From efaaeb91a424ad56d83e5f7c5d9a19e60cb277ae Mon Sep 17 00:00:00 2001 From: Tony Hutter Date: Mon, 21 Oct 2024 17:35:46 -0700 Subject: [PATCH] ZTS: Add LUKS sanity test Add a LUKS sanity test to trigger: #16631 Signed-off-by: Tony Hutter --- .github/workflows/scripts/qemu-3-deps.sh | 35 ++++---- tests/runfiles/linux.run | 6 ++ tests/zfs-tests/include/commands.cfg | 1 + tests/zfs-tests/tests/Makefile.am | 3 +- .../tests/functional/luks/luks_sanity.ksh | 90 +++++++++++++++++++ 5 files changed, 117 insertions(+), 18 deletions(-) create mode 100755 tests/zfs-tests/tests/functional/luks/luks_sanity.ksh diff --git a/.github/workflows/scripts/qemu-3-deps.sh b/.github/workflows/scripts/qemu-3-deps.sh index 4c6227b88ed..bf06c1892ce 100755 --- a/.github/workflows/scripts/qemu-3-deps.sh +++ b/.github/workflows/scripts/qemu-3-deps.sh @@ -13,10 +13,10 @@ function archlinux() { echo "##[endgroup]" echo "##[group]Install Development Tools" - sudo pacman -Sy --noconfirm base-devel bc cpio dhclient dkms fakeroot \ - fio gdb inetutils jq less linux linux-headers lsscsi nfs-utils parted \ - pax perf python-packaging python-setuptools qemu-guest-agent ksh samba \ - sysstat rng-tools rsync wget xxhash + sudo pacman -Sy --noconfirm base-devel bc cpio cryptsetup dhclient dkms \ + fakeroot fio gdb inetutils jq less linux linux-headers lsscsi nfs-utils \ + parted pax perf python-packaging python-setuptools qemu-guest-agent ksh \ + samba sysstat rng-tools rsync wget xxhash echo "##[endgroup]" } @@ -30,11 +30,11 @@ function debian() { echo "##[group]Install Development Tools" sudo apt-get install -y \ - acl alien attr autoconf bc cpio curl dbench dh-python dkms fakeroot \ - fio gdb gdebi git ksh lcov isc-dhcp-client jq libacl1-dev libaio-dev \ - libattr1-dev libblkid-dev libcurl4-openssl-dev libdevmapper-dev libelf-dev \ - libffi-dev libmount-dev libpam0g-dev libselinux-dev libssl-dev libtool \ - libtool-bin libudev-dev libunwind-dev linux-headers-$(uname -r) \ + acl alien attr autoconf bc cpio cryptsetup curl dbench dh-python dkms \ + fakeroot fio gdb gdebi git ksh lcov isc-dhcp-client jq libacl1-dev \ + libaio-dev libattr1-dev libblkid-dev libcurl4-openssl-dev libdevmapper-dev \ + libelf-dev libffi-dev libmount-dev libpam0g-dev libselinux-dev libssl-dev \ + libtool libtool-bin libudev-dev libunwind-dev linux-headers-$(uname -r) \ lsscsi nfs-kernel-server pamtester parted python3 python3-all-dev \ python3-cffi python3-dev python3-distlib python3-packaging \ python3-setuptools python3-sphinx qemu-guest-agent rng-tools rpm2cpio \ @@ -68,14 +68,15 @@ function rhel() { echo "##[group]Install Development Tools" sudo dnf group install -y "Development Tools" sudo dnf install -y \ - acl attr bc bzip2 curl dbench dkms elfutils-libelf-devel fio gdb git \ - jq kernel-rpm-macros ksh libacl-devel libaio-devel libargon2-devel \ - libattr-devel libblkid-devel libcurl-devel libffi-devel ncompress \ - libselinux-devel libtirpc-devel libtool libudev-devel libuuid-devel \ - lsscsi mdadm nfs-utils openssl-devel pam-devel pamtester parted perf \ - python3 python3-cffi python3-devel python3-packaging kernel-devel \ - python3-setuptools qemu-guest-agent rng-tools rpcgen rpm-build rsync \ - samba sysstat systemd watchdog wget xfsprogs-devel xxhash zlib-devel + acl attr bc bzip2 cryptsetup curl dbench dkms elfutils-libelf-devel fio \ + gdb git jq kernel-rpm-macros ksh libacl-devel libaio-devel \ + libargon2-devel libattr-devel libblkid-devel libcurl-devel libffi-devel \ + ncompress libselinux-devel libtirpc-devel libtool libudev-devel \ + libuuid-devel lsscsi mdadm nfs-utils openssl-devel pam-devel pamtester \ + parted perf python3 python3-cffi python3-devel python3-packaging \ + kernel-devel python3-setuptools qemu-guest-agent rng-tools rpcgen \ + rpm-build rsync samba sysstat systemd watchdog wget xfsprogs-devel xxhash \ + zlib-devel echo "##[endgroup]" } diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run index 5534cd27f63..76d07a6cc9c 100644 --- a/tests/runfiles/linux.run +++ b/tests/runfiles/linux.run @@ -147,6 +147,12 @@ tags = ['functional', 'largest_pool'] tests = ['longname_001_pos', 'longname_002_pos', 'longname_003_pos'] tags = ['functional', 'longname'] +[tests/functional/luks:Linux] +pre = +post = +tests = ['luks_sanity'] +tags = ['functional', 'luks'] + [tests/functional/mmap:Linux] tests = ['mmap_libaio_001_pos', 'mmap_sync_001_pos'] tags = ['functional', 'mmap'] diff --git a/tests/zfs-tests/include/commands.cfg b/tests/zfs-tests/include/commands.cfg index be41ce5210e..5985b5fe152 100644 --- a/tests/zfs-tests/include/commands.cfg +++ b/tests/zfs-tests/include/commands.cfg @@ -129,6 +129,7 @@ export SYSTEM_FILES_LINUX='attr blkdiscard blockdev chattr + cryptsetup exportfs fallocate flock diff --git a/tests/zfs-tests/tests/Makefile.am b/tests/zfs-tests/tests/Makefile.am index bc767b9f624..7d1551a63f0 100644 --- a/tests/zfs-tests/tests/Makefile.am +++ b/tests/zfs-tests/tests/Makefile.am @@ -80,7 +80,8 @@ if BUILD_LINUX nobase_dist_datadir_zfs_tests_tests_SCRIPTS += \ functional/simd/simd_supported.ksh \ functional/tmpfile/cleanup.ksh \ - functional/tmpfile/setup.ksh + functional/tmpfile/setup.ksh \ + functional/luks/luks_sanity.ksh endif nobase_dist_datadir_zfs_tests_tests_DATA += \ diff --git a/tests/zfs-tests/tests/functional/luks/luks_sanity.ksh b/tests/zfs-tests/tests/functional/luks/luks_sanity.ksh new file mode 100755 index 00000000000..9cee26503de --- /dev/null +++ b/tests/zfs-tests/tests/functional/luks/luks_sanity.ksh @@ -0,0 +1,90 @@ +#!/bin/ksh -p +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or https://opensource.org/licenses/CDDL-1.0. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# + +# +# Copyright (c) 2024 by Lawrence Livermore National Security, LLC. +# Use is subject to license terms. +# + +# DESCRIPTION: +# Verify ZFS works on a LUKS-backed pool +# +# STRATEGY: +# 1. Create a LUKS device +# 2. Make a pool with it +# 3. Write files to the pool +# 4. Verify no errors + +. $STF_SUITE/include/libtest.shlib + +verify_runnable "both" + +VDEV=$(mktemp --suffix=luks_sanity) +TESTPOOL=testpool + +function cleanup +{ + log_must zpool destroy $TESTPOOL + + log_must cryptsetup luksClose /dev/mapper/luksdev + log_must rm -f $VDEV +} + +log_assert "Verify ZFS on LUKS works" +log_onexit cleanup + +PASS="fdsjfosdijfsdkjsldfjdlk" + +# Make a small LUKS device since LUKS formatting takes time and we want to +# make this test run as quickly as possible. +truncate -s 100M $VDEV + +log_must cryptsetup luksFormat --type luks2 $VDEV <<< $PASS +log_must cryptsetup luksOpen $VDEV luksdev <<< $PASS + +log_must zpool create $TESTPOOL /dev/mapper/luksdev + +CPUS=$(get_num_cpus) + +# Use these specific size and offset ranges as they often cause errors with +# https://github.com/openzfs/zfs/issues/16631 +# and we want to try to test for that. +for SIZE in {70..100} ; do + for OFF in {70..100} ; do + for i in {1..$CPUS} ; do + dd if=/dev/urandom of=/$TESTPOOL/file$i-bs$SIZE-off$OFF \ + seek=$OFF bs=$SIZE count=1 &>/dev/null & + done + wait + done + sync_pool $TESTPOOL + rm -f /$TESTPOOL/file* +done + +# Verify no read/write/checksum errors. Don't use JSON here so that we could +# could potentially backport this test case to the 2.2.x branch. +if zpool status -e | grep -q "luksdev" ; then + log_note "$(zpool status -v)" + log_fail "Saw errors writing to LUKS device" +fi + +log_pass "Verified ZFS on LUKS works"