backport some patches

(cherry picked from commit 6559117500303659f7a061847662458d4037a7da)

backport-Add-memory-debug-in-mem_pool.patch

@@ -0,0 +1,45 @@
+From 2ca49371b548b56d192f571866fb28c548746ad1 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 19 Feb 2024 10:35:34 +0800
+Subject: [PATCH 20/26] Add memory debug in mem_pool
+
+---
+ src/core/dim_core_mem_pool.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/core/dim_core_mem_pool.c b/src/core/dim_core_mem_pool.c
+index 974033f..a9f0177 100644
+--- a/src/core/dim_core_mem_pool.c
++++ b/src/core/dim_core_mem_pool.c
+@@ -4,6 +4,7 @@
+ 
+ #include <linux/mm.h>
+ 
++#include "dim_safe_func.h"
+ #include "dim_utils.h"
+ 
+ #include "dim_core_mem_pool.h"
+@@ -108,6 +109,9 @@ void *dim_mem_pool_alloc(size_t size)
+ 	if (data == NULL)
+ 		return NULL;
+ out:
++	#ifdef DIM_DEBUG_MEMORY_LEAK
++		dim_alloc_debug_inc();
++	#endif
+ 	data->size = mem_size;
+ 	return data->data;
+ }
+@@ -130,6 +134,10 @@ void dim_mem_pool_free(const void *data)
+ 	}
+ 
+ 	gen_pool_free(dim_pool, (uintptr_t)mem, mem->size);
++
++	#ifdef DIM_DEBUG_MEMORY_LEAK
++		dim_alloc_debug_dec();
++	#endif
+ }
+ 
+ void dim_mem_pool_walk_chunk(pool_chunk_visitor f, void *data)
+-- 
+2.33.0
+

backport-Add-warpper-for-strncmp-and-strncpy.patch

@@ -0,0 +1,58 @@
+From f41760b3595c893ac0d3f0238401a2aae94224a7 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 20 Feb 2024 10:58:12 +0800
+Subject: [PATCH 22/26] Add warpper for strncmp and strncpy
+
+---
+ src/common/dim_baseline.c                 | 2 +-
+ src/common/dim_safe_func.h                | 8 ++++++++
+ src/core/policy/dim_core_policy_complex.c | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
+index e79458d..3fae1f9 100644
+--- a/src/common/dim_baseline.c
++++ b/src/common/dim_baseline.c
+@@ -106,7 +106,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
+ 	if (ret < 0)
+ 		goto err;
+ 
+-	strncpy((char *)baseline->name, name, buf_len - 1);
++	dim_strncpy((char *)baseline->name, name, buf_len - 1);
+         ((char *)baseline->name)[buf_len - 1] = '\0';
+ 
+ 	write_lock(&root->lock);
+diff --git a/src/common/dim_safe_func.h b/src/common/dim_safe_func.h
+index 3e97f4e..15c716c 100644
+--- a/src/common/dim_safe_func.h
++++ b/src/common/dim_safe_func.h
+@@ -132,4 +132,12 @@ static inline int dim_strncmp(const char *cs, const char *ct, size_t count)
+ 	return strncmp(cs, ct, count);
+ }
+ 
++static inline char *dim_strncpy(char *dest, const char *src, size_t count)
++{
++	if (dest == NULL || src == NULL)
++		return NULL;
++
++	return strncpy(dest, src, count);
++}
++
+ #endif
+\ No newline at end of file
+diff --git a/src/core/policy/dim_core_policy_complex.c b/src/core/policy/dim_core_policy_complex.c
+index 18a9e58..8c02227 100644
+--- a/src/core/policy/dim_core_policy_complex.c
++++ b/src/core/policy/dim_core_policy_complex.c
+@@ -63,7 +63,7 @@ static int policy_get_key(const char *s, const char **val)
+ 
+ 	for (; i < DIM_POLICY_KEY_LAST; i++) {
+ 		len = strlen(dim_policy_key_str[i]);
+-		if (strncmp(s, dim_policy_key_str[i], len) == 0) {
++		if (dim_strncmp(s, dim_policy_key_str[i], len) == 0) {
+ 			*val = s + len;
+ 			return i;
+ 		}
+-- 
+2.33.0
+

backport-Disable-dfx-testcase-by-default.patch

@@ -0,0 +1,37 @@
+From 134b666b9ea72c640a20c4a6f3eb87a9b301542a Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 20 Feb 2024 12:52:39 +0800
+Subject: [PATCH 25/26] Disable dfx testcase by default
+
+---
+ test/test_dfx/test_dim_core_dfx.sh | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/test/test_dfx/test_dim_core_dfx.sh b/test/test_dfx/test_dim_core_dfx.sh
+index 78deb33..f3f64f0 100644
+--- a/test/test_dfx/test_dim_core_dfx.sh
++++ b/test/test_dfx/test_dim_core_dfx.sh
+@@ -28,9 +28,10 @@ test_rmmod_when_baseline() {
+     done
+ }
+ 
+-case_list="
+-           test_rmmod_when_baseline \
+-           "
++# The following testcases are disabled by default:
++#          test_rmmod_when_baseline
++
++case_list=""
+ 
+ echo "===== Start testing dim_core DFX ====="
+ 
+@@ -45,4 +46,4 @@ for case in $case_list; do
+     test_post
+ done
+ 
+-echo "===== End testing dim_core DFX ====="
+\ No newline at end of file
++echo "===== End testing dim_core DFX ====="
+-- 
+2.33.0
+

backport-Dont-queue-measurement-task-when-baseline-failed.patch

@@ -0,0 +1,34 @@
+From 6617fb034f69009893c33c8dd6b4e1485b77800f Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Wed, 14 Feb 2024 13:21:27 +0800
+Subject: [PATCH 17/26] Dont queue measurement task when baseline failed
+
+---
+ src/core/dim_core_measure.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index 4ccbd0c..ff134e5 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -120,6 +120,10 @@ static void measure_work_cb(struct work_struct *work)
+ static void baseline_work_cb(struct work_struct *work)
+ {
+ 	dim_measure_task_measure(DIM_BASELINE, &dim_core_handle);
++	/* if baseline is failed, dont perform measurement */
++	if (dim_measure_status_error(&dim_core_handle))
++		return;
++
+ 	queue_delayed_measure_work();
+ }
+ 
+@@ -244,4 +248,4 @@ void dim_core_measure_destroy(void)
+ 	dim_measure_destroy(&dim_core_handle);
+ 	dim_core_policy_destroy();
+ 	mutex_unlock(&dim_core_measure_lock);
+-}
+\ No newline at end of file
++}
+-- 
+2.33.0
+

backport-Fix-potential-integer-overflow.patch

@@ -0,0 +1,25 @@
+From f298f9aaef28f5846b746e1c9596ad9d8c85b155 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 19 Feb 2024 10:01:41 +0800
+Subject: [PATCH 19/26] Fix potential integer overflow
+
+---
+ src/core/tasks/dim_core_measure_kernel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
+index d49095b..077f30a 100644
+--- a/src/core/tasks/dim_core_measure_kernel.c
++++ b/src/core/tasks/dim_core_measure_kernel.c
+@@ -21,7 +21,7 @@
+ 
+ static int code_cmp(const void *a, const void *b)
+ {
+-	return *(unsigned long *)a - *(unsigned long *)b;
++	return *(unsigned long *)a > *(unsigned long *)b ? 1 : 0;
+ }
+ 
+ static int sort_jump_table(struct jump_entry *sjump,
+-- 
+2.33.0
+

backport-Optimize-Makefile.patch

@@ -0,0 +1,209 @@
+From fef290b506eb5aad0afab0183b577567d0d4d5ac Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 13 Feb 2024 21:33:21 +0800
+Subject: [PATCH 16/26] Optimize Makefile
+
+1. Support to set the compile macro for different measure methods.
+2. Support the "make test" command
+---
+ Makefile                  | 13 +++++++++++++
+ src/Makefile              | 40 ++++++++++++++++++++-------------------
+ test/Makefile             | 11 +++++++++++
+ test/common.sh            |  6 +++---
+ test/test_dim_core.sh     |  2 +-
+ test/test_module/Makefile | 16 ++++++++--------
+ 6 files changed, 57 insertions(+), 31 deletions(-)
+ create mode 100644 Makefile
+ create mode 100644 test/Makefile
+
+diff --git a/Makefile b/Makefile
+new file mode 100644
+index 0000000..4ac7c58
+--- /dev/null
++++ b/Makefile
+@@ -0,0 +1,13 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++
++.PHONY: all test clean
++
++all:
++	make -C src/
++
++test:
++	make -C test/
++
++clean:
++	make -C src/ clean
++	make -C test/ clean
+\ No newline at end of file
+diff --git a/src/Makefile b/src/Makefile
+index af058d9..8f4dce8 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -9,17 +9,21 @@ dim_core-objs += core/dim_core_mem_pool.o
+ dim_core-objs += core/dim_core_measure.o
+ dim_core-objs += core/dim_core_symbol.o
+ dim_core-objs += core/dim_core_sig.o
+-dim_core-objs += core/static_baseline/dim_core_static_baseline.o
+-dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
++
+ dim_core-objs += core/tasks/dim_core_measure_kernel.o
+ dim_core-objs += core/tasks/dim_core_measure_module.o
++dim_core-objs += core/tasks/dim_core_measure_process/dim_vm_hash.o
++dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process.o
++ifeq ($(DIM_CORE_MEASURE_PROCESS_ELF), y)
+ dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process_elf.o
++ccflags-y += -DDIM_CORE_MEASURE_PROCESS_ELF
++else
+ dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process_vma.o
+-dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process.o
+-dim_core-objs += core/tasks/dim_core_measure_process/dim_vm_hash.o
++endif
+ 
+ dim_core-objs += core/policy/dim_core_policy.o
+ dim_core-objs += core/policy/dim_core_policy_complex.o
++
+ dim_core-objs += core/static_baseline/dim_core_static_baseline.o
+ dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
+ 
+@@ -40,6 +44,10 @@ dim_monitor-objs += monitor/dim_monitor_main.o
+ dim_monitor-objs += monitor/dim_monitor_fs.o
+ dim_monitor-objs += monitor/dim_monitor_measure.o
+ dim_monitor-objs += monitor/dim_monitor_symbol.o
++
++dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
++dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
++
+ dim_monitor-objs += common/dim_entry.o
+ dim_monitor-objs += common/dim_hash.o
+ dim_monitor-objs += common/dim_utils.o
+@@ -52,8 +60,6 @@ dim_monitor-objs += measure/dim_measure_baseline.o
+ dim_monitor-objs += measure/dim_measure_task.o
+ dim_monitor-objs += measure/dim_measure_utils.o
+ dim_monitor-objs += measure/dim_measure_status.o
+-dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
+-dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
+ 
+ ccflags-y := -I$(src)/core
+ ccflags-y += -I$(src)/core/static_baseline
+@@ -65,24 +71,20 @@ ccflags-y += -I$(src)/monitor/measure_task
+ ccflags-y += -I$(src)/common
+ ccflags-y += -I$(src)/measure
+ 
+-EXTRA_CFLAGS += -Wall -Werror -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong 
++ccflags-y += -Wall -Werror -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong
+ 
+ KERNEL_SRC ?= /lib/modules/$(shell uname -r)/build
+ PWD := $(shell pwd)
+ 
+-.PHONY: install test clean
++.PHONY: all modules modules_install clean
+ 
+-all:
+-	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}"
++all: modules
+ 
+-clean:
+-	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
++modules:
++	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules
+ 
+-install:
+-	rmmod -f dim_monitor || :
+-	rmmod -f dim_core || :
+-	insmod dim_core.ko
+-	insmod dim_monitor.ko
++modules_install:
++	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules_install
+ 
+-test:
+-	cd ../test && { sh test_dim_core.sh; sh test_dim_monitor.sh; }
++clean:
++	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
+diff --git a/test/Makefile b/test/Makefile
+new file mode 100644
+index 0000000..4a61307
+--- /dev/null
++++ b/test/Makefile
+@@ -0,0 +1,11 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++
++.PHONY: test
++
++test:
++	sh test_dim_core.sh
++	sh test_dim_monitor.sh
++
++clean:
++	rm -f log
++	make -C test_module/ clean
+\ No newline at end of file
+diff --git a/test/common.sh b/test/common.sh
+index 3bd8ced..a16c564 100644
+--- a/test/common.sh
++++ b/test/common.sh
+@@ -6,8 +6,8 @@ TEST_DEMO_DIR=/opt/dim/demo
+ TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
+ 
+ TEST_LOG=log
+-DIM_CORE_PATH=/root/dim/dim_core.ko
+-DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
++DIM_CORE_PATH=../src/dim_core.ko
++DIM_MONITOR_PATH=../src/dim_monitor.ko
+ 
+ DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
+ DIM_POLICY_PATH=/etc/dim/policy
+@@ -144,7 +144,7 @@ DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/l
+ 
+ dim_gen_baseline_all() {
+     if [ $1 ]; then
+-        digest_algorithm="-a sm3"
++        digest_algorithm="-a$1"
+     else
+         digest_algorithm=""
+     fi
+diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
+index 01fa2b9..8d707cc 100644
+--- a/test/test_dim_core.sh
++++ b/test/test_dim_core.sh
+@@ -88,7 +88,7 @@ test_measure_all_text_normal() {
+ }
+ 
+ test_measure_all_text_normal_sm3() {
+-    dim_gen_baseline_all 1
++    dim_gen_baseline_all sm3
+     dim_gen_policy_all
+     load_dim_modules "measure_hash=sm3"
+     check_dim_core_log_normal
+diff --git a/test/test_module/Makefile b/test/test_module/Makefile
+index 4255525..240e73e 100644
+--- a/test/test_module/Makefile
++++ b/test/test_module/Makefile
+@@ -2,15 +2,15 @@
+ 
+ obj-m := dim_test_module_demo.o
+ 
+-KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
+-CONFIG_MODULE_SIG=n
+-
++KERNEL_SRC ?= /lib/modules/$(shell uname -r)/build
+ PWD := $(shell pwd)
+ 
+-modules :
+-	$(MAKE) -C $(KERNEL) M=$(PWD) modules
++.PHONY: all modules clean
++
++all: modules
+ 
+-.PHONEY:clean
++modules:
++	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules
+ 
+-clean :
+-	$(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
++clean:
++	$(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
+\ No newline at end of file
+-- 
+2.33.0
+

