Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp1201990ima; Fri, 1 Feb 2019 18:45:39 -0800 (PST) X-Google-Smtp-Source: ALg8bN6xjWH1UOKJfhWU5vwGpM39DPgHyEl20QKI5qEHKlB4fSHvmNN9Oou28kqETx0BYVTpxBnG X-Received: by 2002:a17:902:3064:: with SMTP id u91mr41518972plb.325.1549075539331; Fri, 01 Feb 2019 18:45:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549075539; cv=none; d=google.com; s=arc-20160816; b=Kq+8Tusbs8GAz9ktuyxGpbcKsreSRjbvZHzpsghOw1U0EqM4fXacjahk1tKoKrcL3o SuXNpz9vutCNBLtbVB95m+VF5bUVNbGYwP65RdsI6mesYRQWgWXxLkKkEl74RuUDF6TQ ewU0+yZpGz/wBYRac3UQ8xTxQXt1YHrdH8vb5ZpM53GpVTTWD/t9my/o/QsSfu+VlQGU C7wWBoRppWZvEdGHB6dPzAUY25/9pkncXgsyW6d3GLoELINJLoJB8CXm+Hv9b0y9RQVm 48iYRPlK84vdLcnwfR5/v9mThM7P35kntEHY6/ewNG1b0dGMq5kkd5XtByxiP0RH8E9N LQzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Cbtwd5fDeCnl3T75ps8ToXw1N/+WhRaBfQOyLXsQsvc=; b=iDLUxdcrqETJUUcTeCv7PGzwdOI5Zd7yzExxV2l9Q1XSv12PZDyak30mTrOx/DQO4N 0tt3dkxniIdGkeCb3HU0d8btBoLwLYXe/Bziv2vEDoNATKlkXV8mxCmxvo8KnGS5LeDZ m6tUYUzY+9kTOaptskM0w4qH4NJGtIWhHZjMuj7ucmHOTGPcVTu+erh9fi7XHvePkRuA Yl4FJMnNekKNe5VjvC/EbVAFxzxrlzYlD+tz5/WnAsuDjcpGiYcSirpWmbXsxdUzxae1 LLjfsIUwL+OWEhtg5EV2339FXe0aojOUhACiAeeq3P7aQ4bOzOQ47OSCtrWKBUHpdMhd Wgfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=x3T5Y2Eg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m64si9664108pfb.224.2019.02.01.18.45.09; Fri, 01 Feb 2019 18:45:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=x3T5Y2Eg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726821AbfBBCmn (ORCPT + 99 others); Fri, 1 Feb 2019 21:42:43 -0500 Received: from mail.kernel.org ([198.145.29.99]:52514 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726190AbfBBCmn (ORCPT ); Fri, 1 Feb 2019 21:42:43 -0500 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7F255218FF for ; Sat, 2 Feb 2019 02:42:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549075362; bh=2MPJBg6078FAFANXvdH2NiCL4Mjm0Dwd29x027dlhwU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=x3T5Y2EgR/S0wCQitPRf7rEunIb+nrOZOglVpSeeyEbG8KU/2/COOJjOLkqfmC8MD BliscB8YEzakftwcnFP/riRKaGXGwLsAPYQ4qX/+qQ/QBdz26aft8MlNmjdzuf3rno W/98EPcLrc88o7/q/cYFG9TQSYmvchSyBvF8ki0w= Received: by mail-wm1-f44.google.com with SMTP id n190so7950073wmd.0 for ; Fri, 01 Feb 2019 18:42:42 -0800 (PST) X-Gm-Message-State: AHQUAuZd4g4gYo5TeVTSrG8lhdc5QhjHxJTtfDrpH9K0wMUOgxOSEd2j +17rWA/w5PhUN0Q31p3n4ycfZMi7H/5TIzi6aPSoyA== X-Received: by 2002:a1c:864f:: with SMTP id i76mr4528174wmd.83.1549075360924; Fri, 01 Feb 2019 18:42:40 -0800 (PST) MIME-Version: 1.0 References: <20190201205319.15995-1-chang.seok.bae@intel.com> <20190201205319.15995-2-chang.seok.bae@intel.com> In-Reply-To: <20190201205319.15995-2-chang.seok.bae@intel.com> From: Andy Lutomirski Date: Fri, 1 Feb 2019 18:42:29 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 01/13] taint: Introduce a new taint flag (insecure) To: "Chang S. Bae" , Andrew Morton Cc: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andi Kleen , Markus T Metzger , Ravi Shankar , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 1, 2019 at 12:54 PM Chang S. Bae wrote: > > For testing (or root-only) purposes, the new flag will serve to tag the > kernel taint accurately. > > When adding a new feature support, patches need to be incrementally > applied and tested with temporal parameters. Currently, there is no flag > for this usage. I think this should be reviewed by someone like akpm. akpm, for background, this is part of an x86 patch series. If only part of the series is applied, the kernel will be blatantly insecure (but still functional and useful for testing and bisection), and this taint flag will be set if this kernel is booted. With the whole series applied, there are no users of the taint flag in the kernel. Do you think this is a good idea?