Received-SPF: pass (google.com: domain of linux-kernel+bounces-12341-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
From: Zhihao Cheng <chengzhihao1@huawei.com>
To: <david.oberhollenzer@sigma-star.at>, <richard@nod.at>,
	<miquel.raynal@bootlin.com>, <s.hauer@pengutronix.de>,
	<Tudor.Ambarus@linaro.org>
CC: <linux-kernel@vger.kernel.org>, <linux-mtd@lists.infradead.org>
Subject: [PATCH mtd-utils 05/11] tests: ubifs_repair: Add corrupt+repair+fault_inject test
Date: Thu, 28 Dec 2023 09:36:33 +0800
Message-ID: <20231228013639.2827205-6-chengzhihao1@huawei.com>
In-Reply-To: <20231228013639.2827205-1-chengzhihao1@huawei.com>
References: <20231228013639.2827205-1-chengzhihao1@huawei.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Inject memory/io fault while repairing corrupted UBIFS images.
This testcase mainly checks whether ubifs_repair has problems (eg.
memleak, UAF, null-ptr-def, etc.) in random error paths. Besides,
it provides a similar way to simulate powercut during repairing,
and checks whether ubifs_repair can fix an UBIFS image after many
repairing rounds interrupted by kinds of errors.

Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
---
 .gitignore                                         |   1 +
 configure.ac                                       |   3 +-
 tests/ubifs_repair-tests/Makemodule.am             |   3 +-
 .../cycle_corrupted_repair_fault_inject.sh.in      | 233 +++++++++++++++++++++
 4 files changed, 238 insertions(+), 2 deletions(-)
 create mode 100755 tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh.in

diff --git a/.gitignore b/.gitignore
index d47282c..52396e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -116,6 +116,7 @@ tests/ubifs_repair-tests/lib/common.sh
 tests/ubifs_repair-tests/tests/authentication_refuse.sh
 tests/ubifs_repair-tests/tests/cycle_mount_repair_check.sh
 tests/ubifs_repair-tests/tests/powercut_repair_mount.sh
+tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh
 
 #
 # Files generated by autotools
diff --git a/configure.ac b/configure.ac
index 349e4ad..31a7184 100644
--- a/configure.ac
+++ b/configure.ac
@@ -358,6 +358,7 @@ AC_CONFIG_FILES([tests/fs-tests/fs_help_all.sh
 	tests/ubifs_repair-tests/lib/common.sh
 	tests/ubifs_repair-tests/tests/authentication_refuse.sh
 	tests/ubifs_repair-tests/tests/cycle_mount_repair_check.sh
-	tests/ubifs_repair-tests/tests/powercut_repair_mount.sh])
+	tests/ubifs_repair-tests/tests/powercut_repair_mount.sh
+	tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh])
 
 AC_OUTPUT([Makefile])
diff --git a/tests/ubifs_repair-tests/Makemodule.am b/tests/ubifs_repair-tests/Makemodule.am
index 92f288a..0a9fb48 100644
--- a/tests/ubifs_repair-tests/Makemodule.am
+++ b/tests/ubifs_repair-tests/Makemodule.am
@@ -2,4 +2,5 @@ test_SCRIPTS += \
 	tests/ubifs_repair-tests/lib/common.sh \
 	tests/ubifs_repair-tests/tests/authentication_refuse.sh \
 	tests/ubifs_repair-tests/tests/cycle_mount_repair_check.sh \
-	tests/ubifs_repair-tests/tests/powercut_repair_mount.sh
+	tests/ubifs_repair-tests/tests/powercut_repair_mount.sh \
+	tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh
diff --git a/tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh.in b/tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh.in
new file mode 100755
index 0000000..9752970
--- /dev/null
+++ b/tests/ubifs_repair-tests/tests/cycle_corrupted_repair_fault_inject.sh.in
@@ -0,0 +1,233 @@
+#!/bin/sh
+# Copyright (c), 2023-2024, Huawei Technologies Co, Ltd.
+# Author: Zhihao Cheng <chengzhihao1@huawei.com>
+#
+# Test Description:
+# For many kinds of flash, do following things
+#  1. mount UBIFS
+#  2. fsstress && unmount
+#  3. inject corruption into UBIFS image randomly
+#  3. repair ubifs && inject kinds of errors(memory, io)
+#  4. check UBIFS mounting result
+# Running time: 10min
+
+TESTBINDIR=@TESTBINDIR@
+source $TESTBINDIR/common.sh
+
+function run_test()
+{
+	local simulator="$1";
+	local size="$2";
+	local peb_size="$3";
+	local page_size="$4";
+	local encryption=$5;
+
+	echo "======================================================================"
+	printf "%s" "$simulator: ${size}MiB PEB size ${peb_size}KiB"
+	if [ "$simulator" = "nandsim" ]; then
+		printf " %s" "page size ${page_size}KiB"
+	fi
+	printf " $encryption\n"
+
+	if [ "$simulator" = "nandsim" ]; then
+		$TESTBINDIR/load_nandsim.sh "$size" "$peb_size" "$page_size" || echo "cannot load nandsim";
+		mtdnum="$(find_mtd_device "$nandsim_patt")"
+	elif [ "$simulator" = "mtdram" ]; then
+		load_mtdram "$size" "$peb_size" || echo "cannot load mtdram"
+		mtdnum="$(find_mtd_device "$mtdram_patt")"
+	else
+		fatal "$simulator is not supported"
+	fi
+
+	flash_eraseall /dev/mtd$mtdnum
+	modprobe ubi mtd="$mtdnum,$page_size,0,0,1" fm_autoconvert || fatal "modprobe ubi fail"
+	ubimkvol -N vol_test -m -n 0 /dev/ubi$UBI_NUM || fatal "mkvol fail"
+	modprobe ubifs || fatal "modprobe ubifs fail"
+	mount_ubifs $DEV $MNT || fatal "mount ubifs fail"
+	if [[ "$encryption" == "encrypted" ]]; then
+		encryption_gen_key
+		encryption_set_key $MNT
+	fi
+
+	fsstress -d $MNT -l0 -p4 -n10000 &
+
+	sleep $((RANDOM % 20))
+
+	ps -e | grep -w fsstress > /dev/null 2>&1
+	while [ $? -eq 0 ]
+	do
+		killall -9 fsstress > /dev/null 2>&1
+		sleep 1
+		ps -e | grep -w fsstress > /dev/null 2>&1
+	done
+
+	while true
+	do
+		res=`mount | grep "$MNT"`
+		if [[ "$res" == "" ]]
+		then
+			break;
+		fi
+		umount $MNT
+		sleep 0.1
+	done
+
+	# inject corruption
+	times=$((RANDOM % 10))
+	let times=$times+10
+	i=0
+	tot_peb=`cat /sys/class/ubi/ubi$UBI_NUM/total_eraseblocks`;
+
+	modprobe -r ubifs
+	modprobe -r ubi # Stop wear-leveling & erasing worker
+	while [[ $i -lt $times ]]
+	do
+		let i=$i+1;
+		peb=$((RANDOM % $tot_peb));
+		pg=`expr $peb_size \* 1024`;
+		peb_off=`expr $pg \* $peb`
+		pages=`expr $pg / $page_size`;
+		pg=`expr $pages - 2`;
+		pg=$((RANDOM % $pg));
+		pg_off=`expr $pg + 2`;
+		pg_start=`expr $pages \* $peb`;
+		pg=`expr $pg_start + $pg_off`;
+		vid_pg=`expr $pg_start + 1`;
+		dd if=/dev/mtd$mtdnum of=$TMP_FILE bs=$page_size skip=$vid_pg count=1 2>/dev/null;
+		content=`cat $TMP_FILE | grep UBI!`; # vid header magic
+		if [[ "$content" == "" ]]; then
+			# Skip free PEB, otherwise data could be overwritten in ubifs repairing process
+			continue;
+		fi
+		if [[ $((RANDOM % 2)) == 0 ]]; then
+			# Corrupts 1 page
+			dd if=/dev/urandom of=/dev/mtd$mtdnum bs=$page_size seek=$pg count=1;
+		else
+			# Erase 1 LEB, TNC points to an unmapped area
+			flash_erase /dev/mtd$mtdnum $peb_off 1
+		fi
+	done
+	rm -f $TMP_FILE 2>/dev/null
+	sync
+
+	skip=0
+	modprobe ubi mtd="$mtdnum,$page_size,0,0,1" fm_autoconvert
+	ret=$?
