Message ID | 1643338947-1436-1-git-send-email-daisl.fnst@fujitsu.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [v3] syscalls/statx09: Add new test | expand |
Hi Dai > This test is basically the same as statx04 but here we check for the > STATX_ATTR_VERITY flag which is currently only implemented on ext4. > > Signed-off-by: Dai Shili<daisl.fnst@fujitsu.com> > --- > configure.ac | 1 + > include/lapi/fs.h | 4 + > include/lapi/fsverity.h | 38 +++++++ > include/lapi/stat.h | 4 + > m4/ltp-fsverity.m4 | 10 ++ > runtest/syscalls | 1 + > testcases/kernel/syscalls/statx/.gitignore | 1 + > testcases/kernel/syscalls/statx/statx09.c | 161 +++++++++++++++++++++++++++++ > 8 files changed, 220 insertions(+) > create mode 100644 include/lapi/fsverity.h > create mode 100644 m4/ltp-fsverity.m4 > create mode 100644 testcases/kernel/syscalls/statx/statx09.c > > diff --git a/configure.ac b/configure.ac > index 3c56d19..aeb486f 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -367,6 +367,7 @@ LTP_CHECK_SELINUX > LTP_CHECK_SYNC_ADD_AND_FETCH > LTP_CHECK_SYSCALL_EVENTFD > LTP_CHECK_SYSCALL_FCNTL > +LTP_CHECK_FSVERITY > > if test "x$with_numa" = xyes; then > LTP_CHECK_SYSCALL_NUMA > diff --git a/include/lapi/fs.h b/include/lapi/fs.h > index aafeab4..27b3a18 100644 > --- a/include/lapi/fs.h > +++ b/include/lapi/fs.h > @@ -41,6 +41,10 @@ > #define FS_NODUMP_FL 0x00000040 /* do not dump file */ > #endif > > +#ifndef FS_VERITY_FL > +#define FS_VERITY_FL 0x00100000 /* Verity protected inode */ > +#endif > + > /* > * Helper function to get MAX_LFS_FILESIZE. > * Missing PAGE_SHIFT on some libc prevents defining MAX_LFS_FILESIZE. > diff --git a/include/lapi/fsverity.h b/include/lapi/fsverity.h > new file mode 100644 > index 0000000..66bea15 > --- /dev/null > +++ b/include/lapi/fsverity.h > @@ -0,0 +1,38 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved. > + * Author: Dai Shili<daisl.fnst@cn.fujitsu.com> > + */ > +#ifndef LAPI_FSVERITY_H__ > +#define LAPI_FSVERITY_H__ > + > +#include "config.h" > +#include<stdint.h> > + > +#ifdef HAVE_LINUX_FSVERITY_H > +#include<linux/fsverity.h> > +#endif > + > +#ifndef FS_VERITY_HASH_ALG_SHA256 > +# define FS_VERITY_HASH_ALG_SHA256 1 > +#endif > + > +#ifndef HAVE_STRUCT_FSVERITY_ENABLE_ARG > +struct fsverity_enable_arg { > + uint32_t version; > + uint32_t hash_algorithm; > + uint32_t block_size; > + uint32_t salt_size; > + uint64_t salt_ptr; > + uint32_t sig_size; > + uint32_t __reserved1; > + uint64_t sig_ptr; > + uint64_t __reserved2[11]; > +}; > +#endif > + > +#ifndef FS_IOC_ENABLE_VERITY > +# define FS_IOC_ENABLE_VERITY _IOW('f', 133, struct fsverity_enable_arg) The _IOW definition is in <sys/ioctl.h>, so we should include it in here. > +#endif > + > +#endif > diff --git a/include/lapi/stat.h b/include/lapi/stat.h > index d596058..ce1f2b6 100644 > --- a/include/lapi/stat.h > +++ b/include/lapi/stat.h > @@ -223,6 +223,10 @@ static inline int statx(int dirfd, const char *pathname, unsigned int flags, > # define STATX_ATTR_AUTOMOUNT 0x00001000 > #endif > > +#ifndef STATX_ATTR_VERITY > +# define STATX_ATTR_VERITY 0x00100000 > +#endif > + > #ifndef AT_SYMLINK_NOFOLLOW > # define AT_SYMLINK_NOFOLLOW 0x100 > #endif > diff --git a/m4/ltp-fsverity.m4 b/m4/ltp-fsverity.m4 > new file mode 100644 > index 0000000..7104886 > --- /dev/null > +++ b/m4/ltp-fsverity.m4 > @@ -0,0 +1,10 @@ > +dnl SPDX-License-Identifier: GPL-2.0-or-later > +dnl Copyright (c) 2022 Fujitsu Ltd. > +dnl Author: Dai Shili<daisl.fnst@fujitsu.com> > + > +AC_DEFUN([LTP_CHECK_FSVERITY],[ > + AC_CHECK_HEADERS([linux/fsverity.h], [have_fsverity=yes], [AC_MSG_WARN(missing linux/fsverity.h header)]) > + if test "x$have_fsverity" = "xyes"; then > + AC_CHECK_TYPES(struct fsverity_enable_arg,,,[#include<linux/fsverity.h>]) > + fi > +]) > diff --git a/runtest/syscalls b/runtest/syscalls > index 3b2deb6..7ba0331 100644 > --- a/runtest/syscalls > +++ b/runtest/syscalls > @@ -1744,6 +1744,7 @@ statx05 statx05 > statx06 statx06 > statx07 statx07 > statx08 statx08 > +statx09 statx09 > > membarrier01 membarrier01 > > diff --git a/testcases/kernel/syscalls/statx/.gitignore b/testcases/kernel/syscalls/statx/.gitignore > index 4db060d..1cea43c 100644 > --- a/testcases/kernel/syscalls/statx/.gitignore > +++ b/testcases/kernel/syscalls/statx/.gitignore > @@ -6,3 +6,4 @@ > /statx06 > /statx07 > /statx08 > +/statx09 > diff --git a/testcases/kernel/syscalls/statx/statx09.c b/testcases/kernel/syscalls/statx/statx09.c > new file mode 100644 > index 0000000..230176b > --- /dev/null > +++ b/testcases/kernel/syscalls/statx/statx09.c > @@ -0,0 +1,161 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved. > + * Author: Dai Shili<daisl.fnst@fujitsu.com> > + */ > + > +/*\ > + * [Description] > + * > + * This code tests if the attributes field of statx received expected value. > + * File set with following flags by using SAFE_IOCTL: > + * > + * - STATX_ATTR_VERITY: statx() system call sets STATX_ATTR_VERITY if the file > + * has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and > + * FS_IOC_MEASURE_VERITY because it doesn't require opening the file, > + * and opening verity files can be expensive. > + * > + * Minimum Linux version required is v5.5. > + */ > + > +#define _GNU_SOURCE > +#include<sys/mount.h> > +#include<stdlib.h> > +#include<linux/ioctl.h> This can be removed if we use <sys/ioctl.h> in lapi/fsverity.h. > +#include "tst_test.h" > +#include "lapi/fs.h" > +#include "lapi/fsverity.h" > +#include "lapi/stat.h" > +#include<inttypes.h> > + > +#define MNTPOINT "mnt_point" > +#define TESTFILE_FLAGGED MNTPOINT"/test_file3" > +#define TESTFILE_UNFLAGGED MNTPOINT"/test_file4" I