[LTP] [PATCH v2 0/2] module signature enforcement helpers

[LTP] [PATCH v2 0/2] module signature enforcement helpers

[Petr Vorel]

Changes v1->v2:
* tpci.c: move tst_check_module_signature_enforced() after tst_sig(FORK, DEF_HANDLER, cleanup);
* finit_module01.c: restore sig_enforce()

Petr Vorel (2):
  lib: Add helpers for module signature enforcement
  device-drivers: *module: Use helpers for module signature enforcement

 include/old/old_module.h                      | 33 +++++++++++++++++++
 include/tst_module.h                          | 17 ++++++++++
 lib/tst_module.c                              | 24 ++++++++++++++
 .../kernel/device-drivers/acpi/ltp_acpi.c     | 11 +------
 .../block/block_dev_user/block_dev.c          |  9 +----
 .../device-drivers/pci/tpci_user/tpci.c       | 11 +------
 .../kernel/device-drivers/uaccess/uaccess.c   | 11 +------
 .../kernel/firmware/fw_load_user/fw_load.c    | 10 +-----
 .../syscalls/delete_module/delete_module01.c  |  9 +----
 .../syscalls/delete_module/delete_module03.c  |  9 +----
 .../syscalls/finit_module/finit_module01.c    |  9 +----
 .../syscalls/finit_module/finit_module02.c    |  7 +---
 .../syscalls/init_module/init_module01.c      |  8 +----
 .../syscalls/init_module/init_module02.c      |  7 +---
 14 files changed, 85 insertions(+), 90 deletions(-)

-- 
2.45.2


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v2 1/2] lib: Add helpers for module signature enforcement

[Petr Vorel]

Add them to both legacy and new API (used in both).

NOTE: because test is called often in the setup function
don't call a cleanup function in the old API version.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
The same as in v1.

 include/old/old_module.h | 33 +++++++++++++++++++++++++++++++++
 include/tst_module.h     | 17 +++++++++++++++++
 lib/tst_module.c         | 24 ++++++++++++++++++++++++
 3 files changed, 74 insertions(+)

diff --git a/include/old/old_module.h b/include/old/old_module.h
index 496520d64d..b2ea06d0c2 100644
--- a/include/old/old_module.h
+++ b/include/old/old_module.h
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2013 Oracle and/or its affiliates. All Rights Reserved.
+ * Copyright (c) Linux Test Project, 2016-2024
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
@@ -34,6 +35,8 @@
 #ifndef TST_MODULE
 #define TST_MODULE
 
+#include <stdbool.h>
+
 void tst_module_exists_(void (cleanup_fn)(void), const char *mod_name,
 					 char **mod_path);
 
@@ -42,6 +45,9 @@ void tst_module_load_(void (cleanup_fn)(void), const char *mod_name,
 
 void tst_module_unload_(void (cleanup_fn)(void), const char *mod_name);
 
+bool tst_module_signature_enforced_(void);
+void tst_check_module_signature_enforced_(void);
+
 /*
  * Check module existence.
  *
@@ -86,4 +92,31 @@ static inline void tst_module_unload(void (cleanup_fn)(void), const char *mod_na
 	tst_module_unload_(cleanup_fn, mod_name);
 }
 
+/**
+ * tst_check_module_signature_enforced() - Check if enforced module signature.
+ *
+ * Module signature is enforced if module.sig_enforce=1 kernel parameter or
+ * CONFIG_MODULE_SIG_FORCE=y.
+ *
+ * return: Returns true if module signature is enforced false otherwise.
+ *
+ */
+static inline bool tst_module_signature_enforced(void)
+{
+	return tst_module_signature_enforced_();
+}
+
+/**
+ * tst_check_module_signature_enforced() - Check if test needs to be skipped due
+ * enforced module signature.
+ *
+ * Skip test with tst_brk(TCONF) due module signature enforcement if
+ * module.sig_enforce=1 kernel parameter or CONFIG_MODULE_SIG_FORCE=y.
+ */
+
+static inline void tst_check_module_signature_enforced(void)
+{
+	tst_check_module_signature_enforced_();
+}
+
 #endif /* TST_MODULE */
diff --git a/include/tst_module.h b/include/tst_module.h
index 2654c5afb6..8353742e1c 100644
--- a/include/tst_module.h
+++ b/include/tst_module.h
@@ -1,12 +1,15 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2013 Oracle and/or its affiliates. All Rights Reserved.
+ * Copyright (c) Linux Test Project, 2016-2024
  * Alexey Kodanev <alexey.kodanev@oracle.com>
  */
 
 #ifndef TST_MODULE_H
 #define TST_MODULE_H
 
+#include <stdbool.h>
+
 void tst_module_exists_(void (cleanup_fn)(void), const char *mod_name,
 					 char **mod_path);
 
@@ -30,4 +33,18 @@ static inline void tst_module_unload(const char *mod_name)
 	tst_module_unload_(NULL, mod_name);
 }
 
+bool tst_module_signature_enforced_(void);
+
+static inline bool tst_module_signature_enforced(void)
+{
+	return tst_module_signature_enforced_();
+}
+
+void tst_check_module_signature_enforced_(void);
+
+static inline void tst_check_module_signature_enforced(void)
+{
+	tst_check_module_signature_enforced_();
+}
+
 #endif /* TST_MODULE_H */
diff --git a/lib/tst_module.c b/lib/tst_module.c
index 9bd4436236..caf311f803 100644
--- a/lib/tst_module.c
+++ b/lib/tst_module.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2013 Oracle and/or its affiliates. All Rights Reserved.
+ * Copyright (c) Linux Test Project, 2016-2024
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
@@ -23,8 +24,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <stdbool.h>
 
 #include "test.h"
+#include "tst_kconfig.h"
 #include "ltp_priv.h"
 #include "old_module.h"
 
@@ -122,3 +125,24 @@ void tst_module_unload_(void (cleanup_fn)(void), const char *mod_name)
 			 "could not unload %s module", mod_name);
 	}
 }
+
+bool tst_module_signature_enforced_(void)
+{
+	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
+	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
+	int rc;
+
+	tst_kcmdline_parse(&params, 1);
+	tst_kconfig_read(&kconfig, 1);
+
+	rc = params.found || kconfig.choice == 'y';
+	tst_resm(TINFO, "module signature enforcement: %s", rc ? "on" : "off");
+
+	return rc;
+}
+
+void tst_check_module_signature_enforced_(void)
+{
+	if (tst_module_signature_enforced_())
+		tst_brkm(TCONF, NULL, "module signature is enforced, skip test");
+}
-- 
2.45.2


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v2 2/2] device-drivers: *module: Use helpers for module signature enforcement

[Petr Vorel]

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Changes v1->v2:
* tpci.c: move tst_check_module_signature_enforced() after tst_sig(FORK, DEF_HANDLER, cleanup);
* finit_module01.c: restore sig_enforce()

 testcases/kernel/device-drivers/acpi/ltp_acpi.c       | 11 +----------
 .../device-drivers/block/block_dev_user/block_dev.c   |  9 +--------
 testcases/kernel/device-drivers/pci/tpci_user/tpci.c  | 11 +----------
 testcases/kernel/device-drivers/uaccess/uaccess.c     | 11 +----------
 testcases/kernel/firmware/fw_load_user/fw_load.c      | 10 +---------
 .../kernel/syscalls/delete_module/delete_module01.c   |  9 +--------
 .../kernel/syscalls/delete_module/delete_module03.c   |  9 +--------
 .../kernel/syscalls/finit_module/finit_module01.c     |  9 +--------
 .../kernel/syscalls/finit_module/finit_module02.c     |  7 +------
 testcases/kernel/syscalls/init_module/init_module01.c |  8 +-------
 testcases/kernel/syscalls/init_module/init_module02.c |  7 +------
 11 files changed, 11 insertions(+), 90 deletions(-)

diff --git a/testcases/kernel/device-drivers/acpi/ltp_acpi.c b/testcases/kernel/device-drivers/acpi/ltp_acpi.c
index c674b20321..eb5e197239 100644
--- a/testcases/kernel/device-drivers/acpi/ltp_acpi.c
+++ b/testcases/kernel/device-drivers/acpi/ltp_acpi.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 
 #include "test.h"
-#include "tst_kconfig.h"
 #include "old_module.h"
 #include "safe_macros.h"
 
@@ -129,20 +128,12 @@ static void test_run(void)
 int main(int argc, char *argv[])
 {
 	int acpi_disabled;
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
 
 	tst_parse_opts(argc, argv, NULL, NULL);
-
 	tst_require_root();
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brkm(TCONF, tst_exit, "module signature is enforced, skip test");
-
 	tst_sig(FORK, DEF_HANDLER, cleanup);
 
+	tst_check_module_signature_enforced();
 	tst_module_load(NULL, module_name, NULL);
 	module_loaded = 1;
 
diff --git a/testcases/kernel/device-drivers/block/block_dev_user/block_dev.c b/testcases/kernel/device-drivers/block/block_dev_user/block_dev.c
index 2c3ffd9203..98b786a90b 100644
--- a/testcases/kernel/device-drivers/block/block_dev_user/block_dev.c
+++ b/testcases/kernel/device-drivers/block/block_dev_user/block_dev.c
@@ -17,7 +17,6 @@
 #include <unistd.h>
 #include <string.h>
 
