diff mbox series

[v2] selftests/seccomp: Fix seccomp failure by adding missing headers

Message ID 20220210203049.67249-1-sherry.yang@oracle.com (mailing list archive)
State Accepted
Headers show
Series [v2] selftests/seccomp: Fix seccomp failure by adding missing headers | expand

Commit Message

Sherry Yang Feb. 10, 2022, 8:30 p.m. UTC
seccomp_bpf failed on tests 47 global.user_notification_filter_empty
and 48 global.user_notification_filter_empty_threaded when it's
tested on updated kernel but with old kernel headers. Because old
kernel headers don't have definition of macro __NR_clone3 which is
required for these two tests. Since under selftests/, we can install
headers once for all tests (the default INSTALL_HDR_PATH is
usr/include), fix it by adding usr/include to the list of directories
to be searched. Use "-isystem" to indicate it's a system directory as
the real kernel headers directories are.

Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
Tested-by: Sherry Yang <sherry.yang@oracle.com>
---
 tools/testing/selftests/seccomp/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kees Cook Feb. 10, 2022, 9:16 p.m. UTC | #1
On Thu, Feb 10, 2022 at 12:30:49PM -0800, Sherry Yang wrote:
> seccomp_bpf failed on tests 47 global.user_notification_filter_empty
> and 48 global.user_notification_filter_empty_threaded when it's
> tested on updated kernel but with old kernel headers. Because old
> kernel headers don't have definition of macro __NR_clone3 which is
> required for these two tests. Since under selftests/, we can install
> headers once for all tests (the default INSTALL_HDR_PATH is
> usr/include), fix it by adding usr/include to the list of directories
> to be searched. Use "-isystem" to indicate it's a system directory as
> the real kernel headers directories are.
> 
> Signed-off-by: Sherry Yang <sherry.yang@oracle.com>

Thanks!

Reviewed-by: Kees Cook <keescook@chromium.org>
Shuah Khan Feb. 10, 2022, 9:36 p.m. UTC | #2
On 2/10/22 2:16 PM, Kees Cook wrote:
> On Thu, Feb 10, 2022 at 12:30:49PM -0800, Sherry Yang wrote:
>> seccomp_bpf failed on tests 47 global.user_notification_filter_empty
>> and 48 global.user_notification_filter_empty_threaded when it's
>> tested on updated kernel but with old kernel headers. Because old
>> kernel headers don't have definition of macro __NR_clone3 which is
>> required for these two tests. Since under selftests/, we can install
>> headers once for all tests (the default INSTALL_HDR_PATH is
>> usr/include), fix it by adding usr/include to the list of directories
>> to be searched. Use "-isystem" to indicate it's a system directory as
>> the real kernel headers directories are.
>>
>> Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
> 
> Thanks!
> 
> Reviewed-by: Kees Cook <keescook@chromium.org>
> 

Thank you. I will queue this up for rc5.

thanks,
-- Shuah
Muhammad Usama Anjum Feb. 10, 2022, 11:11 p.m. UTC | #3
On 2/11/22 1:30 AM, Sherry Yang wrote:
> seccomp_bpf failed on tests 47 global.user_notification_filter_empty
> and 48 global.user_notification_filter_empty_threaded when it's
> tested on updated kernel but with old kernel headers. Because old
> kernel headers don't have definition of macro __NR_clone3 which is
> required for these two tests. Since under selftests/, we can install
> headers once for all tests (the default INSTALL_HDR_PATH is
> usr/include), fix it by adding usr/include to the list of directories
> to be searched. Use "-isystem" to indicate it's a system directory as
> the real kernel headers directories are.
> 
> Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
> Tested-by: Sherry Yang <sherry.yang@oracle.com>
> ---
>  tools/testing/selftests/seccomp/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile
> index 0ebfe8b0e147..585f7a0c10cb 100644
> --- a/tools/testing/selftests/seccomp/Makefile
> +++ b/tools/testing/selftests/seccomp/Makefile
> @@ -1,5 +1,5 @@
>  # SPDX-License-Identifier: GPL-2.0
> -CFLAGS += -Wl,-no-as-needed -Wall
> +CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/"../../../../usr/include/" directory doesn't have header files if
different output directory is used for kselftests build like "make -C
tools/tests/selftest O=build". Can you try adding recently added
variable, KHDR_INCLUDES here which makes this kind of headers inclusion
easy and correct for other build combinations as well?
Muhammad Usama Anjum Feb. 10, 2022, 11:14 p.m. UTC | #4
On 2/11/22 1:30 AM, Sherry Yang wrote:
> seccomp_bpf failed on tests 47 global.user_notification_filter_empty
> and 48 global.user_notification_filter_empty_threaded when it's
> tested on updated kernel but with old kernel headers. Because old
> kernel headers don't have definition of macro __NR_clone3 which is
> required for these two tests. Since under selftests/, we can install
> headers once for all tests (the default INSTALL_HDR_PATH is
> usr/include), fix it by adding usr/include to the list of directories
> to be searched. Use "-isystem" to indicate it's a system directory as
> the real kernel headers directories are.
> 
> Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
> Tested-by: Sherry Yang <sherry.yang@oracle.com>
> ---
>  tools/testing/selftests/seccomp/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile
> index 0ebfe8b0e147..585f7a0c10cb 100644
> --- a/tools/testing/selftests/seccomp/Makefile
> +++ b/tools/testing/selftests/seccomp/Makefile
> @@ -1,5 +1,5 @@
>  # SPDX-License-Identifier: GPL-2.0
> -CFLAGS += -Wl,-no-as-needed -Wall
> +CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/

"../../../../usr/include/" directory doesn't have header files if
different output directory is used for kselftests build like "make -C
tools/tests/selftest O=build". Can you try adding recently added
variable, KHDR_INCLUDES here which makes this kind of headers inclusion
easy and correct for other build combinations as well?
Kees Cook Feb. 10, 2022, 11:58 p.m. UTC | #5
On Fri, Feb 11, 2022 at 04:14:17AM +0500, Muhammad Usama Anjum wrote:
> On 2/11/22 1:30 AM, Sherry Yang wrote:
> > seccomp_bpf failed on tests 47 global.user_notification_filter_empty
> > and 48 global.user_notification_filter_empty_threaded when it's
> > tested on updated kernel but with old kernel headers. Because old
> > kernel headers don't have definition of macro __NR_clone3 which is
> > required for these two tests. Since under selftests/, we can install
> > headers once for all tests (the default INSTALL_HDR_PATH is
> > usr/include), fix it by adding usr/include to the list of directories
> > to be searched. Use "-isystem" to indicate it's a system directory as
> > the real kernel headers directories are.
> > 
> > Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
> > Tested-by: Sherry Yang <sherry.yang@oracle.com>
> > ---
> >  tools/testing/selftests/seccomp/Makefile | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile
> > index 0ebfe8b0e147..585f7a0c10cb 100644
> > --- a/tools/testing/selftests/seccomp/Makefile
> > +++ b/tools/testing/selftests/seccomp/Makefile
> > @@ -1,5 +1,5 @@
> >  # SPDX-License-Identifier: GPL-2.0
> > -CFLAGS += -Wl,-no-as-needed -Wall
> > +CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/
> 
> "../../../../usr/include/" directory doesn't have header files if
> different output directory is used for kselftests build like "make -C
> tools/tests/selftest O=build". Can you try adding recently added
> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
> easy and correct for other build combinations as well?

Ah, if that's true I think there are some other instances in the tree
that need fixing too.
Sherry Yang Feb. 11, 2022, 1:14 a.m. UTC | #6
> On Feb 10, 2022, at 3:14 PM, Muhammad Usama Anjum <usama.anjum@collabora.com> wrote:
> 
> On 2/11/22 1:30 AM, Sherry Yang wrote:
>> seccomp_bpf failed on tests 47 global.user_notification_filter_empty
>> and 48 global.user_notification_filter_empty_threaded when it's
>> tested on updated kernel but with old kernel headers. Because old
>> kernel headers don't have definition of macro __NR_clone3 which is
>> required for these two tests. Since under selftests/, we can install
>> headers once for all tests (the default INSTALL_HDR_PATH is
>> usr/include), fix it by adding usr/include to the list of directories
>> to be searched. Use "-isystem" to indicate it's a system directory as
>> the real kernel headers directories are.
>> 
>> Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
>> Tested-by: Sherry Yang <sherry.yang@oracle.com>
>> ---
>> tools/testing/selftests/seccomp/Makefile | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile
>> index 0ebfe8b0e147..585f7a0c10cb 100644
>> --- a/tools/testing/selftests/seccomp/Makefile
>> +++ b/tools/testing/selftests/seccomp/Makefile
>> @@ -1,5 +1,5 @@
>> # SPDX-License-Identifier: GPL-2.0
>> -CFLAGS += -Wl,-no-as-needed -Wall
>> +CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/
> 
> "../../../../usr/include/" directory doesn't have header files if
> different output directory is used for kselftests build like "make -C
> tools/tests/selftest O=build". Can you try adding recently added
> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
> easy and correct for other build combinations as well?
> 
> 

