cryptohome: Data deletion on ephemeral mount errors |
|||
Issue descriptionI found out that in some tests related to ephemeral mounts the claimed statements are, unless I'm missing something, opposite to what will happen in real world usages. For instance, the EphemeralNoUserSystemTest.EnterpriseMountStatVFSFailure test has the following description ([1]): // Checks that when ephemeral statvfs call fails, no clean up happens. This test attempts to verify this by setting up the following gmock expectation: EXPECT_CALL(platform_, DeleteFile(_, _)).Times(0); The problem is that the test uses MockHomeDirs but not "the real HomeDirs", which means that by default no calls to Platform happen when methods of HomeDirs are called from the tested code. Now, what actually happens inside the Mount class is that HomeDirs::Remove() is called whenever an error is returned from Mount::MountEphemeralCryptohome() - see [2]. The real implementation of HomeDirs calls Platform::DeleteFile() three times with some directories - IIUC, all data of the user is wiped out (although I may be wrong in what exactly is deleted and what is not). For the very least, this contradicts with what is stated in the test description (specifically, to the "no clean up happens" part). Similar situation is with tests EnterpriseMountCreateSparseDirFailure and EnterpriseMountCreateSparseFailure. Filed this crbug to investigate whether this behavior of Mount is a correct behavior, or whether that's a bug. Anyway, even if that turns out to be not a bug, the tests should still be corrected IMO. poromov@: Sergey, assigning to you as this code was touched in commit [3]. [1] http://cs/chromeos_public/src/platform2/cryptohome/mount_unittest.cc?l=2258&rcl=49d66d7e63798bf31f0ab4d113f8fb122f80c80e [2] http://cs/chromeos_public/src/platform2/cryptohome/mount.cc?l=376&rcl=d279e52b1377f921fde9b9651e69c405293fa2fa [3] http://crrev.com/c/613167
,
Jun 15 2018
Thank you for finding this. Apparently, the said tests are not doing what they are intended to do. Probably we should get rid of MockHomedirs after fixing the said tests.
,
Jun 15 2018
> Probably we should get rid of MockHomedirs after fixing the said tests. BTW, this is exactly how I discovered this issue. I was trying this for bug 832395 (CL https://crrev.com/c/1098255), as a way to avoid changing half of the mocking code in the 3000-line file mount_unittests.cc. Although, in general, one may argue that for *unit* tests of class Foo it makes sense to use only *mocked* versions of classes on which Foo depends. Otherwise the test becomes more like an integration test, and we get into the nightmare of mocking out tons of low-level operations (which is exactly what has accumulated in mount_unittests.cc since years and make_tests.cc - see hundreds of mock expectations for FileExists(), ReadFile(), etc.). But that's, probably, a conceptual question which is detached from reality where no one would like to rewrite 3K lines of test code :)
,
Jun 18 2018
Files that are deleted in HomeDirs::Remove() are: /home/.shadow/<user_hash> /home/user/<user_hash> /home/root/<user_hash> Shadow root is not user in ephemeral case. The last two are only mount points for created cryptohome, so removing them is only user presence clean up. These directories are handled outside of MountEphemeralCryptohome(), so it's correct that they are removed when MountEphemeralCryptohome fails, however, test description is incorrect and some cleanup happens.
,
Jun 18 2018
But, IIUC, "/home/.shadow/<user_hash>" normally contains the user data - is it intended that it's cleared there? It's possible in theory that there's some actual data left there from when the user had been not ephemeral; although we probably don't care about this old data. In any case, looks like the main confusion arises from the unclear meaning of the "cleanup" word. Or, to put it differently, which kind of cleanup was considered as unwanted for this feature?
,
Jun 19 2018
It should be OK to delete "/home/.shadow/<user_hash>" as this directory should be deleted as soon as user becomes ephemeral. I agree that the main confusion is "cleanup" meaning here. Actually, the test is even not the best one as it just confirms very special behavior and even if the cleanup is happening, it doesn't brake anything as the data/directories should not exist anyway. It just checks that no unnecessary extra work is done. Do you think it will be OK to just update the wording here + check that Homedirs::Remove() is called anyway as it's OK behavior? Or should the tests be updated to not use MockHomedirs anymore?
,
Jul 31
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/b39ae7f9c6e18e6daf96d17baec810fe956c0670 commit b39ae7f9c6e18e6daf96d17baec810fe956c0670 Author: Maksim Ivanov <emaxx@chromium.org> Date: Tue Jul 31 23:37:23 2018 cryptohome: Use HomeDirs for loading VK in Mount Remove the duplicated logic from Mount, and use the already existing functionality provided by HomeDirs instead. Also fix comments in unit tests for ephemeral mount, in which some cleanup was actually happening despite the comments were claiming the opposite. BUG=chromium:832395, chromium:853012 TEST=existing tests Change-Id: I91845739f1bc80f2f1bcd276159221a8256a9f87 Reviewed-on: https://chromium-review.googlesource.com/1098255 Commit-Ready: Maksim Ivanov <emaxx@chromium.org> Tested-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/mock_homedirs.h [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/homedirs.h [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/vault_keyset_unittest.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/vault_keyset.h [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/mount.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/crypto_unittest.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/vault_keyset.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/mock_vault_keyset.h [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/crypto.h [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/crypto.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/homedirs_unittest.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/homedirs.cc [modify] https://crrev.com/b39ae7f9c6e18e6daf96d17baec810fe956c0670/cryptohome/mount_unittest.cc
,
Oct 12
,
Oct 31
Is it fixed?
,
Oct 31
Yes. |
|||
►
Sign in to add a comment |
|||
Comment 1 by emaxx@chromium.org
, Jun 14 2018