OSCL-LXR linux-6.0.1/​tools/​testing/​selftests/​kexec/​kexec_common_lib.sh	Source navigation Diff markup Identifier search General search
	Version: linux-6.0.1 spark-3.0.0 hadoop-3.2.0-src hadoop-3.3.0-src spark-2.4.7 linux-4.15.13 hadoop-2.7.4-src Revert   Change

 #!/bin/sh
 # SPDX-License-Identifier: GPL-2.0
 #
 # Kselftest framework defines: ksft_pass=0, ksft_fail=1, ksft_skip=4
 
 VERBOSE="${VERBOSE:-1}"
 IKCONFIG="/tmp/config-`uname -r`"
 KERNEL_IMAGE="/boot/vmlinuz-`uname -r`"
 SECURITYFS=$(grep "securityfs" /proc/mounts | awk '{print $2}')
 
 log_info()
 {
         [ $VERBOSE -ne 0 ] && echo "[INFO] $1"
 }
 
 # The ksefltest framework requirement returns 0 for PASS.
 log_pass()
 {
         [ $VERBOSE -ne 0 ] && echo "$1 [PASS]"
         exit 0
 }
 
 # The ksefltest framework requirement returns 1 for FAIL.
 log_fail()
 {
         [ $VERBOSE -ne 0 ] && echo "$1 [FAIL]"
         exit 1
 }
 
 # The ksefltest framework requirement returns 4 for SKIP.
 log_skip()
 {
         [ $VERBOSE -ne 0 ] && echo "$1"
         exit 4
 }
 
 # Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).
 # (Based on kdump-lib.sh)
 get_efivarfs_secureboot_mode()
 {
         local efivarfs="/sys/firmware/efi/efivars"
         local secure_boot_file=""
         local setup_mode_file=""
         local secureboot_mode=0
         local setup_mode=0
 
         # Make sure that efivar_fs is mounted in the normal location
         if ! grep -q "^\S\+ $efivarfs efivarfs" /proc/mounts; then
                 log_info "efivars is not mounted on $efivarfs"
                 return 0;
         fi
         secure_boot_file=$(find "$efivarfs" -name SecureBoot-* 2>/dev/null)
         setup_mode_file=$(find "$efivarfs" -name SetupMode-* 2>/dev/null)
         if [ -f "$secure_boot_file" ] && [ -f "$setup_mode_file" ]; then
                 secureboot_mode=$(hexdump -v -e '/1 "%d\ "' \
                         "$secure_boot_file"|cut -d' ' -f 5)
                 setup_mode=$(hexdump -v -e '/1 "%d\ "' \
                         "$setup_mode_file"|cut -d' ' -f 5)
 
                 if [ $secureboot_mode -eq 1 ] && [ $setup_mode -eq 0 ]; then
                         log_info "secure boot mode enabled (CONFIG_EFIVAR_FS)"
                         return 1;
                 fi
         fi
         return 0;
 }
 
 # On powerpc platform, check device-tree property
 # /proc/device-tree/ibm,secureboot/os-secureboot-enforcing
 # to detect secureboot state.
 get_ppc64_secureboot_mode()
 {
         local secure_boot_file="/proc/device-tree/ibm,secureboot/os-secureboot-enforcing"
         # Check for secure boot file existence
         if [ -f $secure_boot_file ]; then
                 log_info "Secureboot is enabled (Device tree)"
                 return 1;
         fi
         log_info "Secureboot is not enabled (Device tree)"
         return 0;
 }
 
 # Return the architecture of the system
 get_arch()
 {
         echo $(arch)
 }
 
 # Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).
 # The secure boot mode can be accessed as the last integer of
 # "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*".  The efi
 # SetupMode can be similarly accessed.
 # Return 1 for SecureBoot mode enabled and SetupMode mode disabled.
 get_secureboot_mode()
 {
         local secureboot_mode=0
         local system_arch=$(get_arch)
 
         if [ "$system_arch" == "ppc64le" ]; then
                 get_ppc64_secureboot_mode
                 secureboot_mode=$?
         else
                 get_efivarfs_secureboot_mode
                 secureboot_mode=$?
         fi
 
         if [ $secureboot_mode -eq 0 ]; then
                 log_info "secure boot mode not enabled"
         fi
         return $secureboot_mode;
 }
 
 require_root_privileges()
 {
         if [ $(id -ru) -ne 0 ]; then
                 log_skip "requires root privileges"
         fi
 }
 
 # Look for config option in Kconfig file.
 # Return 1 for found and 0 for not found.
 kconfig_enabled()
 {
         local config="$1"
         local msg="$2"
 
         grep -E -q $config $IKCONFIG
         if [ $? -eq 0 ]; then
                 log_info "$msg"
                 return 1
         fi
         return 0
 }
 
 # Attempt to get the kernel config first by checking the modules directory
 # then via proc, and finally by extracting it from the kernel image or the
 # configs.ko using scripts/extract-ikconfig.
 # Return 1 for found.
 get_kconfig()
 {
         local proc_config="/proc/config.gz"
         local module_dir="/lib/modules/`uname -r`"
         local configs_module="$module_dir/kernel/kernel/configs.ko*"
 
         if [ -f $module_dir/config ]; then
                 IKCONFIG=$module_dir/config
                 return 1
         fi
 
         if [ ! -f $proc_config ]; then
                 modprobe configs > /dev/null 2>&1
         fi
         if [ -f $proc_config ]; then
                 cat $proc_config | gunzip > $IKCONFIG 2>/dev/null
                 if [ $? -eq 0 ]; then
                         return 1
                 fi
         fi
 
         local extract_ikconfig="$module_dir/source/scripts/extract-ikconfig"
         if [ ! -f $extract_ikconfig ]; then
                 log_skip "extract-ikconfig not found"
         fi
 
         $extract_ikconfig $KERNEL_IMAGE > $IKCONFIG 2>/dev/null
         if [ $? -eq 1 ]; then
                 if [ ! -f $configs_module ]; then
                         log_skip "CONFIG_IKCONFIG not enabled"
                 fi
                 $extract_ikconfig $configs_module > $IKCONFIG
                 if [ $? -eq 1 ]; then
                         log_skip "CONFIG_IKCONFIG not enabled"
                 fi
         fi
         return 1
 }
 
 # Make sure that securityfs is mounted
 mount_securityfs()
 {
         if [ -z $SECURITYFS ]; then
                 SECURITYFS=/sys/kernel/security
                 mount -t securityfs security $SECURITYFS
         fi
 
         if [ ! -d "$SECURITYFS" ]; then
                 log_fail "$SECURITYFS :securityfs is not mounted"
         fi
 }
 
 # The policy rule format is an "action" followed by key-value pairs.  This
 # function supports up to two key-value pairs, in any order.
 # For example: action func=<keyword> [appraise_type=<type>]
 # Return 1 for found and 0 for not found.
 check_ima_policy()
 {
         local action="$1"
         local keypair1="$2"
         local keypair2="$3"
         local ret=0
 
         mount_securityfs
 
         local ima_policy=$SECURITYFS/ima/policy
         if [ ! -e $ima_policy ]; then
                 log_fail "$ima_policy not found"
         fi
 
         if [ -n $keypair2 ]; then
                 grep -e "^$action.*$keypair1" "$ima_policy" | \
                         grep -q -e "$keypair2"
         else
                 grep -q -e "^$action.*$keypair1" "$ima_policy"
         fi
 
         # invert "grep -q" result, returning 1 for found.
         [ $? -eq 0 ] && ret=1
         return $ret
 }

This page was automatically generated by the 2.1.0 LXR engine. The LXR team