[merged] panic-taint-kernel-if-tests-are-run.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The quilt patch titled
     Subject: panic: taint kernel if tests are run
has been removed from the -mm tree.  Its filename was
     panic-taint-kernel-if-tests-are-run.patch

This patch was dropped because it was merged into mainline or a subsystem tree

------------------------------------------------------
From: David Gow <davidgow@xxxxxxxxxx>
Subject: panic: taint kernel if tests are run
Date: Fri, 8 Jul 2022 12:48:44 +0800

Most in-kernel tests (such as KUnit tests) are not supposed to run on
production systems: they may do deliberately illegal things to trigger
errors, and have security implications (for example, KUnit assertions will
often deliberately leak kernel addresses).

Add a new taint type, TAINT_TEST to signal that a test has been run.  This
will be printed as 'N' (originally for kuNit, as every other sensible
letter was taken.)

This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run accidentally
(by loading the wrong configuration, etc.)

Link: https://lkml.kernel.org/r/20220708044847.531566-1-davidgow@xxxxxxxxxx
Signed-off-by: David Gow <davidgow@xxxxxxxxxx>
Acked-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Reviewed-by: Brendan Higgins <brendanhiggins@xxxxxxxxxx>
Cc: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
Cc: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx>
Cc: Sebastian Reichel <sre@xxxxxxxxxx>
Cc: John Ogness <john.ogness@xxxxxxxxxxxxx>
Cc: Daniel Latypov <dlatypov@xxxxxxxxxx>
Cc: Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx>
Cc: Lucas De Marchi <lucas.demarchi@xxxxxxxxx>
Cc: Aaron Tomlin <atomlin@xxxxxxxxxx>
Cc: Michal Marek <michal.lkml@xxxxxxxxxxx>
Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 Documentation/admin-guide/tainted-kernels.rst |    1 +
 include/linux/panic.h                         |    3 ++-
 kernel/panic.c                                |    1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

--- a/Documentation/admin-guide/tainted-kernels.rst~panic-taint-kernel-if-tests-are-run
+++ a/Documentation/admin-guide/tainted-kernels.rst
@@ -100,6 +100,7 @@ Bit  Log  Number  Reason that got the ke
  15  _/K   32768  kernel has been live patched
  16  _/X   65536  auxiliary taint, defined for and used by distros
  17  _/T  131072  kernel was built with the struct randomization plugin
+ 18  _/N  262144  an in-kernel test has been run
 ===  ===  ======  ========================================================
 
 Note: The character ``_`` is representing a blank in this table to make reading
--- a/include/linux/panic.h~panic-taint-kernel-if-tests-are-run
+++ a/include/linux/panic.h
@@ -68,7 +68,8 @@ static inline void set_arch_panic_timeou
 #define TAINT_LIVEPATCH			15
 #define TAINT_AUX			16
 #define TAINT_RANDSTRUCT		17
-#define TAINT_FLAGS_COUNT		18
+#define TAINT_TEST			18
+#define TAINT_FLAGS_COUNT		19
 #define TAINT_FLAGS_MAX			((1UL << TAINT_FLAGS_COUNT) - 1)
 
 struct taint_flag {
--- a/kernel/panic.c~panic-taint-kernel-if-tests-are-run
+++ a/kernel/panic.c
@@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAIN
 	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },
 	[ TAINT_AUX ]			= { 'X', ' ', true },
 	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },
+	[ TAINT_TEST ]			= { 'N', ' ', true },
 };
 
 /**
_

Patches currently in -mm which might be from davidgow@xxxxxxxxxx are

module-panic-taint-the-kernel-when-selftest-modules-load.patch
kunit-taint-the-kernel-when-kunit-tests-are-run.patch
selftest-taint-kernel-when-test-module-loaded.patch




[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux