panic: Taint kernel if tests are run
Most in-kernel tests (such as KUnit tests) are not supposed to run on production systems: they may do deliberately illegal things to trigger errors, and have security implications (for example, KUnit assertions will often deliberately leak kernel addresses). Add a new taint type, TAINT_TEST to signal that a test has been run. This will be printed as 'N' (originally for kuNit, as every other sensible letter was taken.) This should discourage people from running these tests on production systems, and to make it easier to tell if tests have been run accidentally (by loading the wrong configuration, etc.) Acked-by: Luis Chamberlain <mcgrof@kernel.org> Reviewed-by: Brendan Higgins <brendanhiggins@google.com> Signed-off-by: David Gow <davidgow@google.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
This commit is contained in:
parent
f2906aa863
commit
2852ca7fba
|
@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted
|
||||||
15 _/K 32768 kernel has been live patched
|
15 _/K 32768 kernel has been live patched
|
||||||
16 _/X 65536 auxiliary taint, defined for and used by distros
|
16 _/X 65536 auxiliary taint, defined for and used by distros
|
||||||
17 _/T 131072 kernel was built with the struct randomization plugin
|
17 _/T 131072 kernel was built with the struct randomization plugin
|
||||||
|
18 _/N 262144 an in-kernel test has been run
|
||||||
=== === ====== ========================================================
|
=== === ====== ========================================================
|
||||||
|
|
||||||
Note: The character ``_`` is representing a blank in this table to make reading
|
Note: The character ``_`` is representing a blank in this table to make reading
|
||||||
|
|
|
@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
|
||||||
#define TAINT_LIVEPATCH 15
|
#define TAINT_LIVEPATCH 15
|
||||||
#define TAINT_AUX 16
|
#define TAINT_AUX 16
|
||||||
#define TAINT_RANDSTRUCT 17
|
#define TAINT_RANDSTRUCT 17
|
||||||
#define TAINT_FLAGS_COUNT 18
|
#define TAINT_TEST 18
|
||||||
|
#define TAINT_FLAGS_COUNT 19
|
||||||
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
|
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
|
||||||
|
|
||||||
struct taint_flag {
|
struct taint_flag {
|
||||||
|
|
|
@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
|
||||||
[ TAINT_LIVEPATCH ] = { 'K', ' ', true },
|
[ TAINT_LIVEPATCH ] = { 'K', ' ', true },
|
||||||
[ TAINT_AUX ] = { 'X', ' ', true },
|
[ TAINT_AUX ] = { 'X', ' ', true },
|
||||||
[ TAINT_RANDSTRUCT ] = { 'T', ' ', true },
|
[ TAINT_RANDSTRUCT ] = { 'T', ' ', true },
|
||||||
|
[ TAINT_TEST ] = { 'N', ' ', true },
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue