| Message ID | 20230921140721.11382-1-chrubis@suse.cz |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] lib: tst_test: Fix lockdown detection on missing sysfs | expand |
On Thu, Sep 21, 2023 at 10:06 PM Cyril Hrubis <chrubis@suse.cz> wrote: > The lockdown detection function reports -1 when secure boot sysfs file > is not present, which is later mistakenly interpreted as secure boot > enabled in tst_test.c. > > This causes regression in *_module sycall tests executed on systems when > secureboot is not compiled-in or supported at all. > > Check properly if secure boot is enabled by checking that the return > value from these functions is positive. > Should we fix the detection of additional those too? finit_module02.c, init_module02.c, madvise11.c Otherwise, this method looks good. Reviewed-by: Li Wang <liwang@redhat.com> > > Signed-off-by: Cyril Hrubis <chrubis@suse.cz> > --- > lib/tst_test.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/tst_test.c b/lib/tst_test.c > index 2e58cad33..e2c195645 100644 > --- a/lib/tst_test.c > +++ b/lib/tst_test.c > @@ -1163,10 +1163,10 @@ static void do_setup(int argc, char *argv[]) > if (tst_test->supported_archs && > !tst_is_on_arch(tst_test->supported_archs)) > tst_brk(TCONF, "This arch '%s' is not supported for > test!", tst_arch.name); > > - if (tst_test->skip_in_lockdown && tst_lockdown_enabled()) > + if (tst_test->skip_in_lockdown && tst_lockdown_enabled() > 0) > tst_brk(TCONF, "Kernel is locked down, skipping test"); > > - if (tst_test->skip_in_secureboot && tst_secureboot_enabled()) > + if (tst_test->skip_in_secureboot && tst_secureboot_enabled() > 0) > tst_brk(TCONF, "SecureBoot enabled, skipping test"); > > if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits()) > -- > 2.41.0 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp > >
Hi, Reviewed-by: Martin Doucha <mdoucha@suse.cz> On 21. 09. 23 16:07, Cyril Hrubis wrote: > The lockdown detection function reports -1 when secure boot sysfs file > is not present, which is later mistakenly interpreted as secure boot > enabled in tst_test.c. > > This causes regression in *_module sycall tests executed on systems when > secureboot is not compiled-in or supported at all. > > Check properly if secure boot is enabled by checking that the return > value from these functions is positive. > > Signed-off-by: Cyril Hrubis <chrubis@suse.cz> > --- > lib/tst_test.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/tst_test.c b/lib/tst_test.c > index 2e58cad33..e2c195645 100644 > --- a/lib/tst_test.c > +++ b/lib/tst_test.c > @@ -1163,10 +1163,10 @@ static void do_setup(int argc, char *argv[]) > if (tst_test->supported_archs && !tst_is_on_arch(tst_test->supported_archs)) > tst_brk(TCONF, "This arch '%s' is not supported for test!", tst_arch.name); > > - if (tst_test->skip_in_lockdown && tst_lockdown_enabled()) > + if (tst_test->skip_in_lockdown && tst_lockdown_enabled() > 0) > tst_brk(TCONF, "Kernel is locked down, skipping test"); > > - if (tst_test->skip_in_secureboot && tst_secureboot_enabled()) > + if (tst_test->skip_in_secureboot && tst_secureboot_enabled() > 0) > tst_brk(TCONF, "SecureBoot enabled, skipping test"); > > if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits())
Hi! > Should we fix the detection of additional those too? > finit_module02.c, init_module02.c, madvise11.c > > Otherwise, this method looks good. > Reviewed-by: Li Wang <liwang@redhat.com> Pushed as well as patches from martin the fixed the rest.
diff --git a/lib/tst_test.c b/lib/tst_test.c index 2e58cad33..e2c195645 100644 --- a/lib/tst_test.c +++ b/lib/tst_test.c @@ -1163,10 +1163,10 @@ static void do_setup(int argc, char *argv[]) if (tst_test->supported_archs && !tst_is_on_arch(tst_test->supported_archs)) tst_brk(TCONF, "This arch '%s' is not supported for test!", tst_arch.name); - if (tst_test->skip_in_lockdown && tst_lockdown_enabled()) + if (tst_test->skip_in_lockdown && tst_lockdown_enabled() > 0) tst_brk(TCONF, "Kernel is locked down, skipping test"); - if (tst_test->skip_in_secureboot && tst_secureboot_enabled()) + if (tst_test->skip_in_secureboot && tst_secureboot_enabled() > 0) tst_brk(TCONF, "SecureBoot enabled, skipping test"); if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits())
The lockdown detection function reports -1 when secure boot sysfs file is not present, which is later mistakenly interpreted as secure boot enabled in tst_test.c. This causes regression in *_module sycall tests executed on systems when secureboot is not compiled-in or supported at all. Check properly if secure boot is enabled by checking that the return value from these functions is positive. Signed-off-by: Cyril Hrubis <chrubis@suse.cz> --- lib/tst_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)