Hi Muhammad,

I just pulled linux-next, and tried with KHDR_INCLUDES. It works. Very nice 
work! I really appreciate you made headers inclusion compatible. However, 
my case is a little more complicated. It will throw warnings with -I, using 
-isystem can suppress these warnings, more details please refer to 
https://lore.kernel.org/all/C340461A-6FD2-440A-8EFC-D7E85BF48DB5@oracle.com/

According to this case, do you think will it be better to export header path 
(KHDR_INCLUDES) without “-I”?

Thanks,
Sherry
Muhammad Usama Anjum Feb. 14, 2022, 4:12 p.m. UTC | #7
>> "../../../../usr/include/" directory doesn't have header files if
>> different output directory is used for kselftests build like "make -C
>> tools/tests/selftest O=build". Can you try adding recently added
>> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
>> easy and correct for other build combinations as well?
>>
>>
> 
> Hi Muhammad,
> 
> I just pulled linux-next, and tried with KHDR_INCLUDES. It works. Very nice 
> work! I really appreciate you made headers inclusion compatible. However, 
> my case is a little more complicated. It will throw warnings with -I, using 
> -isystem can suppress these warnings, more details please refer to 
> https://lore.kernel.org/all/C340461A-6FD2-440A-8EFC-D7E85BF48DB5@oracle.com/
> 
> According to this case, do you think will it be better to export header path 
> (KHDR_INCLUDES) without “-I”?
Well said. I've thought about it and it seems like -isystem is better
than -I. I've sent a patch:
https://lore.kernel.org/linux-kselftest/20220214160756.3543590-1-usama.anjum@collabora.com/
I'm looking forward to discussion on it.

Thanks,
Usama
Muhammad Usama Anjum Feb. 15, 2022, 6:17 p.m. UTC | #8
On 2/14/22 9:12 PM, Muhammad Usama Anjum wrote:
>>> "../../../../usr/include/" directory doesn't have header files if
>>> different output directory is used for kselftests build like "make -C
>>> tools/tests/selftest O=build". Can you try adding recently added
>>> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
>>> easy and correct for other build combinations as well?
>>>
>>>
>>
>> Hi Muhammad,
>>
>> I just pulled linux-next, and tried with KHDR_INCLUDES. It works. Very nice 
>> work! I really appreciate you made headers inclusion compatible. However, 
>> my case is a little more complicated. It will throw warnings with -I, using 
>> -isystem can suppress these warnings, more details please refer to 
>> https://lore.kernel.org/all/C340461A-6FD2-440A-8EFC-D7E85BF48DB5@oracle.com/
>>
>> According to this case, do you think will it be better to export header path 
>> (KHDR_INCLUDES) without “-I”?
> Well said. I've thought about it and it seems like -isystem is better
> than -I. I've sent a patch:
> https://lore.kernel.org/linux-kselftest/20220214160756.3543590-1-usama.anjum@collabora.com/
> I'm looking forward to discussion on it.
The patch has been accepted. It should appear in linux-next soon. You
should be able to use KHDR_INCLUDES easily now.

Thanks,
Usama
Shuah Khan Feb. 15, 2022, 6:43 p.m. UTC | #9
On 2/15/22 11:17 AM, Muhammad Usama Anjum wrote:
> 
> On 2/14/22 9:12 PM, Muhammad Usama Anjum wrote:
>>>> "../../../../usr/include/" directory doesn't have header files if
>>>> different output directory is used for kselftests build like "make -C
>>>> tools/tests/selftest O=build". Can you try adding recently added
>>>> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
>>>> easy and correct for other build combinations as well?
>>>>
>>>>
>>>
>>> Hi Muhammad,
>>>
>>> I just pulled linux-next, and tried with KHDR_INCLUDES. It works. Very nice
>>> work! I really appreciate you made headers inclusion compatible. However,
>>> my case is a little more complicated. It will throw warnings with -I, using
>>> -isystem can suppress these warnings, more details please refer to
>>> https://lore.kernel.org/all/C340461A-6FD2-440A-8EFC-D7E85BF48DB5@oracle.com/
>>>
>>> According to this case, do you think will it be better to export header path
>>> (KHDR_INCLUDES) without “-I”?
>> Well said. I've thought about it and it seems like -isystem is better
>> than -I. I've sent a patch:
>> https://lore.kernel.org/linux-kselftest/20220214160756.3543590-1-usama.anjum@collabora.com/
>> I'm looking forward to discussion on it.
> The patch has been accepted. It should appear in linux-next soon. You
> should be able to use KHDR_INCLUDES easily now.
> 

Sherry,

I pulled in your patch as a fix as is for 5.17-rc5.

Using KHDR_INCLUDES can be separate patch for next release.
This way the fix is going to be pulled for this release
without dependencies on other patches.

thanks,
-- Shuah
Sherry Yang Feb. 15, 2022, 6:51 p.m. UTC | #10
> On Feb 15, 2022, at 10:43 AM, Shuah Khan <skhan@linuxfoundation.org> wrote:
> 
> On 2/15/22 11:17 AM, Muhammad Usama Anjum wrote:
>> On 2/14/22 9:12 PM, Muhammad Usama Anjum wrote:
>>>>> "../../../../usr/include/" directory doesn't have header files if
>>>>> different output directory is used for kselftests build like "make -C
>>>>> tools/tests/selftest O=build". Can you try adding recently added
>>>>> variable, KHDR_INCLUDES here which makes this kind of headers inclusion
>>>>> easy and correct for other build combinations as well?
>>>>> 
>>>>> 
>>>> 
>>>> Hi Muhammad,
>>>> 
>>>> I just pulled linux-next, and tried with KHDR_INCLUDES. It works. Very nice
>>>> work! I really appreciate you made headers inclusion compatible. However,
>>>> my case is a little more complicated. It will throw warnings with -I, using
>>>> -isystem can suppress these warnings, more details please refer to
>>>> https://urldefense.com/v3/__https://lore.kernel.org/all/C340461A-6FD2-440A-8EFC-D7E85BF48DB5@oracle.com/__;!!ACWV5N9M2RV99hQ!e4ajMH2HRzLNZZDe3Z1iqAO7L8SVjqnvp-a5NfT6I-mKD59xjA-zHM8TAfkJM1Udcg$ 
>>>> According to this case, do you think will it be better to export header path
>>>> (KHDR_INCLUDES) without “-I”?
>>> Well said. I've thought about it and it seems like -isystem is better
>>> than -I. I've sent a patch:
>>> https://urldefense.com/v3/__https://lore.kernel.org/linux-kselftest/20220214160756.3543590-1-usama.anjum@collabora.com/__;!!ACWV5N9M2RV99hQ!e4ajMH2HRzLNZZDe3Z1iqAO7L8SVjqnvp-a5NfT6I-mKD59xjA-zHM8TAfk0AVSbFg$ I'm looking forward to discussion on it.
>> The patch has been accepted. It should appear in linux-next soon. You
>> should be able to use KHDR_INCLUDES easily now.
> 
> Sherry,
> 
> I pulled in your patch as a fix as is for 5.17-rc5.
> 
> Using KHDR_INCLUDES can be separate patch for next release.
> This way the fix is going to be pulled for this release
> without dependencies on other patches.
> 
> thanks,
> -- Shuah


Oh, I just sent out v3 patch before I received the updates. Okay, I will send
a separate patch with KHDR_INCLUDES later.

Thanks,
Sherry
diff mbox series

Patch

diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile
index 0ebfe8b0e147..585f7a0c10cb 100644
--- a/tools/testing/selftests/seccomp/Makefile
+++ b/tools/testing/selftests/seccomp/Makefile
@@ -1,5 +1,5 @@ 
 # SPDX-License-Identifier: GPL-2.0
-CFLAGS += -Wl,-no-as-needed -Wall
+CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/
 LDFLAGS += -lpthread
 
 TEST_GEN_PROGS := seccomp_bpf seccomp_benchmark