Message ID | 20231013074748.702214-5-pvorel@suse.cz |
---|---|
State | Changes Requested |
Headers | show |
Series | Add .modprobe (loading modules in C API) | expand |
Hello, Petr Vorel <pvorel@suse.cz> writes: > Signed-off-by: Petr Vorel <pvorel@suse.cz> > --- > testcases/network/can/cve/can_bcm01.c | 19 ++++++++++--------- > 1 file changed, 10 insertions(+), 9 deletions(-) > > diff --git a/testcases/network/can/cve/can_bcm01.c b/testcases/network/can/cve/can_bcm01.c > index d9a835b03..ec98db133 100644 > --- a/testcases/network/can/cve/can_bcm01.c > +++ b/testcases/network/can/cve/can_bcm01.c > @@ -41,14 +41,6 @@ static void setup(void) > { > struct sockaddr_can addr = { .can_family = AF_CAN }; > > - /* > - * Older kernels require explicit modprobe of vcan. Newer kernels > - * will load the modules automatically and support CAN in network > - * namespace which would eliminate the need for running the test > - * with root privileges. > - */ > - tst_cmd((const char*[]){"modprobe", "vcan", NULL}, NULL, NULL, 0); > - > NETDEV_ADD_DEVICE(LTP_DEVICE, "vcan"); > NETDEV_SET_STATE(LTP_DEVICE, 1); > addr.can_ifindex = NETDEV_INDEX_BY_NAME(LTP_DEVICE); > @@ -143,10 +135,19 @@ static struct tst_test test = { > .skip_in_compat = 1, > .max_runtime = 30, > .needs_drivers = (const char *const[]) { > - "vcan", > "can-bcm", > NULL > }, > + /* > + * Older kernels require explicit modprobe of vcan. Newer kernels > + * will load the modules automatically and support CAN in network > + * namespace which would eliminate the need for running the test > + * with root privileges. > + */ This comment is wrong and can be removed. It also (or only?) depends on kernel config whether modules are loaded automatically. It is a security feature to remove automatic modprobe. IDK if older kernels lacked auto module loading. > + .modprobe = (const char *const[]) { > + "vcan", > + NULL > + }, > .tags = (const struct tst_tag[]) { > {"linux-git", "d5f9023fa61e"}, > {"CVE", "2021-3609"}, > -- > 2.42.0
Hi Richie, > Hello, > Petr Vorel <pvorel@suse.cz> writes: ... > > testcases/network/can/cve/can_bcm01.c | 19 ++++++++++--------- > > addr.can_ifindex = NETDEV_INDEX_BY_NAME(LTP_DEVICE); > > @@ -143,10 +135,19 @@ static struct tst_test test = { > > .skip_in_compat = 1, > > .max_runtime = 30, > > .needs_drivers = (const char *const[]) { > > - "vcan", > > "can-bcm", > > NULL > > }, > > + /* > > + * Older kernels require explicit modprobe of vcan. Newer kernels > > + * will load the modules automatically and support CAN in network > > + * namespace which would eliminate the need for running the test > > + * with root privileges. > > + */ > This comment is wrong and can be removed. It also (or only?) depends on > kernel config whether modules are loaded automatically. It is a security > feature to remove automatic modprobe. IDK if older kernels lacked auto > module loading. Yes, "blacklist foo" in /etc/modprobe.d/*.conf. Actually loading kernel modules with modprobe will detect problems which checking with .needs_drivers or .needs_kconfigs does not detect. e.g. the problems with missing modules on openSUSE JeOS. But as I wrote elsewhere [1], with explicit loading we don't test module auto-loading. The approach we have now, that load modules only when needed is IMHO better. But maybe I'm wrong. Kind regards, Petr [1] https://lore.kernel.org/ltp/20231103121201.GA1005170@pevik/ > > + .modprobe = (const char *const[]) { > > + "vcan", > > + NULL > > + }, > > .tags = (const struct tst_tag[]) { > > {"linux-git", "d5f9023fa61e"}, > > {"CVE", "2021-3609"},
diff --git a/testcases/network/can/cve/can_bcm01.c b/testcases/network/can/cve/can_bcm01.c index d9a835b03..ec98db133 100644 --- a/testcases/network/can/cve/can_bcm01.c +++ b/testcases/network/can/cve/can_bcm01.c @@ -41,14 +41,6 @@ static void setup(void) { struct sockaddr_can addr = { .can_family = AF_CAN }; - /* - * Older kernels require explicit modprobe of vcan. Newer kernels - * will load the modules automatically and support CAN in network - * namespace which would eliminate the need for running the test - * with root privileges. - */ - tst_cmd((const char*[]){"modprobe", "vcan", NULL}, NULL, NULL, 0); - NETDEV_ADD_DEVICE(LTP_DEVICE, "vcan"); NETDEV_SET_STATE(LTP_DEVICE, 1); addr.can_ifindex = NETDEV_INDEX_BY_NAME(LTP_DEVICE); @@ -143,10 +135,19 @@ static struct tst_test test = { .skip_in_compat = 1, .max_runtime = 30, .needs_drivers = (const char *const[]) { - "vcan", "can-bcm", NULL }, + /* + * Older kernels require explicit modprobe of vcan. Newer kernels + * will load the modules automatically and support CAN in network + * namespace which would eliminate the need for running the test + * with root privileges. + */ + .modprobe = (const char *const[]) { + "vcan", + NULL + }, .tags = (const struct tst_tag[]) { {"linux-git", "d5f9023fa61e"}, {"CVE", "2021-3609"},
Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/network/can/cve/can_bcm01.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-)