backport-Optimize-test-framework-and-add-testcases.patch

@@ -0,0 +1,747 @@
+From cfa580aa836f8c7f93e28971827bc67fdc20c679 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 19 Feb 2024 15:18:49 +0800
+Subject: [PATCH 21/26] Optimize test framework and add testcases
+
+---
+ test/Makefile                                 |  16 ++-
+ test/README.md                                |  23 ----
+ test/common.sh                                |  47 ++++---
+ test/test_dfx/Makefile                        |  11 ++
+ test/test_dfx/test_dim_core_dfx.sh            |  48 ++++++++
+ test/test_dim_monitor.sh                      |  32 -----
+ test/test_function/Makefile                   |  11 ++
+ test/{ => test_function}/dim_test_demo.c      |   2 +-
+ .../dim_test_demo_tamper.c                    |   2 +-
+ test/{ => test_function}/test_dim_core.sh     |  34 +++--
+ test/test_function/test_dim_monitor.sh        |  47 +++++++
+ test/{ => test_function}/test_module/Makefile |   2 +-
+ .../test_module/dim_test_module_demo.c        |   2 +-
+ .../test_module/dim_test_module_demo_tamper.c |   2 +-
+ test/test_interface/Makefile                  |  12 ++
+ test/test_interface/test_dim_core_modparam.sh | 116 ++++++++++++++++++
+ .../test_dim_monitor_modparam.sh              |  79 ++++++++++++
+ 17 files changed, 393 insertions(+), 93 deletions(-)
+ delete mode 100644 test/README.md
+ create mode 100644 test/test_dfx/Makefile
+ create mode 100644 test/test_dfx/test_dim_core_dfx.sh
+ delete mode 100644 test/test_dim_monitor.sh
+ create mode 100644 test/test_function/Makefile
+ rename test/{ => test_function}/dim_test_demo.c (64%)
+ rename test/{ => test_function}/dim_test_demo_tamper.c (68%)
+ rename test/{ => test_function}/test_dim_core.sh (85%)
+ create mode 100644 test/test_function/test_dim_monitor.sh
+ rename test/{ => test_function}/test_module/Makefile (68%)
+ rename test/{ => test_function}/test_module/dim_test_module_demo.c (80%)
+ rename test/{ => test_function}/test_module/dim_test_module_demo_tamper.c (82%)
+ create mode 100644 test/test_interface/Makefile
+ create mode 100644 test/test_interface/test_dim_core_modparam.sh
+ create mode 100644 test/test_interface/test_dim_monitor_modparam.sh
+
+diff --git a/test/Makefile b/test/Makefile
+index 4a61307..435e818 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -1,11 +1,15 @@
+-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+ 
+-.PHONY: test
++.PHONY: test clean
++
++all: test
+ 
+ test:
+-	sh test_dim_core.sh
+-	sh test_dim_monitor.sh
++	make -C test_interface/ test
++	make -C test_function/ test
++	make -C test_dfx/ test
+ 
+ clean:
+-	rm -f log
+-	make -C test_module/ clean
+\ No newline at end of file
++	make -C test_interface/ clean
++	make -C test_function/ clean
++	make -C test_dfx/ clean
+\ No newline at end of file
+diff --git a/test/README.md b/test/README.md
+deleted file mode 100644
+index b75f3e6..0000000
+--- a/test/README.md
++++ /dev/null
+@@ -1,23 +0,0 @@
+-# DIM 测试文档
+-
+-## 1 前置条件
+-
+-**OS版本支持**：openEuler 23.09以上版本；
+-
+-**内核版本支持**：当前支持openEuler kernel 5.10/6.4版本；
+-
+-**注意**：DIM包含内核组件，相关步骤需要以管理员（root）权限运行。
+-
+-## 2 使用openEuler源进行安装
+-```
+-yum install dim dim_tools make gcc
+-```
+-
+-## 3 执行测试用例
+-```
+-cd dim/test/
+-sh test/test_dim_core.sh
+-sh test/test_monitor_core.sh
+-```
+-
+-**注意**：全量度量功能默认关闭，如有需要，请将用例添加到对应的case_list中
+\ No newline at end of file
+diff --git a/test/common.sh b/test/common.sh
+index a16c564..6772a35 100644
+--- a/test/common.sh
++++ b/test/common.sh
+@@ -6,8 +6,8 @@ TEST_DEMO_DIR=/opt/dim/demo
+ TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
+ 
+ TEST_LOG=log
+-DIM_CORE_PATH=../src/dim_core.ko
+-DIM_MONITOR_PATH=../src/dim_monitor.ko
++DIM_CORE_PATH=../../src/dim_core.ko
++DIM_MONITOR_PATH=../../src/dim_monitor.ko
+ 
+ DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
+ DIM_POLICY_PATH=/etc/dim/policy
+@@ -23,6 +23,22 @@ DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
+ 
+ TEST_RESULT=0
+ 
++check_value_zero() {
++    if [ $1 -ne 0 ]; then
++        echo "failed to check value: $1 == 0, context: $2"
++        TEST_RESULT=1
++        return 1
++    fi
++}
++
++check_value_not_zero() {
++    if [ $1 -eq 0 ]; then
++        echo "failed to check value: $1 != 0, context: $2"
++        TEST_RESULT=1
++        return 1
++    fi
++}
++
+ dim_core_status() {
+     cat /sys/kernel/security/dim/runtime_status
+ }
+@@ -64,11 +80,11 @@ remove_dim_modules() {
+ 
+ load_dim_modules () {
+     remove_dim_modules
+-    load_dim_core_modules $1
+-    load_dim_monitor_modules $2
++    load_dim_core_module $1
++    load_dim_monitor_module $2
+ }
+ 
+-load_dim_core_modules () {
++load_dim_core_module () {
+     # load dim_core module
+     if [ ! $DIM_CORE_PATH ]; then
+         modprobe dim_core $1
+@@ -78,11 +94,11 @@ load_dim_core_modules () {
+ 
+     if [ $? -ne 0 ]; then
+         echo "fail to load dim_core!"
+-        exit 1
++        return 1
+     fi
+ }
+ 
+-load_dim_monitor_modules () {
++load_dim_monitor_module () {
+     # load dim_monitor module
+     if [ ! $DIM_MONITOR_PATH ]; then
+         modprobe dim_monitor $1
+@@ -92,11 +108,15 @@ load_dim_monitor_modules () {
+ 
+     if [ $? -ne 0 ]; then
+         echo "fail to load dim_monitor!"
+-        exit 1
++        return 1
+     fi
+ }
+ 
+ dim_backup_baseline_and_policy() {
++    if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
++        rm -rf $DIM_BASELINE_DIR_PATH.bak
++    fi
++
+     if [ -d $DIM_BASELINE_DIR_PATH ]; then
+         mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
+     fi
+@@ -376,15 +396,4 @@ run_dim_core_and_check_log() {
+     fi
+ }
+ 
+-test_pre() {
+-    mkdir -p $TEST_DEMO_DIR
+-    gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
+-    dim_backup_baseline_and_policy
+-    load_dim_modules
+-}
+-
+-test_post() {
+-    remove_dim_modules
+-    dim_restore_baseline_and_policy
+-}
+ 
+diff --git a/test/test_dfx/Makefile b/test/test_dfx/Makefile
+new file mode 100644
+index 0000000..ed229ae
+--- /dev/null
++++ b/test/test_dfx/Makefile
+@@ -0,0 +1,11 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++
++.PHONY: test clean
++
++all: test
++
++test:
++	sh test_dim_core_dfx.sh
++
++clean:
++	rm -f log
+\ No newline at end of file
+diff --git a/test/test_dfx/test_dim_core_dfx.sh b/test/test_dfx/test_dim_core_dfx.sh
+new file mode 100644
+index 0000000..78deb33
+--- /dev/null
++++ b/test/test_dfx/test_dim_core_dfx.sh
+@@ -0,0 +1,48 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++#!/bin/bash
++
++. ../common.sh
++
++test_pre() {
++    dim_backup_baseline_and_policy
++    load_dim_core_module
++    dim_gen_baseline_all
++    dim_gen_policy_all
++    TEST_RESULT=0
++}
++
++test_post() {
++    remove_dim_modules
++    dim_restore_baseline_and_policy
++}
++
++test_rmmod_when_baseline() {
++    dim_core_baseline &
++    # try to remove module when doing measurement
++    for i in {1..1000}; do
++        sleep 0.1
++        rmmod dim_core &> /dev/null
++        if [ $? -eq 0 ]; then
++                break
++        fi
++    done
++}
++
++case_list="
++           test_rmmod_when_baseline \
++           "
++
++echo "===== Start testing dim_core DFX ====="
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++    test_post
++done
++
++echo "===== End testing dim_core DFX ====="
+\ No newline at end of file
+diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
+deleted file mode 100644
+index b4a1ea8..0000000
+--- a/test/test_dim_monitor.sh
++++ /dev/null
+@@ -1,32 +0,0 @@
+-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+-#!/bin/bash
+-
+-. ./common.sh
+-
+-test_measure_monitor_normal() {
+-    dim_gen_baseline_all
+-    dim_gen_policy_all
+-    check_dim_core_log_normal
+-    check_dim_monitor_log_normal
+-}
+-
+-test_measure_monitor_tamper() {
+-    test_measure_monitor_normal
+-    check_dim_monitor_log_tampered
+-}
+-
+-# Full measurement. The test is disabled by default.
+-# case_list="test_measure_monitor_normal \
+-#            test_measure_monitor_tamper"
+-case_list=""
+-
+-for case in $case_list; do
+-    test_pre
+-    $case
+-    if [ $TEST_RESULT -eq 0 ]; then
+-        echo "$case PASS"
+-    else
+-        echo "$case FAIL"
+-    fi
+-    test_post
+-done
+diff --git a/test/test_function/Makefile b/test/test_function/Makefile
+new file mode 100644
+index 0000000..2d792cd
+--- /dev/null
++++ b/test/test_function/Makefile
+@@ -0,0 +1,11 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++
++.PHONY: test clean
++
++test:
++	sh test_dim_core.sh
++	sh test_dim_monitor.sh
++
++clean:
++	rm -f log
++	make -C test_module/ clean
+\ No newline at end of file
+diff --git a/test/dim_test_demo.c b/test/test_function/dim_test_demo.c
+similarity index 64%
+rename from test/dim_test_demo.c
+rename to test/test_function/dim_test_demo.c
+index 113fc3d..5312d6d 100644
+--- a/test/dim_test_demo.c
++++ b/test/test_function/dim_test_demo.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+  */
+ 
+ #include <stdio.h>
+diff --git a/test/dim_test_demo_tamper.c b/test/test_function/dim_test_demo_tamper.c
+similarity index 68%
+rename from test/dim_test_demo_tamper.c
+rename to test/test_function/dim_test_demo_tamper.c
+index 7f95775..40cae5d 100644
+--- a/test/dim_test_demo_tamper.c
++++ b/test/test_function/dim_test_demo_tamper.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+  */
+ 
+ #include <stdio.h>
+diff --git a/test/test_dim_core.sh b/test/test_function/test_dim_core.sh
+similarity index 85%
+rename from test/test_dim_core.sh
+rename to test/test_function/test_dim_core.sh
+index 8d707cc..6ee5038 100644
+--- a/test/test_dim_core.sh
++++ b/test/test_function/test_dim_core.sh
+@@ -1,7 +1,19 @@
+-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+ #!/bin/bash
+ 
+-. ./common.sh
++. ../common.sh
++
++test_pre() {
++    mkdir -p $TEST_DEMO_DIR
++    gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
++    dim_backup_baseline_and_policy
++    load_dim_modules
++}
++
++test_post() {
++    remove_dim_modules
++    dim_restore_baseline_and_policy
++}
+ 
+ test_measure_bprm_text_normal() {
+     gen_dim_test_demo
+@@ -118,11 +130,13 @@ test_invalid_policy() {
+     done &>> $TEST_LOG
+ }
+ 
+-# Full measurement. The test is disabled by default.
+-#           test_measure_all_text_normal \
+-#           test_measure_all_text_normal_sm3 \
+-#           test_measure_all_text_normal_sign \
+-case_list="test_measure_bprm_text_normal \
++# The following testcases are disabled by default:
++#          test_measure_all_text_normal
++#          test_measure_all_text_normal_sm3
++#          test_measure_all_text_normal_sign
++
++case_list="
++           test_measure_bprm_text_normal \
+            test_measure_bprm_text_no_baseline \
+            test_measure_bprm_text_tamper_1 \
+            test_measure_bprm_text_tamper_2 \
+@@ -130,7 +144,10 @@ case_list="test_measure_bprm_text_normal \
+            test_measure_module_text_no_baseline \
+            test_measure_module_text_tamper \
+            test_measure_kernel_normal \
+-           test_invalid_policy"
++           test_invalid_policy \
++           "
++
++echo "===== Start testing dim_core function ====="
+ 
+ for case in $case_list; do
+     test_pre
+@@ -143,3 +160,4 @@ for case in $case_list; do
+     test_post
+ done
+ 
++echo "===== End testing dim_core function ====="
+\ No newline at end of file
+diff --git a/test/test_function/test_dim_monitor.sh b/test/test_function/test_dim_monitor.sh
+new file mode 100644
+index 0000000..2f9319b
+--- /dev/null
++++ b/test/test_function/test_dim_monitor.sh
+@@ -0,0 +1,47 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++#!/bin/bash
++
++. ../common.sh
++
++test_pre() {
++    dim_backup_baseline_and_policy
++    load_dim_modules
++}
++
++test_post() {
++    remove_dim_modules
++    dim_restore_baseline_and_policy
++}
++
++test_measure_monitor_normal() {
++    dim_gen_baseline_all
++    dim_gen_policy_all
++    check_dim_core_log_normal
++    check_dim_monitor_log_normal
++}
++
++test_measure_monitor_tamper() {
++    test_measure_monitor_normal
++    check_dim_monitor_log_tampered
++}
++
++# The following testcases are disabled by default:
++#          test_measure_monitor_normal
++#          test_measure_monitor_tamper
++
++case_list=""
++
++echo "===== Start testing dim_monitor function ====="
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++    test_post
++done
++
++echo "===== End testing dim_monitor function ====="
+\ No newline at end of file
+diff --git a/test/test_module/Makefile b/test/test_function/test_module/Makefile
+similarity index 68%
+rename from test/test_module/Makefile
+rename to test/test_function/test_module/Makefile
+index 240e73e..e3e945b 100644
+--- a/test/test_module/Makefile
++++ b/test/test_function/test_module/Makefile
+@@ -1,4 +1,4 @@
+-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+ 
+ obj-m := dim_test_module_demo.o
+ 
+diff --git a/test/test_module/dim_test_module_demo.c b/test/test_function/test_module/dim_test_module_demo.c
+similarity index 80%
+rename from test/test_module/dim_test_module_demo.c
+rename to test/test_function/test_module/dim_test_module_demo.c
+index 3303365..f1a2ca7 100644
+--- a/test/test_module/dim_test_module_demo.c
++++ b/test/test_function/test_module/dim_test_module_demo.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+  */
+ 
+ #include <linux/module.h>
+diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_function/test_module/dim_test_module_demo_tamper.c
+similarity index 82%
+rename from test/test_module/dim_test_module_demo_tamper.c
+rename to test/test_function/test_module/dim_test_module_demo_tamper.c
+index c443d7b..25cb6f2 100644
+--- a/test/test_module/dim_test_module_demo_tamper.c
++++ b/test/test_function/test_module/dim_test_module_demo_tamper.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
+  */
+ 
+ #include <linux/module.h>
+diff --git a/test/test_interface/Makefile b/test/test_interface/Makefile
+new file mode 100644
+index 0000000..0c41839
+--- /dev/null
++++ b/test/test_interface/Makefile
+@@ -0,0 +1,12 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++
++.PHONY: test clean
++
++all: test
++
++test:
++	sh test_dim_core_modparam.sh
++	sh test_dim_monitor_modparam.sh
++
++clean:
++	rm -f log
+\ No newline at end of file
+diff --git a/test/test_interface/test_dim_core_modparam.sh b/test/test_interface/test_dim_core_modparam.sh
+new file mode 100644
+index 0000000..67cd815
+--- /dev/null
++++ b/test/test_interface/test_dim_core_modparam.sh
+@@ -0,0 +1,116 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++#!/bin/bash
++
++. ../common.sh
++
++test_pre() {
++    TEST_RESULT=0
++}
++
++check_valid_module_param()
++{
++    remove_dim_modules
++    load_dim_core_module $1 &> /dev/null
++    check_value_zero $? $1
++    remove_dim_modules
++}
++
++check_invalid_module_param()
++{
++    remove_dim_modules
++    load_dim_core_module $1 &> /dev/null
++    check_value_not_zero $? $1
++    remove_dim_modules
++}
++
++test_module_param_measure_hash()
++{
++    check_valid_module_param measure_hash=sha256
++    check_valid_module_param measure_hash=sm3
++    check_invalid_module_param measure_hash=md5
++    check_invalid_module_param measure_hash=abc
++}
++
++test_module_param_measure_pcr()
++{
++    check_valid_module_param measure_pcr=0
++    check_valid_module_param measure_pcr=1
++    check_valid_module_param measure_pcr=11
++    check_valid_module_param measure_pcr=127
++    check_invalid_module_param measure_pcr=128
++    check_invalid_module_param measure_pcr=-1
++    check_invalid_module_param measure_pcr=abc
++}
++
++test_module_param_measure_schedule()
++{
++    check_valid_module_param measure_schedule=0
++    check_valid_module_param measure_schedule=50
++    check_valid_module_param measure_schedule=1000
++    check_invalid_module_param measure_schedule=-1
++    check_invalid_module_param measure_schedule=abc
++    check_invalid_module_param measure_schedule=1001
++}
++
++test_module_param_measure_interval()
++{
++    dim_backup_baseline_and_policy
++    dim_gen_policy_bprm_path /usr/bin/bash
++    dim_gen_baseline_file /usr/bin/bash test.hash
++    check_valid_module_param measure_interval=0
++    check_valid_module_param measure_interval=1000
++    check_valid_module_param measure_interval=525600
++    check_invalid_module_param measure_interval=-1
++    check_invalid_module_param measure_interval=abc
++    # check_invalid_module_param measure_interval=525601
++    dim_restore_baseline_and_policy
++}
++
++test_module_param_measure_action()
++{
++    check_valid_module_param measure_action=0
++    check_valid_module_param measure_action=1
++    check_invalid_module_param measure_action=abc
++}
++
++test_module_param_signature()
++{
++    check_valid_module_param signature=0
++    check_valid_module_param signature=1
++    check_invalid_module_param signature=abc
++}
++
++test_module_param_measure_log_capacity()
++{
++    check_valid_module_param measure_log_capacity=100
++    check_valid_module_param measure_log_capacity=10000
++    check_valid_module_param measure_log_capacity=4294967295
++    check_invalid_module_param measure_log_capacity=99
++    check_invalid_module_param measure_log_capacity=0
++    check_invalid_module_param measure_log_capacity=4294967296
++    check_invalid_module_param measure_log_capacity=abc
++}
++
++case_list="
++           test_module_param_measure_hash \
++           test_module_param_measure_pcr \
++           test_module_param_measure_schedule \
++           test_module_param_measure_interval \
++           test_module_param_measure_action \
++           test_module_param_signature \
++           test_module_param_measure_log_capacity \
++           "
++
++echo "===== Start testing dim_core module parameters ====="
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++done
++
++echo "===== End testing dim_core module parameters ====="
+\ No newline at end of file
+diff --git a/test/test_interface/test_dim_monitor_modparam.sh b/test/test_interface/test_dim_monitor_modparam.sh
+new file mode 100644
+index 0000000..1aaedf1
+--- /dev/null
++++ b/test/test_interface/test_dim_monitor_modparam.sh
+@@ -0,0 +1,79 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
++#!/bin/bash
++
++. ../common.sh
++
++test_pre() {
++    remove_dim_modules
++    load_dim_core_module
++    TEST_RESULT=0
++}
++
++test_post() {
++    remove_dim_modules
++}
++
++check_valid_module_param()
++{
++    load_dim_monitor_module $1 &> /dev/null
++    check_value_zero $? $1
++    rmmod dim_monitor &> /dev/null
++}
++
++check_invalid_module_param()
++{
++    load_dim_monitor_module $1 &> /dev/null
++    check_value_not_zero $? $1
++    rmmod dim_monitor &> /dev/null
++}
++
++test_module_param_measure_hash()
++{
++    check_valid_module_param measure_hash=sha256
++    check_valid_module_param measure_hash=sm3
++    check_invalid_module_param measure_hash=md5
++    check_invalid_module_param measure_hash=abc
++}
++
++test_module_param_measure_pcr()
++{
++    check_valid_module_param measure_pcr=0
++    check_valid_module_param measure_pcr=1
++    check_valid_module_param measure_pcr=11
++    check_valid_module_param measure_pcr=127
++    check_invalid_module_param measure_pcr=128
++    check_invalid_module_param measure_pcr=-1
++    check_invalid_module_param measure_pcr=abc
++}
++
++test_module_param_measure_log_capacity()
++{
++    check_valid_module_param measure_log_capacity=100
++    check_valid_module_param measure_log_capacity=10000
++    check_valid_module_param measure_log_capacity=4294967295
++    check_invalid_module_param measure_log_capacity=99
++    check_invalid_module_param measure_log_capacity=0
++    check_invalid_module_param measure_log_capacity=4294967296
++    check_invalid_module_param measure_log_capacity=abc
++}
++
++
++case_list="
++           test_module_param_measure_hash \
++           test_module_param_measure_pcr \
++           test_module_param_measure_log_capacity \
++           "
++
++echo "===== Start testing dim_monitor module parameters ====="
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++done
++
++echo "===== End testing dim_monitor module parameters ====="
+\ No newline at end of file
+-- 
+2.33.0
+

