qy6ib4gJRNHJeSzn+7OA8x DA1jKkg5YO8/w== Date: Mon, 29 Apr 2024 20:41:50 -0700 Subject: [PATCH 4/6] xfs: test xfs_scrub detection and correction of corrupt fsverity metadata From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444688039.962488.5264219734710985894.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create a basic test to ensure that xfs_scrub media scans complain about files that don't pass fsverity validation. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- tests/xfs/1880 | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/xfs/1880.out | 37 ++++++++++++++ 2 files changed, 172 insertions(+) create mode 100755 tests/xfs/1880 create mode 100644 tests/xfs/1880.out diff --git a/tests/xfs/1880 b/tests/xfs/1880 new file mode 100755 index 0000000000..a2119f04c2 --- /dev/null +++ b/tests/xfs/1880 @@ -0,0 +1,135 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2024 Oracle. All Rights Reserved. +# +# FS QA Test 1880 +# +# Corrupt fsverity descriptor, merkle tree blocks, and file contents. Ensure +# that xfs_scrub detects this and repairs whatever it can. +# +. ./common/preamble +_begin_fstest auto quick verity + +_cleanup() +{ + cd / + _restore_fsverity_signatures + rm -f $tmp.* +} + +. ./common/verity +. ./common/filter +. ./common/fuzzy + +_supported_fs xfs +_require_scratch_verity +_disable_fsverity_signatures +_require_fsverity_corruption +_require_scratch_nocheck # fsck test + +_scratch_mkfs >> $seqres.full +_scratch_mount + +_require_scratch_xfs_scrub +_require_xfs_has_feature "$SCRATCH_MNT" verity +VICTIM_FILE="$SCRATCH_MNT/a" +_fsv_can_enable "$VICTIM_FILE" || _notrun "cannot enable fsverity" + +create_victim() +{ + local filesize="${1:-3}" + + rm -f "$VICTIM_FILE" + perl -e "print 'moo' x $((filesize / 3))" > "$VICTIM_FILE" + fsverity enable --hash-alg=sha256 --block-size=1024 "$VICTIM_FILE" + fsverity measure "$VICTIM_FILE" | _filter_scratch +} + +filter_scrub() { + awk '{ + if ($0 ~ /fsverity metadata missing/) { + print("fsverity metadata missing"); + } else if ($0 ~ /Corruption.*inode record/) { + print("xfs_ino corruption"); + } else if ($0 ~ /verity error at offset/) { + print("fsverity read error"); + } + }' +} + +run_scrub() { + $XFS_SCRUB_PROG -b -x $* $SCRATCH_MNT &> $tmp.moo + filter_scrub < $tmp.moo + cat $tmp.moo >> $seqres.full +} + +cat_victim() { + $XFS_IO_PROG -r -c 'pread -q 0 4096' "$VICTIM_FILE" 2>&1 | _filter_scratch +} + +echo "Part 1: Delete the fsverity descriptor" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c "attr_remove -f vdesc" -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim +run_scrub -n + +echo "Part 2: Run repair to clear XFS_DIFLAG2_VERITY" | tee -a $seqres.full +run_scrub +cat_victim +run_scrub -n + +echo "Part 3: Corrupt the fsverity descriptor" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'attr_modify -f "vdesc" -o 0 "BUGSAHOY"' -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim +run_scrub -n + +echo "Part 4: Run repair to clear XFS_DIFLAG2_VERITY" | tee -a $seqres.full +run_scrub +cat_victim +run_scrub -n + +echo "Part 5: Corrupt the fsverity file data" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'dblock 0' -c 'blocktrash -3 -o 0 -x 24 -y 24 -z' -c print >> $seqres.full +_scratch_mount +cat_victim +run_scrub -n + +echo "Part 6: Run repair which will not help" | tee -a $seqres.full +run_scrub +cat_victim +run_scrub -n + +echo "Part 7: Corrupt a merkle tree block" | tee -a $seqres.full +create_victim 1234 # two merkle tree blocks +_fsv_scratch_corrupt_merkle_tree "$VICTIM_FILE" 0 +cat_victim +run_scrub -n + +echo "Part 8: Run repair which will not help" | tee -a $seqres.full +run_scrub +cat_victim +run_scrub -n + +echo "Part 9: Corrupt the fsverity salt" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'attr_modify -f "vdesc" -o 3 #08' -c 'attr_modify -f "vdesc" -o 80 "BUGSAHOY"' -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim +run_scrub -n + +echo "Part 10: Run repair which will not help" | tee -a $seqres.full +run_scrub +cat_victim +run_scrub -n + +# success, all done +status=0 +exit diff --git a/tests/xfs/1880.out b/tests/xfs/1880.out new file mode 100644 index 0000000000..17961ec70b --- /dev/null +++ b/tests/xfs/1880.out @@ -0,0 +1,37 @@ +QA output created by 1880 +Part 1: Delete the fsverity descriptor +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +SCRATCH_MNT/a: Invalid argument +xfs_ino corruption +fsverity metadata missing +Part 2: Run repair to clear XFS_DIFLAG2_VERITY +Part 3: Corrupt the fsverity descriptor +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +SCRATCH_MNT/a: Invalid argument +xfs_ino corruption +fsverity metadata missing +Part 4: Run repair to clear XFS_DIFLAG2_VERITY +Part 5: Corrupt the fsverity file data +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +pread: Input/output error +fsverity read error +Part 6: Run repair which will not help +fsverity read error +pread: Input/output error +fsverity read error +Part 7: Corrupt a merkle tree block +sha256:c56f1115966bafa6c9d32b4717f554b304161f33923c9292c7a92a27866a853c SCRATCH_MNT/a +pread: Input/output error +fsverity read error +Part 8: Run repair which will not help +fsverity read error +pread: Input/output error +fsverity read error +Part 9: Corrupt the fsverity salt +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +pread: Input/output error +fsverity read error +Part 10: Run repair which will not help +fsverity read error +pread: Input/output error +fsverity read error From patchwork Tue Apr 30 03:42:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648236 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1B76FC02; Tue, 30 Apr 2024 03:42:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448526; cv=none; b=TwgwZHVDd1xYL/OQjsS1VDQ2luQSy387w2dLsx/UXh7EMsBFtYQ7P2uvlqzyeqOzYFjasPuKUq7uL0cnaqpc04FRwVMB923ZkTW7df+tl4ZVvX4hQVyg+ZyYpH19hE/8M7YSMTcouqgccFHtzTCJc9GBU9lwjn7Zoi6NBIYz36w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448526; c=relaxed/simple; bh=t6F6gZTIpN6m1eTxRsMo75eCx/x0KWlooz1X8l0W2as=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fRNwohNLnqp5KHcEhavQELTCY9KMR3w39Z6Gi9GsqTsCgqC3/kIZzw7Ns6bBuRISkyKUBxW5e8g5Zxu+j25FziqJfTBqUQ3DTa2I3eqQZkqopg2A/4o/5Bse2LPZK/FqQwTTl3MXnAuXoI2peyGqaPKRUk0CxpjwwNh4rLenUMo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eNbnE6Sj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eNbnE6Sj" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D4B3C116B1; Tue, 30 Apr 2024 03:42:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448526; bh=t6F6gZTIpN6m1eTxRsMo75eCx/x0KWlooz1X8l0W2as=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=eNbnE6SjQhmRzNbf9K/6gokOBTyljpMd1KpBLUid84o58S6G+QkCY0QtcXZmHWq5H 7LQ1seLM5V8Gs5ymFOLZYtOybJRE2fyiu/CZ+sGMQw8gXyXpGB59zs2HMRQOefHNZw mSX1RopQBxmFqnQsrKIb4l9CNkZDpjSHCOrCzPf5mvrgwtzL4iI5FE0Of5ZaNGW4lv 1RxVLFzaJBDmSHJqXtHBCv5dcDJFURwdxtSoTIvIc6Wngd4CKrp+oO2f6ZOcRZnf5q wvK1v3G9b/hTK97zu+sp/I4BBhSe4BsjLYGXnxl7jkySYEHHkOnB9YL0cnhWhJ0UdA MPMU3W071AuFg== Date: Mon, 29 Apr 2024 20:42:05 -0700 Subject: [PATCH 5/6] xfs: test disabling fsverity From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444688055.962488.12884471948592949028.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Add a test to make sure that we can disable fsverity on a file that doesn't pass fsverity validation on its contents anymore. