From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 1/3] lib: add function to check for kernel lockdown
Date: Tue, 21 Jul 2020 17:26:06 +0200 [thread overview]
Message-ID: <20200721152606.GA13733@yuki.lan> (raw)
In-Reply-To: <20200720194920.22784-1-ernunes@redhat.com>
Hi!
> Some syscalls are not available if the kernel is booted using the
> 'lockdown' feature. That can cause some tests to report fail, showing
> a message like:
>
> Lockdown: iopl01: iopl is restricted; see man kernel_lockdown.7
>
> This patch adds a function that can be used by tests to check for this
> case, so tests can be skipped rather than reporting a test failure.
>
> Signed-off-by: Erico Nunes <ernunes@redhat.com>
> ---
> include/tst_lockdown.h | 8 ++++++++
> include/tst_test.h | 1 +
> lib/tst_lockdown.c | 28 ++++++++++++++++++++++++++++
> 3 files changed, 37 insertions(+)
> create mode 100644 include/tst_lockdown.h
> create mode 100644 lib/tst_lockdown.c
>
> diff --git a/include/tst_lockdown.h b/include/tst_lockdown.h
> new file mode 100644
> index 000000000..8db26d943
> --- /dev/null
> +++ b/include/tst_lockdown.h
> @@ -0,0 +1,8 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +
> +#ifndef TST_LOCKDOWN_H
> +#define TST_LOCKDOWN_H
> +
> +void tst_lockdown_skip(void);
> +
> +#endif /* TST_LOCKDOWN_H */
> diff --git a/include/tst_test.h b/include/tst_test.h
> index b84f7b9dd..b02de4597 100644
> --- a/include/tst_test.h
> +++ b/include/tst_test.h
> @@ -40,6 +40,7 @@
> #include "tst_hugepage.h"
> #include "tst_assert.h"
> #include "tst_cgroup.h"
> +#include "tst_lockdown.h"
>
> /*
> * Reports testcase result.
> diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c
> new file mode 100644
> index 000000000..d57a6bdf3
> --- /dev/null
> +++ b/lib/tst_lockdown.c
> @@ -0,0 +1,28 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +
> +#define TST_NO_DEFAULT_MAIN
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <sys/mount.h>
> +
> +#include "tst_test.h"
> +#include "tst_safe_macros.h"
> +#include "tst_safe_stdio.h"
> +#include "tst_lockdown.h"
> +
> +void tst_lockdown_skip(void)
> +{
> + char line[BUFSIZ];
> + FILE *file;
> +
> + if (access("/sys/kernel/security/lockdown", F_OK) != 0)
> + return;
> +
> + file = SAFE_FOPEN("/sys/kernel/security/lockdown", "r");
> + fgets(line, sizeof(line), file);
The compiler complains that we haven't checked the return value here I
guess that we can silence it with:
if (!fgets(line, sizeof(line), file)
return;
> + SAFE_FCLOSE(file);
> +
> + if (strstr(line, "[none]") == NULL)
> + tst_brk(TCONF, "Kernel is locked down, skip this test.");
> +}
> --
> 2.26.2
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
next prev parent reply other threads:[~2020-07-21 15:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 19:49 [LTP] [PATCH 1/3] lib: add function to check for kernel lockdown Erico Nunes
2020-07-20 19:49 ` [LTP] [PATCH 2/3] ioperm01: skip test if kernel is locked down Erico Nunes
2020-07-21 15:26 ` Cyril Hrubis
2020-07-22 15:52 ` Erico Nunes
2020-07-20 19:49 ` [LTP] [PATCH 3/3] iopl01: " Erico Nunes
2020-07-21 15:29 ` Cyril Hrubis
2020-07-21 7:46 ` [LTP] [PATCH 1/3] lib: add function to check for kernel lockdown Li Wang
2020-07-21 8:57 ` Erico Nunes
2020-07-21 13:19 ` Li Wang
2020-07-22 15:52 ` Erico Nunes
2020-07-22 15:58 ` Cyril Hrubis
2020-07-23 7:51 ` Li Wang
2020-07-21 15:26 ` Cyril Hrubis [this message]
2020-07-22 15:52 ` Erico Nunes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200721152606.GA13733@yuki.lan \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.