On Thu, Jun 22, 2023 at 7:12 PM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> Hi Amir,
>
> On Thu, Jun 22, 2023 at 12:36:59PM +0300, Amir Goldstein wrote:
> > > > What do I need to do in order to enable verity on ext4 besides
> > > > enabling FS_VERITY in the kernel?
> > > >
> > > > I'm getting these on verity tests on ext4 in the default 4k config.
> > > > _require_scratch_verity() doesn't mention any requirement other
> > > > that 4K blocks and extent format files.
> > > >
> > > > Thanks,
> > > > Amir.
> > > >
> > > > BEGIN TEST 4k (10 tests): Ext4 4k block Wed Jun 14 06:04:25 UTC 2023
> > > > DEVICE: /dev/vdb
> > > > EXT_MKFS_OPTIONS: -b 4096
> > > > EXT_MOUNT_OPTIONS: -o block_validity
> > > > FSTYP -- ext4
> > > > PLATFORM -- Linux/x86_64 kvm-xfstests
> > > > 6.4.0-rc2-xfstests-00026-g35774ba7f07c #1596 SMP PREEMPT_DYNAMIC Tue
> > > > Jun 13 18:16:59 IDT 2023
> > > > MKFS_OPTIONS -- -F -q -b 4096 /dev/vdc
> > > > MOUNT_OPTIONS -- -o acl,user_xattr -o block_validity /dev/vdc /vdc
> > > >
> > > > generic/572 [06:04:42] [06:04:47] [not run]
> > > > generic/572 -- ext4 verity isn't usable by default with these mkfs options
> > > > ...
> > >
> > > You need to "tune2fs -O verity" (or pass -O verity to mkfs.ext4).
> > >
> >
> > That was indeed missing in my setup, but it did not fix the problem.
> >
> > Turned out that I had a very old version of fsverity installed in my
> > kvm-xfstest test VM, where there is no --block-size option to
> > fsverity enable would always fail.
>
> That would do it. So the tests were in fact skipping themselves as expected;
> just the skip message was not clear.
>
Right.
> >
> > Eric,
> >
> > You may consider adding a check for minimal version of
> > fsverity or check for support of --block-size option to make
> > this error reason more clear for testers.
>
> I'm thinking it wouldn't be worth bothering, as the --block-size option was in
> the first actual release of fsverity-utils (v1.0). You must have pulled down a
> work-in-progress version of fsverity-utils back in 2018 or early 2019, well
> before the kernel support for fsverity was upstreamed, and then never updated
> it. I expect this issue affects very few people.
>
Agree.
> > Ted,
> >
> > FYI, FSVERITY_GIT in fstests-bld/config points to an out of date URL
>
> It was already updated several months ago. Please run 'git pull'.
>
I thought I did. My bad.
Sorry for the noise.
> >
> > How come there is no ext4/cfg/verity in fstests-bld?
>
> xfstests has a verity test *group*, which contains the tests that were written
> specifically to test verity.
>
> An xfstests-bld test config is something that applies to all tests. Features
> like "encrypt" have an xfstests-bld test config since there is a way to
> enable/use those features in all tests. In the case of encrypt that means
> mounting the filesystem with "-o test_dummy_encryption".
>
> In the case of verity, there is no way to enable/use verity in all tests. (It
> would be possible to always enable "-O verity" on the filesystem, but that does
> nothing to make verity actually be used/tested.) Hence, it doesn't have an
> xfstests-bld test config.
>
Got it.
In case of overlayfs over ext4 (i.e. -c ext4:overlay/small) it is needed
to format ext4 in the beginning with -O verity because overlayfs
tests do not currently have support for formatting the base fs differently
per test.
This is the patch I intend to post.
Shout it you disagree:
commit 28d65d957c25eab85eb80b06724b215770a734a1
Author: Amir Goldstein <amir73il@xxxxxxxxx>
Date: Thu Jun 22 11:30:06 2023 +0300
test-appliance: enable verity for testing overlay over ext4
Add -O verity for ext4 formatted for overlay tests, so that overlay
verity feature could be tested.
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
diff --git a/test-appliance/files/root/fs/overlay/config
b/test-appliance/files/root/fs/overlay/config
index 7c50b19..f252a70 100644
--- a/test-appliance/files/root/fs/overlay/config
+++ b/test-appliance/files/root/fs/overlay/config
@@ -55,7 +55,7 @@ function __mkfs()
case "$BASE_FSTYPE" in
ext4)
- /sbin/mke2fs -F -q -t ext4 "$dev"
+ /sbin/mke2fs -F -q -t ext4 -O verity "$dev"
;;
xfs)
mkfs.xfs -f -m rmapbt=1,reflink=1 "$dev"
> > Are you guys not testing fsverity with fstests-bld?
>
> We are. The documented way to test fsverity is to use kvm-xfstests:
> https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#tests
>
> > Should we just add fsverity config or add verity to ext4/cfg/encrypt
> > instead to avoid growing the test matrix?
> >
> > I can send patches for fstests-bld fixing the above if you like.
>
> As per the above, I don't think there is anything to fix.
>
Right.
Expect for the patch above which is needed for running Alex's
-g overlay/verity test
Thanks,
Amir.
