#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright 2018 Google LLC
#
# FS QA Test generic/574
#
# Test corrupting verity files.  This test corrupts various parts of the
# contents of a verity file, or parts of its Merkle tree, by writing directly to
# the block device.  It verifies that this causes I/O errors when the relevant
# part of the contents is later read by any means.
#
. ./common/preamble
_begin_fstest auto quick verity

# Override the default cleanup function.
_cleanup()
{
	cd /
	_restore_fsverity_signatures
	rm -f $tmp.*
}

# Import common functions.
. ./common/filter
. ./common/verity

# real QA test starts here
_supported_fs generic
_require_scratch_verity
_disable_fsverity_signatures
_require_fsverity_corruption

_scratch_mkfs_verity &>> $seqres.full
_scratch_mount
fsv_orig_file=$SCRATCH_MNT/file
fsv_file=$SCRATCH_MNT/file.fsv

setup_zeroed_file()
{
	local len=$1
	local sparse=$2

	if $sparse; then
		dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$len \
			status=none
	else
		head -c $len /dev/zero > $fsv_orig_file
	fi
	cp $fsv_orig_file $fsv_file
	_fsv_enable $fsv_file
	md5sum $fsv_file |& _filter_scratch
}

filter_sigbus()
{
	sed -e 's/.*Bus error.*/Bus error/'
}

round_up_to_page_boundary()
{
	local n=$1
	local page_size=$(get_page_size)

	echo $(( (n + page_size - 1) & ~(page_size - 1) ))
}

corruption_test()
{
	local file_len=$1
	local zap_offset=$2
	local zap_len=$3
	local is_merkle_tree=${4:-false} # if true, zap tree instead of data
	local use_sparse_file=${5:-false}
	local page_aligned_eof=$(round_up_to_page_boundary $file_len)
	local measurement

	if $is_merkle_tree; then
		local corrupt_func=_fsv_scratch_corrupt_merkle_tree
	else
		local corrupt_func=_fsv_scratch_corrupt_bytes
	fi

	local msg="Corruption test:"
	msg+=" file_len=$file_len"
	if $use_sparse_file; then
		msg+=" (sparse)"
	fi
	msg+=" zap_offset=$zap_offset"
	if $is_merkle_tree; then
		msg+=" (in Merkle tree)"
	fi
	msg+=" zap_len=$zap_len"

	_fsv_scratch_begin_subtest "$msg"
	setup_zeroed_file $file_len $use_sparse_file
	cmp $fsv_file $fsv_orig_file
	echo "Corrupting bytes..."
	head -c $zap_len /dev/zero | tr '\0' X \
		| $corrupt_func $fsv_file $zap_offset

	echo "Validating corruption (reading full file)..."
	_scratch_cycle_mount
	md5sum $fsv_file |& _filter_scratch

	echo "Validating corruption (direct I/O)..."
	_scratch_cycle_mount
	dd if=$fsv_file bs=$FSV_BLOCK_SIZE iflag=direct status=none \
		of=/dev/null |& _filter_scratch

	if (( zap_offset < file_len )) && ! $is_merkle_tree; then
		echo "Validating corruption (reading just corrupted part)..."
		dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \
			of=/dev/null status=none |& _filter_scratch
	fi

	echo "Validating corruption (reading full file via mmap)..."
	bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \
		-c 'mmap -r 0 $page_aligned_eof' \
		-c 'mread 0 $file_len'" |& filter_sigbus

	if ! $is_merkle_tree; then
		echo "Validating corruption (reading just corrupted part via mmap)..."
		bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \
			-c 'mmap -r 0 $page_aligned_eof' \
			-c 'mread $zap_offset $zap_len'" |& filter_sigbus
	fi
}

# Reading the last block of the file with mmap is tricky, so we need to be
# a bit careful. Some filesystems read the last block in full, while others
# return zeros in the last block past EOF, regardless of the contents on
# disk. In the former, corruption should be detected and result in SIGBUS,
# while in the latter we would expect zeros past EOF, but no error.
corrupt_eof_block_test() {
	local file_len=$1
	local zap_len=$2
	local page_aligned_eof=$(round_up_to_page_boundary $file_len)
	_fsv_scratch_begin_subtest "Corruption test: EOF block"
	setup_zeroed_file $file_len false
	cmp $fsv_file $fsv_orig_file
	echo "Corrupting bytes..."
	head -c $zap_len /dev/zero | tr '\0' X \
		| _fsv_scratch_corrupt_bytes $fsv_file $file_len

	echo "Reading eof block via mmap into a temporary file..."
	bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \
		-c 'mmap -r 0 $page_aligned_eof' \
		-c 'mread -v $file_len $zap_len'" \
		|& filter_sigbus >$tmp.eof_block_read 2>&1

	head -c $file_len /dev/zero > $tmp.zero_cmp_file
	$XFS_IO_PROG -r $tmp.zero_cmp_file \
		-c "mmap -r 0 $page_aligned_eof" \
		-c "mread -v $file_len $zap_len" >$tmp.eof_zero_read

	echo "Checking for SIGBUS or zeros..."
	grep -q -e '^Bus error$' $tmp.eof_block_read \
		|| diff $tmp.eof_block_read $tmp.eof_zero_read \
		&& echo "OK"
}

# Note: these tests just overwrite some bytes without checking their original
# values.  Therefore, make sure to overwrite at least 5 or so bytes, to make it
# nearly guaranteed that there will be a change -- even when the test file is
# encrypted due to the test_dummy_encryption mount option being specified.

corruption_test 131072 0 5
corruption_test 131072 4091 5
corruption_test 131072 65536 65536
corruption_test 131072 131067 5

corrupt_eof_block_test 130999 72

# Merkle tree corruption.
corruption_test 200000 100 10 true

# Sparse file.  Corrupting the Merkle tree should still cause reads to fail,
# i.e. the filesystem must verify holes.
corruption_test 200000 100 10 true true

# success, all done
status=0
exit