think using MNTPOINT"/testfile_flagged" or test_file1 is meaningful. Best Regards Yang Xu > + > +static int mount_flag; > + > +static const uint32_t hash_algorithms[] = { > + FS_VERITY_HASH_ALG_SHA256, > +}; > + > +static void test_flagged(void) > +{ > + struct statx buf; > + > + TST_EXP_PASS(statx(AT_FDCWD, TESTFILE_FLAGGED, 0, 0,&buf), > + "statx(AT_FDCWD, %s, 0, 0,&buf)", TESTFILE_FLAGGED); > + > + if (buf.stx_attributes& STATX_ATTR_VERITY) > + tst_res(TPASS, "STATX_ATTR_VERITY flag is set: (%"PRIu64") ", > + (uint64_t)buf.stx_attributes); > + else > + tst_res(TFAIL, "STATX_ATTR_VERITY flag is not set"); > +} > + > +static void test_unflagged(void) > +{ > + struct statx buf; > + > + TST_EXP_PASS(statx(AT_FDCWD, TESTFILE_UNFLAGGED, 0, 0,&buf), > + "statx(AT_FDCWD, %s, 0, 0,&buf)", TESTFILE_UNFLAGGED); > + > + if ((buf.stx_attributes& STATX_ATTR_VERITY) == 0) > + tst_res(TPASS, "STATX_ATTR_VERITY flag is not set"); > + else > + tst_res(TFAIL, "STATX_ATTR_VERITY flag is set"); > +} > + > +static struct test_cases { > + void (*tfunc)(void); > +} tcases[] = { > + {&test_flagged}, > + {&test_unflagged}, > +}; > + > +static void run(unsigned int i) > +{ > + tcases[i].tfunc(); > +} > + > +static void flag_setup(void) > +{ > + int fd, attr, ret; > + struct fsverity_enable_arg enable; > + > + fd = SAFE_OPEN(TESTFILE_FLAGGED, O_RDONLY, 0664); > + > + ret = ioctl(fd, FS_IOC_GETFLAGS,&attr); > + if (ret< 0) { > + if (errno == ENOTTY) > + tst_brk(TCONF | TERRNO, "FS_IOC_GETFLAGS not supported"); > + > + tst_brk(TBROK | TERRNO, "ioctl(%i, FS_IOC_GETFLAGS, ...)", fd); > + } > + > + memset(&enable, 0, sizeof(enable)); > + enable.version = 1; > + enable.hash_algorithm = hash_algorithms[0]; > + enable.block_size = 4096; > + enable.salt_size = 0; > + enable.salt_ptr = (intptr_t)NULL; > + enable.sig_size = 0; > + enable.sig_ptr = (intptr_t)NULL; > + > + ret = ioctl(fd, FS_IOC_ENABLE_VERITY,&enable); > + if (ret< 0) { > + if (errno == EOPNOTSUPP) { > + tst_brk(TCONF, > + "fs-verity is not supported on the file system or by the kernel"); > + } > + tst_brk(TBROK | TERRNO, "ioctl(%i, FS_IOC_ENABLE_VERITY) failed", fd); > + } > + > + ret = ioctl(fd, FS_IOC_GETFLAGS,&attr); > + if ((ret == 0)&& !(attr& FS_VERITY_FL)) > + tst_res(TFAIL, "%i: fs-verity enabled but FS_VERITY_FL bit not set", fd); > + > + SAFE_CLOSE(fd); > +} > + > +static void setup(void) > +{ > + TEST(mount(tst_device->dev, MNTPOINT, tst_device->fs_type, 0, NULL)); > + if (TST_RET) { > + if (TST_ERR == EINVAL) > + tst_brk(TCONF, "fs-verity not supported on loopdev"); > + > + tst_brk(TBROK | TERRNO, "mount() failed with %ld", TST_RET); > + } > + mount_flag = 1; > + > + SAFE_FILE_PRINTF(TESTFILE_FLAGGED, "a"); > + SAFE_FILE_PRINTF(TESTFILE_UNFLAGGED, "a"); > + > + flag_setup(); > +} > + > +static void cleanup(void) > +{ > + if (mount_flag) > + tst_umount(MNTPOINT); > +} > + > +static struct tst_test test = { > + .test = run, > + .tcnt = ARRAY_SIZE(tcases), > + .setup = setup, > + .cleanup = cleanup, > + .needs_root = 1, > + .mntpoint = MNTPOINT, > + .format_device = 1, > + .dev_fs_type = "ext4", > + .dev_fs_opts = (const char *const []){"-O verity", NULL}, > + .needs_kconfigs = (const char *[]) { > + "CONFIG_FS_VERITY", > + NULL > + }, > + .needs_cmds = (const char *[]) { > + "mkfs.ext4>= 1.45.2", > + NULL > + } > +};
diff --git a/configure.ac b/configure.ac index 3c56d19..aeb486f 100644 --- a/configure.ac +++ b/configure.ac @@ -367,6 +367,7 @@ LTP_CHECK_SELINUX LTP_CHECK_SYNC_ADD_AND_FETCH LTP_CHECK_SYSCALL_EVENTFD LTP_CHECK_SYSCALL_FCNTL +LTP_CHECK_FSVERITY if test "x$with_numa" = xyes; then LTP_CHECK_SYSCALL_NUMA diff --git a/include/lapi/fs.h b/include/lapi/fs.h index aafeab4..27b3a18 100644 --- a/include/lapi/fs.h +++ b/include/lapi/fs.h @@ -41,6 +41,10 @@ #define FS_NODUMP_FL 0x00000040 /* do not dump file */ #endif +#ifndef FS_VERITY_FL +#define FS_VERITY_FL 0x00100000 /* Verity protected inode */ +#endif + /* * Helper function to get MAX_LFS_FILESIZE. * Missing PAGE_SHIFT on some libc prevents defining MAX_LFS_FILESIZE. diff --git a/include/lapi/fsverity.h b/include/lapi/fsverity.h new file mode 100644 index 0000000..66bea15 --- /dev/null +++ b/include/lapi/fsverity.h @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved. + * Author: Dai Shili <daisl.fnst@cn.fujitsu.com> + */ +#ifndef LAPI_FSVERITY_H__ +#define LAPI_FSVERITY_H__ + +#include "config.h" +#include <stdint.h> + +#ifdef HAVE_LINUX_FSVERITY_H +#include <linux/fsverity.h> +#endif + +#ifndef FS_VERITY_HASH_ALG_SHA256 +# define FS_VERITY_HASH_ALG_SHA256 1 +#endif + +#ifndef HAVE_STRUCT_FSVERITY_ENABLE_ARG +struct fsverity_enable_arg { + uint32_t version; + uint32_t hash_algorithm; + uint32_t block_size; + uint32_t salt_size; + uint64_t salt_ptr; + uint32_t sig_size; + uint32_t __reserved1; + uint64_t sig_ptr; + uint64_t __reserved2[11]; +}; +#endif + +#ifndef FS_IOC_ENABLE_VERITY +# define FS_IOC_ENABLE_VERITY _IOW('f', 133, struct fsverity_enable_arg) +#endif + +#endif diff --git a/include/lapi/stat.h b/include/lapi/stat.h index d596058..ce1f2b6 100644 --- a/include/lapi/stat.h +++ b/include/lapi/stat.h @@ -223,6 +223,10 @@ static inline int statx(int dirfd, const char *pathname, unsigned int flags, # define STATX_ATTR_AUTOMOUNT 0x00001000 #endif +#ifndef STATX_ATTR_VERITY +# define STATX_ATTR_VERITY 0x00100000 +#endif + #ifndef AT_SYMLINK_NOFOLLOW # define AT_SYMLINK_NOFOLLOW 0x100 #endif diff --git a/m4/ltp-fsverity.m4 b/m4/ltp-fsverity.m4 new file mode 100644 index 0000000..7104886 --- /dev/null +++ b/m4/ltp-fsverity.m4 @@ -0,0 +1,10 @@ +dnl SPDX-License-Identifier: GPL-2.0-or-later +dnl Copyright (c) 2022 Fujitsu