| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Sep 2017 09:19:16 -0700
From: Kees Cook <keescook@...omium.org>
To: Borislav Petkov <bp@...en8.de>
Cc: lkml <linux-kernel@...r.kernel.org>, Jessica Yu <jeyu@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Jiri Slaby <jslaby@...e.cz>, Jiri Olsa <jolsa@...nel.org>,
Michal Marek <mmarek@...e.cz>, Jiri Kosina <jkosina@...e.cz>,
Takashi Iwai <tiwai@...e.de>, Petr Mladek <pmladek@...e.com>,
Jeff Mahoney <jeffm@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
x86-ml <x86@...nel.org>
Subject: Re: [RFC PATCH] kernel/panic: Add TAINT_AUX
On Mon, Sep 11, 2017 at 6:45 AM, Borislav Petkov <bp@...en8.de> wrote:
> Hi all,
>
> so this is the gist of a patch which we've been forward-porting in our
> kernels for a long time now and it probably would make a good sense to
> have such TAINT_AUX flag upstream which can be used by each distro etc,
> how they see fit. This way, we won't need to forward-port a distro-only
> version indefinitely.
>
> And the "X" mnemonic could also mean eXternal, which would be taint from
> a distro or something else but not the upstream kernel.
>
> Thoughts?
If I were an end-user looking at my kernel trace that had an "X" flag,
how would I go look up what it actually means? Is "git grep TAINT_AUX"
going to sufficiently answer that question?
How does SUSE use it currently?
-Kees
>
> ---
> From: Borislav Petkov <bp@...e.de>
>
> Add an auxiliary taint flag to be used by distros and others. This
> obviates the need to forward-port whatever internal solutions people
> have in favor of a single flag which they can map arbitrarily to a
> definition of their pleasing.
>
> Signed-off-by: Borislav Petkov <bp@...e.de>
> ---
> include/linux/kernel.h | 3 ++-
> kernel/panic.c | 2 ++
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index bd6d96cf80b1..400512aa58e8 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -520,7 +520,8 @@ extern enum system_states {
> #define TAINT_UNSIGNED_MODULE 13
> #define TAINT_SOFTLOCKUP 14
> #define TAINT_LIVEPATCH 15
> -#define TAINT_FLAGS_COUNT 16
> +#define TAINT_AUX 16
> +#define TAINT_FLAGS_COUNT 17
>
> struct taint_flag {
> char c_true; /* character printed when tainted */
> diff --git a/kernel/panic.c b/kernel/panic.c
> index a58932b41700..46ca774e2dce 100644
> --- a/kernel/panic.c
> +++ b/kernel/panic.c
> @@ -321,6 +321,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
> { 'E', ' ', true }, /* TAINT_UNSIGNED_MODULE */
> { 'L', ' ', false }, /* TAINT_SOFTLOCKUP */
> { 'K', ' ', true }, /* TAINT_LIVEPATCH */
> + { 'X', ' ', true }, /* TAINT_AUX */
> };
>
> /**
> @@ -342,6 +343,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
> * 'E' - Unsigned module has been loaded.
> * 'L' - A soft lockup has previously occurred.
> * 'K' - Kernel has been live patched.
> + * 'X' - Auxiliary taint, for distros' use.
> *
> * The string is overwritten by the next call to print_tainted().
> */
> --
> 2.13.0
>
>
> --
> Regards/Gruss,
> Boris.
>
> Good mailing practices for 400: avoid top-posting and trim the reply.
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists