From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752073AbdIKQTX (ORCPT ); Mon, 11 Sep 2017 12:19:23 -0400 Received: from mail-yw0-f179.google.com ([209.85.161.179]:33954 "EHLO mail-yw0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750782AbdIKQTS (ORCPT ); Mon, 11 Sep 2017 12:19:18 -0400 X-Google-Smtp-Source: ADKCNb5VlxV+Q8aHoUCRLrBvBtse8DBI8Q2xbHlPSI1OobzRyid7rRg8FAP4Mm5l2MeeD9IU6QQWuf8JgR3Me/el+3w= MIME-Version: 1.0 In-Reply-To: <20170911134533.dp5mtyku5bongx4c@pd.tnic> References: <20170911134533.dp5mtyku5bongx4c@pd.tnic> From: Kees Cook Date: Mon, 11 Sep 2017 09:19:16 -0700 X-Google-Sender-Auth: mx9fXZV4lPbxu3ZGUD_U1QRI5ug Message-ID: Subject: Re: [RFC PATCH] kernel/panic: Add TAINT_AUX To: Borislav Petkov Cc: lkml , Jessica Yu , Peter Zijlstra , Jiri Slaby , Jiri Olsa , Michal Marek , Jiri Kosina , Takashi Iwai , Petr Mladek , Jeff Mahoney , Andrew Morton , Linus Torvalds , x86-ml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 11, 2017 at 6:45 AM, Borislav Petkov wrote: > Hi all, > > so this is the gist of a patch which we've been forward-porting in our > kernels for a long time now and it probably would make a good sense to > have such TAINT_AUX flag upstream which can be used by each distro etc, > how they see fit. This way, we won't need to forward-port a distro-only > version indefinitely. > > And the "X" mnemonic could also mean eXternal, which would be taint from > a distro or something else but not the upstream kernel. > > Thoughts? If I were an end-user looking at my kernel trace that had an "X" flag, how would I go look up what it actually means? Is "git grep TAINT_AUX" going to sufficiently answer that question? How does SUSE use it currently? -Kees > > --- > From: Borislav Petkov > > Add an auxiliary taint flag to be used by distros and others. This > obviates the need to forward-port whatever internal solutions people > have in favor of a single flag which they can map arbitrarily to a > definition of their pleasing. > > Signed-off-by: Borislav Petkov > --- > include/linux/kernel.h | 3 ++- > kernel/panic.c | 2 ++ > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/linux/kernel.h b/include/linux/kernel.h > index bd6d96cf80b1..400512aa58e8 100644 > --- a/include/linux/kernel.h > +++ b/include/linux/kernel.h > @@ -520,7 +520,8 @@ extern enum system_states { > #define TAINT_UNSIGNED_MODULE 13 > #define TAINT_SOFTLOCKUP 14 > #define TAINT_LIVEPATCH 15 > -#define TAINT_FLAGS_COUNT 16 > +#define TAINT_AUX 16 > +#define TAINT_FLAGS_COUNT 17 > > struct taint_flag { > char c_true; /* character printed when tainted */ > diff --git a/kernel/panic.c b/kernel/panic.c > index a58932b41700..46ca774e2dce 100644 > --- a/kernel/panic.c > +++ b/kernel/panic.c > @@ -321,6 +321,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { > { 'E', ' ', true }, /* TAINT_UNSIGNED_MODULE */ > { 'L', ' ', false }, /* TAINT_SOFTLOCKUP */ > { 'K', ' ', true }, /* TAINT_LIVEPATCH */ > + { 'X', ' ', true }, /* TAINT_AUX */ > }; > > /** > @@ -342,6 +343,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { > * 'E' - Unsigned module has been loaded. > * 'L' - A soft lockup has previously occurred. > * 'K' - Kernel has been live patched. > + * 'X' - Auxiliary taint, for distros' use. > * > * The string is overwritten by the next call to print_tainted(). > */ > -- > 2.13.0 > > > -- > Regards/Gruss, > Boris. > > Good mailing practices for 400: avoid top-posting and trim the reply. -- Kees Cook Pixel Security