From: Disha Goel <disgoel@linux.ibm.com>
To: linux-block@vger.kernel.org
Cc: shinichiro.kawasaki@wdc.com, Disha Goel <disgoel@linux.ibm.com>
Subject: [PATCH blktests] blktrace/001: Skip test when kernel lockdown is enabled
Date: Fri, 24 Apr 2026 19:41:43 +0530 [thread overview]
Message-ID: <20260424141143.64528-1-disgoel@linux.ibm.com> (raw)
The blktrace/001 test fails on systems with Secure Boot enabled due to
kernel lockdown preventing access to debugfs. The test attempts to run
blktrace which requires access to /sys/kernel/debug/block/*/trace*
files, but kernel lockdown (enabled automatically with Secure Boot)
blocks this access, resulting in "Operation not permitted" errors.
Add _have_debugfs_access() helper function to detect kernel lockdown by
checking /sys/kernel/security/lockdown for [integrity] or
[confidentiality] modes. When detected, the test now skips gracefully
with a clear message: "kernel lockdown is enabled (Secure Boot may be
active)".
Also add _have_configfs check which was missing. The test uses
_configure_null_blk() which requires configfs to be mounted at
/sys/kernel/config.
Signed-off-by: Disha Goel <disgoel@linux.ibm.com>
---
common/rc | 14 ++++++++++++++
tests/blktrace/001 | 2 ++
2 files changed, 16 insertions(+)
diff --git a/common/rc b/common/rc
index 5350057..50d63e7 100644
--- a/common/rc
+++ b/common/rc
@@ -205,6 +205,20 @@ _have_blktrace() {
_have_program blktrace
}
+_have_debugfs_access() {
+ # Check if kernel lockdown is preventing debugfs access
+ # This happens when Secure Boot is enabled
+ if [[ -f /sys/kernel/security/lockdown ]]; then
+ local lockdown_state
+ lockdown_state=$(cat /sys/kernel/security/lockdown 2>/dev/null)
+ if [[ "$lockdown_state" =~ \[integrity\]|\[confidentiality\] ]]; then
+ SKIP_REASONS+=("kernel lockdown is enabled (Secure Boot may be active)")
+ return 1
+ fi
+ fi
+ return 0
+}
+
_have_configfs() {
if ! findmnt -t configfs /sys/kernel/config >/dev/null; then
SKIP_REASONS+=("configfs is not mounted at /sys/kernel/config")
diff --git a/tests/blktrace/001 b/tests/blktrace/001
index 2cdad02..4fe7807 100755
--- a/tests/blktrace/001
+++ b/tests/blktrace/001
@@ -22,6 +22,8 @@ requires() {
_have_program blkzone
_have_null_blk
_have_module_param null_blk zoned
+ _have_configfs
+ _have_debugfs_access
}
test() {
--
2.45.1
next reply other threads:[~2026-04-24 14:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 14:11 Disha Goel [this message]
2026-04-29 13:52 ` [PATCH blktests] blktrace/001: Skip test when kernel lockdown is enabled Shin'ichiro Kawasaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260424141143.64528-1-disgoel@linux.ibm.com \
--to=disgoel@linux.ibm.com \
--cc=linux-block@vger.kernel.org \
--cc=shinichiro.kawasaki@wdc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox