Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2930098pxb; Tue, 12 Jan 2021 02:02:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJwTwJO/oNOXBvuh+sn+yFkfO/dqNjlkPoIMkJH/+tHuRYKXAx4K+tljHycdyTS//UYX9vp/ X-Received: by 2002:a17:906:3c11:: with SMTP id h17mr2581158ejg.20.1610445738845; Tue, 12 Jan 2021 02:02:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610445738; cv=none; d=google.com; s=arc-20160816; b=LrchwC75V/hL1QF3L57TSDa5UGlIriTpNGNpQPm6venTDSOUkUPcsm5yKpgZRn78KR NWWFktRVUvXQYZIWm6ysL7I6oGr7q/+3bRoSPfpyxuUJxGN+pKMvxduxQ2E9cW1EmeGs KoPLcO5gnykENymzChvtR5+NQwslCXeV570zTftomG3lCqzgFy9tocan4UhvrLfO3js8 a/7mpa83zghJ+y9k6y+eEs1fnRlhyA+VgKjGsWue/eAz2DKgt0RDfVSpq428/CP45kx2 +dTR1iDBebtdLmxAYqCNRPDfMP1ay0YCHI6IzG+4CeqywMvzphBKjOOJ47RHtNYLj85C b1ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=Mnq+DOHLCvX0iT+l/+A+dUn6fAezGdVPDGs05PX7ZLE=; b=RE0jT3U9dHsp5sbBaHYZ4S9bAIm36ytpTlvsxwpKOo5nzblgYU5FQ3oXxGbjt4WE8t v5uFzfkYOCUzrKXQJTDk6D1j6K9VLYanfgICSfjE3X9Mc0M5b46PM11Vpoz3Gjw6Wc+g chlD1WPPwbdu6iEVqgWyIhZijUvy3piXv8mEmtipVdOEIOzMz18WevTJ7W4133HKUD9B hWIV/sAvI+zTZH/Gyt1tozBSqHFloUPRNYOPEv+CEeiDxGzTxoevzzdpemxwVOVPntET 9DcR6Dj8LjSDx1KHrfS5IQ5HBWMymf9zsVdS/SDhKwLg+uvSipHGioSSgHbNuPBniaBx hEqg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m8si1123390edp.82.2021.01.12.02.01.55; Tue, 12 Jan 2021 02:02:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404299AbhALAYo (ORCPT + 99 others); Mon, 11 Jan 2021 19:24:44 -0500 Received: from mga17.intel.com ([192.55.52.151]:11211 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390821AbhAKWxL (ORCPT ); Mon, 11 Jan 2021 17:53:11 -0500 IronPort-SDR: jDrJFoLEuLLHxXwvZfazOgwmyefzrHLSVjIYPrjj1BYWXqr2H1XCSxElJZRrt7AeCS9hAlYC1d I6MOX+mwLU0g== X-IronPort-AV: E=McAfee;i="6000,8403,9861"; a="157726549" X-IronPort-AV: E=Sophos;i="5.79,339,1602572400"; d="scan'208";a="157726549" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2021 14:51:41 -0800 IronPort-SDR: ZxpCVApPOpk0948rEmPyzjcAQIfRJ4RpvKSw9tMLqqgCHH8ZLE8YbvsQijFc5W547cymkbrvI1 vXGRFrgpg1ig== X-IronPort-AV: E=Sophos;i="5.79,339,1602572400"; d="scan'208";a="352778039" Received: from yyang31-mobl.amr.corp.intel.com (HELO bwidawsk-mobl5.local) ([10.252.142.71]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2021 14:51:40 -0800 From: Ben Widawsky To: linux-cxl@vger.kernel.org Cc: Ben Widawsky , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, "linux-acpi@vger.kernel.org, Ira Weiny" , Dan Williams , Vishal Verma , "Kelley, Sean V" , Rafael Wysocki , Bjorn Helgaas , Jonathan Cameron , Jon Masters , Chris Browy , Randy Dunlap , Christoph Hellwig , daniel.lll@alibaba-inc.com Subject: [RFC PATCH v3 11/16] taint: add taint for unfettered hardware access Date: Mon, 11 Jan 2021 14:51:16 -0800 Message-Id: <20210111225121.820014-13-ben.widawsky@intel.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210111225121.820014-1-ben.widawsky@intel.com> References: <20210111225121.820014-1-ben.widawsky@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Make notes about why we use this. Signed-off-by: Ben Widawsky --- Documentation/admin-guide/sysctl/kernel.rst | 1 + Documentation/admin-guide/tainted-kernels.rst | 6 +++++- include/linux/kernel.h | 3 ++- kernel/panic.c | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 1d56a6b73a4e..3e1eada53504 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1352,6 +1352,7 @@ ORed together. The letters are seen in "Tainted" line of Oops reports. 32768 `(K)` kernel has been live patched 65536 `(X)` Auxiliary taint, defined and used by for distros 131072 `(T)` The kernel was built with the struct randomization plugin +262144 `(H)` The kernel has allowed vendor shenanigans ====== ===== ============================================================== See :doc:`/admin-guide/tainted-kernels` for more information. diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..ee2913316344 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -74,7 +74,7 @@ a particular type of taint. It's best to leave that to the aforementioned script, but if you need something quick you can use this shell command to check which bits are set:: - $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done + $ for i in $(seq 19); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done Table for decoding tainted state ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/H 262144 kernel has allowed vendor shenanigans === === ====== ======================================================== Note: The character ``_`` is representing a blank in this table to make reading @@ -175,3 +176,6 @@ More detailed explanation for tainting produce extremely unusual kernel structure layouts (even performance pathological ones), which is important to know when debugging. Set at build time. + + 18) ``H`` Kernel has allowed direct access to hardware and can no longer make + any guarantees about the stability of the device or driver. diff --git a/include/linux/kernel.h b/include/linux/kernel.h index f7902d8c1048..bc95486f817e 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -443,7 +443,8 @@ extern enum system_states { #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_RAW_PASSTHROUGH 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index 332736a72a58..dff22bd80eaf 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -386,6 +386,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_RAW_PASSTHROUGH ] = { 'H', ' ', true }, }; /** -- 2.30.0