From: Ben Widawsky <ben.widawsky@intel.com> To: <linux-cxl@vger.kernel.org> Cc: Ben Widawsky <ben.widawsky@intel.com>, <linux-kernel@vger.kernel.org>, <linux-pci@vger.kernel.org>, "linux-acpi@vger.kernel.org, Ira Weiny" <ira.weiny@intel.com>, Dan Williams <dan.j.williams@intel.com>, Vishal Verma <vishal.l.verma@intel.com>, "Kelley, Sean V" <sean.v.kelley@intel.com>, Rafael Wysocki <rafael.j.wysocki@intel.com>, Bjorn Helgaas <helgaas@kernel.org>, Jonathan Cameron <Jonathan.Cameron@Huawei.com>, "Jon Masters" <jcm@jonmasters.org>, Chris Browy <cbrowy@avery-design.com>, "Randy Dunlap" <rdunlap@infradead.org>, Christoph Hellwig <hch@infradead.org>, <daniel.lll@alibaba-inc.com> Subject: [RFC PATCH v3 11/16] taint: add taint for direct hardware access Date: Mon, 11 Jan 2021 14:51:15 -0800 [thread overview] Message-ID: <20210111225121.820014-12-ben.widawsky@intel.com> (raw) In-Reply-To: <20210111225121.820014-1-ben.widawsky@intel.com> For drivers that moderate access to the underlying hardware it is sometimes desirable to allow userspace to bypass restrictions. Once userspace has done this, the driver can no longer guarantee the sanctity of either the OS or the hardware. When in this state, it is helpful for kernel developers to be made aware (via this taint flag) of this fact for subsequent bug reports. Example usage: - Hardware xyzzy accepts 2 commands, waldo and fred. - The xyzzy driver provides an interface for using waldo, but not fred. - quux is convinced they really need the fred command. - xyzzy driver allows quux to frob hardware to initiate fred. - kernel gets tainted. - turns out fred command is borked, and scribbles over memory. - developers laugh while closing quux's subsequent bug report. Signed-off-by: Ben Widawsky <ben.widawsky@intel.com> --- Documentation/admin-guide/sysctl/kernel.rst | 1 + Documentation/admin-guide/tainted-kernels.rst | 6 +++++- include/linux/kernel.h | 3 ++- kernel/panic.c | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 1d56a6b73a4e..3e1eada53504 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1352,6 +1352,7 @@ ORed together. The letters are seen in "Tainted" line of Oops reports. 32768 `(K)` kernel has been live patched 65536 `(X)` Auxiliary taint, defined and used by for distros 131072 `(T)` The kernel was built with the struct randomization plugin +262144 `(H)` The kernel has allowed vendor shenanigans ====== ===== ============================================================== See :doc:`/admin-guide/tainted-kernels` for more information. diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..ee2913316344 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -74,7 +74,7 @@ a particular type of taint. It's best to leave that to the aforementioned script, but if you need something quick you can use this shell command to check which bits are set:: - $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done + $ for i in $(seq 19); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done Table for decoding tainted state ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/H 262144 kernel has allowed vendor shenanigans === === ====== ======================================================== Note: The character ``_`` is representing a blank in this table to make reading @@ -175,3 +176,6 @@ More detailed explanation for tainting produce extremely unusual kernel structure layouts (even performance pathological ones), which is important to know when debugging. Set at build time. + + 18) ``H`` Kernel has allowed direct access to hardware and can no longer make + any guarantees about the stability of the device or driver. diff --git a/include/linux/kernel.h b/include/linux/kernel.h index f7902d8c1048..bc95486f817e 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -443,7 +443,8 @@ extern enum system_states { #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_RAW_PASSTHROUGH 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index 332736a72a58..dff22bd80eaf 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -386,6 +386,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_RAW_PASSTHROUGH ] = { 'H', ' ', true }, }; /** -- 2.30.0
WARNING: multiple messages have this Message-ID (diff)
