IMA: Fix exit test on subprocess

Calling tst_brk from shell subprocess $() causes failure to umount tmp device due subprocess cwd still being in the mounted directory: # PATH="/opt/ltp/testcases/bin:$PATH" ima_tpm.sh ... ima_tpm 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_tpm 1 TCONF: Cannot find digest index (template: 'ima-buf') umount: /tmp/LTP_ima_tpm.GBmcnMKvVE/mntpoint: target is busy. ima_tpm 1 TINFO: umount(/tmp/LTP_ima_tpm.GBmcnMKvVE/mntpoint) failed, try 1 ... ima_tpm 1 TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests. ... ima_tpm 1 TWARN: Failed to umount(/tmp/LTP_ima_tpm.s5k30zgS3o/mntpoint) after 50 retries tst_device.c:269: TWARN: ioctl(/dev/loop7, LOOP_CLR_FD, 0) no ENXIO for too long Fixed by redirecting output to the file: # PATH="/opt/ltp/testcases/bin:$PATH" ima_tpm.sh ... ima_tpm 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_tpm 1 TWARN: Cannot find digest index (template: 'ima-buf') ima_tpm 1 TBROK: failed to get algorithm/digest Fixes: ef1de0c ("IMA: Move get_algorithm_digest(), set_digest_index() to ima_setup.sh") Signed-off-by: Petr Vorel <[email protected]>
linux-test-project · Jan 14, 2025 · 304d417 · 304d417
1 parent 7da7956
commit 304d417
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 13 deletions.
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -218,8 +218,10 @@ set_digest_index()
 		done
 	esac
 
-	[ -z "$DIGEST_INDEX" ] && tst_brk TCONF \
-		"Cannot find digest index (template: '$template')"
+	if [ -z "$DIGEST_INDEX" ]; then
+		tst_res TWARN "Cannot find digest index (template: '$template')"
+		return 1
+	fi
 }
 
 get_algorithm_digest()
@@ -233,7 +235,13 @@ get_algorithm_digest()
 		return 1
 	fi
 
-	[ -z "$DIGEST_INDEX" ] && set_digest_index
+	if [ -z "$DIGEST_INDEX" ]; then
+		set_digest_index
+	fi
+	if [ -z "$DIGEST_INDEX" ]; then
+		return 1
+	fi
+
 	digest=$(echo "$line" | cut -d' ' -f $DIGEST_INDEX)
 	if [ -z "$digest" ]; then
 		echo "digest not found (index: $DIGEST_INDEX, line: '$line')"
@@ -267,18 +275,18 @@ get_algorithm_digest()
 ima_check()
 {
 	local test_file="$1"
-	local algorithm digest expected_digest line tmp
+	local algorithm digest expected_digest line
 
 	# need to read file to get updated $ASCII_MEASUREMENTS
 	cat $test_file > /dev/null
 
 	line="$(grep $test_file $ASCII_MEASUREMENTS | tail -1)"
 
-	if tmp=$(get_algorithm_digest "$line"); then
-		algorithm=$(echo "$tmp" | cut -d'|' -f1)
-		digest=$(echo "$tmp" | cut -d'|' -f2)
+	if get_algorithm_digest "$line" > tmp; then
+		algorithm=$(cat tmp | cut -d'|' -f1)
+		digest=$(cat tmp | cut -d'|' -f2)
 	else
-		tst_brk TBROK "failed to get algorithm/digest for '$test_file': $tmp"
+		tst_brk TBROK "failed to get algorithm/digest for '$test_file'"
 	fi
 
 	tst_res TINFO "computing digest for $algorithm algorithm"

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
@@ -17,14 +17,14 @@ ERRMSG_TPM="TPM hardware support not enabled in kernel or no TPM chip found"
 setup()
 {
 	local config="${KCONFIG_PATH:-/boot/config-$(uname -r)}"
-	local line tmp
+	local line
 
 	read line < $ASCII_MEASUREMENTS
-	if tmp=$(get_algorithm_digest "$line"); then
-		ALGORITHM=$(echo "$tmp" | cut -d'|' -f1)
-		DIGEST=$(echo "$tmp" | cut -d'|' -f2)
+	if get_algorithm_digest "$line" > tmp; then
+		ALGORITHM=$(cat tmp | cut -d'|' -f1)
+		DIGEST=$(cat tmp | cut -d'|' -f2)
 	else
-		tst_brk TBROK "failed to get algorithm/digest: $tmp"
+		tst_brk TBROK "failed to get algorithm/digest"
 	fi
 	tst_res TINFO "used algorithm: $ALGORITHM"