Commit 2852ca7f authored by David Gow's avatar David Gow Committed by Shuah Khan
Browse files

panic: Taint kernel if tests are run 



Most in-kernel tests (such as KUnit tests) are not supposed to run on
production systems: they may do deliberately illegal things to trigger
errors, and have security implications (for example, KUnit assertions
will often deliberately leak kernel addresses).

Add a new taint type, TAINT_TEST to signal that a test has been run.
This will be printed as 'N' (originally for kuNit, as every other
sensible letter was taken.)

This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run
accidentally (by loading the wrong configuration, etc.)

Acked-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Reviewed-by: default avatarBrendan Higgins <brendanhiggins@google.com>
Signed-off-by: default avatarDavid Gow <davidgow@google.com>
Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
parent f2906aa8

Documentation/admin-guide/tainted-kernels.rst

+1 −0
Original line number Diff line number Diff line
@@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 
 15  _/K   32768  kernel has been live patched

 16  _/X   65536  auxiliary taint, defined for and used by distros

 17  _/T  131072  kernel was built with the struct randomization plugin

 18  _/N  262144  an in-kernel test has been run

===  ===  ======  ========================================================



Note: The character ``_`` is representing a blank in this table to make reading

include/linux/panic.h

+2 −1
Original line number Diff line number Diff line
@@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout) 
#define TAINT_LIVEPATCH			15

#define TAINT_AUX			16

#define TAINT_RANDSTRUCT		17

#define TAINT_FLAGS_COUNT		18

#define TAINT_TEST			18

#define TAINT_FLAGS_COUNT		19

#define TAINT_FLAGS_MAX			((1UL << TAINT_FLAGS_COUNT) - 1)



struct taint_flag {

kernel/panic.c

+1 −0
Original line number Diff line number Diff line
@@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { 
	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },

	[ TAINT_AUX ]			= { 'X', ' ', true },

	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },

	[ TAINT_TEST ]			= { 'N', ' ', true },

};



/**