-#include "tst_kconfig.h"
 #include "tst_test.h"
 #include "tst_module.h"
 
@@ -42,13 +41,7 @@ static void cleanup(void)
 
 static void run(unsigned int n)
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brk(TCONF, "module signature is enforced, skip test");
+	tst_check_module_signature_enforced();
 
 	/*
 	 * test-cases #8 and #9 can crash the kernel.
diff --git a/testcases/kernel/device-drivers/pci/tpci_user/tpci.c b/testcases/kernel/device-drivers/pci/tpci_user/tpci.c
index aa07fdb427..faace7727b 100644
--- a/testcases/kernel/device-drivers/pci/tpci_user/tpci.c
+++ b/testcases/kernel/device-drivers/pci/tpci_user/tpci.c
@@ -27,7 +27,6 @@
 #include <errno.h>
 
 #include "test.h"
-#include "tst_kconfig.h"
 #include "safe_macros.h"
 #include "old_module.h"
 
@@ -50,17 +49,9 @@ static void cleanup(void)
 
 void setup(void)
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
 	tst_require_root();
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brkm(TCONF, tst_exit, "module signature is enforced, skip test");
-
 	tst_sig(FORK, DEF_HANDLER, cleanup);
+	tst_check_module_signature_enforced();
 }
 
 static void run_pci_testcases(int bus, int slot)
diff --git a/testcases/kernel/device-drivers/uaccess/uaccess.c b/testcases/kernel/device-drivers/uaccess/uaccess.c
index c6dfeb8456..58bef13ef3 100644
--- a/testcases/kernel/device-drivers/uaccess/uaccess.c
+++ b/testcases/kernel/device-drivers/uaccess/uaccess.c
@@ -27,7 +27,6 @@
 #include <unistd.h>
 
 #include "test.h"
-#include "tst_kconfig.h"
 #include "old_module.h"
 #include "safe_macros.h"
 
@@ -93,20 +92,12 @@ static void tc_write_userspace(void)
 
 int main(int argc, char *argv[])
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
 	tst_parse_opts(argc, argv, NULL, NULL);
 
 	tst_require_root();
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brkm(TCONF, tst_exit, "module signature is enforced, skip test");
-
 	tst_sig(FORK, DEF_HANDLER, cleanup);
 
+	tst_check_module_signature_enforced();
 	tst_module_load(NULL, module_name, NULL);
 	module_loaded = 1;
 
diff --git a/testcases/kernel/firmware/fw_load_user/fw_load.c b/testcases/kernel/firmware/fw_load_user/fw_load.c
index b34b56fae5..7ebb2cc8ed 100644
--- a/testcases/kernel/firmware/fw_load_user/fw_load.c
+++ b/testcases/kernel/firmware/fw_load_user/fw_load.c
@@ -29,7 +29,6 @@
 #include <string.h>
 
 #include "test.h"
-#include "tst_kconfig.h"
 #include "safe_macros.h"
 #include "old_module.h"
 
@@ -103,9 +102,6 @@ static void help(void)
 
 void setup(int argc, char *argv[])
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
 	tst_parse_opts(argc, argv, options, help);
 
 	if (nflag) {
@@ -116,11 +112,7 @@ void setup(int argc, char *argv[])
 	}
 
 	tst_require_root();
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brkm(TCONF, tst_exit, "module signature is enforced, skip test");
+	tst_check_module_signature_enforced();
 
 	char fw_size_param[19];
 	snprintf(fw_size_param, 19, "fw_size=%d", fw_size);
diff --git a/testcases/kernel/syscalls/delete_module/delete_module01.c b/testcases/kernel/syscalls/delete_module/delete_module01.c
index 5ccbe6fd5b..48b324309f 100644
--- a/testcases/kernel/syscalls/delete_module/delete_module01.c
+++ b/testcases/kernel/syscalls/delete_module/delete_module01.c
@@ -17,7 +17,6 @@
 #include <stdlib.h>
 #include "tst_test.h"
 #include "tst_module.h"
-#include "tst_kconfig.h"
 #include "lapi/syscalls.h"
 