backport-Refactor-the-dim_core-static-baseline-implement.patch

@@ -0,0 +1,404 @@
+From c31d3b93f68151bf82196500b6f664e6ce8e1373 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 13 Feb 2024 16:44:40 +0800
+Subject: [PATCH 14/26] Refactor the dim_core static baseline implement
+
+Refactor the static baseline code and separate baseline text parsing
+and baseline management to make it easier to extend other file format.
+---
+ src/Makefile                                  |  4 +-
+ src/core/dim_core_measure.c                   |  2 +-
+ src/core/dim_core_static_baseline.h           | 21 ----
+ .../dim_core_static_baseline.c                | 98 +++----------------
+ .../dim_core_static_baseline.h                | 42 ++++++++
+ .../dim_core_static_baseline_complex.c        | 89 +++++++++++++++++
+ 6 files changed, 151 insertions(+), 105 deletions(-)
+ delete mode 100644 src/core/dim_core_static_baseline.h
+ rename src/core/{ => static_baseline}/dim_core_static_baseline.c (52%)
+ create mode 100644 src/core/static_baseline/dim_core_static_baseline.h
+ create mode 100644 src/core/static_baseline/dim_core_static_baseline_complex.c
+
+diff --git a/src/Makefile b/src/Makefile
+index a17ce5b..8f94052 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -6,13 +6,14 @@ obj-m += dim_monitor.o
+ dim_core-objs += core/dim_core_main.o
+ dim_core-objs += core/dim_core_fs.o
+ dim_core-objs += core/dim_core_mem_pool.o
+-dim_core-objs += core/dim_core_static_baseline.o
+ dim_core-objs += core/dim_core_measure.o
+ dim_core-objs += core/dim_core_symbol.o
+ dim_core-objs += core/dim_core_sig.o
+ dim_core-objs += core/measure_task/dim_core_measure_kernel.o
+ dim_core-objs += core/measure_task/dim_core_measure_module.o
+ dim_core-objs += core/measure_task/dim_core_measure_task.o
++dim_core-objs += core/static_baseline/dim_core_static_baseline.o
++dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
+ dim_core-objs += core/policy/dim_core_policy.o
+ dim_core-objs += core/policy/dim_core_policy_complex.o
+ dim_core-objs += common/dim_entry.o
+@@ -48,6 +49,7 @@ dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
+ dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
+ 
+ ccflags-y := -I$(src)/core
++ccflags-y += -I$(src)/core/static_baseline
+ ccflags-y += -I$(src)/core/measure_task
+ ccflags-y += -I$(src)/core/policy
+ ccflags-y += -I$(src)/monitor
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index 3f1d6e4..4ccbd0c 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -86,7 +86,7 @@ static int baseline_prepare(struct dim_measure *m)
+ 	dim_baseline_destroy_tree(&m->dynamic_baseline);
+ 
+ 	/* 3. reload dim baseline */
+-	ret = dim_core_static_baseline_load();
++	ret = dim_core_static_baseline_load(m);
+ 	if (ret < 0) {
+ 		dim_err("failed to load dim static baseline: %d\n", ret);
+ 		dim_core_policy_destroy();
+diff --git a/src/core/dim_core_static_baseline.h b/src/core/dim_core_static_baseline.h
+deleted file mode 100644
+index af4d1f9..0000000
+--- a/src/core/dim_core_static_baseline.h
++++ /dev/null
+@@ -1,21 +0,0 @@
+-/*
+- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+- */
+-
+-#ifndef __DIM_CORE_STATIC_BASELINE_H
+-#define __DIM_CORE_STATIC_BASELINE_H
+-
+-#include "dim_measure.h"
+-
+-#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
+-#define DIM_STATIC_BASELINE_LINE_MAX 10000
+-
+-#define DIM_STATIC_BASELINE_PREFIX "dim"
+-/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
+-#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
+-				     NAME_MAX + 1 + NAME_MAX + 1 + \
+-				     PATH_MAX + 1 + 1)
+-
+-int dim_core_static_baseline_load(void);
+-
+-#endif
+diff --git a/src/core/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
+similarity index 52%
+rename from src/core/dim_core_static_baseline.c
+rename to src/core/static_baseline/dim_core_static_baseline.c
+index 1a87cfd..49810f3 100644
+--- a/src/core/dim_core_static_baseline.c
++++ b/src/core/static_baseline/dim_core_static_baseline.c
+@@ -2,12 +2,8 @@
+  * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+  */
+ 
+-#include <linux/fs.h>
+-#include <linux/err.h>
+-#include <linux/errno.h>
+ #include <linux/slab.h>
+ #include <linux/uaccess.h>
+-#include <linux/limits.h>
+ #include <linux/vmalloc.h>
+ #include <linux/utsname.h>
+ #include <linux/namei.h>
+@@ -15,14 +11,13 @@
+ 
+ #include "dim_utils.h"
+ #include "dim_hash.h"
+-#include "dim_baseline.h"
+ 
+ #include "dim_core_sig.h"
+ #include "dim_core_policy.h"
+ #include "dim_core_measure.h"
+ #include "dim_core_static_baseline.h"
+ 
+-static bool match_policy(const char *name, int type)
++static bool baseline_match_policy(const char *name, int type)
+ {
+ 	const char *kr = init_uts_ns.name.release;
+ 	unsigned int kr_len = strlen(kr);
+@@ -47,81 +42,13 @@ static bool match_policy(const char *name, int type)
+ 				     DIM_POLICY_KEY_NAME, mod_name);
+ }
+ 
+-static int parse_simple_baseline_line(char* line, int line_no, void *data)
++static int baseline_check_add(const char *name, int type,
++			      struct dim_digest *digest,
++			      struct dim_measure *m)
+ {
+-	int ret = 0;
+-	int type = 0;
+-	size_t len = 0;
+-	char *p = NULL;
+-	char *line_str = line;
+-	struct dim_digest digest = { 0 };
+-
+-	if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
+-		dim_warn("more than %d baseline items will be ignored\n",
+-			 DIM_STATIC_BASELINE_LINE_MAX);
+-		return -E2BIG;
+-	}
+-
+-	if (strlen(line) == 0 || line[0] == '#')
+-		return 0; /* ignore blank line and comment */
+-
+-	if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
+-		dim_err("overlength item at line %d\n", line_no);
+-		return 0; /* ignore baseline parsing failed */
+-	}
+-
+-	if ((p = strsep(&line_str, " ")) == NULL ||
+-	    strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
+-		dim_warn("invalid baseline prefix at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	if ((p = strsep(&line_str, " ")) == NULL ||
+-	    (type = dim_baseline_get_type(p)) == DIM_BASELINE_LAST) {
+-		dim_warn("invalid baseline type at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	if ((p = strsep(&line_str, ":")) == NULL ||
+-	    (digest.algo = dim_hash_algo(p)) == HASH_ALGO__LAST) {
+-		dim_warn("invalid baseline algo at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	if ((p = strsep(&line_str, " ")) == NULL ||
+-	    strlen(p) != (dim_digest_size(digest.algo) << 1) ||
+-	    hex2bin(digest.data, p, dim_digest_size(digest.algo)) < 0) {
+-		dim_warn("invalid baseline digest at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	if (line_str == NULL) {
+-		dim_warn("no baseline name at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	len = strlen(line_str);
+-	if (len == 0 || len > PATH_MAX) {
+-		dim_warn("invalid baseline name at line %d\n", line_no);
+-		return 0;
+-	}
+-
+-	if (!match_policy(line_str, type))
+-		return 0;
+-
+-	ret = dim_measure_static_baseline_add(&dim_core_handle, line_str,
+-					      type, &digest);
+-	if (ret < 0)
+-		dim_warn("failed to add static baseline at line %d: %d\n",
+-			 line_no, ret);
+-	return 0;
++	return dim_measure_static_baseline_add(m, name, type, digest);
+ }
+ 
+-struct readdir_ctx {
+-	struct dir_context ctx;
+-	struct path *path;
+-};
+-
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
+ static int
+ #else
+@@ -134,11 +61,12 @@ static_baseline_load(struct dir_context *__ctx,
+ 		     unsigned long long ino,
+ 		     unsigned d_type)
+ {
+-	struct readdir_ctx *ctx = container_of(__ctx, typeof(*ctx), ctx);
++	struct baseline_parse_ctx *ctx = container_of(__ctx, typeof(*ctx), ctx);
+ 	int ret;
+ 	void *buf = NULL;
+ 	unsigned long buf_len = 0;
+ 
++	/* baseline file must end with '.hash' */
+ 	if (d_type != DT_REG || (!dim_string_end_with(name, ".hash")))
+ 		goto out; /* ignore invalid files */
+ 
+@@ -149,7 +77,7 @@ static_baseline_load(struct dir_context *__ctx,
+ 	}
+ 
+ 	buf_len = ret;
+-	ret = dim_parse_line_buf(buf, buf_len, parse_simple_baseline_line, NULL);
++	ret = dim_baseline_parse(buf, buf_len, ctx);
+ 	if (ret < 0)
+ 		dim_err("failed to parse baseline file %s: %d\n", name, ret);
+ out:
+@@ -163,16 +91,22 @@ out:
+ #endif
+ }
+ 
+-int dim_core_static_baseline_load(void)
++int dim_core_static_baseline_load(struct dim_measure *m)
+ {
+ 	int ret = 0;
+ 	struct path kpath;
+ 	struct file *file = NULL;
+-	struct readdir_ctx buf = {
++	struct baseline_parse_ctx buf = {
+ 		.ctx.actor = static_baseline_load,
+ 		.path = &kpath,
++		.m = m,
++		.add = baseline_check_add,
++		.match = baseline_match_policy,
+ 	};
+ 
++	if (m == NULL)
++		return -EINVAL;
++
+ 	ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
+ 	if (ret < 0) {
+ 		dim_err("failed to get dim baseline root path: %d", ret);
+diff --git a/src/core/static_baseline/dim_core_static_baseline.h b/src/core/static_baseline/dim_core_static_baseline.h
+new file mode 100644
+index 0000000..988b02d
+--- /dev/null
++++ b/src/core/static_baseline/dim_core_static_baseline.h
+@@ -0,0 +1,42 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#ifndef __DIM_CORE_STATIC_BASELINE_H
++#define __DIM_CORE_STATIC_BASELINE_H
++
++#include <linux/fs.h>
++
++#include "dim_measure.h"
++
++/* directory to store the static baseline files */
++#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
++
++/* callback function to check if a baseline is matched the policy */
++typedef bool (*baseline_match_func)(const char *name, int type);
++
++/* callback function to add baseline to measurement handle */
++typedef int (*baseline_add_func)(const char *name, int type,
++				  struct dim_digest *digest,
++				  struct dim_measure *m);
++
++/* the context used in directory walking and file parsing */
++struct baseline_parse_ctx {
++	/* context for directory walking */
++	struct dir_context ctx;
++	/* current directory path */
++	struct path *path;
++	struct dim_measure *m;
++	baseline_match_func match;
++	baseline_add_func add;
++};
++
++/* function implemented to parse the static baseline file in complex format */
++int baseline_parse_complex_format(char *buf, size_t buf_len,
++				  struct baseline_parse_ctx *ctx);
++#define dim_baseline_parse baseline_parse_complex_format
++
++/* build or rebuild the static baseline into the measurement handle */
++int dim_core_static_baseline_load(struct dim_measure *m);
++
++#endif
+diff --git a/src/core/static_baseline/dim_core_static_baseline_complex.c b/src/core/static_baseline/dim_core_static_baseline_complex.c
+new file mode 100644
+index 0000000..685118f
+--- /dev/null
++++ b/src/core/static_baseline/dim_core_static_baseline_complex.c
+@@ -0,0 +1,89 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#include "dim_utils.h"
++#include "dim_core_static_baseline.h"
++
++#define DIM_STATIC_BASELINE_LINE_MAX 10000
++
++#define DIM_STATIC_BASELINE_PREFIX "dim"
++/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
++#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
++				     NAME_MAX + 1 + NAME_MAX + 1 + \
++				     PATH_MAX + 1 + 1)
++
++static int parse_line(char* line, int line_no, void *data)
++{
++	int type = 0;
++	size_t len = 0;
++	char *p = NULL;
++	char *line_str = line;
++	struct dim_digest digest = { 0 };
++	struct baseline_parse_ctx *ctx = data;
++
++	if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
++		dim_warn("more than %d baseline items will be ignored\n",
++			 DIM_STATIC_BASELINE_LINE_MAX);
++		return -E2BIG;
++	}
++
++	if (strlen(line) == 0 || line[0] == '#')
++		return 0; /* ignore blank line and comment */
++
++	if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
++		dim_err("overlength item at line %d\n", line_no);
++		return 0; /* ignore baseline parsing failed */
++	}
++
++	if ((p = strsep(&line_str, " ")) == NULL ||
++	    strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
++		dim_warn("invalid baseline prefix at line %d\n", line_no);
++		return 0;
++	}
++
++	if ((p = strsep(&line_str, " ")) == NULL ||
++	    (type = dim_baseline_get_type(p)) == DIM_BASELINE_LAST) {
++		dim_warn("invalid baseline type at line %d\n", line_no);
++		return 0;
++	}
++
++	if ((p = strsep(&line_str, ":")) == NULL ||
++	    (digest.algo = dim_hash_algo(p)) == HASH_ALGO__LAST) {
++		dim_warn("invalid baseline algo at line %d\n", line_no);
++		return 0;
++	}
++
++	if ((p = strsep(&line_str, " ")) == NULL ||
++	    strlen(p) != (dim_digest_size(digest.algo) << 1) ||
++	    hex2bin(digest.data, p, dim_digest_size(digest.algo)) < 0) {
++		dim_warn("invalid baseline digest at line %d\n", line_no);
++		return 0;
++	}
++
++	if (line_str == NULL) {
++		dim_warn("no baseline name at line %d\n", line_no);
++		return 0;
++	}
++
++	len = strlen(line_str);
++	if (len == 0 || len > PATH_MAX) {
++		dim_warn("invalid baseline name at line %d\n", line_no);
++		return 0;
++	}
++
++	if (!ctx->match(line_str, type))
++		return 0;
++
++	return ctx->add(line_str, type, &digest, ctx->m);
++}
++
++int baseline_parse_complex_format(char *buf, size_t buf_len,
++				  struct baseline_parse_ctx *ctx)
++{
++	if (buf == NULL || buf_len == 0 || ctx == NULL || ctx->m == NULL ||
++	    ctx->match == NULL || ctx->add == NULL)
++		return -EINVAL;
++
++	return dim_parse_line_buf(buf, buf_len, parse_line, ctx);
++}
+-- 
+2.33.0
+

