Thread (10 messages) 10 messages, 2 authors, 2021-10-08

Re: [PATCH v13 3/3] selftest/interpreter: Add tests for trusted_for(2) policies

From: Kees Cook <hidden>
Date: 2021-10-08 22:44:24
Also in: linux-api, linux-integrity, linux-security-module, lkml 

On Fri, Oct 08, 2021 at 12:21:12PM +0200, Mickaël Salaün wrote:
On 07/10/2021 21:48, Kees Cook wrote:
quoted
On Thu, Oct 07, 2021 at 08:23:20PM +0200, Mickaël Salaün wrote:
[...]
quoted
quoted
diff --git a/tools/testing/selftests/interpreter/Makefile b/tools/testing/selftests/interpreter/Makefile
new file mode 100644
index 000000000000..1f71a161d40b
--- /dev/null
+++ b/tools/testing/selftests/interpreter/Makefile
@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: GPL-2.0
+
+CFLAGS += -Wall -O2
+LDLIBS += -lcap
+
+src_test := $(wildcard *_test.c)
+TEST_GEN_PROGS := $(src_test:.c=)
+
+KSFT_KHDR_INSTALL := 1
+include ../lib.mk
+
+khdr_dir = $(top_srcdir)/usr/include
+
+$(khdr_dir)/asm-generic/unistd.h: khdr
+	@:
+
+$(khdr_dir)/linux/trusted-for.h: khdr
+	@:
+
+$(OUTPUT)/%_test: %_test.c $(khdr_dir)/asm-generic/unistd.h $(khdr_dir)/linux/trusted-for.h ../kselftest_harness.h
+	$(LINK.c) $< $(LDLIBS) -o $@ -I$(khdr_dir)
Is all this really needed?
Yes, all this is needed to be sure that the tests will be rebuild when a
dependency change (either one of the header files or a source file).
quoted
- CFLAGS and LDLIBS will be used by the default rules
Yes, but it will only run the build command when a source file change,
not a header file.
quoted
- khdr is already a pre-dependency when KSFT_KHDR_INSTALL is set
Yes, but it is not enough to rebuild the tests (and check the installed
files) when a header file change.
quoted
- kselftest_harness.h is already a build-dep (see LOCAL_HDRS)
Yes, but without an explicit requirement, changing kselftest_harness.h
doesn't force a rebuild.
quoted
- TEST_GEN_PROGS's .c files are already build-deps
It is not enough to trigger test rebuilds.
quoted
kselftest does, oddly, lack a common -I when KSFT_KHDR_INSTALL is set
(which likely should get fixed, though separately from here).

I think you just want:


src_test := $(wildcard *_test.c)
TEST_GEN_PROGS := $(src_test:.c=)

KSFT_KHDR_INSTALL := 1
include ../lib.mk

CFLAGS += -Wall -O2 -I$(BUILD)/usr/include
LDLIBS += -lcap

$(OUTPUT)/%_test: $(BUILD)/usr/include/linux/trusted-for.h


(untested)
Yep, I re-checked and my Makefile is correct. I didn't find a way to
make it lighter while correctly handling dependencies.
I'll just move the -I to CFLAGS.
Okay, thanks for double-checking these. I'll try to fix up kselftests to
DTRT here.

-- 
Kees Cook
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help