From bf81dec5cc5914b6dbd780ffef4be2849f0e09aa Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 17 Mar 2019 11:01:24 -0700 Subject: [PATCH] tests: Adjust kernel config test for 5.x kernel Many places where checking for -ge 4 and some minor version. This will fail for 5.x kernels if their minor version is less. Fix it. While at it, also restructure/simplify the code, make it easier to run against arbitrary kernel configs, and tidy up some whitespaces. Signed-off-by: Rolf Neugebauer --- test/pkg/kernel-config/check-kernel-config.sh | 89 +++++++++---------- 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/test/pkg/kernel-config/check-kernel-config.sh b/test/pkg/kernel-config/check-kernel-config.sh index b3b7ce2af..5b4479438 100755 --- a/test/pkg/kernel-config/check-kernel-config.sh +++ b/test/pkg/kernel-config/check-kernel-config.sh @@ -3,8 +3,8 @@ set -e function fail { - printf "FAILURE: $1\n" - FAILED=1 + printf "FAILURE: $1\n" + FAILED=1 } echo "starting kernel config sanity test with ${1:-/proc/config.gz}" @@ -16,7 +16,11 @@ else UNZIPPED_CONFIG=$(zcat /proc/config.gz) fi -kernelVersion="$(uname -r)" +if [ -n "$2" ]; then + kernelVersion="$2" +else + kernelVersion="$(uname -r)" +fi kernelMajor="${kernelVersion%%.*}" kernelMinor="${kernelVersion#$kernelMajor.}" kernelMinor="${kernelMinor%%.*}" @@ -42,81 +46,76 @@ echo $UNZIPPED_CONFIG | grep -q CONFIG_BPF_JIT_ALWAYS_ON=y || fail "CONFIG_BPF_J # Conditional on kernel version -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then +if [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 10 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y" +fi + +# Options added in newer kernels +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 5 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y" fi -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 7 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || fail "CONFIG_SLAB_FREELIST_RANDOM=y" fi -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 8 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y" fi -# 4.16.x removed this option -if [ "$kernelMajor" -le 4 -a "$kernelMinor" -le 15 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || fail "CONFIG_CC_STACKPROTECTOR=y" -fi # 4.18.x renamed this option (and re-introduced CC_STACKPROTECTOR as STACKPROTECTOR) -if [ "$kernelMajor" -le 4 -a "$kernelMinor" -ge 18 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -le 4 -a "$kernelMinor" -ge 18 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_STACKPROTECTOR=y || fail "CONFIG_STACKPROTECTOR=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_STACKPROTECTOR_STRONG=y || fail "CONFIG_STACKPROTECTOR_STRONG=y" else echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || fail "CONFIG_CC_STACKPROTECTOR_STRONG=y" fi - -# Positive cases conditional on architecture and/or kernel version -if [ "$arch" = "x86_64" ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y" - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_TABLE_ISOLATION=y || fail "CONFIG_PAGE_TABLE_ISOLATION=y" - echo $UNZIPPED_CONFIG | grep -q CONFIG_RETPOLINE=y || fail "CONFIG_RETPOLINE=y" - echo $UNZIPPED_CONFIG | grep -q CONFIG_GENERIC_CPU_VULNERABILITIES=y || fail "CONFIG_GENERIC_CPU_VULNERABILITIES=y" -fi -if [ "$arch" = "x86_64" -a "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y" -fi -if [ "$arch" = "x86_64" -a "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y" -fi -if [ "$arch" = "x86_64" ] || [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y" -fi - # poisoning cannot be enabled in 4.4 -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 9 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || fail "CONFIG_PAGE_POISONING=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || fail "CONFIG_PAGE_POISONING_NO_SANITY=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || fail "CONFIG_PAGE_POISONING_ZERO=y" fi - -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 10 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || fail "CONFIG_BUG_ON_DATA_CORRUPTION=y" fi - -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -le 10 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y" - echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y" -fi - -if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 11 ]; then echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_KERNEL_RWX=y || fail "CONFIG_STRICT_KERNEL_RWX=y" echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_MODULE_RWX=y || fail "CONFIG_STRICT_MODULE_RWX=y" fi +if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 5 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y" +fi + +# Positive cases conditional on architecture and/or kernel version +if [ "$arch" = "x86_64" ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_TABLE_ISOLATION=y || fail "CONFIG_PAGE_TABLE_ISOLATION=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_RETPOLINE=y || fail "CONFIG_RETPOLINE=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_GENERIC_CPU_VULNERABILITIES=y || fail "CONFIG_GENERIC_CPU_VULNERABILITIES=y" + + if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 5 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y" + fi + if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 8 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y" + fi +fi # Negative cases echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_SCSI_PROC_FS is not set' || fail "CONFIG_SCSI_PROC_FS is not set" # Negative cases conditional on architecture and/or kernel version -if [ "$arch" = "x86_64" ]; then +if [ "$arch" = "x86_64" ]; then echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set" echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set" -fi -if [ "$arch" = "x86_64" ] || [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then - echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set" - echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set" + if [ "$kernelMajor" -eq 5 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -ge 5 ]; then + echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set" + echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set" + fi fi # modprobe @@ -125,7 +124,7 @@ nfs \ nfsd \ ntfs do - modprobe $mod 2>/dev/null || true + modprobe $mod 2>/dev/null || true done # check filesystems that are built in