backport-Set-dim_core_keyring-to-NULL-when-initialize-failed.patch

@@ -0,0 +1,29 @@
+From 388653ae7f32fe19af71405f5d08d0f7cde7b2ba Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 20 Feb 2024 12:50:23 +0800
+Subject: [PATCH 24/26] Set dim_core_keyring to NULL when initialize failed
+
+---
+ src/core/dim_core_sig.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dim_core_sig.c b/src/core/dim_core_sig.c
+index f142050..07e11d8 100644
+--- a/src/core/dim_core_sig.c
++++ b/src/core/dim_core_sig.c
+@@ -182,8 +182,11 @@ int dim_core_sig_init(void)
+ 	ret = 0;
+ err:
+ 	dim_vfree(data);
+-	if (ret < 0)
++	if (ret < 0) {
+ 		key_put(dim_core_keyring);
++		dim_core_keyring = NULL;
++	}
++
+ 	return ret;
+ }
+ 
+-- 
+2.33.0
+

backport-Support-init-function-for-measure-tasks.patch

@@ -0,0 +1,193 @@
+From 76f757dd080abd646128ec39d8752ca1ab746355 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 8 Mar 2024 18:45:36 +0800
+Subject: [PATCH 26/26] Support init function for measure tasks
+
+---
+ src/core/dim_core_measure.c                   |  4 ++-
+ src/core/tasks/dim_core_measure_kernel.c      |  2 ++
+ src/core/tasks/dim_core_measure_module.c      |  2 ++
+ src/measure/dim_measure.c                     |  1 +
+ src/measure/dim_measure.h                     |  4 +++
+ src/measure/dim_measure_task.c                | 32 ++++++++++++++++++-
+ src/monitor/dim_monitor_measure.c             |  4 ++-
+ .../measure_task/dim_monitor_measure_data.c   |  2 ++
+ .../measure_task/dim_monitor_measure_text.c   |  2 ++
+ 9 files changed, 50 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index ff134e5..f5b378c 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -18,7 +18,9 @@ static struct dim_measure_task *dim_core_tasks[] = {
+ };
+ 
+ /* the global measurement handle */
+-struct dim_measure dim_core_handle = { 0 };
++struct dim_measure dim_core_handle = {
++	.task_list = LIST_HEAD_INIT(dim_core_handle.task_list),
++};
+ 
+ /* lock to prevent trigger multiple measurement */
+ DEFINE_MUTEX(dim_core_measure_lock);
+diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
+index dbf0dfe..fa04ae4 100644
+--- a/src/core/tasks/dim_core_measure_kernel.c
++++ b/src/core/tasks/dim_core_measure_kernel.c
+@@ -165,5 +165,7 @@ static int kernel_text_measure(int mode, struct dim_measure *m)
+ 
+ struct dim_measure_task dim_core_measure_task_kernel_text = {
+ 	.name = "dim_core_measure_task_kernel_text",
++	.init = NULL,
++	.destroy = NULL,
+ 	.measure = kernel_text_measure,
+ };
+diff --git a/src/core/tasks/dim_core_measure_module.c b/src/core/tasks/dim_core_measure_module.c
+index aa3e2f3..feb6624 100644
+--- a/src/core/tasks/dim_core_measure_module.c
++++ b/src/core/tasks/dim_core_measure_module.c
+@@ -108,5 +108,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
+ 
+ struct dim_measure_task dim_core_measure_task_module_text = {
+ 	.name = "dim_core_measure_task_module_text",
++	.init = NULL,
++	.destroy = NULL,
+ 	.measure = module_text_measure,
+ };
+diff --git a/src/measure/dim_measure.c b/src/measure/dim_measure.c
+index 06e9bb5..dd35cb8 100644
+--- a/src/measure/dim_measure.c
++++ b/src/measure/dim_measure.c
+@@ -91,6 +91,7 @@ void dim_measure_destroy(struct dim_measure *m)
+ 		return;
+ 
+ 	mutex_lock(&m->measure_lock);
++	dim_measure_tasks_unregister_all(m);
+ 	dim_measure_log_destroy_tree(&m->log);
+ 	dim_baseline_destroy_tree(&m->static_baseline);
+ 	dim_baseline_destroy_tree(&m->dynamic_baseline);
+diff --git a/src/measure/dim_measure.h b/src/measure/dim_measure.h
+index d2ca326..d73fbaf 100644
+--- a/src/measure/dim_measure.h
++++ b/src/measure/dim_measure.h
+@@ -78,6 +78,9 @@ struct dim_measure_task {
+ 	struct list_head node;
+ 	/* task name for log printing */
+ 	const char *name;
++	/* init and destroy functions */
++	int (*init)(void);
++	void (*destroy)(void);
+ 	/* measure function */
+ 	int (*measure)(int mode, struct dim_measure *m);
+ };
+@@ -105,6 +108,7 @@ int dim_measure_dynamic_baseline_search(struct dim_measure *m,
+ int dim_measure_tasks_register(struct dim_measure *m,
+ 			       struct dim_measure_task **tasks,
+ 			       unsigned int num);
++void dim_measure_tasks_unregister_all(struct dim_measure *m);
+ void dim_measure_task_measure(int mode, struct dim_measure *m);
+ 
+ /* functions for dim measurement status */
+diff --git a/src/measure/dim_measure_task.c b/src/measure/dim_measure_task.c
+index ed97388..adfc57d 100644
+--- a/src/measure/dim_measure_task.c
++++ b/src/measure/dim_measure_task.c
+@@ -62,13 +62,29 @@ void dim_measure_task_measure(int mode, struct dim_measure *m)
+ 
+ static int task_register(struct dim_measure *m, struct dim_measure_task *t)
+ {
++	int ret = 0;
++
+ 	if (t == NULL || t->name == NULL || t->measure == NULL)
+ 		return -EINVAL;
+ 
++	if (t->init != NULL) {
++		ret = t->init();
++		if (ret < 0)
++			return ret;
++	}
++
+ 	list_add_tail(&t->node, &m->task_list);
+ 	return 0;
+ }
+ 
++static void task_unregister(struct dim_measure_task *t)
++{
++	if (t->destroy != NULL)
++		t->destroy();
++
++	list_del(&t->node);
++}
++
+ int dim_measure_tasks_register(struct dim_measure *m,
+ 			       struct dim_measure_task **tasks,
+ 			       unsigned int num)
+@@ -81,11 +97,25 @@ int dim_measure_tasks_register(struct dim_measure *m,
+ 
+ 	for (; i < num; i++) {
+ 		ret = task_register(m, tasks[i]);
+-		if (ret < 0)
++		if (ret < 0) {
++			dim_measure_tasks_unregister_all(m);
+ 			return ret;
++		}
+ 
+ 		dim_info("register measure task: %s\n", tasks[i]->name);
+ 	}
+ 
+ 	return 0;
+ }
++
++void dim_measure_tasks_unregister_all(struct dim_measure *m)
++{
++	struct dim_measure_task *pos = NULL;
++	struct dim_measure_task *n = NULL;
++
++	if (m == NULL)
++		return;
++
++	list_for_each_entry_safe(pos, n, &m->task_list, node)
++		task_unregister(pos);
++}
+diff --git a/src/monitor/dim_monitor_measure.c b/src/monitor/dim_monitor_measure.c
+index f21ed0e..748d5f9 100644
+--- a/src/monitor/dim_monitor_measure.c
++++ b/src/monitor/dim_monitor_measure.c
+@@ -21,7 +21,9 @@ static struct dim_measure_task *dim_core_tasks[] = {
+ };
+ 
+ /* the global measurement handle */
+-struct dim_measure dim_monitor_handle = { 0 };
++struct dim_measure dim_monitor_handle = {
++	.task_list = LIST_HEAD_INIT(dim_monitor_handle.task_list),
++};
+ 
+ /* lock to prevent trigger multiple measurement */
+ DEFINE_MUTEX(dim_monitor_measure_lock);
+diff --git a/src/monitor/measure_task/dim_monitor_measure_data.c b/src/monitor/measure_task/dim_monitor_measure_data.c
+index 5762dc1..029840c 100644
+--- a/src/monitor/measure_task/dim_monitor_measure_data.c
++++ b/src/monitor/measure_task/dim_monitor_measure_data.c
+@@ -52,5 +52,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
+ 
+ struct dim_measure_task dim_monitor_measure_data = {
+ 	.name = "dim_monitor_measure_data",
++	.init = NULL,
++	.destroy = NULL,
+ 	.measure = module_text_measure,
+ };
+diff --git a/src/monitor/measure_task/dim_monitor_measure_text.c b/src/monitor/measure_task/dim_monitor_measure_text.c
+index de6c77d..fc7dbf7 100644
+--- a/src/monitor/measure_task/dim_monitor_measure_text.c
++++ b/src/monitor/measure_task/dim_monitor_measure_text.c
+@@ -60,5 +60,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
+ 
+ struct dim_measure_task dim_monitor_measure_text = {
+ 	.name = "dim_monitor_measure_text",
++	.init = NULL,
++	.destroy = NULL,
+ 	.measure = module_text_measure,
+ };
+-- 
+2.33.0
+

