[autotest-client-tests][PATCH] UBUNTU: SAUCE: ubuntu_cve_kernel: integrate blacklist rule into control file
Po-Hsu Lin
po-hsu.lin at canonical.com
Thu Jan 13 08:02:32 UTC 2022
Experiment shows that only CVE-2016-3672 test cannot be built on
non-x86 systems, it will fail because of the -m32 flag:
fatal error: bits/libc-header-start.h: No such file or directory
Integrate the arch-specific blacklist setting into sub tests. Also
remove some out-dated series blacklists.
Change the way how we build the test, with this patch sub-tests will
be build and run while being tested, instead of being built altogether
at the very beginning. So that we can make use of the integrated
blacklist for skipping tests.
Patch tested on Focal PowerPC and Bionic s390x
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
ubuntu_cve_kernel/blacklist.aarch64 | 1 -
ubuntu_cve_kernel/blacklist.athlon | 1 -
ubuntu_cve_kernel/blacklist.i386 | 1 -
ubuntu_cve_kernel/blacklist.i686 | 1 -
ubuntu_cve_kernel/blacklist.ppc64el | 1 -
ubuntu_cve_kernel/blacklist.ppc64le | 1 -
ubuntu_cve_kernel/blacklist.riscv64 | 1 -
ubuntu_cve_kernel/blacklist.s390x | 1 -
ubuntu_cve_kernel/blacklist.utopic | 1 -
ubuntu_cve_kernel/blacklist.vivid | 1 -
ubuntu_cve_kernel/blacklist.wily | 1 -
ubuntu_cve_kernel/control | 19 ++++++++++++++++---
ubuntu_cve_kernel/ubuntu_cve_kernel.py | 15 ++++++---------
13 files changed, 22 insertions(+), 23 deletions(-)
delete mode 100644 ubuntu_cve_kernel/blacklist.aarch64
delete mode 100644 ubuntu_cve_kernel/blacklist.athlon
delete mode 100644 ubuntu_cve_kernel/blacklist.i386
delete mode 100644 ubuntu_cve_kernel/blacklist.i686
delete mode 100644 ubuntu_cve_kernel/blacklist.ppc64el
delete mode 100644 ubuntu_cve_kernel/blacklist.ppc64le
delete mode 100644 ubuntu_cve_kernel/blacklist.riscv64
delete mode 100644 ubuntu_cve_kernel/blacklist.s390x
delete mode 100644 ubuntu_cve_kernel/blacklist.utopic
delete mode 100644 ubuntu_cve_kernel/blacklist.vivid
delete mode 100644 ubuntu_cve_kernel/blacklist.wily
diff --git a/ubuntu_cve_kernel/blacklist.aarch64 b/ubuntu_cve_kernel/blacklist.aarch64
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.aarch64
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.athlon b/ubuntu_cve_kernel/blacklist.athlon
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.athlon
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.i386 b/ubuntu_cve_kernel/blacklist.i386
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.i386
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.i686 b/ubuntu_cve_kernel/blacklist.i686
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.i686
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.ppc64el b/ubuntu_cve_kernel/blacklist.ppc64el
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.ppc64el
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.ppc64le b/ubuntu_cve_kernel/blacklist.ppc64le
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.ppc64le
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.riscv64 b/ubuntu_cve_kernel/blacklist.riscv64
deleted file mode 100644
index db0d3979..00000000
--- a/ubuntu_cve_kernel/blacklist.riscv64
+++ /dev/null
@@ -1 +0,0 @@
-ubuntu_cve_kernel is an amd64 only test
diff --git a/ubuntu_cve_kernel/blacklist.s390x b/ubuntu_cve_kernel/blacklist.s390x
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.s390x
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.utopic b/ubuntu_cve_kernel/blacklist.utopic
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.utopic
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.vivid b/ubuntu_cve_kernel/blacklist.vivid
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.vivid
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/blacklist.wily b/ubuntu_cve_kernel/blacklist.wily
deleted file mode 100644
index d00491fd..00000000
--- a/ubuntu_cve_kernel/blacklist.wily
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/ubuntu_cve_kernel/control b/ubuntu_cve_kernel/control
index 8c4bd099..b91f23de 100644
--- a/ubuntu_cve_kernel/control
+++ b/ubuntu_cve_kernel/control
@@ -15,7 +15,20 @@ Tests publicly available CVE exploits
name = 'ubuntu_cve_kernel'
-CVES=['CVE-2015-7550', 'CVE-2015-8543', 'CVE-2015-8660', 'CVE-2016-0728', 'CVE-2016-3134', 'CVE-2016-3135', 'CVE-2016-3672']
-for cve in CVES:
- result = job.run_test_detail(name, cve=cve, tag=cve, timeout=60*15)
+CVES = {'CVE-2015-7550': {'arch-blacklist': []},
+ 'CVE-2015-8543': {'arch-blacklist': []},
+ 'CVE-2015-8660': {'arch-blacklist': []},
+ 'CVE-2016-0728': {'arch-blacklist': []},
+ 'CVE-2016-3134': {'arch-blacklist': []},
+ 'CVE-2016-3135': {'arch-blacklist': []},
+ 'CVE-2016-3672': {'arch-blacklist': ['aarch64', 'athlon', 'ppc64le', 'riscv64', 's390x']},
+}
+
+result = job.run_test_detail(name, test_name='setup', tag='setup', timeout=60*10)
+if result == 'ERROR':
+ print("ERROR: required packages installation has failed, skipping all the sub tests")
+else:
+ for cve in CVES:
+ if not platform.processor() in CVES[cve]['arch-blacklist']:
+ result = job.run_test_detail(name, test_name=cve, tag=cve, timeout=60*15)
diff --git a/ubuntu_cve_kernel/ubuntu_cve_kernel.py b/ubuntu_cve_kernel/ubuntu_cve_kernel.py
index 88c36dc1..5f3cc7af 100644
--- a/ubuntu_cve_kernel/ubuntu_cve_kernel.py
+++ b/ubuntu_cve_kernel/ubuntu_cve_kernel.py
@@ -6,11 +6,6 @@ class ubuntu_cve_kernel(test.test):
def install_required_pkgs(self):
arch = platform.processor()
- try:
- series = platform.dist()[2]
- except AttributeError:
- import distro
- series = distro.codename()
pkgs = [
'build-essential', 'git', 'libkeyutils-dev', 'libfuse-dev', 'pkg-config', 'expect', 'libecryptfs-dev', 'ecryptfs-utils'
@@ -27,11 +22,13 @@ class ubuntu_cve_kernel(test.test):
def setup(self):
self.install_required_pkgs()
self.job.require_gcc()
- utils.system('make -C %s/cves' % self.bindir)
- def run_once(self, cve, exit_on_error=True, set_time=True):
- print('*** %s ***' % cve)
- cmd = 'make -C %s/cves/%s check' % (self.bindir, cve)
+ def run_once(self, test_name, exit_on_error=True, set_time=True):
+ if test_name == 'setup':
+ return
+
+ print('*** %s ***' % test_name)
+ cmd = 'make -C %s/cves/%s check' % (self.bindir, test_name)
self.results = utils.system_output(cmd, retain_output=True)
# vi:set ts=4 sw=4 expandtab syntax=python:
--
2.25.1
More information about the kernel-team
mailing list