Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp5644069ima; Tue, 5 Feb 2019 15:46:14 -0800 (PST) X-Google-Smtp-Source: AHgI3IZEzwuHePSN/i88uMP7L0BjMALFNVKo8Iw9NrTWiwPz73ViECUj7wmpJ/22fl2tADJcv7QV X-Received: by 2002:aa7:868f:: with SMTP id d15mr7457543pfo.225.1549410374584; Tue, 05 Feb 2019 15:46:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549410374; cv=none; d=google.com; s=arc-20160816; b=DwxcH1snFRU47M7WXffxBu+vI5ICbecMRCYizEo7dSKEWhi7SOUmwsNpz81e1QsH9J ec8i+pLU/ZBmvutYU1EXiO3FlZ/UVxEDWos/GrnhoILIRw43LWNleXh7FuEFi/5ktC4k rNo3UbJJ9BDb58FFVpY7aAbOg+7/hQ3X4bcYKinF8bXuL+/+iitLnWGgHzOyg/3e+qrK ywCHOeUy63eilnV7cGYbkcjvfcvUEEWvHcR/GHdreiVVBy8p5g0Y5n7Jdh0uYnLlYviX QZ7AA0QijWfL8yYDtj0zbr/Vmf9Ds/WJZU50uhvRfn8p/rRaMavnRxulyj5vLxdXrQGu GIsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date; bh=aJ0hPgvyR4paqe6YxyHhe/0TlRoIogl6hC/RxK2mxYw=; b=zobSEhuWV7ASo6lv1kVCbd30QbKZ6/1nlbNu6ljmlOSZgaX5n1OBvlAjoge4u80B6x P9TVoa8rxlu25nF941gUJxVNBXTm0ACn+6y/yMMADClgLI/bywLONrdi/zS1jL9h2taH p+NXmnm/WVSG3QRZCSITqhKuetaYEAhiUtvLH8XGEHPdl/b8s2u+b/x79s1nuMAJrQTH lIs6WsHSYiuPnxIF1VlIqfTbuMI724XWLgrxcNSaqeckuT64k7EwyJ1RiG+1/V2Df0nN ejgp++FeIC6fGXPNkDC6xMW/TdnhAc9xeKvYdeCDq/gwGlfW72CX3yPaqhOrZ5PyJrDO U2wA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e34si4189843pgb.80.2019.02.05.15.45.59; Tue, 05 Feb 2019 15:46:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729768AbfBEXIG convert rfc822-to-8bit (ORCPT + 99 others); Tue, 5 Feb 2019 18:08:06 -0500 Received: from terminus.zytor.com ([198.137.202.136]:49039 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726927AbfBEXIG (ORCPT ); Tue, 5 Feb 2019 18:08:06 -0500 Received: from [IPv6:2601:646:8680:2bb1:34bd:8de1:bd14:4ee9] ([IPv6:2601:646:8680:2bb1:34bd:8de1:bd14:4ee9]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id x15N7o5q1039341 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 5 Feb 2019 15:07:51 -0800 Date: Tue, 05 Feb 2019 15:07:42 -0800 User-Agent: K-9 Mail for Android In-Reply-To: References: <20190201205319.15995-1-chang.seok.bae@intel.com> <20190201205319.15995-2-chang.seok.bae@intel.com> <20190205132146.2e61b3df9e7be49e22b7d903@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Subject: Re: [PATCH v5 01/13] taint: Introduce a new taint flag (insecure) To: Randy Dunlap , Andrew Morton , Andy Lutomirski CC: "Chang S. Bae" , Thomas Gleixner , Ingo Molnar , Andi Kleen , Markus T Metzger , Ravi Shankar , LKML From: hpa@zytor.com Message-ID: <3B92973A-A2D2-4FCB-A2A2-030057229D4B@zytor.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On February 5, 2019 2:46:11 PM PST, Randy Dunlap wrote: >On 2/5/19 1:21 PM, Andrew Morton wrote: >> On Fri, 1 Feb 2019 18:42:29 -0800 Andy Lutomirski >wrote: >> >>> On Fri, Feb 1, 2019 at 12:54 PM Chang S. Bae > wrote: >>>> >>>> For testing (or root-only) purposes, the new flag will serve to tag >the >>>> kernel taint accurately. >>>> >>>> When adding a new feature support, patches need to be incrementally >>>> applied and tested with temporal parameters. Currently, there is no >flag >>>> for this usage. >>> >>> I think this should be reviewed by someone like akpm. akpm, for >>> background, this is part of an x86 patch series. If only part of >the >>> series is applied, the kernel will be blatantly insecure (but still >>> functional and useful for testing and bisection), and this taint >flag >>> will be set if this kernel is booted. With the whole series >applied, >>> there are no users of the taint flag in the kernel. >>> >>> Do you think this is a good idea? >> >> What does "temporal parameters" mean? A complete description of this >> testing process would help. >> >> I sounds a bit strange. You mean it assumes that people will >partially >> apply the series to test its functionality? That would be >inconvenient. > >Ack. I don't think we need to (or should) worry about that kind of >muckup. > >> - Can the new and now-unused taint flag be removed again at >> end-of-series? >> >> - It would be a lot more convenient if we had some means of testing >> after the whole series is applied, on a permanent basis - some >> debugfs flag, perhaps? >> I would like to see this taint flag, though, because sometimes it is useful to write test modules (e.g. when I was testing SMAP) which are dangerous even if out of tree. In case of an escape or pilot error gets it into the wrong kernel, it is a very good thing to have the kernel flagged. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.