From: hpa@zytor.com
To: Randy Dunlap <rdunlap@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>
Cc: "Chang S. Bae" <chang.seok.bae@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, Andi Kleen <ak@linux.intel.com>,
Markus T Metzger <markus.t.metzger@intel.com>,
Ravi Shankar <ravi.v.shankar@intel.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v5 01/13] taint: Introduce a new taint flag (insecure)
Date: Tue, 05 Feb 2019 15:07:42 -0800 [thread overview]
Message-ID: <3B92973A-A2D2-4FCB-A2A2-030057229D4B@zytor.com> (raw)
In-Reply-To: <f41a5d14-b642-0969-3c7a-cc12b820d208@infradead.org>
On February 5, 2019 2:46:11 PM PST, Randy Dunlap <rdunlap@infradead.org> wrote:
>On 2/5/19 1:21 PM, Andrew Morton wrote:
>> On Fri, 1 Feb 2019 18:42:29 -0800 Andy Lutomirski <luto@kernel.org>
>wrote:
>>
>>> On Fri, Feb 1, 2019 at 12:54 PM Chang S. Bae
><chang.seok.bae@intel.com> wrote:
>>>>
>>>> For testing (or root-only) purposes, the new flag will serve to tag
>the
>>>> kernel taint accurately.
>>>>
>>>> When adding a new feature support, patches need to be incrementally
>>>> applied and tested with temporal parameters. Currently, there is no
>flag
>>>> for this usage.
>>>
>>> I think this should be reviewed by someone like akpm. akpm, for
>>> background, this is part of an x86 patch series. If only part of
>the
>>> series is applied, the kernel will be blatantly insecure (but still
>>> functional and useful for testing and bisection), and this taint
>flag
>>> will be set if this kernel is booted. With the whole series
>applied,
>>> there are no users of the taint flag in the kernel.
>>>
>>> Do you think this is a good idea?
>>
>> What does "temporal parameters" mean? A complete description of this
>> testing process would help.
>>
>> I sounds a bit strange. You mean it assumes that people will
>partially
>> apply the series to test its functionality? That would be
>inconvenient.
>
>Ack. I don't think we need to (or should) worry about that kind of
>muckup.
>
>> - Can the new and now-unused taint flag be removed again at
>> end-of-series?
>>
>> - It would be a lot more convenient if we had some means of testing
>> after the whole series is applied, on a permanent basis - some
>> debugfs flag, perhaps?
>>
I would like to see this taint flag, though, because sometimes it is useful to write test modules (e.g. when I was testing SMAP) which are dangerous even if out of tree.
In case of an escape or pilot error gets it into the wrong kernel, it is a very good thing to have the kernel flagged.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
next prev parent reply other threads:[~2019-02-05 23:08 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-01 20:53 [PATCH v5 00/13] x86: Enable FSGSBASE instructions Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 01/13] taint: Introduce a new taint flag (insecure) Chang S. Bae
2019-02-02 2:42 ` Andy Lutomirski
2019-02-05 21:21 ` Andrew Morton
2019-02-05 22:46 ` Randy Dunlap
2019-02-05 23:07 ` hpa [this message]
2019-02-01 20:53 ` [PATCH v5 02/13] x86/fsgsbase/64: Add 'unsafe_fsgsbase' to enable CR4.FSGSBASE Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 03/13] kbuild: Raise the minimum required binutils version to 2.21 Chang S. Bae
2019-02-02 2:45 ` Andy Lutomirski
2019-02-05 0:08 ` Andrew Morton
2019-02-01 20:53 ` [PATCH v5 04/13] x86/fsgsbase/64: Add intrinsics for FSGSBASE instructions Chang S. Bae
2019-02-02 2:52 ` Andy Lutomirski
2019-02-01 20:53 ` [PATCH v5 04/13] x86/fsgsbase/64: Add intrinsics/macros " Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 05/13] x86/fsgsbase/64: Enable FSGSBASE instructions in the helper functions Chang S. Bae
2019-02-02 2:57 ` Andy Lutomirski
2019-02-01 20:53 ` [PATCH v5 06/13] x86/fsgsbase/64: Preserve FS/GS state in __switch_to() if FSGSBASE is on Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 07/13] x86/fsgsbase/64: When copying a thread, use the FSGSBASE instructions if available Chang S. Bae
2019-02-02 17:28 ` Andy Lutomirski
2019-02-01 20:53 ` [PATCH v5 08/13] x86/fsgsbase/64: Introduce the FIND_PERCPU_BASE macro Chang S. Bae
2019-02-02 17:17 ` Andy Lutomirski
2019-02-13 18:46 ` Bae, Chang Seok
2019-02-01 20:53 ` [PATCH v5 09/13] x86/fsgsbase/64: Use the per-CPU base as GSBASE at the paranoid_entry Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 10/13] selftests/x86/fsgsbase: Test WRGSBASE Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 11/13] x86/fsgsbase/64: Enable FSGSBASE by default and add a chicken bit Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 12/13] x86/elf: Enumerate kernel FSGSBASE capability in AT_HWCAP2 Chang S. Bae
2019-02-01 20:53 ` [PATCH v5 13/13] x86/fsgsbase/64: Add documentation for FSGSBASE Chang S. Bae
2019-02-01 23:02 ` [PATCH v5 00/13] x86: Enable FSGSBASE instructions Andi Kleen
2019-02-02 2:43 ` Andy Lutomirski
2019-02-05 6:26 ` hpa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B92973A-A2D2-4FCB-A2A2-030057229D4B@zytor.com \
--to=hpa@zytor.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=chang.seok.bae@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=markus.t.metzger@intel.com \
--cc=mingo@kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).