Received: by 2002:a19:651b:0:0:0:0:0 with SMTP id z27csp844766lfb;
        Fri, 13 May 2022 21:36:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx/KmAuckXc0PXJI6XhU9ncPPeALQfM9hokU8iCAQ0ncTDy6rMIlIpv4l/CcBEl98WtZJpn
X-Received: by 2002:a5d:45c5:0:b0:20a:be8f:aca6 with SMTP id b5-20020a5d45c5000000b0020abe8faca6mr6396715wrs.493.1652503011670;
        Fri, 13 May 2022 21:36:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652503011; cv=none;
        d=google.com; s=arc-20160816;
        b=wvUic6wDFYcpIVJ/2dEtxTx7V+NDTQYF2PJ4bMRZjRmjNIGOrjLSTu/JCHtutY7u2h
         Z1Ng9ldp+4Rs9FBbwxdbY4FzWmKtF1SENbEIdLeUSAxeugaJ9EUBu5qVi3TsquJDAR3J
         yi38c4VsVfw116VzzCWydNLO7mlSNJ6r/vvQ0p0A9wNfAEuf9CW9yI6GRy54J7JEspu/
         fRCrkv/pQeiBhf9x0wvlEpwSIdNIvw+JF90zoJJMKYuBvIH3Q+u6RZQYtZCgZic0yORW
         jNW1F5Vi7vHu3q7poHfWYhwAErwqtLgqT9Whcav2F5csa2Q9wHHH8r3Q8guDhptRu+DV
         NRmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=UoAT8pjpOFcRyIaX+ZhbsdRFzNEAyY56dcHcgCnxySo=;
        b=KCHElz5t7qBxDn/N2TX76hJQ70/mPyhi25wGqiGRRAX77wZGvO4a8X0VztxeMD8/oy
         Zd/xTfAH8mfMLkS8dfpFSiIXgmvK6vbZO9T8t2AHWtn8e0Y00qb9E32BEwEn98jjpi7X
         L3G1vaQThPYybWlgkCQVU8VHdaydOYyVRsT7BCUom3NezY6OnhY6O36tQSfnCZ9H2uYj
         45T9adHkoE9Wxi/qpQgVyJ9lJq6E8gErTGgzcn6/Yd0EziL9BTUGbF456bYJc7yWoFOI
         nz9MuolBjZIwinbu8Vbph5CL17L0ScIABWTaSKJpbWUk+UNmxYTQFGF6ow5pFe3ch2xN
         XJ1A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=edjiyqrD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id f7-20020a0560001a8700b0020acee45b12si3763613wry.571.2022.05.13.21.36.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 13 May 2022 21:36:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=edjiyqrD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id A1E6D2F23A6;
	Fri, 13 May 2022 20:04:59 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230221AbiENDEu (ORCPT <rfc822;sshegde.linux@gmail.com>
        + 99 others); Fri, 13 May 2022 23:04:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60644 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230232AbiENDEp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 May 2022 23:04:45 -0400
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2AEF2E180B
        for <linux-kernel@vger.kernel.org>; Fri, 13 May 2022 20:04:40 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id n6-20020a05600c3b8600b0039492b44ce7so5628282wms.5
        for <linux-kernel@vger.kernel.org>; Fri, 13 May 2022 20:04:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=UoAT8pjpOFcRyIaX+ZhbsdRFzNEAyY56dcHcgCnxySo=;
        b=edjiyqrDP2iLrGQci5HqJboHVDFmTJ/F0cVt2hEhqmcmZ1Bk3naqPevsH50aZD4bgL
         uBgAhlV9Rj0RBJ56NenEvJKuGc6772MbvBrXXNbzVOP+EC1sBTEu+10lN8/8axj7fG1N
         vk97VTRaDsfr5aMeV0pBT5JNUKtnKH5L6QaFyXYcbvuHq5NHIerSyN4yyEtubLhbHgUj
         IIBX/JBXVmbeHvA8pLO/5tUmzYZ2pkRoQwfskzITXr4dHOmkfxhcL42inxRIGVbqhEe7
         iQc1vYNPhvt+x0PWly/ZBGnxlxc2VJ/wpp56ADg9gnyrloSquEsApgEvgYEUFNnORcv/
         Ll4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=UoAT8pjpOFcRyIaX+ZhbsdRFzNEAyY56dcHcgCnxySo=;
        b=nS9HGinzjD1RKwclVwieqvwQvZREp3aiC0bh6YX345UCCiJAtC8EoShdboVxR/PNL6
         V28xvSf3OxL/sT6L1dcqK4Cgn96Hb3ZDt01ERr3YMHsEtF5cX62dJTzRpe36Y2hB8yDh
         Q3uodOstDga+puLiOI4JBgz6aP4WQrcVTbOLzZ3hPXoUOd0AiAvvh7GdMpmOQebIwpNr
         AYxhD3eYC3SGKOyfXOLjtV9JA+BWrto7HP6qKwEg08p9f/ISKhlGaGcCY4KTsrN0KGga
         LVoHrm8tAvXtcUeCN0y37RGLgzdMyLXD+XOuYtf7voMm7JUY6cLbAaH98ESCF4In0I2e
         aSQA==
X-Gm-Message-State: AOAM533nJBTTPlkikqL6qJ8rh5kQCoznXEO4jCr3Si/ETR0acViVUqJP
        mrm6zjO7R2twbWboMEHxcxHWqT/kw3ogvOGCopEL2A==
X-Received: by 2002:a05:600c:264e:b0:394:2c56:eeb5 with SMTP id
 14-20020a05600c264e00b003942c56eeb5mr7208280wmy.6.1652497479045; Fri, 13 May
 2022 20:04:39 -0700 (PDT)
MIME-Version: 1.0
References: <20220429043913.626647-1-davidgow@google.com> <20220513083212.3537869-2-davidgow@google.com>
 <CAGS_qxr54nYThsj6UhqX54JO5WnyJXVQURnNF1eCzGB+4GCKLA@mail.gmail.com>
In-Reply-To: <CAGS_qxr54nYThsj6UhqX54JO5WnyJXVQURnNF1eCzGB+4GCKLA@mail.gmail.com>
From:   David Gow <davidgow@google.com>
Date:   Sat, 14 May 2022 11:04:27 +0800
Message-ID: <CABVgOS=gTznLFBTZbmNH7AFDnr7O70mWR9v4q6sDA7q04fKT=Q@mail.gmail.com>
Subject: Re: [PATCH v3 2/3] kunit: Taint the kernel when KUnit tests are run
To:     Daniel Latypov <dlatypov@google.com>
Cc:     Brendan Higgins <brendanhiggins@google.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Andrew Morton <akpm@linux-foundation.org>,
        Kees Cook <keescook@chromium.org>,
        Shuah Khan <skhan@linuxfoundation.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        "Guilherme G . Piccoli" <gpiccoli@igalia.com>,
        Sebastian Reichel <sre@kernel.org>,
        John Ogness <john.ogness@linutronix.de>,
        Joe Fradley <joefradley@google.com>,
        KUnit Development <kunit-dev@googlegroups.com>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@vger.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jani Nikula <jani.nikula@linux.intel.com>,
        Lucas De Marchi <lucas.demarchi@intel.com>,
        Aaron Tomlin <atomlin@redhat.com>,
        linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,
	USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, May 14, 2022 at 3:09 AM Daniel Latypov <dlatypov@google.com> wrote:
>
> On Fri, May 13, 2022 at 1:32 AM David Gow <davidgow@google.com> wrote:
> >
> > Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> > Due to KUnit tests not being intended to run on production systems, and
> > potentially causing problems (or security issues like leaking kernel
> > addresses), the kernel's state should not be considered safe for
> > production use after KUnit tests are run.
> >
> > Signed-off-by: David Gow <davidgow@google.com>
>
> Tested-by: Daniel Latypov <dlatypov@google.com>
>
> Looks good to me.
>
> There's an edge case where we might have 0 suites or 0 tests and we
> still taint the kernel, but I don't think we need to deal with that.
> At the start of kunit_run_tests() is the cleanest place to do this.

Hmm... thinking about it, I think it might be worth not tainting if 0
suites run, but tainting if 0 tests run.

If we taint even if there are no suites present, that'll make things
awkward for the "build KUnit in, but not any tests" case: the kernel
would be tainted regardless. Given Android might be having the KUnit
execution stuff built-in (but using modules for tests), it's probably
worth not tainting there. (Though I think they have a separate way of
disabling KUnit as well, so it's probably not a complete
deal-breaker).

The case of having suites but no tests should still taint the kernel,
as suite_init functions could still run.

Assuming that seems sensible, I'll send out a v4 with that changed.

> I wasn't quite sure where this applied, but I manually applied the changes here.
> Without this patch, this command exits fine:
> $ ./tools/testing/kunit/kunit.py run --kernel_args=panic_on_taint=0x40000
>
> With it, I get
> [12:03:31] Kernel panic - not syncing: panic_on_taint set ...
> [12:03:31] CPU: 0 PID: 1 Comm: swapper Tainted: G                 N

This is showing both 'G' and 'N' ('G' being the character for GPL --
i.e. the kernel is not tainted by proprietary modules: 'P').

Jani did suggest a better way of printing these in the v1 discussion
(printing the actual names of taints present), which I might do in a
follow-up.

> 5.17.0-00001-gea9ee5e7aed8-dirty #60
>
> I'm a bit surprised that it prints 'G' and not 'N', but this does seem
> to be the right mask
> $ python3 -c 'print(hex(1<<18))'
> 0x40000
> and it only takes effect when this patch is applied.
> I'll chalk that up to my ignorance of how taint works.

-- David