github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-20 17:49:10 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2976 from cji/cji-arm

Browse Source 
Fix support for arm kernel config tests
This commit is contained in:
Justin Cormack 2018-03-31 01:02:39 -07:00 committed by GitHub
commit 54a1e79833
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/cases/020_kernel/000_config_4.4.x/test.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# SUMMARY: Sanity check on the kernel config file # SUMMARY: Sanity check on the kernel config file
# disabled for arm64: https://github.com/linuxkit/linuxkit/issues/2807 # disabled for arm64, no 4.4 build
# LABELS: amd64 # LABELS: amd64
# REPEAT: # REPEAT:

3
test/cases/020_kernel/001_config_4.9.x/test.sh
View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# SUMMARY: Sanity check on the kernel config file # SUMMARY: Sanity check on the kernel config file
# disabled for arm64: https://github.com/linuxkit/linuxkit/issues/2807 # LABELS:
# LABELS: amd64
# REPEAT: # REPEAT:
set -e set -e

3
test/cases/020_kernel/006_config_4.14.x/test.sh
View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# SUMMARY: Sanity check on the kernel config file # SUMMARY: Sanity check on the kernel config file
# disabled for arm64: https://github.com/linuxkit/linuxkit/issues/2807 # LABELS:
# LABELS: amd64
# REPEAT: # REPEAT:
set -e set -e

3
test/cases/020_kernel/007_config_4.15.x/test.sh
View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# SUMMARY: Sanity check on the kernel config file # SUMMARY: Sanity check on the kernel config file
# disabled for arm64: https://github.com/linuxkit/linuxkit/issues/2807 # LABELS:
# LABELS: amd64
# REPEAT: # REPEAT:
set -e set -e

52
test/pkg/kernel-config/check-kernel-config.sh
View File

@ -20,6 +20,7 @@ kernelVersion="$(uname -r)"
kernelMajor="${kernelVersion%%.*}" kernelMajor="${kernelVersion%%.*}"
kernelMinor="${kernelVersion#$kernelMajor.}" kernelMinor="${kernelVersion#$kernelMajor.}"
kernelMinor="${kernelMinor%%.*}" kernelMinor="${kernelMinor%%.*}"
arch="$(uname -m)"
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project # Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
# Positive cases # Positive cases
@ -39,17 +40,11 @@ echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || fail "CONFIG_SECURITY=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_TABLE_ISOLATION=y || fail "CONFIG_PAGE_TABLE_ISOLATION=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_RETPOLINE=y || fail "CONFIG_RETPOLINE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_GENERIC_CPU_VULNERABILITIES=y || fail "CONFIG_GENERIC_CPU_VULNERABILITIES=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_BPF_JIT_ALWAYS_ON=y || fail "CONFIG_BPF_JIT_ALWAYS_ON=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_BPF_JIT_ALWAYS_ON=y || fail "CONFIG_BPF_JIT_ALWAYS_ON=y"
# Conditional on kernel version # Conditional on kernel version
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y"
fi fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
@ -57,8 +52,24 @@ if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
fi fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y"
fi
# Positive cases conditional on architecture and/or kernel version
if [ "$arch" = "x86_64" ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_TABLE_ISOLATION=y || fail "CONFIG_PAGE_TABLE_ISOLATION=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_RETPOLINE=y || fail "CONFIG_RETPOLINE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_GENERIC_CPU_VULNERABILITIES=y || fail "CONFIG_GENERIC_CPU_VULNERABILITIES=y"
fi
if [ "$arch" = "x86_64" -a "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y"
fi
if [ "$arch" = "x86_64" -a "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y"
fi fi
if [ "$arch" = "x86_64" ] || [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y"
fi
# poisoning cannot be enabled in 4.4 # poisoning cannot be enabled in 4.4
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then
@ -82,17 +93,23 @@ if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then
fi fi
# Negative cases # Negative cases
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_SCSI_PROC_FS is not set' || fail "CONFIG_SCSI_PROC_FS is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_SCSI_PROC_FS is not set' || fail "CONFIG_SCSI_PROC_FS is not set"
# Negative cases conditional on architecture and/or kernel version
if [ "$arch" = "x86_64" ]; then
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set"
fi
if [ "$arch" = "x86_64" ] || [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set"
fi
# modprobe # modprobe
for mod in \ for mod in \
nfs \ nfs \
@ -140,11 +157,14 @@ udf \
xfs \ xfs \
9p \ 9p \
pstore \ pstore \
mqueue \ mqueue
oprofilefs
do do
grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing" grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing"
done done
if [ "$arch" = "x86_64" ]; then
grep -q "[[:space:]]oprofilefs\$" /proc/filesystems || fail "${fs} filesystem missing"
fi
if [ -z "$FAILED" ] if [ -z "$FAILED" ]
then then