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- tests/xfs/1881 | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/xfs/1881.out | 28 +++++++++++++ 2 files changed, 139 insertions(+) create mode 100755 tests/xfs/1881 create mode 100644 tests/xfs/1881.out diff --git a/tests/xfs/1881 b/tests/xfs/1881 new file mode 100755 index 0000000000..411802d7c7 --- /dev/null +++ b/tests/xfs/1881 @@ -0,0 +1,111 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2024 Oracle. All Rights Reserved. +# +# FS QA Test 1881 +# +# Corrupt fsverity descriptor, merkle tree blocks, and file contents. Ensure +# that we can still disable fsverity, at least for the latter cases. +# +. ./common/preamble +_begin_fstest auto quick verity + +_cleanup() +{ + cd / + _restore_fsverity_signatures + rm -f $tmp.* +} + +. ./common/verity +. ./common/filter +. ./common/fuzzy + +_supported_fs xfs +_require_scratch_verity +_disable_fsverity_signatures +_require_fsverity_corruption +_require_xfs_io_command noverity +_require_scratch_nocheck # corruption test + +_scratch_mkfs >> $seqres.full +_scratch_mount + +_require_xfs_has_feature "$SCRATCH_MNT" verity +VICTIM_FILE="$SCRATCH_MNT/a" +_fsv_can_enable "$VICTIM_FILE" || _notrun "cannot enable fsverity" + +create_victim() +{ + local filesize="${1:-3}" + + rm -f "$VICTIM_FILE" + perl -e "print 'moo' x $((filesize / 3))" > "$VICTIM_FILE" + fsverity enable --hash-alg=sha256 --block-size=1024 "$VICTIM_FILE" + fsverity measure "$VICTIM_FILE" | _filter_scratch +} + +disable_verity() { + $XFS_IO_PROG -r -c 'noverity' "$VICTIM_FILE" 2>&1 | _filter_scratch +} + +cat_victim() { + $XFS_IO_PROG -r -c 'pread -q 0 4096' "$VICTIM_FILE" 2>&1 | _filter_scratch +} + +echo "Part 1: Delete the fsverity descriptor" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c "attr_remove -f vdesc" -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim + +echo "Part 2: Disable fsverity, which won't work" | tee -a $seqres.full +disable_verity +cat_victim + +echo "Part 3: Corrupt the fsverity descriptor" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'attr_modify -f "vdesc" -o 0 "BUGSAHOY"' -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim + +echo "Part 4: Disable fsverity, which won't work" | tee -a $seqres.full +disable_verity +cat_victim + +echo "Part 5: Corrupt the fsverity file data" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'dblock 0' -c 'blocktrash -3 -o 0 -x 24 -y 24 -z' -c print >> $seqres.full +_scratch_mount +cat_victim + +echo "Part 6: Disable fsverity, which should work" | tee -a $seqres.full +disable_verity +cat_victim + +echo "Part 7: Corrupt a merkle tree block" | tee -a $seqres.full +create_victim 1234 # two merkle tree blocks +_fsv_scratch_corrupt_merkle_tree "$VICTIM_FILE" 0 +cat_victim + +echo "Part 8: Disable fsverity, which should work" | tee -a $seqres.full +disable_verity +cat_victim + +echo "Part 9: Corrupt the fsverity salt" | tee -a $seqres.full +create_victim +_scratch_unmount +_scratch_xfs_db -x -c "path /a" -c 'attr_modify -f "vdesc" -o 3 #08' -c 'attr_modify -f "vdesc" -o 80 "BUGSAHOY"' -c 'ablock 0' -c print >> $seqres.full +_scratch_mount +cat_victim + +echo "Part 10: Disable fsverity, which should work" | tee -a $seqres.full +disable_verity +cat_victim + +# success, all done +status=0 +exit diff --git a/tests/xfs/1881.out b/tests/xfs/1881.out new file mode 100644 index 0000000000..3e94b8001e --- /dev/null +++ b/tests/xfs/1881.out @@ -0,0 +1,28 @@ +QA output created by 1881 +Part 1: Delete the fsverity descriptor +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +SCRATCH_MNT/a: Invalid argument +Part 2: Disable fsverity, which won't work +SCRATCH_MNT/a: Invalid argument +SCRATCH_MNT/a: Invalid argument +Part 3: Corrupt the fsverity descriptor +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +SCRATCH_MNT/a: Invalid argument +Part 4: Disable fsverity, which won't work +SCRATCH_MNT/a: Invalid argument +SCRATCH_MNT/a: Invalid argument +Part 5: Corrupt the fsverity file data +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +pread: Input/output error +Part 6: Disable fsverity, which should work +pread: Input/output error +Part 7: Corrupt a merkle tree block +sha256:c56f1115966bafa6c9d32b4717f554b304161f33923c9292c7a92a27866a853c SCRATCH_MNT/a +pread: Input/output error +Part 8: Disable fsverity, which should work +pread: Input/output error +Part 9: Corrupt the fsverity salt +sha256:bab5cfebae30d53e4318629d4ba0b4760d6aae38e03ae235741ed69a31873f1f SCRATCH_MNT/a +pread: Input/output error +Part 10: Disable fsverity, which should work +pread: Input/output error From patchwork Tue Apr 30 03:42:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648237 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E778DDA6; Tue, 30 Apr 2024 03:42:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448542; cv=none; b=SGjUKPB8ZvivxFKtRizIuXuSbQinxqnpoTR/q7VQamMejHhlz4n8MuavAK5ixi/tSxz8yAe34dQsvifI0Bq/2AvYLSzPdJDhMOi1ixrRIj/wNtXEXfIqdJpGFFIfPkOTbmFodyKd7c/3EKrM3QbIDJsXY5e82WOiaAmo0sC+1nc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448542; c=relaxed/simple; bh=jbApkDvEWvvkWcdeshF4HBowOWeIkefxLeuhyJUzYvA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Sc9iHD98S70wljFjagyFGcCPAWxrZvPhAtNYAd+YTiV8sqtTqgNSyM5Fj3TVbiEoIg3U/kvYf9UN2yy783UPJmTIpRztf2ZU5orhqfih7COmKxvd5hhD5kR8cgeSerhzSDhcv1w1aL5/3i6XS85xNpPNaURN3FAmmXOtS3hdc8k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FnsV80QO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FnsV80QO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24874C116B1; Tue, 30 Apr 2024 03:42:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448542; bh=jbApkDvEWvvkWcdeshF4HBowOWeIkefxLeuhyJUzYvA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FnsV80QOgYyl6gGrhdpVmULSAHxSHejT4TlWbMOjf1SsOrkmGJZ7GmUt/D7aY+IJf +Vi43sxd4SUygIVlrl9VVcqe0w8MtJCQKbEBh8uA30hD5YnMfgYb7bcfVcP21ezEre ggq4EO5G9dRo09OP9SNNiFquasY2qziGj9bo1mP24V5qco0lyVP6oV1NBHGofa2214 VqoeD9x3+WXuEFI7j0MCCYBppCmqqkra15TImCKYFc33hqkvBFQ8WJ5mfAfRkF9P/P y9KnNE9sT32sG6kXrq3e7+1FK6yPakABl+WXUHNWQwRSe/ITCqB/PIFOfszTaVo6vj MlzG1xVZ2YUog== Date: Mon, 29 Apr 2024 20:42:21 -0700 Subject: [PATCH 6/6] common/populate: add verity files to populate xfs images From: "Darrick J. Wong" To: aalbersh@redhat.com, zlang@redhat.com, ebiggers@kernel.org, djwong@kernel.org Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org, fstests@vger.kernel.org Message-ID: <171444688070.962488.15915265664424203708.stgit@frogsfrogsfrogs> In-Reply-To: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> References: <171444687971.962488.18035230926224414854.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong If verity is enabled on a filesystem, we should create some sample verity files. Signed-off-by: Darrick J. Wong --- common/populate | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/common/populate b/common/populate index 35071f4210..ab9495e739 100644 --- a/common/populate +++ b/common/populate @@ -520,6 +520,30 @@ _scratch_xfs_populate() { done fi + # verity merkle trees + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)" + if [ $is_verity -gt 0 ]; then + echo "+ fsverity" + + # Create a biggish file with all zeroes, because metadump + # won't preserve data blocks and we don't want the hashes to + # stop working for our sample fs. + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity" + done + + fsverity enable "$SCRATCH_MNT/verity" + + # Create a sparse file + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity" + fsverity enable "$SCRATCH_MNT/sparse_verity" + + # Create a salted sparse file + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/salted_verity" + local salt="5846532066696e616c6c7920686173206461746120636865636b73756d732121" # XFS finally has data checksums!! + fsverity enable --salt="$salt" "$SCRATCH_MNT/salted_verity" + fi + # Copy some real files (xfs tests, I guess...) echo "+ real files" test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5