The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. But the error printed after running tests does not indicate this currently:
TAP version 13 1..6 # selftests: damon: debugfs_attrs.sh # cat: /sys/kernel/debug/damon/monitor_on: Operation not permitted # _debugfs_common.sh: line 48: [: =: unary operator expected # cat: /sys/kernel/debug/damon/attrs: Operation not permitted # _debugfs_common.sh: line 11: /sys/kernel/debug/damon/attrs: Operation not permitted # writing 1 2 3 4 5 to /sys/kernel/debug/damon/attrs doesn't return 0 # expected because: valid input # _debugfs_common.sh: line 16: /sys/kernel/debug/damon/attrs: Operation not permitted not ok 1 selftests: damon: debugfs_attrs.sh # exit=1
After adding the check for secureboot, the output is as follows:
TAP version 13 1..6 # selftests: damon: debugfs_attrs.sh # debugfs cannot work with secureboot enabled not ok 1 selftests: damon: debugfs_attrs.sh # exit=1
Signed-off-by: Gautam gautammenghani201@gmail.com --- tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 tools/testing/selftests/damon/_chk_dependency.sh
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh old mode 100644 new mode 100755 index 0189db81550b..6e45c1fe230e --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done + +secureboot_error="Operation not permitted" +for f in attrs target_ids monitor_on +do + status=$( cat "$DBGFS/$f" 2>&1 ) + if [ "${status#*$secureboot_error}" != "$status" ]; then + echo "debugfs cannot work with secureboot enabled" + exit 1 + fi +done
Hi Gautam,
On Sat, 25 Jun 2022 01:22:39 +0530 Gautam gautammenghani201@gmail.com wrote:
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. But the error printed after running tests does not indicate this currently:
TAP version 13 1..6 # selftests: damon: debugfs_attrs.sh # cat: /sys/kernel/debug/damon/monitor_on: Operation not permitted # _debugfs_common.sh: line 48: [: =: unary operator expected # cat: /sys/kernel/debug/damon/attrs: Operation not permitted # _debugfs_common.sh: line 11: /sys/kernel/debug/damon/attrs: Operation not permitted # writing 1 2 3 4 5 to /sys/kernel/debug/damon/attrs doesn't return 0 # expected because: valid input # _debugfs_common.sh: line 16: /sys/kernel/debug/damon/attrs: Operation not permitted not ok 1 selftests: damon: debugfs_attrs.sh # exit=1
After adding the check for secureboot, the output is as follows:
TAP version 13 1..6 # selftests: damon: debugfs_attrs.sh # debugfs cannot work with secureboot enabled not ok 1 selftests: damon: debugfs_attrs.sh # exit=1
Signed-off-by: Gautam gautammenghani201@gmail.com
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 tools/testing/selftests/damon/_chk_dependency.sh
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh old mode 100644 new mode 100755 index 0189db81550b..6e45c1fe230e --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+secureboot_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$secureboot_error}" != "$status" ]; then
echo "debugfs cannot work with secureboot enabled"
I think the check makes sense, but I think there could be more reasons for the read error other than secure boot. How about making the error mesage more clear for the error case and our guess? E.g., "permission for reading $DBGFS/$f denied; maybe secureboot enabled?"
exit 1
This is not a test failure but we are just skipping the test as running the test here makes no sense. Hence I think '$ksft_skip' could be a better return code.
Thanks, SJ
- fi
+done
2.36.1
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com --- Changes in v2: 1. Modify the error message to account for general cases. 2. Change the return code so that the test is skipped.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 tools/testing/selftests/damon/_chk_dependency.sh
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh old mode 100644 new mode 100755 index 0189db81550b..aae7ff8c2080 --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done + +secureboot_error="Operation not permitted" +for f in attrs target_ids monitor_on +do + status=$( cat "$DBGFS/$f" 2>&1 ) + if [ "${status#*$secureboot_error}" != "$status" ]; then + echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?" + exit $ksft_skip + fi +done
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com --- Changes in v2: 1. Modify the error message to account for general cases. 2. Change the return code so that the test is skipped.
Changes in v3: 1. Change the name of variable holding the error message.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 tools/testing/selftests/damon/_chk_dependency.sh
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh old mode 100644 new mode 100755 index 0189db81550b..0328ac0b5a5e --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done + +permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do + status=$( cat "$DBGFS/$f" 2>&1 ) + if [ "${status#*$permission_error}" != "$status" ]; then + echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?" + exit $ksft_skip + fi +done
Hi Gautam,
On Sat, 25 Jun 2022 14:05:13 +0530 Gautam gautammenghani201@gmail.com wrote:
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com
All looks good, thank you! I left one comment below, though. After fixing it, you may have
Reviewed-by: SeongJae Park sj@kernel.org
Changes in v2:
- Modify the error message to account for general cases.
