[PATCH v2] selftests/ftrace: Skip test for optimized probes on PowerPC if Secure Boot is enabled
Currently while accessing debugfs with Secure Boot enabled on PowerPC, it is causing the kprobe_opt_types.tc test to fail. Below is the snippet of the error:
+++ grep kernel_clone /sys/kernel/debug/kprobes/list grep: /sys/kernel/debug/kprobes/list: Operation not permitted ++ PROBE= + '[' 2 -ne 0 ']' + kill -s 37 7595 ++ SIG_RESULT=1 + eval_result 1 + case $1 in + prlog ' [\033[31mFAIL\033[0m]' + newline='\n' + '[' ' [\033[31mFAIL\033[0m]' = -n ']' + printf ' [\033[31mFAIL\033[0m]\n' [FAIL]
This is happening when secure boot is enabled, as it enables lockdown by default. With lockdown, access to certain debug features and filesystems like debugfs may be restricted or completely disabled.
To fix this, modify the test to check for Secure Boot status using lsprop /proc/device-tree/ibm,secure-boot. And, skip execution of the test on PowerPC if Secure Boot is enabled (00000002).
With this patch, test skips as unsupported: === Ftrace unit tests === [1] Register/unregister optimized probe [UNSUPPORTED]
Signed-off-by: Akanksha J N akanksha@linux.ibm.com --- .../selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc index 9f5d99328086..925e74d6acc7 100644 --- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc @@ -10,6 +10,11 @@ x86_64) arm*) ;; ppc*) + lsprop_output=$(lsprop /proc/device-tree/ibm,secure-boot) + if echo "$lsprop_output" | grep -q "00000002"; then + echo "Secure Boot is enabled on PowerPC." + exit_unsupported + fi ;; *) echo "Please implement other architecture here"
On Tue, 13 Aug 2024 09:10:56 +0530 Akanksha J N akanksha@linux.ibm.com wrote:
Currently while accessing debugfs with Secure Boot enabled on PowerPC, it is causing the kprobe_opt_types.tc test to fail. Below is the snippet of the error:
+++ grep kernel_clone /sys/kernel/debug/kprobes/list grep: /sys/kernel/debug/kprobes/list: Operation not permitted ++ PROBE=
- '[' 2 -ne 0 ']'
- kill -s 37 7595
++ SIG_RESULT=1
- eval_result 1
- case $1 in
- prlog ' [\033[31mFAIL\033[0m]'
- newline='\n'
- '[' ' [\033[31mFAIL\033[0m]' = -n ']'
- printf ' [\033[31mFAIL\033[0m]\n' [FAIL]
This is happening when secure boot is enabled, as it enables lockdown by default. With lockdown, access to certain debug features and filesystems like debugfs may be restricted or completely disabled.
Hmm, if the kprobes lockdown causes this problem, all tests which use kprobes must not run. This seems onlu checks kprobe_opt_types.tc, but what about other tests?
(Anyway, we don't recommend user to run tests in lockdown environment.)
Thank you,
To fix this, modify the test to check for Secure Boot status using lsprop /proc/device-tree/ibm,secure-boot. And, skip execution of the test on PowerPC if Secure Boot is enabled (00000002).
With this patch, test skips as unsupported: === Ftrace unit tests === [1] Register/unregister optimized probe [UNSUPPORTED]
Signed-off-by: Akanksha J N akanksha@linux.ibm.com
.../selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc index 9f5d99328086..925e74d6acc7 100644 --- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc @@ -10,6 +10,11 @@ x86_64) arm*) ;; ppc*)
- lsprop_output=$(lsprop /proc/device-tree/ibm,secure-boot)
- if echo "$lsprop_output" | grep -q "00000002"; then
- echo "Secure Boot is enabled on PowerPC."
- exit_unsupported
- fi
;; *) echo "Please implement other architecture here" -- 2.45.2
linux-kselftest-mirror@lists.linaro.org
-
Akanksha J N -
Masami Hiramatsu