From de60ec48f4ab1cd4cbc217dcfc3525c148d74725 Mon Sep 17 00:00:00 2001 From: Craig Ingram Date: Wed, 7 Feb 2018 16:43:17 -0500 Subject: [PATCH 1/2] Extend kernel config test This commit adds tests for KPTI, retpoline, bpf_jit_always_on, and disabled scsi proc fs configs. Signed-off-by: Craig Ingram --- test/pkg/kernel-config/check-kernel-config.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/pkg/kernel-config/check-kernel-config.sh b/test/pkg/kernel-config/check-kernel-config.sh index dc48810d6..c00df5e26 100755 --- a/test/pkg/kernel-config/check-kernel-config.sh +++ b/test/pkg/kernel-config/check-kernel-config.sh @@ -41,6 +41,11 @@ echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_ echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_TABLE_ISOLATION=y || fail "CONFIG_PAGE_TABLE_ISOLATION=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_RETPOLINE=y || fail "CONFIG_RETPOLINE=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_GENERIC_CPU_VULNERABILITIES=y || fail "CONFIG_GENERIC_CPU_VULNERABILITIES=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_BPF_JIT_ALWAYS_ON=y || fail "CONFIG_BPF_JIT_ALWAYS_ON=y" + # Conditional on kernel version if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then @@ -86,6 +91,7 @@ echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_ echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_SCSI_PROC_FS is not set' || fail "CONFIG_SCSI_PROC_FS is not set" # modprobe for mod in \ From 18545f0596007f949bc126396a42275bc96408a5 Mon Sep 17 00:00:00 2001 From: Craig Ingram Date: Thu, 8 Feb 2018 10:37:29 -0500 Subject: [PATCH 2/2] Update kernel-config hashes with new build Signed-off-by: Craig Ingram --- test/cases/020_kernel/000_config_4.4.x/test.yml | 2 +- test/cases/020_kernel/001_config_4.9.x/test.yml | 2 +- test/cases/020_kernel/006_config_4.14.x/test.yml | 2 +- test/cases/020_kernel/007_config_4.15.x/test.yml | 2 +- test/hack/test.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/cases/020_kernel/000_config_4.4.x/test.yml b/test/cases/020_kernel/000_config_4.4.x/test.yml index c90f5b1a7..29e274988 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:52ecfdef1ae051e7fd5ac5f1d0b7dd859adff015 onboot: - name: check-kernel-config - image: linuxkit/test-kernel-config:80bb1cd57205e47b5976f7fa4fb036384d012a1d + image: linuxkit/test-kernel-config:f658811da20f069f71a863ba9469b4a2ae8910e1 - name: poweroff image: linuxkit/poweroff:f9a0a5e52fd2a97908bda33db2afffafe4a6a67d command: ["/bin/sh", "/poweroff.sh", "3"] diff --git a/test/cases/020_kernel/001_config_4.9.x/test.yml b/test/cases/020_kernel/001_config_4.9.x/test.yml index ef85cda0c..84f17f6dc 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:52ecfdef1ae051e7fd5ac5f1d0b7dd859adff015 onboot: - name: check-kernel-config - image: linuxkit/test-kernel-config:80bb1cd57205e47b5976f7fa4fb036384d012a1d + image: linuxkit/test-kernel-config:f658811da20f069f71a863ba9469b4a2ae8910e1 - name: poweroff image: linuxkit/poweroff:f9a0a5e52fd2a97908bda33db2afffafe4a6a67d command: ["/bin/sh", "/poweroff.sh", "3"] diff --git a/test/cases/020_kernel/006_config_4.14.x/test.yml b/test/cases/020_kernel/006_config_4.14.x/test.yml index 6a1fe8020..4869128cc 100644 --- a/test/cases/020_kernel/006_config_4.14.x/test.yml +++ b/test/cases/020_kernel/006_config_4.14.x/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:52ecfdef1ae051e7fd5ac5f1d0b7dd859adff015 onboot: - name: check-kernel-config - image: linuxkit/test-kernel-config:80bb1cd57205e47b5976f7fa4fb036384d012a1d + image: linuxkit/test-kernel-config:f658811da20f069f71a863ba9469b4a2ae8910e1 - name: poweroff image: linuxkit/poweroff:f9a0a5e52fd2a97908bda33db2afffafe4a6a67d command: ["/bin/sh", "/poweroff.sh", "3"] diff --git a/test/cases/020_kernel/007_config_4.15.x/test.yml b/test/cases/020_kernel/007_config_4.15.x/test.yml index 73dde696d..6cc7c62ae 100644 --- a/test/cases/020_kernel/007_config_4.15.x/test.yml +++ b/test/cases/020_kernel/007_config_4.15.x/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:52ecfdef1ae051e7fd5ac5f1d0b7dd859adff015 onboot: - name: check-kernel-config - image: linuxkit/test-kernel-config:80bb1cd57205e47b5976f7fa4fb036384d012a1d + image: linuxkit/test-kernel-config:f658811da20f069f71a863ba9469b4a2ae8910e1 - name: poweroff image: linuxkit/poweroff:f9a0a5e52fd2a97908bda33db2afffafe4a6a67d command: ["/bin/sh", "/poweroff.sh", "3"] diff --git a/test/hack/test.yml b/test/hack/test.yml index 23768ee14..30a6eb66a 100644 --- a/test/hack/test.yml +++ b/test/hack/test.yml @@ -12,7 +12,7 @@ onboot: image: linuxkit/dhcpcd:v0.2 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: check-kernel-config - image: linuxkit/test-kernel-config:80bb1cd57205e47b5976f7fa4fb036384d012a1d + image: linuxkit/test-kernel-config:f658811da20f069f71a863ba9469b4a2ae8910e1 - name: poweroff image: linuxkit/poweroff:f9a0a5e52fd2a97908bda33db2afffafe4a6a67d command: ["/bin/sh", "/poweroff.sh", "3"]