Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2249620imc; Tue, 12 Mar 2019 09:52:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqzhRm8TgNkoV66rU1wVUwFLAhYqILtlo8YayRLJJcBlCeX8of/jWoHvnsYCypIJqvyL5c/V X-Received: by 2002:a63:2c87:: with SMTP id s129mr35702260pgs.311.1552409574249; Tue, 12 Mar 2019 09:52:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552409574; cv=none; d=google.com; s=arc-20160816; b=HZRblYRzVnbMfclV2ngGGGM+X1gXta+Px+U+XolnIFKNPV5e0RKoW2RKbpnVICJJ0C TpjfzTuUdhGIWJK/3FRepQAvtgrt/h0Eac/jALnhePZXuXvV1jg9iu93Su0EXxR5+I++ Hwp9CCKH4eRnft7XKIPqWWAS7x7rYUflwsAgwB0xt3AyOGVqnA9985RJAottSv7uuxYf 4lSKhfLOPiftDe1SxH0ROtQt9PhCl0v4I4oPrHUQ+vkwcIsILtzoIyloxhAkWh1uOl2J nuAfxiz2jae5YZlgN6q/uMY8v5KXYGr+0bZL9OYmElqCDpVR0gG5zH1l2qbCpqp9dNh/ OT4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=SgNbD5hpQiLVzlLrsnAbVWpOBuywEjquqJv0iW4dkGs=; b=tKpZPRLvJpg/mHsHaiu/4lUzNlHsrp0jLfiToGEAcUc3MPxtKuv8+gS06IRFoflpni GxYzg+Xn8YtxgJhzcQK0thoH3Jte9IZAZ5u7BjXZG115JiJwjIJR1f4ccbmvuXB5lIX6 6gHononFL+vAvcAekyEJeECUorSuvPThPCPdtVKqZzhWe5JqeKb2FMLmCSFvfcZ+JKjJ VhqyMn5RBDBrUh9zno5tQ1rTStAEvQ6x5PwOZKO7BTIx7vPi81aIOxFxQ2NVOrpA2Vt4 B9MzNg0Iv6va4fYbz/OzwbjvJDSu6fwO1sPIIkW+EiVIGLXthNsntNImCSgq1JURmamN /mng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31si9060506plj.345.2019.03.12.09.52.38; Tue, 12 Mar 2019 09:52:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726786AbfCLQvh (ORCPT + 99 others); Tue, 12 Mar 2019 12:51:37 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:36158 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725894AbfCLQvh (ORCPT ); Tue, 12 Mar 2019 12:51:37 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x2CGbEor069222 for ; Tue, 12 Mar 2019 12:51:36 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2r6f3m6akp-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 12 Mar 2019 12:51:35 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 12 Mar 2019 16:51:31 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 12 Mar 2019 16:51:26 -0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x2CGpPNp52559932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 12 Mar 2019 16:51:26 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D6C32AE053; Tue, 12 Mar 2019 16:51:25 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DD06AAE056; Tue, 12 Mar 2019 16:51:24 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.93.217]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 12 Mar 2019 16:51:24 +0000 (GMT) Subject: Re: [PATCH v3 5/7] selftests/ima: kexec_file_load syscall test From: Mimi Zohar To: Dave Young Cc: linux-integrity@vger.kernel.org, linux-kselftest@vger.kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Petr Vorel , Matthew Garrett Date: Tue, 12 Mar 2019 12:51:14 -0400 In-Reply-To: <20190312121001.GA18510@dhcp-128-65.nay.redhat.com> References: <1552304473-3966-1-git-send-email-zohar@linux.ibm.com> <1552304473-3966-6-git-send-email-zohar@linux.ibm.com> <20190312121001.GA18510@dhcp-128-65.nay.redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19031216-0020-0000-0000-00000321B8F6 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19031216-0021-0000-0000-00002173E579 Message-Id: <1552409474.24794.63.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-03-12_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=983 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903120115 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2019-03-12 at 20:10 +0800, Dave Young wrote: > Hi Mimi, > On 03/11/19 at 07:41am, Mimi Zohar wrote: > > The kernel can be configured to verify PE signed kernel images, IMA > > kernel image signatures, both types of signatures, or none. This test > > verifies only properly signed kernel images are loaded into memory, > > based on the kernel configuration and runtime policies. > > I understand this is for IMA testing only, but I still wonder if this > can be expanded to common kexec tests, like > tools/testing/selftests/kexec/kexec_load.sh > tools/testing/selftests/kexec/kexec_file_load.sh > > Is it possible for ima/test_kexec_load.sh to call the > ../kexec/kexec_load.sh, probably add extra argument eg "ima"? These kexec tests are meant to coordinate between the different methods of verifying the kexec kernel image signatures.  Nothing about them is IMA specific.  Moving these tests to tools/testing/selftests/kexec makes sense. > > Frankly I did not read and followup much about the testing code changes, > not sure if it is doable or not. The code sharing under testing folder > seems not very good. For example the basic check_root is needed by > different parts, but all have its own implementation. Anyway this is > not the duty of this patch set. > Also the selftests/lib/ is not a folder for sharing code for different > tests, it looks a standalone test instead. Shuah suggested upstreaming these tests first and defer introducing a common set of functions to later. > So if split kexec tests to another folder is not doable please just > ignore the comment. Left in the selftests/ima is a similar test for kernel modules, which uses the "common" functions.  So either we wait to move the kexec tests or allow them to reach into the ima directory and use the ima_common_lib functions. > > BTW, does CONFIG_KEXEC* is checked? in case a kernel without KEXEC or > KEXEC_FILE compiled in then the tests can just return directly. Good point.  Now that there is a common function for reading the Kconfig, I'll add that check to both the test_kexec_load.sh and test_kexec_file_load.sh tests respectively. Mimi