Re: [PATCH v2] selftests/ftrace: Skip test for optimized probes on PowerPC if Secure Boot is enabled

From: Google
Date: Sun Aug 25 2024 - 04:36:09 EST

Next message: Huang, Kai: "Re: [PATCH v3] x86/cpu: Adjust the error message when BIOS does not support SGX"
Previous message: Wang Zhaolong: "[PATCH] mtd: ubi: remove unused parameter 'pnum' from add_volume()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 13 Aug 2024 09:10:56 +0530
Akanksha J N <akanksha@xxxxxxxxxxxxx> wrote:

> Currently while accessing debugfs with Secure Boot enabled on PowerPC,
> it is causing the kprobe_opt_types.tc test to fail. Below is the snippet
> of the error:
>
> +++ grep kernel_clone /sys/kernel/debug/kprobes/list
> grep: /sys/kernel/debug/kprobes/list: Operation not permitted
> ++ PROBE=
> + '[' 2 -ne 0 ']'
> + kill -s 37 7595
> ++ SIG_RESULT=1
> + eval_result 1
> + case $1 in
> + prlog ' [\033[31mFAIL\033[0m]'
> + newline='\n'
> + '[' ' [\033[31mFAIL\033[0m]' = -n ']'
> + printf ' [\033[31mFAIL\033[0m]\n'
> [FAIL]
>
> This is happening when secure boot is enabled, as it enables lockdown
> by default. With lockdown, access to certain debug features and
> filesystems like debugfs may be restricted or completely disabled.

Hmm, if the kprobes lockdown causes this problem, all tests which use
kprobes must not run. This seems onlu checks kprobe_opt_types.tc, but
what about other tests?

(Anyway, we don't recommend user to run tests in lockdown environment.)

Thank you,

>
> To fix this, modify the test to check for Secure Boot status using
> lsprop /proc/device-tree/ibm,secure-boot. And, skip execution of the
> test on PowerPC if Secure Boot is enabled (00000002).
>
> With this patch, test skips as unsupported:
> === Ftrace unit tests ===
> [1] Register/unregister optimized probe [UNSUPPORTED]
>
> Signed-off-by: Akanksha J N <akanksha@xxxxxxxxxxxxx>
> ---
> .../selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc
> index 9f5d99328086..925e74d6acc7 100644
> --- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc
> +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_opt_types.tc
> @@ -10,6 +10,11 @@ x86_64)
> arm*)
> ;;
> ppc*)
> + lsprop_output=$(lsprop /proc/device-tree/ibm,secure-boot)
> + if echo "$lsprop_output" | grep -q "00000002"; then
> + echo "Secure Boot is enabled on PowerPC."
> + exit_unsupported
> + fi
> ;;
> *)
> echo "Please implement other architecture here"
> --
> 2.45.2
>

--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>

Next message: Huang, Kai: "Re: [PATCH v3] x86/cpu: Adjust the error message when BIOS does not support SGX"
Previous message: Wang Zhaolong: "[PATCH] mtd: ubi: remove unused parameter 'pnum' from add_volume()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]