From 3c200a0232a6f49a65e76ef84cb067a49fd70676 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 10 Jun 2022 22:11:44 +0100 Subject: [PATCH] tests: Add a regression test for LUKS zeroing crash https://listman.redhat.com/archives/libguestfs/2022-June/029188.html (cherry picked from commit 7ab2ef96803bfc385f786be82ebfdd4cc977d504) --- tests/Makefile.am | 2 ++ tests/test-luks-copy-zero.sh | 70 ++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100755 tests/test-luks-copy-zero.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index 6a63e4e8..824232d1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1599,11 +1599,13 @@ if HAVE_GNUTLS_PBKDF2 TESTS += \ test-luks-info.sh \ test-luks-copy.sh \ + test-luks-copy-zero.sh \ $(NULL) endif EXTRA_DIST += \ test-luks-info.sh \ test-luks-copy.sh \ + test-luks-copy-zero.sh \ $(NULL) # multi-conn filter test. diff --git a/tests/test-luks-copy-zero.sh b/tests/test-luks-copy-zero.sh new file mode 100755 index 00000000..6ff560e3 --- /dev/null +++ b/tests/test-luks-copy-zero.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# nbdkit +# Copyright (C) 2018-2022 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# * Neither the name of Red Hat nor the names of its contributors may be +# used to endorse or promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# Regression test for: +# https://listman.redhat.com/archives/libguestfs/2022-June/029188.html + +source ./functions.sh +set -e +set -x + +requires qemu-img --version +requires nbdcopy --version +requires truncate --version +requires file --version +requires_filter luks + +encrypt_disk=luks-copy-zero1.img +zero_disk=luks-copy-zero2.img +cleanup_fn rm -f $encrypt_disk $zero_disk +rm -f $encrypt_disk $zero_disk + +# Create an empty encrypted disk container. +qemu-img create -f luks \ + --object secret,data=123456,id=sec0 \ + -o key-secret=sec0 \ + $encrypt_disk 100M + +# Create an all zeroes disk of the same size. +truncate -s 100M $zero_disk + +# Using nbdkit-luks-filter, write the zero disk into the encrypted +# disk. nbdcopy will do this using NBD_CMD_ZERO operations. +nbdkit -U - -fv \ + file $encrypt_disk --filter=luks passphrase=123456 \ + --run "nbdcopy -C 1 $zero_disk \$nbd" + +# Check that the encrypted disk is still a LUKS disk. If zeroing is +# wrong in the filter it's possible that it writes through to the +# underlying disk, erasing the container. +file $encrypt_disk +file $encrypt_disk | grep "LUKS encrypted file" -- 2.31.1