[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200524211945.GX33628@sasha-vm>
Date: Sun, 24 May 2020 17:19:45 -0400
From: Sasha Levin <sashal@...nel.org>
To: hpa@...or.com
Cc: Thomas Gleixner <tglx@...utronix.de>,
Don Porter <porter@...unc.edu>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>, linux-kernel@...r.kernel.org,
bp@...en8.de, luto@...nel.org, dave.hansen@...el.com,
tony.luck@...el.com, ravi.v.shankar@...el.com,
chang.seok.bae@...el.com
Subject: Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions
On Sun, May 24, 2020 at 12:45:18PM -0700, hpa@...or.com wrote:
>There are legitimate reasons to write a root-hole module, the main one being able to test security features like SMAP. I have requested before a TAINT flag specifically for this purpose, because TAINT_CRAP is nowhere near explicit enough, and is also used for staging drivers. Call it TAINT_TOXIC or TAINT_ROOTHOLE; it should always be accompanied with a CRIT level alert.
What I don't like about our current system of TAINT_* flags is that
while we can improve it as much as we want, no one outside of the kernel
tree seems to be using it. While Thomas may have been commenting on
Graphene's behaviour, look at any other code that did the same thing:
- Graphene: https://github.com/oscarlab/graphene-sgx-driver/blob/master/gsgx.c
- Occlum: https://github.com/occlum/enable_rdfsbase/blob/master/enable_rdfsbase.c
- SGX-LKL: https://github.com/lsds/sgx-lkl/blob/master/tools/kmod-set-fsgsbase/mod_set_cr4_fsgsbase.c
None of which set even the CRAP flag.
--
Thanks,
Sasha
Powered by blists - more mailing lists