1
0
mirror of git://sourceware.org/git/lvm2.git synced 2024-12-22 17:35:59 +03:00
lvm2/test/shell/dmsecuretest.sh
Zdenek Kabelac 5d23054cb3 tests: update dmsecuretest
Look not only for whole 64byte sequence,
but seek also 32byte, 16byte and 8byte parts of the
key.

Currently to pass memcpy ZMM problems add possible
workaround in the form of GLIBC_TUNABLES setting.
2024-04-23 22:06:30 +02:00

103 lines
2.8 KiB
Bash

#!/usr/bin/env bash
# Copyright (C) 2018 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions
# of the GNU General Public License v.2.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Test secure table is not leaking data in user land
SKIP_WITH_LVMPOLLD=1
SKIP_WITH_LVMLOCKD=1
# AES key matching rot13 string from dmsecuretest.c */
SECURE="434e0cbab02ca68ffba9268222c3789d703fe62427b78b308518b3228f6a2122"
. lib/inittest
DMTEST="${PREFIX}-test-secure"
# Masking following glibc features fixes probles for AVX CPUs.
#export GLIBC_TUNABLES=glibc.cpu.hwcaps=-AVX512F,-AVX2,-AVX512VL,-ERMS,-AVX_Fast_Unaligned_Load,-SSSE3
# Test needs installed gdb package with gcore app
which gcore || skip
aux driver_at_least 4 6 || skip
# ensure we can create devices (uses dmsetup, etc)
aux prepare_devs 1
# check both code versions - linked libdm and internal device_mapper version
# there should not be any difference
for i in securetest dmsecuretest ; do
# 1st. try with empty table
# 2nd. retry with already exiting DM node - exercize error path also wipes
for j in empty existing ; do
rm -f cmdout
"$i" "$dev1" "$DMTEST" >cmdout 2>&1 &
PID=$!
for k in $(seq 1 20); do
sleep .1
lines=$(wc -l < cmdout 2>/dev/null || true)
test "${lines:-0}" = "0" || break
done
# 0 8192 crypt aes-xts-plain64 434e0cbab02ca68ffba9268222c3789d703fe62427b78b308518b3228f6a2122 0 253:0 8192
# crypt device should be loaded
dmsetup status "$DMTEST"
# Do not try to get debuginfo on newer gcore
unset DEBUGINFOD_URLS
# generate core file for running&sleeping binary
gcore "$PID" | tee out || skip
# check we capture core while dmsecuretest was already sleeping
grep -e "nanosleep\|kernel_vsyscall" out
kill "$PID" || true
wait
cat cmdout
# $SECURE string must NOT be present in core file
fail_test=0
for k in 1 2 4 8; do
a=0
b=$(( 64 / k ))
fail_str=
while [ "$a" -lt 64 ] ; do
str=${SECURE:a:b}
not grep -c "$str" "core.$PID" || fail_str="$fail_str $str"
a=$(( a + b ))
done
if [ -n "$fail_str" ]; then
echo "!!! Found $fail_str present in core.$PID !!!"
fail_test=$(( fail_test + 1 ))
fi
done
if [ "$fail_test" -gt 0 ]; then
## cp "core.$PID" /dev/shm/core
should dmsetup remove "$DMTEST" # go around weird bugs
die "!!! Secure string $SECURE or its parts found present in core.$PID !!!"
fi
rm -f "core.$PID"
if test "$j" = empty ; then
not grep "Device or resource busy" cmdout
else
# Device should be already present resulting into error message
grep "Device or resource busy" cmdout
dmsetup remove "$DMTEST"
fi
done
done