From acd9057c7bb3d64954fbffc1b3a249c571806682 Mon Sep 17 00:00:00 2001
From: Xuewei Niu <niuxuewei.nxw@antgroup.com>
Date: Tue, 7 Nov 2023 15:31:56 +0800
Subject: [PATCH] runtime: Fix TestCheckHostIsVMContainerCapable unstablity
 issue

TestCheckHostIsVMContainerCapable removes sysModuleDir to simulate a
case that the kernel modules are not loaded. However,
checkKernelModules() executes modprobe <module> if a module not
found in that directory. Loading those modules is required to be denied
temporarily.

Fixes: #8390

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
---
 .../cmd/kata-runtime/kata-check_amd64_test.go | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go b/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go
index 9dfe73d572..2c37c3cdec 100644
--- a/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go
+++ b/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go
@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"regexp"
 	"testing"
@@ -18,6 +19,8 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+const denylistModuleConf = "/etc/modprobe.d/denylist-kata-kernel-modules.conf"
+
 func setupCheckHostIsVMContainerCapable(assert *assert.Assertions, cpuInfoFile string, cpuData []testCPUData, moduleData []testModuleData) {
 	createModules(assert, cpuInfoFile, moduleData)
 
@@ -322,6 +325,36 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) {
 
 	err = hostIsVMContainerCapable(details)
 	assert.Nil(err)
+
+	// Remove required kernel modules and add them to denylist
+	denylistFile, err := os.Create(denylistModuleConf)
+	assert.Nil(err)
+	succeedToRemoveOneModule := false
+	for mod := range archRequiredKernelModules {
+		cmd := exec.Command(modProbeCmd, "-r", mod)
+		if output, err := cmd.CombinedOutput(); err == nil {
+			succeedToRemoveOneModule = true
+		} else {
+			kataLog.WithField("output", string(output)).Warn("failed to remove module")
+		}
+		// Write the following into the denylist file
+		// blacklist <mod>
+		// install <mod> /bin/false
+		_, err = denylistFile.WriteString(fmt.Sprintf("blacklist %s\ninstall %s /bin/false\n", mod, mod))
+		assert.Nil(err)
+	}
+	denylistFile.Close()
+	assert.True(succeedToRemoveOneModule)
+
+	defer func() {
+		os.Remove(denylistModuleConf)
+	}()
+
+	// remove the modules to force a failure
+	err = os.RemoveAll(sysModuleDir)
+	assert.NoError(err)
+	err = hostIsVMContainerCapable(details)
+	assert.Error(err)
 }
 
 func TestArchKernelParamHandler(t *testing.T) {