[PATCH linux-kselftest/test v1] apparmor: add AppArmor KUnit tests for policy unpack

Alan Maguire alan.maguire at oracle.com
Sat Oct 19 12:56:01 UTC 2019


On Fri, 18 Oct 2019, Luis Chamberlain wrote:

> On Thu, Oct 17, 2019 at 05:18:16PM -0700, Brendan Higgins wrote:
> > From: Mike Salvatore <mike.salvatore at canonical.com>
> > 
> > In order to write the tests against the policy unpacking code, some
> > static functions needed to be exposed for testing purposes. One of the
> > goals of this patch is to establish a pattern for which testing these
> > kinds of functions should be done in the future.
> 
> And you'd run into the same situation expressed elsewhere with kunit of
> an issue of the kunit test as built-in working but if built as a module
> then it would not work, given the lack of exports. Symbols namespaces
> should resolve this [0], and we'd be careful where a driver imports this
> namespace.
> 
> [0] https://lwn.net/Articles/798254/
>

Thanks for the link! Looks interesting for us definitely!

WRT adding tests, I think what we're aiming at is a set of best practices 
to advise test developers using KUnit, while attempting to minimize 
side-effects of any changes we need to make to support testability.

One aspect of this we probably have to consider is inlining of code. For 
cases like this where the functions are small and are called in a small 
number of cases, any testability changes we make may push a 
previously-inlined function to not be inlined, with potential performance 
side-effects for the subsystem.  In such cases, I wonder if the right 
answer would be to suggest actually defining the functions as 
inline in the header file? That way the compiler still gets to decide (as 
opposed to __always_inline), and we don't perturb performance too much.

Thanks!

Alan

>   Luis
> 



More information about the Linux-security-module-archive mailing list