From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: "Jonathan Corbet" <corbet@lwn.net>,
"Shuah Khan" <skhan@linuxfoundation.org>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Eric Biggers" <ebiggers@kernel.org>, "Fan Wu" <wufan@kernel.org>,
James.Bottomley@HansenPartnership.com,
"Blaise Boscaccy" <bboscaccy@linux.microsoft.com>,
linux-security-module@vger.kernel.org
Subject: [PATCH 04/11] selftests: hornet: handle cross compilation and test skipping
Date: Wed, 27 May 2026 20:08:13 -0700 [thread overview]
Message-ID: <20260528030915.2654994-5-bboscaccy@linux.microsoft.com> (raw)
In-Reply-To: <20260528030915.2654994-1-bboscaccy@linux.microsoft.com>
There were a few spots in the hornet selftest makefile where some host
resources were assumed to be used. Additionally add proper skip
detection for scenarios where the autogenerated signing keys don't
exist.
Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
---
tools/testing/selftests/hornet/Makefile | 114 ++++++++++++++++++------
1 file changed, 89 insertions(+), 25 deletions(-)
diff --git a/tools/testing/selftests/hornet/Makefile b/tools/testing/selftests/hornet/Makefile
index 316364f95f28c..460adab35e238 100644
--- a/tools/testing/selftests/hornet/Makefile
+++ b/tools/testing/selftests/hornet/Makefile
@@ -5,59 +5,123 @@ include ../../../scripts/Makefile.include
CLANG ?= clang
CFLAGS := -g -O2 -Wall
+TOOLSDIR := $(abspath ../../..)
BPFTOOL ?= $(TOOLSDIR)/bpf/bpftool/bpftool
SCRIPTSDIR := $(abspath ../../../../scripts/hornet)
-TOOLSDIR := $(abspath ../../..)
LIBDIR := $(TOOLSDIR)/lib
BPFDIR := $(LIBDIR)/bpf
TOOLSINCDIR := $(TOOLSDIR)/include
APIDIR := $(TOOLSINCDIR)/uapi
CERTDIR := $(abspath ../../../../certs)
-PKG_CONFIG ?= $(CROSS_COMPILE)pkg-config
+HOSTPKG_CONFIG ?= pkg-config
+
+SIGNING_KEY := $(CERTDIR)/signing_key.pem
+SIGNING_CERT := $(CERTDIR)/signing_key.x509
+
+VMLINUX_BTF_PATHS ?= $(if $(O),$(O)/vmlinux) \
+ $(if $(KBUILD_OUTPUT),$(KBUILD_OUTPUT)/vmlinux) \
+ ../../../../vmlinux \
+ /sys/kernel/btf/vmlinux \
+ /boot/vmlinux-$(shell uname -r)
+VMLINUX_BTF ?= $(abspath $(firstword $(wildcard $(VMLINUX_BTF_PATHS))))
+
+# The hornet selftest needs the kernel module signing key/cert (generated when
+# the kernel is built with CONFIG_MODULE_SIG=y), a bpftool binary, and a
+# vmlinux with BTF for trivial.bpf.o. If any of those are missing (cross-build
+# without artifacts, container CI, CONFIG_MODULE_SIG disabled, etc.) skip the
+# targets rather than failing the global selftests build.
+hornet_skip_reason :=
+ifeq ($(wildcard $(SIGNING_KEY)),)
+hornet_skip_reason := module signing key not found at $(SIGNING_KEY) (build the kernel with CONFIG_MODULE_SIG=y first)
+else ifeq ($(wildcard $(SIGNING_CERT)),)
+hornet_skip_reason := module signing cert not found at $(SIGNING_CERT)
+else ifeq ($(wildcard $(BPFTOOL)),)
+hornet_skip_reason := bpftool not found at $(BPFTOOL) (build it under tools/bpf/bpftool first)
+else ifeq ($(VMLINUX_BTF),)
+hornet_skip_reason := no vmlinux with BTF found; tried $(VMLINUX_BTF_PATHS) (build the kernel with CONFIG_DEBUG_INFO_BTF=y or set VMLINUX_BTF=)
+endif
+
+ifneq ($(hornet_skip_reason),)
+$(warning Skipping hornet selftests: $(hornet_skip_reason))
+TEST_GEN_PROGS :=
+TEST_GEN_FILES :=
+
+include ../lib.mk
+
+else
TEST_GEN_PROGS := loader
TEST_GEN_FILES := vmlinux.h loader.h trivial.bpf.o map.bin sig.bin insn.bin signed_loader.h
-$(TEST_GEN_PROGS): LDLIBS += -lbpf
-$(TEST_GEN_PROGS): $(TEST_GEN_FILES)
include ../lib.mk
-BPF_CFLAGS := -target bpf \
- -D__TARGET_ARCH_$(ARCH) \
- -I/usr/include/$(shell uname -m)-linux-gnu \
+define get_sys_includes
+$(shell $(1) $(2) -v -E - </dev/null 2>&1 \
+ | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }') \
+$(shell $(1) $(2) -dM -E - </dev/null | grep '__riscv_xlen ' | awk '{printf("-D__riscv_xlen=%d -D__BITS_PER_LONG=%d", $$3, $$3)}') \
+$(shell $(1) $(2) -dM -E - </dev/null | grep '__loongarch_grlen ' | awk '{printf("-D__BITS_PER_LONG=%d", $$3)}') \
+$(shell $(1) $(2) -dM -E - </dev/null | grep -E 'MIPS(EL|EB)|_MIPS_SZ(PTR|LONG) |_MIPS_SIM |_ABI(O32|N32|64) ' | awk '{printf("-D%s=%s ", $$2, $$3)}')
+endef
+
+ifneq ($(CROSS_COMPILE),)
+CLANG_TARGET_ARCH = --target=$(notdir $(CROSS_COMPILE:%-=%))
+endif
+CLANG_SYS_INCLUDES = $(call get_sys_includes,$(CLANG),$(CLANG_TARGET_ARCH))
+
+IS_LITTLE_ENDIAN := $(shell $(CC) -dM -E - </dev/null | \
+ grep 'define __BYTE_ORDER__ __ORDER_LITTLE_ENDIAN__')
+BPF_TARGET_ENDIAN := $(if $(IS_LITTLE_ENDIAN),--target=bpfel,--target=bpfeb)
+
+BPF_CFLAGS := $(BPF_TARGET_ENDIAN) \
+ -D__TARGET_ARCH_$(SRCARCH) \
+ $(CLANG_SYS_INCLUDES) \
$(KHDR_INCLUDES)
-vmlinux.h:
- $(BPFTOOL) btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
+$(OUTPUT)/vmlinux.h: $(VMLINUX_BTF) $(BPFTOOL)
+ $(BPFTOOL) btf dump file $(VMLINUX_BTF) format c > $@
-trivial.bpf.o: trivial.bpf.c vmlinux.h
- $(CLANG) $(CFLAGS) $(BPF_CFLAGS) -c $< -o $@
+$(OUTPUT)/trivial.bpf.o: trivial.bpf.c $(OUTPUT)/vmlinux.h
+ $(CLANG) $(CFLAGS) $(BPF_CFLAGS) -I$(OUTPUT) -c $< -o $@
-loader.h: trivial.bpf.o
- $(BPFTOOL) gen skeleton -S -k $(CERTDIR)/signing_key.pem -i $(CERTDIR)/signing_key.x509 \
+$(OUTPUT)/loader.h: $(OUTPUT)/trivial.bpf.o
+ $(BPFTOOL) gen skeleton -S -k $(SIGNING_KEY) -i $(SIGNING_CERT) \
-L $< name trivial > $@
-insn.bin: loader.h
+$(OUTPUT)/insn.bin: $(OUTPUT)/loader.h
$(SCRIPTSDIR)/extract-insn.sh $< > $@
-map.bin: loader.h
+$(OUTPUT)/map.bin: $(OUTPUT)/loader.h
$(SCRIPTSDIR)/extract-map.sh $< > $@
$(OUTPUT)/gen_sig: ../../../../scripts/hornet/gen_sig.c
$(call msg,GEN_SIG,,$@)
- $(Q)$(CC) $(shell $(PKG_CONFIG) --cflags libcrypto 2> /dev/null) \
+ $(Q)$(HOSTCC) $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) \
$< -o $@ \
- $(shell $(PKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
+ $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
+
+$(OUTPUT)/sig.bin: $(OUTPUT)/insn.bin $(OUTPUT)/map.bin $(OUTPUT)/gen_sig
+ $(OUTPUT)/gen_sig --key $(SIGNING_KEY) --cert $(SIGNING_CERT) \
+ --data $(OUTPUT)/insn.bin --add $(OUTPUT)/map.bin --out $@
+
+$(OUTPUT)/signed_loader.h: $(OUTPUT)/sig.bin $(OUTPUT)/loader.h
+ $(SCRIPTSDIR)/write-sig.sh $(OUTPUT)/loader.h $(OUTPUT)/sig.bin > $@
+
+BPFOBJ := $(OUTPUT)/libbpf/libbpf.a
+
+$(OUTPUT)/libbpf:
+ $(Q)mkdir -p $@
-sig.bin: insn.bin map.bin $(OUTPUT)/gen_sig
- $(OUTPUT)/gen_sig --key $(CERTDIR)/signing_key.pem --cert $(CERTDIR)/signing_key.x509 \
- --data insn.bin --add map.bin --out sig.bin
+$(BPFOBJ): $(wildcard $(BPFDIR)/*.[ch] $(BPFDIR)/Makefile) \
+ $(APIDIR)/linux/bpf.h | $(OUTPUT)/libbpf
+ $(Q)$(MAKE) -C $(BPFDIR) OUTPUT=$(OUTPUT)/libbpf/ \
+ DESTDIR=$(OUTPUT) prefix= \
+ $(BPFOBJ) install_headers
-signed_loader.h: sig.bin
- $(SCRIPTSDIR)/write-sig.sh loader.h sig.bin > $@
+$(OUTPUT)/loader: loader.c $(OUTPUT)/signed_loader.h $(BPFOBJ)
+ $(CC) $(CFLAGS) -I$(LIBDIR) -I$(APIDIR) -I$(OUTPUT) \
+ $< $(BPFOBJ) -o $@ -lelf -lz
-loader: loader.c signed_loader.h
- $(CC) $(CFLAGS) -I$(LIBDIR) -I$(APIDIR) $< -o $@ -lbpf
+EXTRA_CLEAN = $(OUTPUT)/gen_sig $(OUTPUT)/libbpf
-EXTRA_CLEAN = $(OUTPUT)/gen_sig
+endif
--
2.53.0
next prev parent reply other threads:[~2026-05-28 3:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-28 3:08 [PATCH 00/11] hornet: security, tooling and selftest fixes Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 01/11] hornet: fix TOCTOU in signed program verification Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 02/11] hornet: invert map set check logic Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 03/11] hornet: fix off-by-one bug in max used maps check Blaise Boscaccy
2026-05-28 3:08 ` Blaise Boscaccy [this message]
2026-05-28 3:08 ` [PATCH 05/11] hornet: gen_sig: fix off-by-one check for used maps Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 06/11] hornet: gen_sig: fix error string allocations Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 07/11] hornet: gen_sig: check for bad allocations Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 08/11] hornet: gen_sig: fix missing command line switches Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 09/11] hornet: scripts: set a non-zero error code for usage Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 10/11] hornet: scripts: harden scripts to handle trailing whitespace Blaise Boscaccy
2026-05-28 3:08 ` [PATCH 11/11] hornet: scripts: Improve argument handling and error messages Blaise Boscaccy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260528030915.2654994-5-bboscaccy@linux.microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=corbet@lwn.net \
--cc=ebiggers@kernel.org \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=skhan@linuxfoundation.org \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox