Add support for decryption faults in zinject

This patch adds the ability for zinject to trigger decryption and authentication faults in the ZIO and ARC layers. This functionality is exposed via the new "decrypt" error type, which may be provided for "data" object types. This patch also refactors some of the core encryption / decryption functions so that they have consistent prototypes, handle errors consistently, and do not have unused arguments. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #7474
2026-05-22 02:27:36 +03:00 · 2018-05-02 18:36:20 -04:00
parent 9464b9591e
commit be9a5c355c
15 changed files with 221 additions and 116 deletions
@@ -518,7 +518,7 @@ tags = ['functional', 'exec']
 [tests/functional/fault]
 tests = ['auto_online_001_pos', 'auto_replace_001_pos', 'auto_spare_001_pos',
    'auto_spare_002_pos', 'auto_spare_ashift', 'auto_spare_multiple',
-    'scrub_after_resilver']
+    'scrub_after_resilver', 'decrypt_fault']
 tags = ['functional', 'fault']

 [tests/functional/features/async_destroy]
@@ -8,6 +8,7 @@ dist_pkgdata_SCRIPTS = \
 	auto_spare_002_pos.ksh \
 	auto_spare_ashift.ksh \
 	auto_spare_multiple.ksh \
+	decrypt_fault.ksh \
 	scrub_after_resilver.ksh

 dist_pkgdata_DATA = \
@@ -0,0 +1,55 @@
+#!/bin/ksh -p
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 by Lawrence Livermore National Security, LLC.
+# All rights reserved.
+#
+
+. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/fault/fault.cfg
+
+#
+# DESCRIPTION:
+# Test that injected decryption errors are handled correctly.
+#
+# STRATEGY:
+# 1. Create an encrypted dataset with an test file
+# 2. Inject decryption errors on the file 20% of the time
+# 3. Read the file to confirm that errors are handled correctly
+# 4. Confirm that the decryption injection was added to the ZED logs
+#
+
+log_assert "Testing that injected decryption errors are handled correctly"
+
+function cleanup
+{
+	log_must zinject -c all
+	default_cleanup_noexit
+}
+
+log_onexit cleanup
+
+default_mirror_setup_noexit $DISK1 $DISK2
+log_must eval "echo 'password' | zfs create -o encryption=on \
+	-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/fs"
+mntpt=$(get_prop mountpoint $TESTPOOL/fs)
+log_must mkfile 32M $mntpt/file1
+
+log_must zinject -a -t data -e decrypt -f 20 $mntpt/file1
+log_must zfs umount $TESTPOOL/fs
+log_must zfs mount $TESTPOOL/fs
+
+log_mustnot eval "cat $mntpt/file1 > /dev/null"
+log_must eval "zpool events $TESTPOOL | grep -q 'authentication'"
+
+log_pass "Injected decryption errors are handled correctly"