backport-Use-warpper-dim_vzalloc-to-avoid-false-warning.patch

@@ -0,0 +1,25 @@
+From b135b54b3d973d8bd63193be377d8ef6b1bb0ea5 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Tue, 20 Feb 2024 12:49:42 +0800
+Subject: [PATCH 23/26] Use warpper dim_vzalloc to avoid false warning
+
+---
+ src/core/tasks/dim_core_measure_kernel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
+index 077f30a..dbf0dfe 100644
+--- a/src/core/tasks/dim_core_measure_kernel.c
++++ b/src/core/tasks/dim_core_measure_kernel.c
+@@ -31,7 +31,7 @@ static int sort_jump_table(struct jump_entry *sjump,
+ 	unsigned int i;
+ 	unsigned long *buf = NULL;
+ 
+-	buf = vzalloc(sizeof(unsigned long) * jump_counts);
++	buf = dim_vzalloc(sizeof(unsigned long) * jump_counts);
+ 	if (buf == NULL)
+ 		return -ENOMEM;
+ 
+-- 
+2.33.0
+

backport-dim-add-test-code.patch

@@ -0,0 +1,758 @@
+From 25fde75cbadc10af97e6684a52e72d516b974de5 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 6 Nov 2023 20:29:16 +0800
+Subject: [PATCH 04/26] dim: add test code
+
+---
+ test/README.md                                |  23 ++
+ test/common.sh                                | 390 ++++++++++++++++++
+ test/dim_test_demo.c                          |  12 +
+ test/dim_test_demo_tamper.c                   |  13 +
+ test/test_dim_core.sh                         | 145 +++++++
+ test/test_dim_monitor.sh                      |  32 ++
+ test/test_module/Makefile                     |  16 +
+ test/test_module/dim_test_module_demo.c       |  20 +
+ .../test_module/dim_test_module_demo_tamper.c |  23 ++
+ 9 files changed, 674 insertions(+)
+ create mode 100644 test/README.md
+ create mode 100644 test/common.sh
+ create mode 100644 test/dim_test_demo.c
+ create mode 100644 test/dim_test_demo_tamper.c
+ create mode 100644 test/test_dim_core.sh
+ create mode 100644 test/test_dim_monitor.sh
+ create mode 100644 test/test_module/Makefile
+ create mode 100644 test/test_module/dim_test_module_demo.c
+ create mode 100644 test/test_module/dim_test_module_demo_tamper.c
+
+diff --git a/test/README.md b/test/README.md
+new file mode 100644
+index 0000000..b75f3e6
+--- /dev/null
++++ b/test/README.md
+@@ -0,0 +1,23 @@
++# DIM 测试文档
++
++## 1 前置条件
++
++**OS版本支持**：openEuler 23.09以上版本；
++
++**内核版本支持**：当前支持openEuler kernel 5.10/6.4版本；
++
++**注意**：DIM包含内核组件，相关步骤需要以管理员（root）权限运行。
++
++## 2 使用openEuler源进行安装
++```
++yum install dim dim_tools make gcc
++```
++
++## 3 执行测试用例
++```
++cd dim/test/
++sh test/test_dim_core.sh
++sh test/test_monitor_core.sh
++```
++
++**注意**：全量度量功能默认关闭，如有需要，请将用例添加到对应的case_list中
+\ No newline at end of file
+diff --git a/test/common.sh b/test/common.sh
+new file mode 100644
+index 0000000..3bd8ced
+--- /dev/null
++++ b/test/common.sh
+@@ -0,0 +1,390 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++#!/bin/bash
++
++TEST_ROOT=/opt/dim
++TEST_DEMO_DIR=/opt/dim/demo
++TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
++
++TEST_LOG=log
++DIM_CORE_PATH=/root/dim/dim_core.ko
++DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
++
++DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
++DIM_POLICY_PATH=/etc/dim/policy
++
++DIM_KERNEL_NAME="/boot/vmlinuz-*.$(arch)"
++
++TEST_MODULE_DIR=test_module
++DIM_MOD_NAME=dim_test_module_demo
++DIM_TEST_MOD_DEMO=$TEST_MODULE_DIR/dim_test_module_demo.ko
++
++DIM_TEST_MOD_DEMO_C=$TEST_MODULE_DIR/dim_test_module_demo.c
++DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
++
++TEST_RESULT=0
++
++dim_core_status() {
++    cat /sys/kernel/security/dim/runtime_status
++}
++
++dim_core_baseline() {
++    echo 1 > /sys/kernel/security/dim/baseline_init
++}
++
++dim_core_measure() {
++    echo 1 > /sys/kernel/security/dim/measure
++}
++
++dim_core_measure_log() {
++    cat /sys/kernel/security/dim/ascii_runtime_measurements
++}
++
++dim_monitor_baseline() {
++    echo 1 > /sys/kernel/security/dim/monitor_baseline
++}
++
++dim_monitor_measure() {
++    echo 1 > /sys/kernel/security/dim/monitor_run
++}
++
++dim_monitor_measure_log() {
++    cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements
++}
++
++remove_dim_modules() {
++    # clean loaded modules
++    rmmod -f dim_monitor &> /dev/null
++    rmmod -f dim_core &> /dev/null
++    lsmod | grep -E 'dim_core|dim_monitor' &> /dev/null
++    if [ $? -eq 0 ]; then
++        echo "fail to remove dim modules!" >> $TEST_LOG
++        exit 1
++    fi
++}
++
++load_dim_modules () {
++    remove_dim_modules
++    load_dim_core_modules $1
++    load_dim_monitor_modules $2
++}
++
++load_dim_core_modules () {
++    # load dim_core module
++    if [ ! $DIM_CORE_PATH ]; then
++        modprobe dim_core $1
++    else
++        insmod $DIM_CORE_PATH $1
++    fi
++
++    if [ $? -ne 0 ]; then
++        echo "fail to load dim_core!"
++        exit 1
++    fi
++}
++
++load_dim_monitor_modules () {
++    # load dim_monitor module
++    if [ ! $DIM_MONITOR_PATH ]; then
++        modprobe dim_monitor $1
++    else
++        insmod $DIM_MONITOR_PATH $1
++    fi
++
++    if [ $? -ne 0 ]; then
++        echo "fail to load dim_monitor!"
++        exit 1
++    fi
++}
++
++dim_backup_baseline_and_policy() {
++    if [ -d $DIM_BASELINE_DIR_PATH ]; then
++        mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
++    fi
++
++    if [ -f $DIM_POLICY_PATH ]; then
++        mv $DIM_POLICY_PATH $DIM_POLICY_PATH.bak
++    fi
++}
++
++dim_restore_baseline_and_policy() {
++    if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
++        rm -rf $DIM_BASELINE_DIR_PATH
++        mv $DIM_BASELINE_DIR_PATH.bak $DIM_BASELINE_DIR_PATH
++    fi
++
++    if [ -f $DIM_POLICY_PATH.bak ]; then
++        mv -f $DIM_POLICY_PATH.bak $DIM_POLICY_PATH
++    fi
++}
++
++dim_gen_baseline_file() {
++    mkdir -p $DIM_BASELINE_DIR_PATH
++    if [ -z $2 ]; then
++        dim_gen_baseline $1
++    else
++        dim_gen_baseline $1 -o "$DIM_BASELINE_DIR_PATH/$2"
++    fi
++}
++
++dim_gen_baseline_dir() {
++    mkdir -p $DIM_BASELINE_DIR_PATH
++    dim_gen_baseline -r $1 -o $DIM_BASELINE_DIR_PATH/$2
++}
++
++dim_gen_baseline_kerenl() {
++    mkdir -p $DIM_BASELINE_DIR_PATH
++    if [ -z $1 ]; then
++        dim_gen_baseline -k "$(uname -r)" $DIM_KERNEL_NAME
++    else
++        dim_gen_baseline -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/$1 $DIM_KERNEL_NAME
++    fi
++}
++
++DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/lib")
++
++dim_gen_baseline_all() {
++    if [ $1 ]; then
++        digest_algorithm="-a sm3"
++    else
++        digest_algorithm=""
++    fi
++
++    mkdir -p /etc/dim/digest_list
++    for baseline_file in "${DIM_BASELINE_DIR_ALL[@]}"; do
++        dim_gen_baseline $digest_algorithm -r $baseline_file -o "$DIM_BASELINE_DIR_PATH/${baseline_file##*/}.hash"
++    done
++    dim_gen_baseline $digest_algorithm -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/kernel.hash $DIM_KERNEL_NAME
++}
++
++
++dim_gen_policy_bprm_path() {
++    echo "measure obj=BPRM_TEXT path=$1" >> $DIM_POLICY_PATH
++}
++
++dim_gen_policy_module_name() {
++    echo "measure obj=MODULE_TEXT name=$1" >> $DIM_POLICY_PATH
++}
++
++dim_gen_policy_kernel() {
++    echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
++}
++
++dim_gen_policy_all() {
++    rm -f $DIM_POLICY_PATH
++    cat $DIM_BASELINE_DIR_PATH/* | awk '{print $4}' | while read line; do
++        if [[ "$line" == /* ]]; then
++            echo "measure obj=BPRM_TEXT path=$line" >> $DIM_POLICY_PATH
++            continue
++        fi
++        if [ "$line" == "$(uname -r)" ]; then
++            echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
++            continue
++        fi
++        if [ "$line" != "$(uname -r)" ]; then
++            echo "measure obj=MODULE_TEXT name=$(basename $line)" >> $DIM_POLICY_PATH
++        fi
++    done
++    sed -i '/dim_core/d' $DIM_POLICY_PATH
++    sed -i '/dim_monitor/d' $DIM_POLICY_PATH
++}
++
++dim_gen_cert() {
++    mkdir -p $TEST_ROOT/cert/
++    openssl genrsa -out $TEST_ROOT/cert/dim.key 4096 &>> $TEST_LOG
++    openssl req -new -sha256 -key $TEST_ROOT/cert/dim.key -out $TEST_ROOT/cert/dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM" &>> $TEST_LOG
++    openssl x509 -req -days 3650 -signkey $TEST_ROOT/cert/dim.key -in $TEST_ROOT/cert/dim.csr -out $TEST_ROOT/cert/dim.crt &>> $TEST_LOG
++    openssl x509 -in $TEST_ROOT/cert/dim.crt -out $TEST_ROOT/cert/dim.der -outform DER &>> $TEST_LOG
++    mkdir -p /etc/keys
++    cp $TEST_ROOT/cert/dim.der /etc/keys/x509_dim.der
++}
++
++dim_gen_signature() {
++    openssl dgst -sha256 -out $DIM_POLICY_PATH.sig -sign $TEST_ROOT/cert/dim.key $DIM_POLICY_PATH
++    for file in $(ls $DIM_BASELINE_DIR_PATH | grep .hash); do
++        openssl dgst -sha256 -out $DIM_BASELINE_DIR_PATH/$file.sig -sign $TEST_ROOT/cert/dim.key $DIM_BASELINE_DIR_PATH/$file
++    done
++}
++
++dim_baseline_to_measure_log() {
++    name="$(echo "$1" | awk '{print $4}')"
++    if [[ $name == $(uname -r)/* ]]; then
++        name="$(basename $name)"
++    fi
++
++    echo "$(echo "$1" | awk '{print $3}') $name"
++}
++
++tamper_dim_test_demo() {
++    gcc dim_test_demo_tamper.c -o $TEST_DEMO_DIR/dim_test_demo
++}
++
++tamper_dim_test_mod_demo() {
++    rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
++    mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_C.bak
++    mv $DIM_TEST_MOD_DEMO_TAMPER_C $DIM_TEST_MOD_DEMO_C
++    cd $TEST_MODULE_DIR
++    make > /dev/null
++    cd ..
++}
++
++tamper_dim_test_mod_demo_end() {
++    rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
++    mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_TAMPER_C
++    mv $DIM_TEST_MOD_DEMO_C.bak $DIM_TEST_MOD_DEMO_C
++}
++
++gen_dim_test_demo() {
++    gcc dim_test_demo.c -o $TEST_DEMO_BPRM
++    dim_gen_baseline_file $TEST_DEMO_BPRM test.hash
++    dim_gen_policy_bprm_path $TEST_DEMO_BPRM
++}
++
++gen_dim_test_mod_demo() {
++    rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
++    cd $TEST_MODULE_DIR
++    make > /dev/null
++    cd ..
++    dim_gen_baseline_file $DIM_TEST_MOD_DEMO test.hash
++    dim_gen_policy_module_name $DIM_MOD_NAME
++}
++
++measure_log_tampered() {
++    if [ $2 ]; then
++        echo "$1 \[tampered\]"
++    else
++        baseline="$(dim_gen_baseline_file $1)"
++        echo "$(dim_baseline_to_measure_log "$baseline") \[tampered\]"
++    fi
++}
++
++measure_log_static() {
++    if [ $2 ]; then
++        baseline="$(dim_gen_baseline_kerenl)"
++        echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
++    else
++        baseline="$(dim_gen_baseline_file $1)"
++        echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
++    fi
++}
++
++measure_log_no_static() {
++    if [ $2 ]; then
++        echo "$1 \[no static baseline\]"
++    else
++        baseline="$(dim_gen_baseline_file $1)"
++        echo "$(dim_baseline_to_measure_log "$baseline") \[no static baseline\]"
++    fi
++}
++
++check_dim_measure_log_match() {
++    if [ "$2" == "dim_monitor_measure_log" ]; then
++        dim_monitor_measure_log | grep "$1" &> /dev/null
++    else
++        dim_core_measure_log | grep "$1" &> /dev/null
++    fi
++
++    if [ $? -ne 0 ]; then
++        echo "check fail:" >> $TEST_LOG
++        echo " get measure log: $($2)" >> $TEST_LOG
++        echo " want measure log: $1" >> $TEST_LOG
++        TEST_RESULT=1
++        return 1
++    fi
++
++    echo "check ok: measure log has $1" >> $TEST_LOG
++}
++
++check_dim_measure_log_length() {
++    if [ $($2 | wc -l) -ne $1 ]; then
++        echo "check fail: measure log length is not $1" >> $TEST_LOG
++        TEST_RESULT=1
++        return 1
++    fi
++
++    echo "check ok: measure log length is $1" >> $TEST_LOG
++}
++
++check_dim_measure_log_not_contain() {
++    if [ "$2" == "dim_monitor_measure_log" ]; then
++        dim_monitor_measure_log | grep "$1" &> /dev/null
++    else
++        dim_core_measure_log | grep "$1" &> /dev/null
++    fi
++    if [ $? -eq 0 ]; then
++        echo "check fail"
++        TEST_RESULT=1
++        return 1
++    fi
++
++    echo "check ok: measure log hasn't $1" >> $TEST_LOG
++}
++
++check_dim_core_log_normal() {
++    dim_core_baseline
++    check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
++    check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
++    dim_core_measure
++    check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
++    check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
++}
++
++check_dim_monitor_log_normal() {
++    dim_monitor_baseline
++    check_dim_measure_log_length 2 "dim_monitor_measure_log"
++    check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
++    dim_monitor_measure
++    check_dim_measure_log_length 2 "dim_monitor_measure_log"
++    check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
++}
++
++check_dim_monitor_log_tampered() {
++    dim_core_baseline
++    dim_monitor_measure
++    check_dim_measure_log_length 3 "dim_monitor_measure_log"
++    check_dim_measure_log_match "dim_core.data \[tampered\]" "dim_monitor_measure_log"
++}
++
++run_dim_core_baseline_and_check_log() {
++    dim_core_baseline
++    check_dim_measure_log_length "$2" "dim_core_measure_log"
++    check_dim_measure_log_match "$1" "dim_core_measure_log"
++}
++
++run_dim_core_measure_and_check_log() {
++    dim_core_measure
++    check_dim_measure_log_length "$2" "dim_core_measure_log"
++    check_dim_measure_log_match "$1" "dim_core_measure_log"
++}
++
++run_dim_core_and_check_log() {
++    if [ "$1" = "baseline" ]; then
++        run_dim_core_baseline_and_check_log "$2" "$3"
++        if [ $4 ]; then
++            kill $4
++        fi
++    elif [ "$1" = "measure" ]; then
++        run_dim_core_measure_and_check_log "$2" "$3"
++        if [ $4 ]; then
++            kill $4
++        fi
++    else
++        run_dim_core_baseline_and_check_log "$1" "$2"
++        run_dim_core_measure_and_check_log "$3" "$4"
++        if [ $5 ]; then
++            kill $5
++        fi
++    fi
++}
++
++test_pre() {
++    mkdir -p $TEST_DEMO_DIR
++    gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
++    dim_backup_baseline_and_policy
++    load_dim_modules
++}
++
++test_post() {
++    remove_dim_modules
++    dim_restore_baseline_and_policy
++}
++
+diff --git a/test/dim_test_demo.c b/test/dim_test_demo.c
+new file mode 100644
+index 0000000..113fc3d
+--- /dev/null
++++ b/test/dim_test_demo.c
+@@ -0,0 +1,12 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#include <stdio.h>
++
++int main()
++{
++    printf("dim_test_demo\n");
++    while (1);
++    return 0;
++}
+diff --git a/test/dim_test_demo_tamper.c b/test/dim_test_demo_tamper.c
+new file mode 100644
+index 0000000..7f95775
+--- /dev/null
++++ b/test/dim_test_demo_tamper.c
+@@ -0,0 +1,13 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#include <stdio.h>
++
++int main()
++{
++    printf("dim_test_demo");
++    printf("_tamper\n");
++    while (1);
++    return 0;
++}
+diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
+new file mode 100644
+index 0000000..01fa2b9
+--- /dev/null
++++ b/test/test_dim_core.sh
+@@ -0,0 +1,145 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++#!/bin/bash
++
++. ./common.sh
++
++test_measure_bprm_text_normal() {
++    gen_dim_test_demo
++    $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
++    # test
++    run_dim_core_and_check_log "$(measure_log_static $TEST_DEMO_BPRM)" 1 "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
++}
++
++test_measure_bprm_text_no_baseline() {
++    gen_dim_test_demo
++    $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
++    # remove baseline
++    rm -f $DIM_BASELINE_DIR_PATH/test.hash
++    # test
++    run_dim_core_and_check_log "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 $pid
++}
++
++test_measure_bprm_text_tamper_1() {
++    # prepare
++    gen_dim_test_demo
++    tamper_dim_test_demo
++    $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
++    # test
++    run_dim_core_and_check_log "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 $pid
++}
++
++test_measure_bprm_text_tamper_2() {
++    # prepare
++    gen_dim_test_demo
++    $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
++    # test baseline
++    run_dim_core_and_check_log baseline "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
++    # tamper dim_test_demo
++    tamper_dim_test_demo
++    $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
++    # test measure
++    run_dim_core_and_check_log measure "$(measure_log_tampered $TEST_DEMO_BPRM)" 2 $pid
++
++    kill $pid
++}
++
++test_measure_kernel_normal() {
++    dim_gen_policy_kernel
++    dim_gen_baseline_kerenl test.hash
++
++    run_dim_core_and_check_log "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1 "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1
++}
++
++test_measure_module_text_normal() {
++    gen_dim_test_mod_demo
++    insmod $DIM_TEST_MOD_DEMO
++    run_dim_core_and_check_log "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1 "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
++    rmmod $DIM_TEST_MOD_DEMO
++}
++
++test_measure_module_text_no_baseline() {
++    gen_dim_test_mod_demo
++    insmod $DIM_TEST_MOD_DEMO
++
++    # remove baseline
++    rm -f $DIM_BASELINE_DIR_PATH/test.hash
++
++    run_dim_core_and_check_log "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1 "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1
++    rmmod $DIM_TEST_MOD_DEMO
++}
++
++test_measure_module_text_tamper() {
++    gen_dim_test_mod_demo
++    insmod $DIM_TEST_MOD_DEMO
++
++    run_dim_core_and_check_log baseline "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
++    rmmod $DIM_TEST_MOD_DEMO
++    tamper_dim_test_mod_demo
++    insmod $DIM_TEST_MOD_DEMO
++    run_dim_core_and_check_log measure "$(measure_log_tampered $DIM_MOD_NAME "module_tampered")" 2
++    rmmod $DIM_TEST_MOD_DEMO
++    tamper_dim_test_mod_demo_end
++}
++
++test_measure_all_text_normal() {
++    dim_gen_baseline_all
++    dim_gen_policy_all
++    check_dim_core_log_normal
++}
++
++test_measure_all_text_normal_sm3() {
++    dim_gen_baseline_all 1
++    dim_gen_policy_all
++    load_dim_modules "measure_hash=sm3"
++    check_dim_core_log_normal
++}
++
++test_measure_all_text_normal_sign() {
++    dim_gen_baseline_all
++    dim_gen_policy_all
++    dim_gen_cert
++    dim_gen_signature
++    load_dim_modules "signature=on"
++    check_dim_core_log_normal
++}
++
++POLICY_INVALID="measure1 obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
++measure obj1=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
++measure obj=BPRM_TEXT1 path=/opt/dim/demo/dim_test_demo\n\
++measure obj=BPRM_TEXT name=/opt/dim/demo/dim_test_demo\n\
++measure obj=MODULE_TEXT path=$(head -c 4096 < /dev/zero | tr '\0' '\141')\n"
++
++test_invalid_policy() {
++    IFS=$'\n'
++    for policy in $(echo -e $POLICY_INVALID); do
++        echo "$policy" > $DIM_POLICY_PATH
++        dim_core_baseline
++        dim_core_status
++    done &>> $TEST_LOG
++}
++
++# Full measurement. The test is disabled by default.
++#           test_measure_all_text_normal \
++#           test_measure_all_text_normal_sm3 \
++#           test_measure_all_text_normal_sign \
++case_list="test_measure_bprm_text_normal \
++           test_measure_bprm_text_no_baseline \
++           test_measure_bprm_text_tamper_1 \
++           test_measure_bprm_text_tamper_2 \
++           test_measure_module_text_normal \
++           test_measure_module_text_no_baseline \
++           test_measure_module_text_tamper \
++           test_measure_kernel_normal \
++           test_invalid_policy"
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++    test_post
++done
++
+diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
+new file mode 100644
+index 0000000..b4a1ea8
+--- /dev/null
++++ b/test/test_dim_monitor.sh
+@@ -0,0 +1,32 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++#!/bin/bash
++
++. ./common.sh
++
++test_measure_monitor_normal() {
++    dim_gen_baseline_all
++    dim_gen_policy_all
++    check_dim_core_log_normal
++    check_dim_monitor_log_normal
++}
++
++test_measure_monitor_tamper() {
++    test_measure_monitor_normal
++    check_dim_monitor_log_tampered
++}
++
++# Full measurement. The test is disabled by default.
++# case_list="test_measure_monitor_normal \
++#            test_measure_monitor_tamper"
++case_list=""
++
++for case in $case_list; do
++    test_pre
++    $case
++    if [ $TEST_RESULT -eq 0 ]; then
++        echo "$case PASS"
++    else
++        echo "$case FAIL"
++    fi
++    test_post
++done
+diff --git a/test/test_module/Makefile b/test/test_module/Makefile
+new file mode 100644
+index 0000000..4255525
+--- /dev/null
++++ b/test/test_module/Makefile
+@@ -0,0 +1,16 @@
++# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++
++obj-m := dim_test_module_demo.o
++
++KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
++CONFIG_MODULE_SIG=n
++
++PWD := $(shell pwd)
++
++modules :
++	$(MAKE) -C $(KERNEL) M=$(PWD) modules
++
++.PHONEY:clean
++
++clean :
++	$(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
+diff --git a/test/test_module/dim_test_module_demo.c b/test/test_module/dim_test_module_demo.c
+new file mode 100644
+index 0000000..3303365
+--- /dev/null
++++ b/test/test_module/dim_test_module_demo.c
+@@ -0,0 +1,20 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#include <linux/module.h>
++
++static int test_mod_init(void)
++{
++    pr_info("init!\n");
++    return 0;
++}
++
++static void test_mod_exit(void)
++{
++    pr_info("exit!\n");
++}
++
++module_init(test_mod_init);
++module_exit(test_mod_exit);
++MODULE_LICENSE("");
+diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_module/dim_test_module_demo_tamper.c
+new file mode 100644
+index 0000000..c443d7b
+--- /dev/null
++++ b/test/test_module/dim_test_module_demo_tamper.c
+@@ -0,0 +1,23 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
++ */
++
++#include <linux/module.h>
++
++static int test_mod_init(void)
++{
++    int i = 0;
++    i += 1;
++    pr_info("%d\n", i);
++    pr_info("init!\n");
++    return 0;
++}
++
++static void test_mod_exit(void)
++{
++    pr_info("exit!\n");
++}
++
++module_init(test_mod_init);
++module_exit(test_mod_exit);
++MODULE_LICENSE("");
+-- 
+2.33.0
+

