| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170911134533.dp5mtyku5bongx4c@pd.tnic>
Date: Mon, 11 Sep 2017 15:45:33 +0200
From: Borislav Petkov <bp@...en8.de>
To: lkml <linux-kernel@...r.kernel.org>
Cc: Kees Cook <keescook@...omium.org>, Jessica Yu <jeyu@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Jiri Slaby <jslaby@...e.cz>, Jiri Olsa <jolsa@...nel.org>,
Michal Marek <mmarek@...e.cz>, Jiri Kosina <jkosina@...e.cz>,
Takashi Iwai <tiwai@...e.de>, Petr Mladek <pmladek@...e.com>,
Jeff Mahoney <jeffm@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
x86-ml <x86@...nel.org>
Subject: [RFC PATCH] kernel/panic: Add TAINT_AUX
Hi all,
so this is the gist of a patch which we've been forward-porting in our
kernels for a long time now and it probably would make a good sense to
have such TAINT_AUX flag upstream which can be used by each distro etc,
how they see fit. This way, we won't need to forward-port a distro-only
version indefinitely.
And the "X" mnemonic could also mean eXternal, which would be taint from
a distro or something else but not the upstream kernel.
Thoughts?
---
From: Borislav Petkov <bp@...e.de>
Add an auxiliary taint flag to be used by distros and others. This
obviates the need to forward-port whatever internal solutions people
have in favor of a single flag which they can map arbitrarily to a
definition of their pleasing.
Signed-off-by: Borislav Petkov <bp@...e.de>
---
include/linux/kernel.h | 3 ++-
kernel/panic.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index bd6d96cf80b1..400512aa58e8 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -520,7 +520,8 @@ extern enum system_states {
#define TAINT_UNSIGNED_MODULE 13
#define TAINT_SOFTLOCKUP 14
#define TAINT_LIVEPATCH 15
-#define TAINT_FLAGS_COUNT 16
+#define TAINT_AUX 16
+#define TAINT_FLAGS_COUNT 17
struct taint_flag {
char c_true; /* character printed when tainted */
diff --git a/kernel/panic.c b/kernel/panic.c
index a58932b41700..46ca774e2dce 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -321,6 +321,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
{ 'E', ' ', true }, /* TAINT_UNSIGNED_MODULE */
{ 'L', ' ', false }, /* TAINT_SOFTLOCKUP */
{ 'K', ' ', true }, /* TAINT_LIVEPATCH */
+ { 'X', ' ', true }, /* TAINT_AUX */
};
/**
@@ -342,6 +343,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
* 'E' - Unsigned module has been loaded.
* 'L' - A soft lockup has previously occurred.
* 'K' - Kernel has been live patched.
+ * 'X' - Auxiliary taint, for distros' use.
*
* The string is overwritten by the next call to print_tainted().
*/
--
2.13.0
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists