lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu,  4 Jan 2018 01:11:20 -0700
From:   Ross Zwisler <ross.zwisler@...ux.intel.com>
To:     fstests@...r.kernel.org, Eryu Guan <eguan@...hat.com>
Cc:     Ross Zwisler <ross.zwisler@...ux.intel.com>,
        linux-ext4@...r.kernel.org, linux-nvdimm@...ts.01.org,
        linux-xfs@...r.kernel.org
Subject: [PATCH 1/2] ext4: test for DAX + journaling corruption

Add a regression test for the following kernel commit:

  ext4: prevent data corruption with journaling + DAX

The test passes if either we successfully compare the data between the mmap
with journaling turned on and the one with journaling turned off, or if we
fail the chattr command to turn on or off journaling.  The latter is how we
prevent this issue in the kernel.

Signed-off-by: Ross Zwisler <ross.zwisler@...ux.intel.com>

---

Changes since v1:

 - Reordered .gitignore entry. (Eryu)

 - Added comments about how "chattr +j" turns off DAX and about why we need
   the 'nodelalloc' mount option. (Eryu)

 - Added a _require_command for chattr. (Eryu)

 - Added $here for src/t_ext4_dax_journal_corruption command. (Eryu)

The previous version of this series is here:

https://lists.01.org/pipermail/linux-nvdimm/2017-September/012463.html

The related kernel patches were merged in v4.15-rc1.
---
 .gitignore                          |   1 +
 src/Makefile                        |   3 +-
 src/t_ext4_dax_journal_corruption.c | 102 ++++++++++++++++++++++++++++++++++++
 tests/ext4/030                      |  74 ++++++++++++++++++++++++++
 tests/ext4/030.out                  |   2 +
 tests/ext4/group                    |   1 +
 6 files changed, 182 insertions(+), 1 deletion(-)
 create mode 100644 src/t_ext4_dax_journal_corruption.c
 create mode 100755 tests/ext4/030
 create mode 100644 tests/ext4/030.out

diff --git a/.gitignore b/.gitignore
index f27c30af..840e4fe4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -115,6 +115,7 @@
 /src/t_dir_offset2
 /src/t_dir_type
 /src/t_encrypted_d_revalidate
+/src/t_ext4_dax_journal_corruption
 /src/t_futimens
 /src/t_getcwd
 /src/t_holes
diff --git a/src/Makefile b/src/Makefile
index b1012172..86c5440c 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -13,7 +13,8 @@ TARGETS = dirstress fill fill2 getpagesize holes lstat64 \
 	multi_open_unlink dmiperf unwritten_sync genhashnames t_holes \
 	t_mmap_writev t_truncate_cmtime dirhash_collide t_rename_overwrite \
 	holetest t_truncate_self t_mmap_dio af_unix t_mmap_stale_pmd \
-	t_mmap_cow_race t_mmap_fallocate fsync-err t_mmap_write_ro
+	t_mmap_cow_race t_mmap_fallocate fsync-err t_mmap_write_ro \
+	t_ext4_dax_journal_corruption
 
 LINUX_TARGETS = xfsctl bstat t_mtab getdevicesize preallo_rw_pattern_reader \
 	preallo_rw_pattern_writer ftrunc trunc fs_perms testx looptest \
diff --git a/src/t_ext4_dax_journal_corruption.c b/src/t_ext4_dax_journal_corruption.c
new file mode 100644
index 00000000..18a2acdc
--- /dev/null
+++ b/src/t_ext4_dax_journal_corruption.c
@@ -0,0 +1,102 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
+
+#define PAGE(a) ((a)*0x1000)
+#define STRLEN 256
+
+void err_exit(char *op)
+{
+	fprintf(stderr, "%s: %s\n", op, strerror(errno));
+	exit(1);
+}
+
+void chattr_cmd(char *chattr, char *cmd, char *file)
+{
+	int ret;
+	char command[STRLEN];
+
+	ret = snprintf(command, STRLEN, "%s %s %s 2>/dev/null", chattr, cmd, file);
+	if (ret < 0)
+		err_exit("snprintf");
+
+	ret = system(command);
+	if (ret) /* Success - the kernel fix is to have this chattr fail */
+		exit(77);
+}
+
+int main(int argc, char *argv[])
+{
+	int fd, err, len = PAGE(1);
+	char *data, *dax_data, *chattr, *file;
+	char string[STRLEN];
+
+	if (argc < 3) {
+		printf("Usage: %s <chattr program> <file>\n", basename(argv[0]));
+		exit(0);
+	}
+
+	chattr = argv[1];
+	file = argv[2];
+
+	srand(time(NULL));
+	snprintf(string, STRLEN, "random number %d\n", rand());
+
+	fd = open(file, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
+	if (fd < 0)
+		err_exit("fd");
+
+	/* begin with journaling off and DAX on */
+	chattr_cmd(chattr, "-j", file);
+
+	ftruncate(fd, 0);
+	fallocate(fd, 0, 0, len);
+
+	dax_data = mmap(NULL, len, PROT_READ, MAP_SHARED, fd, 0);
+	if (!dax_data)
+		err_exit("mmap dax_data");
+
+	/*
+	 * This turns on journaling.  It also has the side-effect that it
+	 * turns off DAX for the given inode since journaling and DAX aren't
+	 * allowed to be on at the same time.  This happens in
+	 * ext4_change_inode_journal_flag() in kernel v4.14 and before.
+	 *
+	 * Note that this turns off the runtime DAX flag (S_DAX) in the
+	 * in-memory inode, and has nothing to do with per-inode on-media DAX
+	 * inode flags.
+	 */
+	chattr_cmd(chattr, "+j", file);
+
+	data = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+	if (!data)
+		err_exit("mmap data");
+
+	/*
+	 * Write the data using the non-DAX mapping, and try and read it back
+	 * using the DAX mapping.
+	 */
+	strcpy(data, string);
+	if (strcmp(dax_data, string) != 0)
+		printf("Data miscompare\n");
+
+	err = munmap(data, len);
+	if (err < 0)
+		err_exit("munmap data");
+
+	err = munmap(dax_data, len);
+	if (err < 0)
+		err_exit("munmap dax_data");
+
+	err = close(fd);
+	if (err < 0)
+		err_exit("close");
+	return 0;
+}
diff --git a/tests/ext4/030 b/tests/ext4/030
new file mode 100755
index 00000000..85da7557
--- /dev/null
+++ b/tests/ext4/030
@@ -0,0 +1,74 @@
+#! /bin/bash
+# FS QA Test ext4/030
+#
+# This is a regression test for kernel patch:
+#   ext4: prevent data corruption with journaling + DAX
+# created by Ross Zwisler <ross.zwisler@...ux.intel.com>
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2017-2018 Intel Corporation.  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1	# failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+	cd /
+	rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/filter
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# Modify as appropriate.
+_supported_os Linux
+_supported_fs ext4
+_require_scratch_dax
+_require_test_program "t_ext4_dax_journal_corruption"
+_require_command "$CHATTR_PROG" chattr
+
+# real QA test starts here
+_scratch_mkfs > $seqres.full 2>&1
+
+# In order to get our failure condition consistently we need to turn off
+# delayed allocation.  With delayed allocation on this simple test will pass,
+# but we would almost certainly see data corruption down the road as the
+# contents of the journal would conflict with the DAX data.
+_scratch_mount "-o dax,nodelalloc" >> $seqres.full 2>&1
+
+$here/src/t_ext4_dax_journal_corruption $CHATTR_PROG $SCRATCH_MNT/testfile
+
+if [[ $? != 0 && $? != 77 ]]; then
+	echo "Test failed, status $?"
+	exit 1
+fi
+
+# success, all done
+echo "Silence is golden"
+status=0
+exit
diff --git a/tests/ext4/030.out b/tests/ext4/030.out
new file mode 100644
index 00000000..06a1c8fe
--- /dev/null
+++ b/tests/ext4/030.out
@@ -0,0 +1,2 @@
+QA output created by 030
+Silence is golden
diff --git a/tests/ext4/group b/tests/ext4/group
index 257bb646..ef768dff 100644
--- a/tests/ext4/group
+++ b/tests/ext4/group
@@ -32,6 +32,7 @@
 027 auto quick fsmap
 028 auto quick fsmap
 029 auto quick fsmap
+030 auto quick
 271 auto rw quick
 301 aio auto ioctl rw stress defrag
 302 aio auto ioctl rw stress defrag
-- 
2.14.3

Powered by blists - more mailing lists