- Change the return code so that the test is skipped.
Changes in v3:
- Change the name of variable holding the error message.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) mode change 100644 => 100755 tools/testing/selftests/damon/_chk_dependency.sh
I think this permission change is unnecessary?
Thanks, SJ
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh old mode 100644 new mode 100755 index 0189db81550b..0328ac0b5a5e --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$permission_error}" != "$status" ]; then
echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"exit $ksft_skip- fi
+done
2.36.1
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com --- Changes in v2: 1. Modify the error message to account for general cases. 2. Change the return code so that the test is skipped.
Changes in v3: 1. Change the name of variable holding the error message.
Changes in v4: 1. Correct the mode of the source file.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh index 0189db81550b..0328ac0b5a5e 100644 --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done + +permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do + status=$( cat "$DBGFS/$f" 2>&1 ) + if [ "${status#*$permission_error}" != "$status" ]; then + echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?" + exit $ksft_skip + fi +done
Hi Gautam,
On Sun, 26 Jun 2022 01:22:45 +0530 Gautam gautammenghani201@gmail.com wrote:
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com
Reviewed-by: SeongJae Park sj@kernel.org
Thanks, SJ
Changes in v2:
- Modify the error message to account for general cases.
- Change the return code so that the test is skipped.
Changes in v3:
- Change the name of variable holding the error message.
Changes in v4:
- Correct the mode of the source file.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh index 0189db81550b..0328ac0b5a5e 100644 --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$permission_error}" != "$status" ]; then
echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"exit $ksft_skip- fi
+done
2.36.1
On 6/25/22 2:03 PM, SeongJae Park wrote:
Hi Gautam,
On Sun, 26 Jun 2022 01:22:45 +0530 Gautam gautammenghani201@gmail.com wrote:
The kernel is in lockdown mode when secureboot is enabled and hence debugfs cannot be used. Add support for this and other general cases where debugfs cannot be read and communicate the same to the user before running tests.
Signed-off-by: Gautam gautammenghani201@gmail.com
Reviewed-by: SeongJae Park sj@kernel.org
Thanks, SJ
Changes in v2:
- Modify the error message to account for general cases.
- Change the return code so that the test is skipped.
Changes in v3:
- Change the name of variable holding the error message.
Changes in v4:
- Correct the mode of the source file.
tools/testing/selftests/damon/_chk_dependency.sh | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/tools/testing/selftests/damon/_chk_dependency.sh b/tools/testing/selftests/damon/_chk_dependency.sh index 0189db81550b..0328ac0b5a5e 100644 --- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$permission_error}" != "$status" ]; then
echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"
btw - does this run as a regular user or does it need root privilege? If so add a test for that and skip with a message.
exit $ksft_skip- fi
+done
2.36.1
thanks, -- Shuah
From: SeongJae Park sj@kernel.org
Hi Shuah,
On Mon, 27 Jun 2022 11:00:18 -0600 Shuah Khan skhan@linuxfoundation.org wrote:
[...]
--- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$permission_error}" != "$status" ]; then
echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"btw - does this run as a regular user or does it need root privilege? If so add a test for that and skip with a message.
It needs the root permission, and does the check at the beginning[1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tool...
Thanks, SJ
exit $ksft_skip- fi
+done
2.36.1
thanks, -- Shuah
On 6/27/22 12:57 PM, SeongJae Park wrote:
From: SeongJae Park sj@kernel.org
Hi Shuah,
On Mon, 27 Jun 2022 11:00:18 -0600 Shuah Khan skhan@linuxfoundation.org wrote:
[...]
--- a/tools/testing/selftests/damon/_chk_dependency.sh +++ b/tools/testing/selftests/damon/_chk_dependency.sh @@ -26,3 +26,13 @@ do exit 1 fi done
+permission_error="Operation not permitted" +for f in attrs target_ids monitor_on +do
- status=$( cat "$DBGFS/$f" 2>&1 )
- if [ "${status#*$permission_error}" != "$status" ]; then
echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"btw - does this run as a regular user or does it need root privilege? If so add a test for that and skip with a message.
It needs the root permission, and does the check at the beginning[1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tool...
Great. Thank you. I will pull this one in for linux-kselftest next for Linux 5.20-rc1
thanks, -- Shuah
linux-kselftest-mirror@lists.linaro.org
-
Gautam -
SeongJae Park -
SeongJae Park -
Shuah Khan