From: Ben Widawsky <ben.widawsky@intel.com> To: linux-cxl@vger.kernel.org Cc: Ben Widawsky <ben.widawsky@intel.com>, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, "linux-acpi@vger.kernel.org, Ira Weiny" <ira.weiny@intel.com>, Dan Williams <dan.j.williams@intel.com>, Vishal Verma <vishal.l.verma@intel.com>, "Kelley, Sean V" <sean.v.kelley@intel.com>, Rafael Wysocki <rafael.j.wysocki@intel.com>, Bjorn Helgaas <helgaas@kernel.org>, Jonathan Cameron <Jonathan.Cameron@Huawei.com>, Jon Masters <jcm@jonmasters.org>, Chris Browy <cbrowy@avery-design.com>, Randy Dunlap <rdunlap@infradead.org>, Christoph Hellwig <hch@infradead.org>, daniel.lll@alibaba-inc.com Subject: [RFC PATCH v3 11/16] taint: add taint for direct hardware access Date: Mon, 11 Jan 2021 14:51:15 -0800 [thread overview] Message-ID: <20210111225121.820014-12-ben.widawsky@intel.com> (raw) In-Reply-To: <20210111225121.820014-1-ben.widawsky@intel.com> For drivers that moderate access to the underlying hardware it is sometimes desirable to allow userspace to bypass restrictions. Once userspace has done this, the driver can no longer guarantee the sanctity of either the OS or the hardware. When in this state, it is helpful for kernel developers to be made aware (via this taint flag) of this fact for subsequent bug reports. Example usage: - Hardware xyzzy accepts 2 commands, waldo and fred. - The xyzzy driver provides an interface for using waldo, but not fred. - quux is convinced they really need the fred command. - xyzzy driver allows quux to frob hardware to initiate fred. - kernel gets tainted. - turns out fred command is borked, and scribbles over memory. - developers laugh while closing quux's subsequent bug report. Signed-off-by: Ben Widawsky <ben.widawsky@intel.com> --- Documentation/admin-guide/sysctl/kernel.rst | 1 + Documentation/admin-guide/tainted-kernels.rst | 6 +++++- include/linux/kernel.h | 3 ++- kernel/panic.c | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 1d56a6b73a4e..3e1eada53504 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1352,6 +1352,7 @@ ORed together. The letters are seen in "Tainted" line of Oops reports. 32768 `(K)` kernel has been live patched 65536 `(X)` Auxiliary taint, defined and used by for distros 131072 `(T)` The kernel was built with the struct randomization plugin +262144 `(H)` The kernel has allowed vendor shenanigans ====== ===== ============================================================== See :doc:`/admin-guide/tainted-kernels` for more information. diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..ee2913316344 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -74,7 +74,7 @@ a particular type of taint. It's best to leave that to the aforementioned script, but if you need something quick you can use this shell command to check which bits are set:: - $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done + $ for i in $(seq 19); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done Table for decoding tainted state ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/H 262144 kernel has allowed vendor shenanigans === === ====== ======================================================== Note: The character ``_`` is representing a blank in this table to make reading @@ -175,3 +176,6 @@ More detailed explanation for tainting produce extremely unusual kernel structure layouts (even performance pathological ones), which is important to know when debugging. Set at build time. + + 18) ``H`` Kernel has allowed direct access to hardware and can no longer make + any guarantees about the stability of the device or driver. diff --git a/include/linux/kernel.h b/include/linux/kernel.h index f7902d8c1048..bc95486f817e 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -443,7 +443,8 @@ extern enum system_states { #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_RAW_PASSTHROUGH 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index 332736a72a58..dff22bd80eaf 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -386,6 +386,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_RAW_PASSTHROUGH ] = { 'H', ' ', true }, }; /** -- 2.30.0
next prev parent reply other threads:[~2021-01-12 0:28 UTC|newest] Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-01-11 22:51 [RFC PATCH v3 00/16] CXL 2.0 Support Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 01/16] docs: cxl: Add basic documentation Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 02/16] cxl/acpi: Add an acpi_cxl module for the CXL interconnect Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 7:08 ` Randy Dunlap 2021-01-12 18:43 ` Jonathan Cameron 2021-01-12 19:43 ` Dan Williams 2021-01-12 22:06 ` Jonathan Cameron 2021-01-13 17:55 ` Kaneda, Erik 2021-01-20 19:27 ` Dan Williams 2021-01-20 19:18 ` Verma, Vishal L 2021-01-13 12:40 ` Rafael J. Wysocki 2021-01-20 19:21 ` Verma, Vishal L 2021-01-11 22:51 ` [RFC PATCH v3 03/16] cxl/acpi: add OSC support Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 15:09 ` Rafael J. Wysocki 2021-01-12 18:48 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 04/16] cxl/mem: Introduce a driver for CXL-2.0-Type-3 endpoints Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 7:08 ` Randy Dunlap 2021-01-12 19:01 ` Jonathan Cameron 2021-01-12 20:06 ` Dan Williams 2021-01-11 22:51 ` [RFC PATCH v3 05/16] cxl/mem: Map memory device registers Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 19:13 ` Jonathan Cameron 2021-01-12 19:21 ` Ben Widawsky 2021-01-12 20:40 ` Dan Williams 2021-01-11 22:51 ` [RFC PATCH v3 06/16] cxl/mem: Find device capabilities Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 19:17 ` Jonathan Cameron 2021-01-12 19:22 ` Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 07/16] cxl/mem: Implement polled mode mailbox Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-13 18:26 ` Jonathan Cameron 2021-01-14 17:40 ` Jonathan Cameron 2021-01-14 17:50 ` Ben Widawsky 2021-01-14 18:13 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 08/16] cxl/mem: Register CXL memX devices Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-14 16:28 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 09/16] cxl/mem: Add basic IOCTL interface Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 4:39 ` kernel test robot 2021-01-14 16:19 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 10/16] cxl/mem: Add send command Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 6:06 ` kernel test robot 2021-01-14 17:10 ` Jonathan Cameron 2021-01-21 18:15 ` Ben Widawsky 2021-01-22 11:43 ` Jonathan Cameron 2021-01-22 17:08 ` Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky [this message] 2021-01-11 22:51 ` [RFC PATCH v3 11/16] taint: add taint for direct hardware access Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 11/16] taint: add taint for unfettered " Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 3:31 ` Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 12/16] cxl/mem: Add a "RAW" send command Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 7:41 ` kernel test robot 2021-01-11 22:51 ` [RFC PATCH v3 13/16] cxl/mem: Create concept of enabled commands Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-14 17:25 ` Jonathan Cameron 2021-01-21 18:40 ` Ben Widawsky 2021-01-22 11:28 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 14/16] cxl/mem: Use CEL for enabling commands Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-14 18:02 ` Jonathan Cameron 2021-01-14 18:13 ` Ben Widawsky 2021-01-14 18:32 ` Jonathan Cameron 2021-01-14 19:04 ` Ben Widawsky 2021-01-14 19:24 ` Jonathan Cameron 2021-01-11 22:51 ` [RFC PATCH v3 15/16] cxl/mem: Add limited Get Log command (0401h) Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-14 18:08 ` Jonathan Cameron 2021-01-23 0:14 ` Ben Widawsky 2021-01-11 22:51 ` [RFC PATCH v3 16/16] MAINTAINERS: Add maintainers of the CXL driver Ben Widawsky 2021-01-11 22:51 ` Ben Widawsky 2021-01-12 1:12 ` Joe Perches [not found] ` <0f2a6d62-09d8-416f-e972-3e9869c3e1a6@alibaba-inc.com> 2021-01-12 15:17 ` [RFC PATCH v3 00/16] CXL 2.0 Support Ben Widawsky 2021-01-12 16:19 ` Bjorn Helgaas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210111225121.820014-12-ben.widawsky@intel.com \ --to=ben.widawsky@intel.com \ --cc=Jonathan.Cameron@Huawei.com \ --cc=cbrowy@avery-design.com \ --cc=dan.j.williams@intel.com \ --cc=daniel.lll@alibaba-inc.com \ --cc=hch@infradead.org \ --cc=helgaas@kernel.org \ --cc=ira.weiny@intel.com \ --cc=jcm@jonmasters.org \ --cc=linux-cxl@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pci@vger.kernel.org \ --cc=rafael.j.wysocki@intel.com \ --cc=rdunlap@infradead.org \ --cc=sean.v.kelley@intel.com \ --cc=vishal.l.verma@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.