Ltd. +dnl Author: Dai Shili <daisl.fnst@fujitsu.com> + +AC_DEFUN([LTP_CHECK_FSVERITY],[ + AC_CHECK_HEADERS([linux/fsverity.h], [have_fsverity=yes], [AC_MSG_WARN(missing linux/fsverity.h header)]) + if test "x$have_fsverity" = "xyes"; then + AC_CHECK_TYPES(struct fsverity_enable_arg,,,[#include <linux/fsverity.h>]) + fi +]) diff --git a/runtest/syscalls b/runtest/syscalls index 3b2deb6..7ba0331 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -1744,6 +1744,7 @@ statx05 statx05 statx06 statx06 statx07 statx07 statx08 statx08 +statx09 statx09 membarrier01 membarrier01 diff --git a/testcases/kernel/syscalls/statx/.gitignore b/testcases/kernel/syscalls/statx/.gitignore index 4db060d..1cea43c 100644 --- a/testcases/kernel/syscalls/statx/.gitignore +++ b/testcases/kernel/syscalls/statx/.gitignore @@ -6,3 +6,4 @@ /statx06 /statx07 /statx08 +/statx09 diff --git a/testcases/kernel/syscalls/statx/statx09.c b/testcases/kernel/syscalls/statx/statx09.c new file mode 100644 index 0000000..230176b --- /dev/null +++ b/testcases/kernel/syscalls/statx/statx09.c @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved. + * Author: Dai Shili <daisl.fnst@fujitsu.com> + */ + +/*\ + * [Description] + * + * This code tests if the attributes field of statx received expected value. + * File set with following flags by using SAFE_IOCTL: + * + * - STATX_ATTR_VERITY: statx() system call sets STATX_ATTR_VERITY if the file + * has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and + * FS_IOC_MEASURE_VERITY because it doesn't require opening the file, + * and opening verity files can be expensive. + * + * Minimum Linux version required is v5.5. + */ + +#define _GNU_SOURCE +#include <sys/mount.h> +#include <stdlib.h> +#include <linux/ioctl.h> +#include "tst_test.h" +#include "lapi/fs.h" +#include "lapi/fsverity.h" +#include "lapi/stat.h" +#include <inttypes.h> + +#define MNTPOINT "mnt_point" +#define TESTFILE_FLAGGED MNTPOINT"/test_file3" +#define TESTFILE_UNFLAGGED MNTPOINT"/test_file4" + +static int mount_flag; + +static const uint32_t hash_algorithms[] = { + FS_VERITY_HASH_ALG_SHA256, +}; + +static void test_flagged(void) +{ + struct statx buf; + + TST_EXP_PASS(statx(AT_FDCWD, TESTFILE_FLAGGED, 0, 0, &buf), + "statx(AT_FDCWD, %s, 0, 0, &buf)", TESTFILE_FLAGGED); + + if (buf.stx_attributes & STATX_ATTR_VERITY) + tst_res(TPASS, "STATX_ATTR_VERITY flag is set: (%"PRIu64") ", + (uint64_t)buf.stx_attributes); + else + tst_res(TFAIL, "STATX_ATTR_VERITY flag is not set"); +} + +static void test_unflagged(void) +{ + struct statx buf; + + TST_EXP_PASS(statx(AT_FDCWD, TESTFILE_UNFLAGGED, 0, 0, &buf), + "statx(AT_FDCWD, %s, 0, 0, &buf)", TESTFILE_UNFLAGGED); + + if ((buf.stx_attributes & STATX_ATTR_VERITY) == 0) + tst_res(TPASS, "STATX_ATTR_VERITY flag is not set"); + else + tst_res(TFAIL, "STATX_ATTR_VERITY