On Thu, Apr 14, 2022, Ben Gardon wrote: > On Wed, Apr 13, 2022 at 3:48 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > First off, huge kudos for negative testing! But, it's going to provide poor coverage > > if we teach everyone to use the runner script, because that'll likely require root on > > most hosts, e.g. to futz with the module param. > > > > Aha! Idea. And it should eliminate the SYS_reboot shenanigans, which while hilarious, > > are mildy scary. > > > > In the runner script, wrap all the modification of sysfs knobs with sudo, and then > > (again with sudo) do: > > > > setcap cap_sys_boot+ep path/to/nx_huge_pages_test > > path/to/nx_huge_pages_test MAGIC_NUMBER -b > > > > where "-b" means "has CAP_SYS_BOOT". And then > > > > setcap cap_sys_boot-ep path/to/nx_huge_pages_test > > path/to/nx_huge_pages_test MAGIC_NUMBER > > > > Hmm, and I guess if the script is run as root, just skip the second invocation. > > Wouldn't it be easier to just run the test binary twice and just have > the second time run without root permissions? I don't know if there's > an easy way to do that. I don't think so, e.g. what if there is no other user account to switch to? On the other hand, I doubt I'm the only person that typically runs selftests with a user account. Using setcap isn't hard, e.g. # If the test isn't running as root, verify KVM correctly rejects the # per-VM override if the process doesn't have CAP_SYS_BOOT. if [[ $(id -u) -ne 0 ]]; then sudo setcap cap_sys_boot-ep path/to/nx_huge_pages_test path/to/nx_huge_pages_test MAGIC_NUMBER sudo setcap cap_sys_boot+ep path/to/nx_huge_pages_test fi # The test now has CAP_SYS_BOOT, or is running as root. path/to/nx_huge_pages_test MAGIC_NUMBER -b Bonus points if you want to save/restore the capability.