+	if [[ $ret != 0 ]]
+	then
+		skip=1
+		echo "UBI layout volume is corrupted, skip"
+	fi
+
+	if [[ $skip == 0 ]]; then
+		modprobe ubifs || fatal "modprobe ubifs2 fail"
+		dmesg -c > /dev/null
+
+		round=0
+		while true;
+		do
+			injected=0
+			inject_mem=0
+			res=0
+			let round=$round+1
+
+			echo 'format "UBIFS DBG repair" +pflmt' > /sys/kernel/debug/dynamic_debug/control
+			if [[ $round -lt 50 ]]; then
+				injected=1
+				echo "$DEV" > /sys/kernel/debug/ubifs/repair_fs &
+				pid=$!
+				if [[ $((RANDOM % 2)) == 0 ]]; then
+					inject_mem_err $pid
+					inject_mem=1
+				fi
+				inject_io_err
+				wait $pid
+				res=$?
+				if [[ $inject_mem == 1 ]]; then
+					cancel_mem_err
+				fi
+				cancel_io_err
+			else
+				echo "$DEV" > /sys/kernel/debug/ubifs/repair_fs
+				res=$?
+			fi
+			if [[ $res != 0 ]]
+			then
+				log=`dmesg | grep "bad node at LEB 0:"`
+				if [[ "$log" != "" ]]
+				then
+					skip=1
+					echo "SB is corrupted, skip repairing & mounting"
+					break
+				else
+					check_memleak
+					# UBI could become ro-mode
+					modprobe -r ubifs
+					modprobe -r ubi
+					modprobe ubi mtd="$mtdnum,$page_size,0,0,1" fm_autoconvert
+					modprobe ubifs || fatal "modprobe ubifs3 fail"
+					if [[ $injected == 0 ]]; then
+						fatal "repair fail $res"
+					fi
+				fi
+			else
+				break
+			fi
+		done
+
+		check_memleak
+
+		dmesg -c > /dev/null # repairing corrupted image could reproduce error messages
+
+		if [[ $skip == 0 ]]; then
+			enable_chkfs
+
+			mount_ubifs $DEV $MNT
+			res=$?
+			if [[ $res != 0 ]]
+			then
+				fatal "mount fail $res"
+			fi
+
+			if [[ "$encryption" == "encrypted" ]]; then
+				encryption_set_key $MNT
+			fi
+
+			du -sh $MNT > /dev/null  # Make sure all files are accessible
+			ret=$?
+			if [[ $ret != 0 ]]; then
+				fatal "Cannot access all files"
+			fi
+			# check_err_msg is not suggested in this testcase, because
+			# ubi_io_read(triggered by wear_leveling_worker -> ubi_eba_copy_leb)
+			# could print stack if ecc uncorrectable errors are detected.
+
+			umount $MNT
+			res=$?
+			if [[ $res != 0 ]]
+			then
+				fatal "unmount fail $res"
+			fi
+		fi
+
+		modprobe -r ubifs
+		modprobe -r ubi
+	fi
+	modprobe -r $simulator
+
+	echo "----------------------------------------------------------------------"
+}
+
+check_fsstress
+start_t=$(date +%s)
+echo "Do corrruption+cycle_repair_fault_injection test in kinds of flashes"
+for simulator in "mtdram" "nandsim"; do
+	for encryption in "encrypted" "noencrypted"; do
+		run_test "$simulator" "16" "16" "512" $encryption
+		run_test "$simulator" "256" "128" "2048" $encryption
+	done
+done
+end_t=$(date +%s)
+time_cost=$(( end_t - start_t ))
+echo "Success, cost $time_cost seconds"
+exit 0
-- 
2.13.6