Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1187332ybs; Mon, 25 May 2020 09:13:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzPkWd4R+srQvQpeJbvucOruUl+VDhIseRfiVp5m+942Wp3u+dpF/xUdDHXS73OISJXx1dd X-Received: by 2002:a17:906:379b:: with SMTP id n27mr18865135ejc.432.1590423216691; Mon, 25 May 2020 09:13:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590423216; cv=none; d=google.com; s=arc-20160816; b=zT/qFsFpC3ebJkt2KM5Oh1gZDqtHPKV4vjWkmeH+dleMPMpsN60JMo7/UqdiJieBjz Wi2pFsoHdjndQ3sStNShdExxKqJM6H6+9W1aCfJGIZMW/wdJ/Ji35Uz/euwQtYHXRNvm hcZA7yC7y0CAZk1NBSyOAt2GV6sNptlEa+1G4r+12DIRApi7bMcaucSCQkGLwx641VAM KmQ5GOiUZOG5MBN0IFrHUCa+RqBuYmayN6cemAKutc9ZsoR1k9kT9+7xnrle4YtpGO0+ oX2+C27VE2b2kKfYFsQB5SY20yBwckUthvuBmGbT2nDujjjqmDWwuuhGe/1T0Oz5fFvC p8lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=8YX/FjgODFHrbyU0YnhV8IiHyHZk2RhYHJIXiYFKBgI=; b=BWLBrrt77vUOJv+xAPQBE0W0ioCXRziE2/ErkF737o1SDy/JseI9TObFcdxIySy80T nf7RN2ZmeSY+/I30MftKZxIOhRwSOiP1JtWdlDgFAfLXheUtIZ2xGXgly+YMLFF1sJYn aPC4jD2F2AE7Mxv5sS+0l35GYxjkeL5w1bUVGUEjXzBV7EbfSfg4av3mdBTp7NY+UZYg NJ3431UxUKCCOCj3ctxP4rh7yusw/JwkTuY9elim/kP5gcMrTK2JoXunimfZQnn8rQSK 0KAi3Qs0xUUJAbTKAhRew464bVrsfOFnhFXFP0kbdR6d/4YllDaTPv9kW5Wa7/SdYVhc hTiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Rhb0XBmB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b13si7989820eds.295.2020.05.25.09.13.13; Mon, 25 May 2020 09:13:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Rhb0XBmB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727842AbgEYHzC (ORCPT + 99 others); Mon, 25 May 2020 03:55:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726393AbgEYHzB (ORCPT ); Mon, 25 May 2020 03:55:01 -0400 Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73410C061A0E for ; Mon, 25 May 2020 00:55:01 -0700 (PDT) Received: by mail-qt1-x843.google.com with SMTP id x12so13222564qts.9 for ; Mon, 25 May 2020 00:55:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=8YX/FjgODFHrbyU0YnhV8IiHyHZk2RhYHJIXiYFKBgI=; b=Rhb0XBmBCwPkw4V0ECSGwY/AlQuJiNbMYJG3p92NtXWscZ2MiRuXXnDQNDEpvuOnOu 61BWBPNeHTtpAT0R2XhhtTInt1+vdbvp++jrdI+/0a3Z/fEvEFrmG5kIq6fBquA2YgJj g7pXW7ov73tCWIBBUDEwBmbcKJOqGpadbH3d3PWqNWXE4lh/skzfhCnF16dka9zc3FQC rXYELeQTRgQWH7XgtvuPgbQUjcvcJIAYboHHslYHLCV4FsqjfyfycQ+I0BoSZqJJCxlC 4EBvHwIS3pzv5/e6R1vpxsepuIFLL/qK59SEScMUiMByfwGNBqimCUAFDTF8Uez+mlVN Hx5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=8YX/FjgODFHrbyU0YnhV8IiHyHZk2RhYHJIXiYFKBgI=; b=QrPajsSA8xqNmsBR0dB/HPWrhuw1kiZnlOf6I3GXfIhZKfDKhnC3GWiBMq7TaC0TTL ln/CsMdesgHkDXrA+0du0So1bl6CCoDlB+iHpYEiNCBsQcV6m+RBwBYA3wMav87EfWkX USHjx+AxJnzRMkmUiWFhA4S2yz0A9Z8eNzfPgZTi5rif+kze97ILLnjrJs+VhC2fHuAw oKGiuNMDqXqdpSlDiZPGgBAX5qHOXka7jUwf9cp+xpuS4Cop1j5Dr7oDY+FC7GS+65Qe cYAA2VIq+SWHMg2+zONzDYnw4iWp6D6TLsqwTFmsOQrHGty5VNGpvszNK+M81ppB7100 pifw== X-Gm-Message-State: AOAM531ns0XoSvPg+6T+cYMZPnoiGnfSXjtxvg0+xQDECwb/lqHy7VFR ajuqBlUT5I2pAUcP4W2CVcH+IYkD/r25eQs0CFc= X-Received: by 2002:ac8:2c44:: with SMTP id e4mr28004200qta.13.1590393300730; Mon, 25 May 2020 00:55:00 -0700 (PDT) MIME-Version: 1.0 References: <0186c22a8a6be1516df0703c421faaa581041774.camel@linux.intel.com> <20200515164013.GF29995@sasha-vm> <20200518153407.GA499505@tassilo.jf.intel.com> <371e6a92cad25cbe7a8489785efa7d3457ecef3b.camel@linux.intel.com> <87v9ksvoaq.fsf@nanos.tec.linutronix.de> <20200519164853.GA19706@linux.intel.com> <7eb45e02-03bf-0af0-c915-794bf49d66d7@cs.unc.edu> <87h7w7qy18.fsf@nanos.tec.linutronix.de> <20200524211945.GX33628@sasha-vm> In-Reply-To: <20200524211945.GX33628@sasha-vm> From: Richard Weinberger Date: Mon, 25 May 2020 09:54:49 +0200 Message-ID: Subject: Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions To: Sasha Levin Cc: "H. Peter Anvin" , Thomas Gleixner , Don Porter , Jarkko Sakkinen , Andi Kleen , LKML , Borislav Petkov , Andy Lutomirski , Dave Hansen , Tony Luck , Ravi V Shankar , chang.seok.bae@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, May 24, 2020 at 11:20 PM Sasha Levin wrote: > > On Sun, May 24, 2020 at 12:45:18PM -0700, hpa@zytor.com wrote: > >There are legitimate reasons to write a root-hole module, the main one b= eing able to test security features like SMAP. I have requested before a TA= INT flag specifically for this purpose, because TAINT_CRAP is nowhere near = explicit enough, and is also used for staging drivers. Call it TAINT_TOXIC = or TAINT_ROOTHOLE; it should always be accompanied with a CRIT level alert. > > What I don't like about our current system of TAINT_* flags is that > while we can improve it as much as we want, no one outside of the kernel > tree seems to be using it. While Thomas may have been commenting on > Graphene's behaviour, look at any other code that did the same thing: Even if these modules would set TAINT_ROOTHOLE/TOXIC, the vast majority of = users have no clue what these flags really mean nor bother to take them seriously= . Almost every customer system I get my hands on has the following flags set: C: Some driver from staging was "needed", mostly media or wifi stuff. O: Customer did a custom module. W: Random warning from vendor kernel at bootup because of a slightly configured device-tree, etc. P: Sadly too. Mostly because customer has custom module and forgot to set i= t GPL All this trained users to believe that a few taint flags don't hurt and only in a perfect world none are set. What works and raises attention is Steve's trace_printk() warning: pr_warn("**********************************************************= \n"); pr_warn("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **= \n"); pr_warn("** **= \n"); pr_warn("** trace_printk() being used. Allocating extra memory. **= \n"); pr_warn("** **= \n"); pr_warn("** This means that this is a DEBUG kernel and it is **= \n"); pr_warn("** unsafe for production use. **= \n"); pr_warn("** **= \n"); pr_warn("** If you see this message and you are not debugging **= \n"); pr_warn("** the kernel, report this immediately to your vendor! **= \n"); pr_warn("** **= \n"); pr_warn("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **= \n"); pr_warn("**********************************************************= \n"); Maybe we can add something like this for taints too? :-) --=20 Thanks, //richard