backport-fix-build-error-in-kernel-6.6.patch

@@ -1,14 +1,14 @@
-From dd7f8dd49e927be2219a34bf88d09e80a0e6446d Mon Sep 17 00:00:00 2001
+From b43b4c3301ffd1ca27a0826db09465a3d90f5169 Mon Sep 17 00:00:00 2001
 From: jinlun <jinlun@huawei.com>
-Date: Fri, 26 Jan 2024 15:22:42 +0800
-Subject: [PATCH] fix build error in kernel-6.6
+Date: Mon, 29 Jan 2024 10:17:24 +0800
+Subject: [PATCH 10/26] fix build error in kernel-6.6
 
 ---
  src/core/dim_core_measure_task.c | 4 ++++
  1 file changed, 4 insertions(+)
 
 diff --git a/src/core/dim_core_measure_task.c b/src/core/dim_core_measure_task.c
-index f9c53f0..f70d701 100644
+index 0d9b995..6ab60d1 100644
 --- a/src/core/dim_core_measure_task.c
 +++ b/src/core/dim_core_measure_task.c
 @@ -223,7 +223,11 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
@@ -21,7 +21,7 @@ index f9c53f0..f70d701 100644
 +					  0, pages, NULL);
 +#endif
  	if (ret_pages < 0) {
- 		dim_err("fail to get vma pages: %ld\n", ret_pages);
+ 		dim_err("failed to get vma pages: %ld\n", ret_pages);
  		vfree(pages);
 -- 
 2.33.0

backport-fix-build-error.patch

@@ -0,0 +1,25 @@
+From 0140b4eb57f2c434fed5357944bacb76a66c92ea Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 9 Feb 2024 19:39:40 +0800
+Subject: [PATCH 11/26] fix build error
+
+---
+ src/common/dim_baseline.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
+index 4733705..09a2780 100644
+--- a/src/common/dim_baseline.c
++++ b/src/common/dim_baseline.c
+@@ -105,7 +105,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
+ 		goto err;
+ 
+         strncpy((char *)baseline->name, name, buf_len - 1);
+-        baseline->name[buf_len - 1] = '\0';
++        ((char *)baseline->name)[buf_len - 1] = '\0';
+ 
+ 	write_lock(&root->lock);
+ 	ret = dim_baseline_rb_add(&root->rb_root, baseline, NULL);
+-- 
+2.33.0
+

backport-fix-the-magic-number.patch

@@ -0,0 +1,39 @@
+From 1ca2bccf3608fafc95c32714127e8ff9c1fefbc4 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Thu, 16 Nov 2023 15:03:47 +0800
+Subject: [PATCH 05/26] fix the magic number
+
+---
+ src/core/dim_core_measure.h        | 2 ++
+ src/core/dim_core_measure_kernel.c | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
+index c9abc4e..a379cf6 100644
+--- a/src/core/dim_core_measure.h
++++ b/src/core/dim_core_measure.h
+@@ -17,6 +17,8 @@
+ #define MEASURE_LOG_CAP_MAX (UINT_MAX)
+ #define MEASURE_LOG_CAP_MIN (100)
+ #define MEASURE_SCHEDULE_MAX (1000)
++/* max size of x86 */
++#define DIM_JUMP_LABEL_NOP_SIZE_MAX 5
+ 
+ struct vm_text_area {
+ 	struct mm_struct *mm;
+diff --git a/src/core/dim_core_measure_kernel.c b/src/core/dim_core_measure_kernel.c
+index faaf59c..135899d 100644
+--- a/src/core/dim_core_measure_kernel.c
++++ b/src/core/dim_core_measure_kernel.c
+@@ -78,7 +78,7 @@ static int do_calc_kernel_digest(uintptr_t saddr,
+ #ifdef JUMP_LABEL_NOP_SIZE
+ 		cur_addr = jump_code + JUMP_LABEL_NOP_SIZE;
+ #else
+-		cur_addr = jump_code + 5; // TODO
++		cur_addr = jump_code + DIM_JUMP_LABEL_NOP_SIZE_MAX;
+ #endif
+ 	}
+ 
+-- 
+2.33.0
+