flag is set"); +} + +static struct test_cases { + void (*tfunc)(void); +} tcases[] = { + {&test_flagged}, + {&test_unflagged}, +}; + +static void run(unsigned int i) +{ + tcases[i].tfunc(); +} + +static void flag_setup(void) +{ + int fd, attr, ret; + struct fsverity_enable_arg enable; + + fd = SAFE_OPEN(TESTFILE_FLAGGED, O_RDONLY, 0664); + + ret = ioctl(fd, FS_IOC_GETFLAGS, &attr); + if (ret < 0) { + if (errno == ENOTTY) + tst_brk(TCONF | TERRNO, "FS_IOC_GETFLAGS not supported"); + + tst_brk(TBROK | TERRNO, "ioctl(%i, FS_IOC_GETFLAGS, ...)", fd); + } + + memset(&enable, 0, sizeof(enable)); + enable.version = 1; + enable.hash_algorithm = hash_algorithms[0]; + enable.block_size = 4096; + enable.salt_size = 0; + enable.salt_ptr = (intptr_t)NULL; + enable.sig_size = 0; + enable.sig_ptr = (intptr_t)NULL; + + ret = ioctl(fd, FS_IOC_ENABLE_VERITY, &enable); + if (ret < 0) { + if (errno == EOPNOTSUPP) { + tst_brk(TCONF, + "fs-verity is not supported on the file system or by the kernel"); + } + tst_brk(TBROK | TERRNO, "ioctl(%i, FS_IOC_ENABLE_VERITY) failed", fd); + } + + ret = ioctl(fd, FS_IOC_GETFLAGS, &attr); + if ((ret == 0) && !(attr & FS_VERITY_FL)) + tst_res(TFAIL, "%i: fs-verity enabled but FS_VERITY_FL bit not set", fd); + + SAFE_CLOSE(fd); +} + +static void setup(void) +{ + TEST(mount(tst_device->dev, MNTPOINT, tst_device->fs_type, 0, NULL)); + if (TST_RET) { + if (TST_ERR == EINVAL) + tst_brk(TCONF, "fs-verity not supported on loopdev"); + + tst_brk(TBROK | TERRNO, "mount() failed with %ld", TST_RET); + } + mount_flag = 1; + + SAFE_FILE_PRINTF(TESTFILE_FLAGGED, "a"); + SAFE_FILE_PRINTF(TESTFILE_UNFLAGGED, "a"); + + flag_setup(); +} + +static void cleanup(void) +{ + if (mount_flag) + tst_umount(MNTPOINT); +} + +static struct tst_test test = { + .test = run, + .tcnt = ARRAY_SIZE(tcases), + .setup = setup, + .cleanup = cleanup, + .needs_root = 1, + .mntpoint = MNTPOINT, + .format_device = 1, + .dev_fs_type = "ext4", + .dev_fs_opts = (const char *const []){"-O verity", NULL}, + .needs_kconfigs = (const char *[]) { + "CONFIG_FS_VERITY", + NULL + }, + .needs_cmds = (const char *[]) { + "mkfs.ext4 >= 1.45.2", + NULL + } +};
This test is basically the same as statx04 but here we check for the STATX_ATTR_VERITY flag which is currently only implemented on ext4. Signed-off-by: Dai Shili <daisl.fnst@fujitsu.com> --- configure.ac | 1 + include/lapi/fs.h | 4 + include/lapi/fsverity.h | 38 +++++++ include/lapi/stat.h | 4 + m4/ltp-fsverity.m4 | 10 ++ runtest/syscalls | 1 + testcases/kernel/syscalls/statx/.gitignore | 1 + testcases/kernel/syscalls/statx/statx09.c | 161 +++++++++++++++++++++++++++++ 8 files changed, 220 insertions(+) create mode 100644 include/lapi/fsverity.h create mode 100644 m4/ltp-fsverity.m4 create mode 100644 testcases/kernel/syscalls/statx/statx09.c