lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADUfDZr5K9WztPnek1t1xnej6ALtyG_9yf9=ZGhVcHhqmyzx3g@mail.gmail.com>
Date: Tue, 6 Jan 2026 17:32:29 -0800
From: Caleb Sander Mateos <csander@...estorage.com>
To: Ming Lei <ming.lei@...hat.com>
Cc: Jens Axboe <axboe@...nel.dk>, Shuah Khan <shuah@...nel.org>, linux-block@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Stanley Zhang <stazhang@...estorage.com>, Uday Shankar <ushankar@...estorage.com>, 
	"Martin K . Petersen" <martin.petersen@...cle.com>
Subject: Re: [PATCH v3 19/19] selftests: ublk: add end-to-end integrity test

On Tue, Jan 6, 2026 at 4:21 PM Ming Lei <ming.lei@...hat.com> wrote:
>
> On Tue, Jan 06, 2026 at 09:15:44AM -0800, Caleb Sander Mateos wrote:
> > On Tue, Jan 6, 2026 at 6:10 AM Ming Lei <ming.lei@...hat.com> wrote:
> > >
> > > On Mon, Jan 05, 2026 at 05:57:51PM -0700, Caleb Sander Mateos wrote:
> > > > Add test case loop_08 to verify the ublk integrity data flow. It uses
> > > > the kublk loop target to create a ublk device with integrity on top of
> > > > backing data and integrity files. It then writes to the whole device
> > > > with fio configured to generate integrity data. Then it reads back the
> > > > whole device with fio configured to verify the integrity data.
> > > > It also verifies that injected guard, reftag, and apptag corruptions are
> > > > correctly detected.
> > > >
> > > > Signed-off-by: Caleb Sander Mateos <csander@...estorage.com>
> > > > ---
> > > >  tools/testing/selftests/ublk/Makefile        |   1 +
> > > >  tools/testing/selftests/ublk/test_loop_08.sh | 111 +++++++++++++++++++
> > > >  2 files changed, 112 insertions(+)
> > > >  create mode 100755 tools/testing/selftests/ublk/test_loop_08.sh
> > > >
> > > > diff --git a/tools/testing/selftests/ublk/Makefile b/tools/testing/selftests/ublk/Makefile
> > > > index bfd68ae64142..ab745443fd58 100644
> > > > --- a/tools/testing/selftests/ublk/Makefile
> > > > +++ b/tools/testing/selftests/ublk/Makefile
> > > > @@ -33,10 +33,11 @@ TEST_PROGS += test_loop_02.sh
> > > >  TEST_PROGS += test_loop_03.sh
> > > >  TEST_PROGS += test_loop_04.sh
> > > >  TEST_PROGS += test_loop_05.sh
> > > >  TEST_PROGS += test_loop_06.sh
> > > >  TEST_PROGS += test_loop_07.sh
> > > > +TEST_PROGS += test_loop_08.sh
> > > >  TEST_PROGS += test_stripe_01.sh
> > > >  TEST_PROGS += test_stripe_02.sh
> > > >  TEST_PROGS += test_stripe_03.sh
> > > >  TEST_PROGS += test_stripe_04.sh
> > > >  TEST_PROGS += test_stripe_05.sh
> > > > diff --git a/tools/testing/selftests/ublk/test_loop_08.sh b/tools/testing/selftests/ublk/test_loop_08.sh
> > > > new file mode 100755
> > > > index 000000000000..ca289cfb2ad4
> > > > --- /dev/null
> > > > +++ b/tools/testing/selftests/ublk/test_loop_08.sh
> > > > @@ -0,0 +1,111 @@
> > > > +#!/bin/bash
> > > > +# SPDX-License-Identifier: GPL-2.0
> > > > +
> > > > +. "$(cd "$(dirname "$0")" && pwd)"/test_common.sh
> > > > +
> > > > +if ! _have_program fio; then
> > > > +     exit $UBLK_SKIP_CODE
> > > > +fi
> > > > +
> > > > +fio_version=$(fio --version)
> > > > +if [[ "$fio_version" =~ fio-[0-9]+\.[0-9]+$ ]]; then
> > > > +     echo "Requires development fio version with https://github.com/axboe/fio/pull/1992"
> > > > +     exit $UBLK_SKIP_CODE
> > > > +fi
> > > > +
> > > > +TID=loop_08
> > > > +
> > > > +_prep_test "loop" "end-to-end integrity"
> > > > +
> > > > +_create_backfile 0 256M
> > > > +_create_backfile 1 32M # 256M * (64 integrity bytes / 512 data bytes)
> > > > +integrity_params="--integrity_capable --integrity_reftag
> > > > +                  --metadata_size 64 --pi_offset 56 --csum_type t10dif"
> > > > +dev_id=$(_add_ublk_dev -t loop -u $integrity_params "${UBLK_BACKFILES[@]}")
> > >
> > > I tried above setting:
> > >
> > > ./kublk add -t loop --integrity_capable --integrity_reftag --metadata_size 64 --pi_offset 56 --csum_type t10dif --foreground -u /dev/sdb /dev/sdc
> > > dev id 1: nr_hw_queues 2 queue_depth 128 block size 512 dev_capacity 8388608
> > >         max rq size 1048576 daemon pid 38295 flags 0x160c2 state LIVE
> > >         queue 0: affinity(0 )
> > >         queue 1: affinity(8 )
> > >
> > > However, IO error is always triggered:
> > >
> > > [ 9202.316382] ublkb1: ref tag error at location 0 (rcvd 128)
> > > [ 9202.317171] Buffer I/O error on dev ublkb1, logical block 0, async page read
> >
> > Hmm, what are the initial contents of /dev/sdc? It looks like they are
> > nonzero, as the reftag being read for logical block 0 is 128 rather
> > than the expected 0 (the reftag would be read from bytes 60 to 63 of
> > /dev/sdc). In general, though, the partition scan may be expected to
> > fail the bio-integrity-auto checks if the integrity data hasn't been
> > initialized. I don't think this is an issue, since the partition scan
> > is looking for a partition table but there's no guarantee that one
> > exists.
> > You can disable the kernel integrity checks if you want by writing 0
> > to /sys/block/ublkb1/integrity/read_verify. However, I'm not sure it's
> > possible to do this soon enough to take effect before the partition
> > scan.
> > We could also use the UBLK_F_NO_AUTO_PART_SCAN feature, once it lands,
> > to suppress the partition scan and these error messages.
>
> UBLK_F_NO_AUTO_PART_SCAN can't avoid the following read failure.

Are you saying the reads aren't coming from the partition scan? What
else would be issuing reads to the ublk device before fio is run on
it?

>
> I guess the issue can be avoided by adding small superblock to the meta
> data file, then format it in the 1st time when superblock doesn't exist.

Not sure the complexity of a superblock is necessary. Could just
initialize all the protection information with valid reftags and guard
tags.

>
> This way will make it usable from test/verify purpose.

I'm still not following why it's not "usable" currently. Only blocks
that have been written to (with protection information generated by
fio or the kernel) can be read back, but that's how block devices are
expected to be used. It seems fine to me for test purposes.
test_loop_08.sh writes to the full ublk device before verifying it, so
it shouldn't encounter any invalid reftags.

Best,
Caleb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