backport-some-word.patch

@@ -0,0 +1,567 @@
+From 1b6ab8135e1b2f4f5d0f4ce559f46bc8d71022b6 Mon Sep 17 00:00:00 2001
+From: xuyongliang_01 <xuyongliang_yewu@cmss.chinamobile.com>
+Date: Wed, 6 Dec 2023 09:55:20 +0800
+Subject: [PATCH 07/26] some word
+
+---
+ src/core/dim_core_baseline.c        |  8 ++++----
+ src/core/dim_core_fs.c              |  2 +-
+ src/core/dim_core_main.c            | 10 +++++-----
+ src/core/dim_core_measure.c         | 24 ++++++++++++------------
+ src/core/dim_core_measure_common.c  |  2 +-
+ src/core/dim_core_measure_kernel.c  |  8 ++++----
+ src/core/dim_core_measure_task.c    | 20 ++++++++++----------
+ src/core/dim_core_mem_pool.c        | 12 ++++++------
+ src/core/dim_core_policy.c          | 10 +++++-----
+ src/core/dim_core_sig.c             | 10 +++++-----
+ src/core/dim_core_static_baseline.c | 10 +++++-----
+ src/core/dim_core_symbol.c          |  2 +-
+ 12 files changed, 59 insertions(+), 59 deletions(-)
+
+diff --git a/src/core/dim_core_baseline.c b/src/core/dim_core_baseline.c
+index a0f4832..27a8114 100644
+--- a/src/core/dim_core_baseline.c
++++ b/src/core/dim_core_baseline.c
+@@ -35,7 +35,7 @@ int dim_core_add_static_baseline(const char *name, int type,
+ {
+ 	int ret = dim_baseline_add(&static_baseline, name, type, digest);
+ 	if (ret < 0 && ret != -EEXIST) {
+-		dim_err("fail to add static baseline of %s\n", name);
++		dim_err("failed to add static baseline of %s\n", name);
+ 		return ret;
+ 	}
+ 
+@@ -47,7 +47,7 @@ int dim_core_add_dynamic_baseline(const char *name, int type,
+ {
+ 	int ret = dim_baseline_add(&dynamic_baseline, name, type, digest);
+ 	if (ret < 0 && ret != -EEXIST) {
+-		dim_err("fail to add dynamic baseline of %s\n", name);
++		dim_err("failed to add dynamic baseline of %s\n", name);
+ 		return ret;
+ 	}
+ 
+@@ -93,7 +93,7 @@ int dim_core_baseline_init(void)
+ 				     dim_kfree,
+ 				     &static_baseline);
+ 	if (ret < 0) {
+-		dim_err("fail to initialize static baseline root: %d\n", ret);
++		dim_err("failed to initialize static baseline root: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+@@ -101,7 +101,7 @@ int dim_core_baseline_init(void)
+ 				     dim_mem_pool_free,
+ 				     &dynamic_baseline);
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dynamic baseline root: %d\n", ret);
++		dim_err("failed to initialize dynamic baseline root: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
+index d5e39ba..e050a19 100644
+--- a/src/core/dim_core_fs.c
++++ b/src/core/dim_core_fs.c
+@@ -105,7 +105,7 @@ int dim_core_create_fs(void)
+ 
+ 	ret = dim_entry_create(&dim_core_dir, NULL);
+ 	if (ret < 0) {
+-		dim_err("fail to create dim dir entry: %d\n", ret);
++		dim_err("failed to create dim dir entry: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
+index edd86cc..6de0c2a 100644
+--- a/src/core/dim_core_main.c
++++ b/src/core/dim_core_main.c
+@@ -38,20 +38,20 @@ static int __init dim_core_init(void)
+ 
+ 	ret = dim_core_kallsyms_init();
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dim kernel symbol: %d\n", ret);
++		dim_err("failed to initialize dim kernel symbol: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+ 	ret = dim_mem_pool_init();
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dim memory pool: %d\n", ret);
++		dim_err("failed to initialize dim memory pool: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+ 	if (signature) {
+ 		ret = dim_core_sig_init();
+ 		if (ret < 0) {
+-			dim_err("fail to initialize dim signature: %d\n", ret);
++			dim_err("failed to initialize dim signature: %d\n", ret);
+ 			goto err;
+ 		}
+ 	}
+@@ -59,13 +59,13 @@ static int __init dim_core_init(void)
+ 	ret = dim_core_measure_init(measure_hash == NULL ?
+ 				    DIM_CORE_HASH_DEFAULT : measure_hash);
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dim measurement: %d\n", ret);
++		dim_err("failed to initialize dim measurement: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+ 	ret = dim_core_create_fs();
+ 	if (ret < 0) {
+-		dim_err("fail to create dim fs entry: %d\n", ret);
++		dim_err("failed to create dim fs entry: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
+index 59e2cf8..ed4a464 100644
+--- a/src/core/dim_core_measure.c
++++ b/src/core/dim_core_measure.c
+@@ -125,15 +125,15 @@ static void do_measure(void)
+ 
+ 	ret = dim_core_measure_task(bi);
+ 	if (ret < 0)
+-		dim_err("fail to measure user process: %d\n", ret);
++		dim_err("failed to measure user process: %d\n", ret);
+ 
+ 	ret = dim_core_measure_module(bi);
+ 	if (ret < 0)
+-		dim_err("fail to measure kernel modules: %d\n", ret);
++		dim_err("failed to measure kernel modules: %d\n", ret);
+ 
+ 	ret = dim_core_measure_kernel(bi);
+ 	if (ret < 0)
+-		dim_err("fail to measure kernel: %d\n", ret);
++		dim_err("failed to measure kernel: %d\n", ret);
+ 
+ 	mutex_unlock(&dim_core_baseline_lock);
+ }
+@@ -144,14 +144,14 @@ static int do_baseline(void)
+ 
+ 	ret = dim_core_policy_load();
+ 	if (ret < 0) {
+-		dim_err("fail to load dim core policy: %d\n", ret);
++		dim_err("failed to load dim core policy: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+ 	dim_core_baseline_destroy();
+ 	ret = dim_core_static_baseline_load();
+ 	if (ret < 0) {
+-		dim_err("fail to load dim static baseline: %d\n", ret);
++		dim_err("failed to load dim static baseline: %d\n", ret);
+ 		dim_core_policy_destroy();
+ 		return ret;
+ 	}
+@@ -232,7 +232,7 @@ int dim_core_measure_init(const char *alg_name)
+ 	/* 2. init measure hash algorithm */
+ 	ret = dim_hash_init(alg_name, &dim_core_hash);
+ 	if (ret < 0) {
+-		dim_err("fail to initialize hash algorithm: %d\n", ret);
++		dim_err("failed to initialize hash algorithm: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+@@ -240,20 +240,20 @@ int dim_core_measure_init(const char *alg_name)
+ 	if (measure_pcr > 0) {
+ 		ret = dim_tpm_init(&dim_core_tpm, HASH_ALGO_SHA256);
+ 		if (ret < 0)
+-			dim_warn("fail to initialize tpm chip: %d\n", ret);
++			dim_warn("failed to initialize tpm chip: %d\n", ret);
+ 	}
+ 
+ 	/* 4. init measurement status */
+ 	ret = dim_core_status_init();
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dim status: %d\n", ret);
++		dim_err("failed to initialize dim status: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+ 	/* 5. init baseline data (static and dynamic) */
+ 	ret = dim_core_baseline_init();
+ 	if (ret < 0) {
+-		dim_err("fail to initialize dim baseline: %d\n", ret);
++		dim_err("failed to initialize dim baseline: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+@@ -262,7 +262,7 @@ int dim_core_measure_init(const char *alg_name)
+ 					&dim_core_hash, &dim_core_tpm,
+ 					measure_log_capacity, measure_pcr);
+ 	if (ret < 0) {
+-		dim_err("fail to initialize measure log root: %d\n", ret);
++		dim_err("failed to initialize measure log root: %d\n", ret);
+ 		goto err;
+ 	}
+ 
+@@ -271,7 +271,7 @@ int dim_core_measure_init(const char *alg_name)
+ 	dim_work_queue = create_singlethread_workqueue("dim_core");
+ 	if (dim_work_queue == NULL) {
+ 		ret = -ENOMEM;
+-		dim_err("fail to create dim work queue: %d\n", ret);
++		dim_err("failed to create dim work queue: %d\n", ret);
+ 		goto err;
+ 	}
+ 	
+@@ -279,7 +279,7 @@ int dim_core_measure_init(const char *alg_name)
+ 	if (measure_interval) {
+ 		ret = dim_core_measure(1);
+ 		if (ret < 0) {
+-			dim_err("fail to do baseline init: %d\n", ret);
++			dim_err("failed to do baseline init: %d\n", ret);
+ 			goto err;
+ 		}
+ 
+diff --git a/src/core/dim_core_measure_common.c b/src/core/dim_core_measure_common.c
+index 4e4c0f4..406ed3f 100644
+--- a/src/core/dim_core_measure_common.c
++++ b/src/core/dim_core_measure_common.c
+@@ -15,7 +15,7 @@ int dim_core_add_measure_log(const char *name, struct dim_digest *digest, int fl
+ {
+ 	int ret = dim_measure_log_add(&dim_core_log, name, digest, flag);
+ 	if (ret < 0 && ret != -EEXIST) {
+-		dim_err("fail to add measure log of %s: %d\n", name, ret);
++		dim_err("failed to add measure log of %s: %d\n", name, ret);
+ 		return ret;
+ 	}
+ 
+diff --git a/src/core/dim_core_measure_kernel.c b/src/core/dim_core_measure_kernel.c
+index 135899d..3724501 100644
+--- a/src/core/dim_core_measure_kernel.c
++++ b/src/core/dim_core_measure_kernel.c
+@@ -111,7 +111,7 @@ static int calc_kernel_digest(struct dim_digest *digest)
+ 			sizeof(struct jump_entry);
+ 		ret = sort_jump_table(sjump, jcode_cnt, &jcode_sort);
+ 		if (ret < 0) {
+-			dim_err("fail to sort kernel jump table: %d\n", ret);
++			dim_err("failed to sort kernel jump table: %d\n", ret);
+ 			return ret;
+ 		}
+ 	} else {
+@@ -121,7 +121,7 @@ static int calc_kernel_digest(struct dim_digest *digest)
+ 
+ 	ret = do_calc_kernel_digest(stext, etext, jcode_sort, jcode_cnt, digest);
+ 	if (ret < 0)
+-		dim_err("fail to calculate kernel digest: %d\n", ret);
++		dim_err("failed to calculate kernel digest: %d\n", ret);
+ 
+ 	vfree(jcode_sort);
+ 	return ret;
+@@ -139,13 +139,13 @@ int dim_core_measure_kernel(int baseline_init)
+ 
+ 	ret = calc_kernel_digest(&digest);
+ 	if (ret < 0) {
+-		dim_err("fail to calculate kernel digest: %d\n", ret);
++		dim_err("failed to calculate kernel digest: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+ 	ret = dim_core_check_kernel_digest(baseline_init, kr, &digest);
+ 	if (ret < 0)
+-		dim_err("fail to check kernel digest: %d\n", ret);
++		dim_err("failed to check kernel digest: %d\n", ret);
+ 
+ 	return ret;
+ }
+diff --git a/src/core/dim_core_measure_task.c b/src/core/dim_core_measure_task.c
+index f9c53f0..0d9b995 100644
+--- a/src/core/dim_core_measure_task.c
++++ b/src/core/dim_core_measure_task.c
+@@ -192,7 +192,7 @@ static bool vm_file_match_policy(struct file *vm_file,
+ 	/* get the module path string */
+ 	ctx->path = d_path(&vm_file->f_path, ctx->path_buf, PATH_MAX);
+ 	if (IS_ERR(ctx->path)) {
+-		dim_warn("fail to get path of vma: %ld\n", PTR_ERR(ctx->path));
++		dim_warn("failed to get path of vma: %ld\n", PTR_ERR(ctx->path));
+ 		ctx->path = NULL;
+ 		return false;
+ 	}
+@@ -225,7 +225,7 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
+ 	ret_pages = get_user_pages_remote(vma_start->vm_mm, addr_start, nr_pages,
+ 					  0, pages, NULL, NULL);
+ 	if (ret_pages < 0) {
+-		dim_err("fail to get vma pages: %ld\n", ret_pages);
++		dim_err("failed to get vma pages: %ld\n", ret_pages);
+ 		vfree(pages);
+ 		return ret_pages;
+ 	}
+@@ -233,7 +233,7 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
+ 	for (i = 0; i < ret_pages; i++) {
+ 		page_ptr = kmap(pages[i]);
+ 		if (page_ptr == NULL) {
+-			dim_err("fail to kmap page\n");
++			dim_err("failed to kmap page\n");
+ 			put_page(pages[i]);
+ 			continue;
+ 		}
+@@ -257,7 +257,7 @@ static int check_user_digest(struct dim_digest *digest,
+ 	ret = dim_core_check_user_digest(ctx->baseline, ctx->path,
+ 					 digest, &log_flag);
+ 	if (ret < 0) {
+-		dim_err("fail to check user digest: %d\n", ret);
++		dim_err("failed to check user digest: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+@@ -315,7 +315,7 @@ static int measure_task_module_anon_text(struct vm_area_struct *vma,
+ 
+ 		ret = measure_anon_text_vma(v, ctx);
+ 		if (ret < 0)
+-			dim_err("fail to measure anon text vma: %d\n", ret);
++			dim_err("failed to measure anon text vma: %d\n", ret);
+ 	}
+ 
+ 	return 0;
+@@ -367,11 +367,11 @@ static void measure_task_module(struct vm_area_struct *vma,
+ 
+ 	ret = measure_task_module_file_text(vma, ctx);
+ 	if (ret < 0)
+-		dim_err("fail to measure module file text: %d", ret);
++		dim_err("failed to measure module file text: %d", ret);
+ #ifdef DIM_CORE_MEASURE_ANON_TEXT
+ 	ret = measure_task_module_anon_text(vma, ctx);
+ 	if (ret < 0)
+-		dim_err("fail to measure module anon text: %d", ret);
++		dim_err("failed to measure module anon text: %d", ret);
+ #endif
+ }
+ 
+@@ -425,7 +425,7 @@ out:
+ 	if (ctx->task_kill) {
+ 		ret = kill_task_tree(task);
+ 		if (ret < 0)
+-			dim_err("fail to kill tampered task, pid = %d: %d\n",
++			dim_err("failed to kill tampered task, pid = %d: %d\n",
+ 			       task->pid, ret);
+ 	}
+ 
+@@ -446,7 +446,7 @@ static int store_task_pids(pid_t **pid_buf, unsigned int *pid_cnt)
+ 	/* maximum processing of PID_MAX_DEFAULT * 2 pids */
+ 	buf = vmalloc(max_cnt);
+ 	if (buf == NULL) {
+-		dim_err("fail to allocate memory for pid buffer\n");
++		dim_err("failed to allocate memory for pid buffer\n");
+ 		return -ENOMEM;
+ 	}
+ 
+@@ -494,7 +494,7 @@ static int walk_tasks(task_measurer f, struct task_measure_ctx *ctx)
+ 		ret = f(task, ctx);
+ 		put_task_struct(task);
+ 		if (ret < 0) {
+-			dim_err("fail to measure task, pid = %d: %d", pid_buf[i], ret);
++			dim_err("failed to measure task, pid = %d: %d", pid_buf[i], ret);
+ 			if (ret == -EINTR)
+ 				break;
+ 		}
+diff --git a/src/core/dim_core_mem_pool.c b/src/core/dim_core_mem_pool.c
+index 5688eaf..a16b7bb 100644
+--- a/src/core/dim_core_mem_pool.c
++++ b/src/core/dim_core_mem_pool.c
+@@ -18,7 +18,7 @@ static int dim_mem_pool_expand(unsigned int order)
+ 
+ 	pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, order);
+ 	if (pages == NULL) {
+-		dim_err("fail to allocate pages for memory pool\n");
++		dim_err("failed to allocate pages for memory pool\n");
+ 		return -ENOMEM;
+ 	}
+ 
+@@ -27,7 +27,7 @@ static int dim_mem_pool_expand(unsigned int order)
+ 
+ 	ret = gen_pool_add(dim_pool, pages_addr, size, -1);
+ 	if (ret < 0) {
+-		dim_err("fail to add pages to memory pool: %d\n", ret);
++		dim_err("failed to add pages to memory pool: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+@@ -41,7 +41,7 @@ int dim_mem_pool_init(void)
+ 
+ 	dim_pool = gen_pool_create(DIM_MIN_ALLOC_ORDER, -1);
+ 	if (dim_pool == NULL) {
+-		dim_err("fail to generate memory pool\n");
++		dim_err("failed to generate memory pool\n");
+ 		return -ENOMEM;
+ 	}
+ 
+@@ -72,7 +72,7 @@ void dim_mem_pool_destroy(void)
+ 		return;
+ 
+ 	if (gen_pool_avail(dim_pool) != gen_pool_size(dim_pool)) {
+-		dim_err("dim_mem_pool_destroy fail, memory leak detected\n");
++		dim_err("dim_mem_pool_destroy failed, memory leak detected\n");
+ 		return;
+ 	}
+ 
+@@ -96,10 +96,10 @@ void *dim_mem_pool_alloc(size_t size)
+ 	if (data != NULL)
+ 		goto out;
+ 
+-	dim_devel("gen_pool_alloc fail, try dim_mem_pool_expand\n");
++	dim_devel("gen_pool_alloc failed, try dim_mem_pool_expand\n");
+ 	ret = dim_mem_pool_expand(DIM_EXPEND_ALLOC_PAGE_ORDER);
+ 	if (ret < 0) {
+-		dim_err("fail to expand memory pool: %d\n", ret);
++		dim_err("failed to expand memory pool: %d\n", ret);
+ 		return NULL;
+ 	}
+ 
+diff --git a/src/core/dim_core_policy.c b/src/core/dim_core_policy.c
+index a3fa369..0e7fbf3 100644
+--- a/src/core/dim_core_policy.c
++++ b/src/core/dim_core_policy.c
+@@ -118,7 +118,7 @@ static int policy_add_path(const char *path, int action)
+ 
+ 	apath = dim_absolute_path(path, path_buf, PATH_MAX);
+ 	if (IS_ERR(apath)) {
+-		dim_warn("fail to get absolute path of %s in policy: %ld\n",
++		dim_warn("failed to get absolute path of %s in policy: %ld\n",
+ 			path, PTR_ERR(apath));
+ 		kfree(path_buf);
+ 		return 0;
+@@ -200,7 +200,7 @@ static int policy_parse_line(char* line, int line_no)
+ 	if (obj == DIM_POLICY_OBJ_KERNEL_TEXT) {
+ 		ret = policy_add_kernel(action);
+ 		if (ret < 0)
+-			dim_err("fail to add measure policy line %d: %d\n",
++			dim_err("failed to add measure policy line %d: %d\n",
+ 				line_no, ret);
+ 		return ret;
+ 	}
+@@ -221,7 +221,7 @@ static int policy_parse_line(char* line, int line_no)
+ 		policy_add_path(val, action) :
+ 		policy_add_module(val, action);
+ 	if (ret < 0)
+-		dim_err("fail to add measure policy line %d: %d\n",
++		dim_err("failed to add measure policy line %d: %d\n",
+ 			line_no, ret);
+ 	return ret;
+ }
+@@ -237,14 +237,14 @@ int dim_core_policy_load(void)
+ 
+ 	ret = dim_read_verify_file(NULL, DIM_POLICY_PATH, &buf);
+ 	if (ret < 0 || buf == NULL) {
+-		dim_err("fail to read policy file: %d\n", ret);
++		dim_err("failed to read policy file: %d\n", ret);
+ 		return ret;
+ 	}
+ 
+ 	buf_len = ret;
+ 	ret = dim_parse_line_buf(buf, buf_len, policy_parse_line);
+ 	if (ret < 0) {
+-		dim_err("fail to parse policy: %d\n", ret);
++		dim_err("failed to parse policy: %d\n", ret);
+ 		dim_core_policy_destroy();
+ 	}
+ 
+diff --git a/src/core/dim_core_sig.c b/src/core/dim_core_sig.c
+index 18f6008..aae323c 100644
+--- a/src/core/dim_core_sig.c
++++ b/src/core/dim_core_sig.c
+@@ -141,7 +141,7 @@ int dim_core_sig_init(void)
+ 					 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
+ 	if (IS_ERR(dim_core_keyring)) {
+ 		ret = PTR_ERR(dim_core_keyring);
+-		dim_err("fail to allocate DIM keyring: %ld\n", ret);
++		dim_err("failed to allocate DIM keyring: %ld\n", ret);
+ 		return ret;
+ 	}
+ 
+@@ -149,7 +149,7 @@ int dim_core_sig_init(void)
+ 					 DIM_CORE_MAX_FILE_SIZE, NULL,
+ 					 READING_X509_CERTIFICATE);
+ 	if (ret < 0) {
+-		dim_err("fail to read DIM cert file: %ld\n", ret);
++		dim_err("failed to read DIM cert file: %ld\n", ret);
+ 		goto err;
+ 	}
+ 
+@@ -158,13 +158,13 @@ int dim_core_sig_init(void)
+ 				   DIM_CORE_KEY_PERM, KEY_ALLOC_NOT_IN_QUOTA);
+ 	if (IS_ERR(key)) {
+ 		ret = PTR_ERR(key);
+-		dim_err("fail to load DIM cert: %ld\n", ret);
++		dim_err("failed to load DIM cert: %ld\n", ret);
+ 		goto err;
+ 	}
+ 
+ 	ret = dim_hash_init("sha256", &dim_core_sig_hash);
+ 	if (ret < 0) {
+-		dim_err("fail to init dim signature hash: %ld\n", ret);
++		dim_err("failed to init dim signature hash: %ld\n", ret);
+ 		goto err;
+ 	}
+ 
+@@ -186,4 +186,4 @@ void dim_core_sig_destroy(void)
+ 		key_put(dim_core_keyring);
+ 
+ 	dim_hash_destroy(&dim_core_sig_hash);
+-}
+\ No newline at end of file
++}
+diff --git a/src/core/dim_core_static_baseline.c b/src/core/dim_core_static_baseline.c
+index f779da1..0d99f7b 100644
+--- a/src/core/dim_core_static_baseline.c
++++ b/src/core/dim_core_static_baseline.c
+@@ -112,7 +112,7 @@ static int parse_simple_baseline_line(char* line, int line_no)
+ 
+ 	ret = dim_core_add_static_baseline(line_str, type, &digest);
+ 	if (ret < 0)
+-		dim_warn("fail to add static baseline at line %d: %d\n",
++		dim_warn("failed to add static baseline at line %d: %d\n",
+ 			 line_no, ret);
+ 	return 0;
+ }
+@@ -144,14 +144,14 @@ static_baseline_load(struct dir_context *__ctx,
+ 
+ 	ret = dim_read_verify_file(ctx->path, name, &buf);
+ 	if (ret < 0 || buf == NULL) {
+-		dim_err("fail to read and verify %s: %d\n", name, ret);
++		dim_err("failed to read and verify %s: %d\n", name, ret);
+ 		goto out;
+ 	}
+ 
+ 	buf_len = ret;
+ 	ret = dim_parse_line_buf(buf, buf_len, parse_simple_baseline_line);
+ 	if (ret < 0)
+-		dim_err("fail to parse baseline file %s: %d\n", name, ret);
++		dim_err("failed to parse baseline file %s: %d\n", name, ret);
+ out:
+ 	if (buf != NULL)
+ 		vfree(buf);
+@@ -175,14 +175,14 @@ int dim_core_static_baseline_load(void)
+ 
+ 	ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
+ 	if (ret < 0) {
+-		dim_err("fail to get dim baseline root path: %d", ret);
++		dim_err("failed to get dim baseline root path: %d", ret);
+ 		return ret;
+ 	}
+ 
+ 	file = filp_open(DIM_STATIC_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
+ 	if (IS_ERR(file)) {
+ 		ret = PTR_ERR(file);
+-		dim_err("fail to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
++		dim_err("failed to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
+ 		path_put(&kpath);
+ 		return ret;
+ 	}
+diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c
+index 128e595..3da3df2 100644
+--- a/src/core/dim_core_symbol.c
++++ b/src/core/dim_core_symbol.c
+@@ -23,7 +23,7 @@ int dim_core_kallsyms_init(void)
+ 
+ 	dim_kallsyms_lookup_name = dim_get_symbol_lookup_func();
+ 	if (dim_kallsyms_lookup_name  == NULL) {
+-		dim_err("fail to get symbol_lookup_func\n");
++		dim_err("failed to get symbol_lookup_func\n");
+ 		return -EINVAL;
+ 	}
+ 	k->stext = (char *)dim_kallsyms_lookup_name("_stext");
+-- 
+2.33.0
+

