panic: Taint kernel if tests are run

Conflicts: Utilize one of the reserved tainted for the new type include/linux/panic.h kernel/panic.c commit 2852ca7fba9f77b204f0fe953b31fadd0057c936 Author: David Gow <davidgow@google.com> Date: Fri Jul 1 16:47:41 2022 +0800 panic: Taint kernel if tests are run Most in-kernel tests (such as KUnit tests) are not supposed to run on production systems: they may do deliberately illegal things to trigger errors, and have security implications (for example, KUnit assertions will often deliberately leak kernel addresses). Add a new taint type, TAINT_TEST to signal that a test has been run. This will be printed as 'N' (originally for kuNit, as every other sensible letter was taken.) This should discourage people from running these tests on production systems, and to make it easier to tell if tests have been run accidentally (by loading the wrong configuration, etc.) Acked-by: Luis Chamberlain <mcgrof@kernel.org> Reviewed-by: Brendan Higgins <brendanhiggins@google.com> Signed-off-by: David Gow <davidgow@google.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168378 Signed-off-by: Nico Pache <npache@redhat.com>
2023-02-22 13:05:30 -07:00 · 2023-02-22 13:05:30 -07:00 · da77c4d524
parent a5e05defe0
commit da77c4d524
3 changed files with 3 additions and 2 deletions
--- a/Documentation/admin-guide/tainted-kernels.rst
+++ b/Documentation/admin-guide/tainted-kernels.rst
@ -100,6 +100,7 @@ Bit  Log  Number  Reason that got the kernel tainted
 15  _/K   32768  kernel has been live patched
 16  _/X   65536  auxiliary taint, defined for and used by distros
 17  _/T  131072  kernel was built with the struct randomization plugin
+ 18  _/N  262144  an in-kernel test has been run
 ===  ===  ======  ========================================================

 Note: The character ``_`` is representing a blank in this table to make reading
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@ -74,8 +74,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
 #define TAINT_LIVEPATCH			15
 #define TAINT_AUX			16
 #define TAINT_RANDSTRUCT		17
+#define TAINT_TEST			18
 /* Start of Red Hat-specific taint flags */
-#define TAINT_18			18
 #define TAINT_19			19
 #define TAINT_20			20
 #define TAINT_21			21
--- a/kernel/panic.c
+++ b/kernel/panic.c
@ -391,7 +391,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
 	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },
 	[ TAINT_AUX ]			= { 'X', ' ', true },
 	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },
-	[ TAINT_18 ]			= { '?', '-', false },
+	[ TAINT_TEST ]			= { 'N', ' ', true },
 	[ TAINT_19 ]			= { '?', '-', false },
 	[ TAINT_20 ]			= { '?', '-', false },
 	[ TAINT_21 ]			= { '?', '-', false },