From: David Gow <davidgow@google.com>
To: Brendan Higgins <brendanhiggins@google.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Shuah Khan <skhan@linuxfoundation.org>,
Greg KH <gregkh@linuxfoundation.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>
Cc: David Gow <davidgow@google.com>,
"Guilherme G . Piccoli" <gpiccoli@igalia.com>,
Sebastian Reichel <sre@kernel.org>,
John Ogness <john.ogness@linutronix.de>,
Joe Fradley <joefradley@google.com>,
Daniel Latypov <dlatypov@google.com>,
kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Jani Nikula <jani.nikula@linux.intel.com>,
Lucas De Marchi <lucas.demarchi@intel.com>,
Aaron Tomlin <atomlin@redhat.com>,
linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
Michal Marek <michal.lkml@markovi.net>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-kbuild@vger.kernel.org
Subject: [PATCH v5 1/4] panic: Taint kernel if tests are run
Date: Sat, 2 Jul 2022 12:09:56 +0800 [thread overview]
Message-ID: <20220702040959.3232874-1-davidgow@google.com> (raw)
Most in-kernel tests (such as KUnit tests) are not supposed to run on
production systems: they may do deliberately illegal things to trigger
errors, and have security implications (for example, KUnit assertions
will often deliberately leak kernel addresses).
Add a new taint type, TAINT_TEST to signal that a test has been run.
This will be printed as 'N' (originally for kuNit, as every other
sensible letter was taken.)
This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run
accidentally (by loading the wrong configuration, etc.)
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---
Documentation/admin-guide/tainted-kernels.rst | 1 +
include/linux/panic.h | 3 ++-
kernel/panic.c | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst
index ceeed7b0798d..7d80e8c307d1 100644
--- a/Documentation/admin-guide/tainted-kernels.rst
+++ b/Documentation/admin-guide/tainted-kernels.rst
@@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted
15 _/K 32768 kernel has been live patched
16 _/X 65536 auxiliary taint, defined for and used by distros
17 _/T 131072 kernel was built with the struct randomization plugin
+ 18 _/N 262144 an in-kernel test has been run
=== === ====== ========================================================
Note: The character ``_`` is representing a blank in this table to make reading
diff --git a/include/linux/panic.h b/include/linux/panic.h
index e71161da69c4..c7759b3f2045 100644
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
#define TAINT_LIVEPATCH 15
#define TAINT_AUX 16
#define TAINT_RANDSTRUCT 17
-#define TAINT_FLAGS_COUNT 18
+#define TAINT_TEST 18
+#define TAINT_FLAGS_COUNT 19
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
struct taint_flag {
diff --git a/kernel/panic.c b/kernel/panic.c
index a3c758dba15a..6b3369e21026 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
[ TAINT_LIVEPATCH ] = { 'K', ' ', true },
[ TAINT_AUX ] = { 'X', ' ', true },
[ TAINT_RANDSTRUCT ] = { 'T', ' ', true },
+ [ TAINT_TEST ] = { 'N', ' ', true },
};
/**
--
2.37.0.rc0.161.g10f37bed90-goog
next reply other threads:[~2022-07-02 4:10 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-02 4:09 David Gow [this message]
2022-07-02 4:09 ` [PATCH v5 2/4] module: panic: Taint the kernel when selftest modules load David Gow
2022-07-02 4:45 ` David Gow
2022-07-03 15:32 ` Aaron Tomlin
2022-07-06 20:44 ` Brendan Higgins
2022-07-08 0:40 ` Nathan Chancellor
2022-07-08 4:54 ` David Gow
2022-07-02 4:09 ` [PATCH v5 3/4] kunit: Taint the kernel when KUnit tests are run David Gow
2022-07-02 4:09 ` [PATCH v5 4/4] selftest: Taint kernel when test module loaded David Gow
2022-07-02 4:45 ` David Gow
2022-07-06 20:51 ` Brendan Higgins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220702040959.3232874-1-davidgow@google.com \
--to=davidgow@google.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=atomlin@redhat.com \
--cc=brendanhiggins@google.com \
--cc=corbet@lwn.net \
--cc=dlatypov@google.com \
--cc=gpiccoli@igalia.com \
--cc=gregkh@linuxfoundation.org \
--cc=jani.nikula@linux.intel.com \
--cc=joefradley@google.com \
--cc=john.ogness@linutronix.de \
--cc=keescook@chromium.org \
--cc=kunit-dev@googlegroups.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lucas.demarchi@intel.com \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=ndesaulniers@google.com \
--cc=skhan@linuxfoundation.org \
--cc=sre@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).