backport-update-src-common-dim_baseline.c.patch

@@ -0,0 +1,31 @@
+From ee0e50754cb5bf5943d4f16508725b3f65931f24 Mon Sep 17 00:00:00 2001
+From: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
+Date: Tue, 2 Jan 2024 02:27:55 +0000
+Subject: [PATCH 09/26] update src/common/dim_baseline.c.
+
+Signed-off-by: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
+
+update src/common/dim_baseline.c.
+
+Signed-off-by: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
+---
+ src/common/dim_baseline.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
+index 6369d7b..4733705 100644
+--- a/src/common/dim_baseline.c
++++ b/src/common/dim_baseline.c
+@@ -104,7 +104,8 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
+ 	if (ret < 0)
+ 		goto err;
+ 
+-	strcpy((char *)baseline->name, name);
++        strncpy((char *)baseline->name, name, buf_len - 1);
++        baseline->name[buf_len - 1] = '\0';
+ 
+ 	write_lock(&root->lock);
+ 	ret = dim_baseline_rb_add(&root->rb_root, baseline, NULL);
+-- 
+2.33.0
+

dim.spec

@@ -4,7 +4,7 @@
 Name         :  dim
 Summary      :  Dynamic Integrity Measurement
 Version      :  1.0.2
-Release      :  5
+Release      :  6
 License      :  GPL-2.0
 Source0      :  %{name}-v%{version}.tar.gz
 BuildRequires:  kernel-devel kernel-headers
@@ -13,7 +13,28 @@ Requires     :  kernel
 Patch0001:      Limit-the-max-line-number-of-policy-and-baseline-par.patch
 Patch0002:      Use-jiffies64-interface-to-set-measure-interval.patch
 Patch0003:      Add-the-owner-of-file-operations.patch
-Patch0004:      fix-build-error-in-kernel-6.6.patch
+Patch0004:      backport-dim-add-test-code.patch
+Patch0005:      backport-fix-the-magic-number.patch
+Patch0006:      backport-some-word.patch
+Patch0007:      backport-update-src-common-dim_baseline.c.patch
+Patch0008:      backport-fix-build-error-in-kernel-6.6.patch
+Patch0009:      backport-fix-build-error.patch
+Patch0010:      backport-Refactor-the-measurement-code.patch
+Patch0011:      backport-Refactor-dim_core-policy-and-support-the-action-poli.patch
+Patch0012:      backport-Refactor-the-dim_core-static-baseline-implement.patch
+Patch0013:      backport-Support-user-process-measurement-by-ELF-parsing.patch
+Patch0014:      backport-Optimize-Makefile.patch
+Patch0015:      backport-Dont-queue-measurement-task-when-baseline-failed.patch
+Patch0016:      backport-Add-safe-wapper-for-some-memory-and-string-functions.patch
+Patch0017:      backport-Fix-potential-integer-overflow.patch
+Patch0018:      backport-Add-memory-debug-in-mem_pool.patch
+Patch0019:      backport-Optimize-test-framework-and-add-testcases.patch
+Patch0020:      backport-Add-warpper-for-strncmp-and-strncpy.patch
+Patch0021:      backport-Use-warpper-dim_vzalloc-to-avoid-false-warning.patch
+Patch0022:      backport-Set-dim_core_keyring-to-NULL-when-initialize-failed.patch
+Patch0023:      backport-Disable-dfx-testcase-by-default.patch
+Patch0024:      backport-Support-init-function-for-measure-tasks.patch
+
 %description
 Dynamic Integrity Measurement
 
@@ -51,6 +72,9 @@ rm -rf %{buildroot}
 %attr(0400,root,root) /lib/modules/%{kernel_version}/extra/dim/dim_monitor.ko
 
 %changelog
+* Tue Apr 16 2024 jinlun <jinlun@huawei.com> 1.0.2-6
+- backport some patches
+
 * Fri Jan 26 2024 jinlun <jinlun@huawei.com> 1.0.2-5
 - The compilation error asused by the kernel upgrade is rectified.