 #define MODULE_NAME	"dummy_del_mod"
@@ -27,13 +26,7 @@ static int module_loaded;
 
 static void do_delete_module(void)
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brk(TCONF, "module signature is enforced, skip test");
+	tst_check_module_signature_enforced();
 
 	if (!module_loaded) {
 		tst_module_load(MODULE_NAME_KO, NULL);
diff --git a/testcases/kernel/syscalls/delete_module/delete_module03.c b/testcases/kernel/syscalls/delete_module/delete_module03.c
index 76ccfb1e25..be358381ef 100644
--- a/testcases/kernel/syscalls/delete_module/delete_module03.c
+++ b/testcases/kernel/syscalls/delete_module/delete_module03.c
@@ -16,7 +16,6 @@
 #include <errno.h>
 #include "tst_test.h"
 #include "tst_module.h"
-#include "tst_kconfig.h"
 #include "lapi/syscalls.h"
 
 #define DUMMY_MOD		"dummy_del_mod"
@@ -52,13 +51,7 @@ static void do_delete_module(void)
 
 static void setup(void)
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
-		tst_brk(TCONF, "module signature is enforced, skip test");
+	tst_check_module_signature_enforced();
 
 	/* Load first kernel module */
 	tst_module_load(DUMMY_MOD_KO, NULL);
diff --git a/testcases/kernel/syscalls/finit_module/finit_module01.c b/testcases/kernel/syscalls/finit_module/finit_module01.c
index d75e5e4753..ea00e48356 100644
--- a/testcases/kernel/syscalls/finit_module/finit_module01.c
+++ b/testcases/kernel/syscalls/finit_module/finit_module01.c
@@ -17,7 +17,6 @@
 #include <errno.h>
 #include "lapi/init_module.h"
 #include "tst_module.h"
-#include "tst_kconfig.h"
 
 #define MODULE_NAME	"finit_module.ko"
 
@@ -27,12 +26,7 @@ static char *mod_path;
 
 static void setup(void)
 {
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
-
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
+	if (tst_module_signature_enforced())
 		sig_enforce = 1;
 
 	tst_module_exists(MODULE_NAME, &mod_path);
@@ -43,7 +37,6 @@ static void setup(void)
 static void run(void)
 {
 	if (sig_enforce == 1) {
-		tst_res(TINFO, "module signature is enforced");
 		TST_EXP_FAIL(finit_module(fd, "status=valid", 0), EKEYREJECTED);
 		return;
 	}
diff --git a/testcases/kernel/syscalls/finit_module/finit_module02.c b/testcases/kernel/syscalls/finit_module/finit_module02.c
index dc81ae727d..e16164ee25 100644
--- a/testcases/kernel/syscalls/finit_module/finit_module02.c
+++ b/testcases/kernel/syscalls/finit_module/finit_module02.c
@@ -18,7 +18,6 @@
 #include <errno.h>
 #include "lapi/init_module.h"
 #include "tst_module.h"
-#include "tst_kconfig.h"
 #include "tst_capability.h"
 
 #define MODULE_NAME	"finit_module.ko"
@@ -77,12 +76,8 @@ static struct tcase tcases[] = {
 static void setup(void)
 {
 	unsigned long int i;
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
 
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
+	if (tst_module_signature_enforced())
 		sig_enforce = 1;
 
 	tst_module_exists(MODULE_NAME, &mod_path);
diff --git a/testcases/kernel/syscalls/init_module/init_module01.c b/testcases/kernel/syscalls/init_module/init_module01.c
index d7ed08b143..850f826e62 100644
--- a/testcases/kernel/syscalls/init_module/init_module01.c
+++ b/testcases/kernel/syscalls/init_module/init_module01.c
@@ -17,7 +17,6 @@
 #include <errno.h>
 #include "lapi/init_module.h"
 #include "tst_module.h"
-#include "tst_kconfig.h"
 
 #define MODULE_NAME	"init_module.ko"
 
@@ -28,12 +27,8 @@ static int sig_enforce;
 static void setup(void)
 {
 	int fd;
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
 
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
+	if (tst_module_signature_enforced())
 		sig_enforce = 1;
 
 	tst_module_exists(MODULE_NAME, NULL);
@@ -47,7 +42,6 @@ static void setup(void)
 static void run(void)
 {
 	if (sig_enforce == 1) {
-		tst_res(TINFO, "module signature is enforced");
 		TST_EXP_FAIL(init_module(buf, sb.st_size, "status=valid"), EKEYREJECTED);
 		return;
 	}
diff --git a/testcases/kernel/syscalls/init_module/init_module02.c b/testcases/kernel/syscalls/init_module/init_module02.c
index 3eb99574d9..c3979c08aa 100644
--- a/testcases/kernel/syscalls/init_module/init_module02.c
+++ b/testcases/kernel/syscalls/init_module/init_module02.c
@@ -17,7 +17,6 @@
 #include <stdlib.h>
 #include <errno.h>
 #include "lapi/init_module.h"
-#include "tst_kconfig.h"
 #include "tst_module.h"
 #include "tst_capability.h"
 
