From be9a5c355c819ac0f2aca1f8c30dc75164e10322 Mon Sep 17 00:00:00 2001 From: Tom Caputi Date: Wed, 2 May 2018 18:36:20 -0400 Subject: Add support for decryption faults in zinject This patch adds the ability for zinject to trigger decryption and authentication faults in the ZIO and ARC layers. This functionality is exposed via the new "decrypt" error type, which may be provided for "data" object types. This patch also refactors some of the core encryption / decryption functions so that they have consistent prototypes, handle errors consistently, and do not have unused arguments. Reviewed-by: Brian Behlendorf Signed-off-by: Tom Caputi Closes #7474 --- tests/runfiles/linux.run | 2 +- tests/zfs-tests/tests/functional/fault/Makefile.am | 1 + .../tests/functional/fault/decrypt_fault.ksh | 55 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100755 tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh (limited to 'tests') diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run index 62dfcf44e..1d0b2ef91 100644 --- a/tests/runfiles/linux.run +++ b/tests/runfiles/linux.run @@ -518,7 +518,7 @@ tags = ['functional', 'exec'] [tests/functional/fault] tests = ['auto_online_001_pos', 'auto_replace_001_pos', 'auto_spare_001_pos', 'auto_spare_002_pos', 'auto_spare_ashift', 'auto_spare_multiple', - 'scrub_after_resilver'] + 'scrub_after_resilver', 'decrypt_fault'] tags = ['functional', 'fault'] [tests/functional/features/async_destroy] diff --git a/tests/zfs-tests/tests/functional/fault/Makefile.am b/tests/zfs-tests/tests/functional/fault/Makefile.am index 3c0e31d2a..1153ad8d6 100644 --- a/tests/zfs-tests/tests/functional/fault/Makefile.am +++ b/tests/zfs-tests/tests/functional/fault/Makefile.am @@ -8,6 +8,7 @@ dist_pkgdata_SCRIPTS = \ auto_spare_002_pos.ksh \ auto_spare_ashift.ksh \ auto_spare_multiple.ksh \ + decrypt_fault.ksh \ scrub_after_resilver.ksh dist_pkgdata_DATA = \ diff --git a/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh b/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh new file mode 100755 index 000000000..10008f22e --- /dev/null +++ b/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh @@ -0,0 +1,55 @@ +#!/bin/ksh -p +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright (c) 2018 by Lawrence Livermore National Security, LLC. +# All rights reserved. +# + +. $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/fault/fault.cfg + +# +# DESCRIPTION: +# Test that injected decryption errors are handled correctly. +# +# STRATEGY: +# 1. Create an encrypted dataset with an test file +# 2. Inject decryption errors on the file 20% of the time +# 3. Read the file to confirm that errors are handled correctly +# 4. Confirm that the decryption injection was added to the ZED logs +# + +log_assert "Testing that injected decryption errors are handled correctly" + +function cleanup +{ + log_must zinject -c all + default_cleanup_noexit +} + +log_onexit cleanup + +default_mirror_setup_noexit $DISK1 $DISK2 +log_must eval "echo 'password' | zfs create -o encryption=on \ + -o keyformat=passphrase -o keylocation=prompt $TESTPOOL/fs" +mntpt=$(get_prop mountpoint $TESTPOOL/fs) +log_must mkfile 32M $mntpt/file1 + +log_must zinject -a -t data -e decrypt -f 20 $mntpt/file1 +log_must zfs umount $TESTPOOL/fs +log_must zfs mount $TESTPOOL/fs + +log_mustnot eval "cat $mntpt/file1 > /dev/null" +log_must eval "zpool events $TESTPOOL | grep -q 'authentication'" + +log_pass "Injected decryption errors are handled correctly" -- cgit v1.2.3