From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cyril Hrubis Date: Tue, 21 Jul 2020 17:26:06 +0200 Subject: [LTP] [PATCH 1/3] lib: add function to check for kernel lockdown In-Reply-To: <20200720194920.22784-1-ernunes@redhat.com> References: <20200720194920.22784-1-ernunes@redhat.com> Message-ID: <20200721152606.GA13733@yuki.lan> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: ltp@lists.linux.it Hi! > Some syscalls are not available if the kernel is booted using the > 'lockdown' feature. That can cause some tests to report fail, showing > a message like: > > Lockdown: iopl01: iopl is restricted; see man kernel_lockdown.7 > > This patch adds a function that can be used by tests to check for this > case, so tests can be skipped rather than reporting a test failure. > > Signed-off-by: Erico Nunes > --- > include/tst_lockdown.h | 8 ++++++++ > include/tst_test.h | 1 + > lib/tst_lockdown.c | 28 ++++++++++++++++++++++++++++ > 3 files changed, 37 insertions(+) > create mode 100644 include/tst_lockdown.h > create mode 100644 lib/tst_lockdown.c > > diff --git a/include/tst_lockdown.h b/include/tst_lockdown.h > new file mode 100644 > index 000000000..8db26d943 > --- /dev/null > +++ b/include/tst_lockdown.h > @@ -0,0 +1,8 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > + > +#ifndef TST_LOCKDOWN_H > +#define TST_LOCKDOWN_H > + > +void tst_lockdown_skip(void); > + > +#endif /* TST_LOCKDOWN_H */ > diff --git a/include/tst_test.h b/include/tst_test.h > index b84f7b9dd..b02de4597 100644 > --- a/include/tst_test.h > +++ b/include/tst_test.h > @@ -40,6 +40,7 @@ > #include "tst_hugepage.h" > #include "tst_assert.h" > #include "tst_cgroup.h" > +#include "tst_lockdown.h" > > /* > * Reports testcase result. > diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c > new file mode 100644 > index 000000000..d57a6bdf3 > --- /dev/null > +++ b/lib/tst_lockdown.c > @@ -0,0 +1,28 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > + > +#define TST_NO_DEFAULT_MAIN > + > +#include > +#include > +#include > + > +#include "tst_test.h" > +#include "tst_safe_macros.h" > +#include "tst_safe_stdio.h" > +#include "tst_lockdown.h" > + > +void tst_lockdown_skip(void) > +{ > + char line[BUFSIZ]; > + FILE *file; > + > + if (access("/sys/kernel/security/lockdown", F_OK) != 0) > + return; > + > + file = SAFE_FOPEN("/sys/kernel/security/lockdown", "r"); > + fgets(line, sizeof(line), file); The compiler complains that we haven't checked the return value here I guess that we can silence it with: if (!fgets(line, sizeof(line), file) return; > + SAFE_FCLOSE(file); > + > + if (strstr(line, "[none]") == NULL) > + tst_brk(TCONF, "Kernel is locked down, skip this test."); > +} > -- > 2.26.2 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp -- Cyril Hrubis chrubis@suse.cz