@@ -53,12 +52,8 @@ static void setup(void)
 {
 	struct stat sb;
 	int fd;
-	struct tst_kcmdline_var params = TST_KCMDLINE_INIT("module.sig_enforce");
-	struct tst_kconfig_var kconfig = TST_KCONFIG_INIT("CONFIG_MODULE_SIG_FORCE");
 
-	tst_kcmdline_parse(&params, 1);
-	tst_kconfig_read(&kconfig, 1);
-	if (params.found || kconfig.choice == 'y')
+	if (tst_module_signature_enforced())
 		sig_enforce = 1;
 
 	tst_module_exists(MODULE_NAME, NULL);
-- 
2.45.2


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v2 0/2] module signature enforcement helpers

[Po-Hsu Lin]

Patch tested on a system with module signature enforced, this patchset
is working as expected.

Thanks for the updated version.
Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2 1/2] lib: Add helpers for module signature enforcement

[Li Wang]

Petr Vorel <pvorel@suse.cz> wrote:


> +/**
> + * tst_check_module_signature_enforced() - Check if test needs to be
> skipped due
> + * enforced module signature.
> + *
> + * Skip test with tst_brk(TCONF) due module signature enforcement if
> + * module.sig_enforce=1 kernel parameter or CONFIG_MODULE_SIG_FORCE=y.
> + */
> +
> +static inline void tst_check_module_signature_enforced(void)
>

This function is used to skip tests while detecting the signature
enforcement ON, but the name might be ambiguous somewhere.

I would suggest to name it:

  tst_check_module_signature_not_enforced(void)  or,
  tst_skip_if_module_signature_enforced(void)  or,
  tst_requires_module_signature_disabled(void)

Otherwise, the whole patch set looks good.

Reviewed-by: Li Wang <liwang@redhat.com>


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2 1/2] lib: Add helpers for module signature enforcement

[Petr Vorel]

Hi Li,

> > +/**
> > + * tst_check_module_signature_enforced() - Check if test needs to be
> > skipped due
> > + * enforced module signature.
> > + *
> > + * Skip test with tst_brk(TCONF) due module signature enforcement if
> > + * module.sig_enforce=1 kernel parameter or CONFIG_MODULE_SIG_FORCE=y.
> > + */
> > +
> > +static inline void tst_check_module_signature_enforced(void)


> This function is used to skip tests while detecting the signature
> enforcement ON, but the name might be ambiguous somewhere.

+1, I was not sure myself about naming.

> I would suggest to name it:

>   tst_check_module_signature_not_enforced(void)  or,
>   tst_skip_if_module_signature_enforced(void)  or,
>   tst_requires_module_signature_disabled(void)

Thanks for the suggestions.  tst_requires_module_signature_disabled(void) looks
best to me, we use "require" and "needs" for tst_brk().

I'll wait little longer before merging in case there is some feedback.

Kind regards,
Petr

> Otherwise, the whole patch set looks good.

> Reviewed-by: Li Wang <liwang@redhat.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2 1/2] lib: Add helpers for module signature enforcement

[Petr Vorel]

Hi Li, Po-Hsu Lin, all,

> Hi Li,

> > > +/**
> > > + * tst_check_module_signature_enforced() - Check if test needs to be
> > > skipped due
> > > + * enforced module signature.
> > > + *
> > > + * Skip test with tst_brk(TCONF) due module signature enforcement if
> > > + * module.sig_enforce=1 kernel parameter or CONFIG_MODULE_SIG_FORCE=y.
> > > + */
> > > +
> > > +static inline void tst_check_module_signature_enforced(void)


> > This function is used to skip tests while detecting the signature
> > enforcement ON, but the name might be ambiguous somewhere.

> +1, I was not sure myself about naming.

> > I would suggest to name it:

> >   tst_check_module_signature_not_enforced(void)  or,
> >   tst_skip_if_module_signature_enforced(void)  or,
> >   tst_requires_module_signature_disabled(void)

> Thanks for the suggestions.  tst_requires_module_signature_disabled(void) looks
> best to me, we use "require" and "needs" for tst_brk().

> I'll wait little longer before merging in case there is some feedback.

FYI patchset merged with rename:
s/tst_check_module_signature_enforced/tst_requires_module_signature_disabled/

Thanks for your review.

Kind regards,
Petr

> Kind regards,
> Petr

> > Otherwise, the whole patch set looks good.

> > Reviewed-by: Li Wang <liwang@redhat.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp