LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Kuppuswamy Sathyanarayanan  <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, Jonathan Corbet <corbet@lwn.net>,
	Peter Zijlstra <peterz@infradead.org>,
	Andy Lutomirski <luto@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>,
	Kuppuswamy Sathyanarayanan 
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>, Tony Luck <tony.luck@intel.com>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	Kuppuswamy Sathyanarayanan <knsathya@kernel.org>
Subject: [PATCH v3 4/5] Add taint flag for TDX overrides
Date: Thu,  5 Aug 2021 16:30:35 -0700	[thread overview]
Message-ID: <20210805233036.2949674-5-sathyanarayanan.kuppuswamy@linux.intel.com> (raw)
In-Reply-To: <20210805233036.2949674-1-sathyanarayanan.kuppuswamy@linux.intel.com>

From: Andi Kleen <ak@linux.intel.com>

Add a new taint flag TAINT_CONF_NO_LOCKDOWN that is set when
the default hardening against untrusted hosts in TDX is overridden
on the command line. The flag is set when the device or ACPI
filters are disabled.

The main use cases is for applications to detect that they
might run in a potentially insecure configuration through
/proc/sys/kernel/taint.

The setting is not intended for attestation, which should attest the
kernel command line anyways.

I picked 'Y' for the oops flag, although this type of taint is probably
not too useful for crashes, since there weren't any other good letters
left.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/admin-guide/tainted-kernels.rst | 7 ++++++-
 include/linux/panic.h                         | 3 ++-
 kernel/panic.c                                | 1 +
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst
index ceeed7b0798d..65c58092ec35 100644
--- a/Documentation/admin-guide/tainted-kernels.rst
+++ b/Documentation/admin-guide/tainted-kernels.rst
@@ -100,7 +100,8 @@ Bit  Log  Number  Reason that got the kernel tainted
  15  _/K   32768  kernel has been live patched
  16  _/X   65536  auxiliary taint, defined for and used by distros
  17  _/T  131072  kernel was built with the struct randomization plugin
-===  ===  ======  ========================================================
+ 18  _/Y  262144  confidential guest (like TDX guest) without full lockdown
+===  ===  ======  =========================================================
 
 Note: The character ``_`` is representing a blank in this table to make reading
 easier.
@@ -175,3 +176,7 @@ More detailed explanation for tainting
      produce extremely unusual kernel structure layouts (even performance
      pathological ones), which is important to know when debugging. Set at
      build time.
+
+ 18) ``Y`` Kernel is running as a confidential guest on a untrusted
+     hypervisor (e.g. TDX), but has disabled some lock down options that could
+     make the kernel attackable from the host.
diff --git a/include/linux/panic.h b/include/linux/panic.h
index f5844908a089..9ac10689a432 100644
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -74,7 +74,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
 #define TAINT_LIVEPATCH			15
 #define TAINT_AUX			16
 #define TAINT_RANDSTRUCT		17
-#define TAINT_FLAGS_COUNT		18
+#define TAINT_CONF_NO_LOCKDOWN		18
+#define TAINT_FLAGS_COUNT		19
 #define TAINT_FLAGS_MAX			((1UL << TAINT_FLAGS_COUNT) - 1)
 
 struct taint_flag {
diff --git a/kernel/panic.c b/kernel/panic.c
index edad89660a2b..1557f864bec0 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -387,6 +387,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
 	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },
 	[ TAINT_AUX ]			= { 'X', ' ', true },
 	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },
+	[ TAINT_CONF_NO_LOCKDOWN ]	= { 'Y', ' ', true },
 };
 
 /**
-- 
2.25.1


  parent reply	other threads:[~2021-08-05 23:31 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-05 23:30 [PATCH v3 0/5] Add TDX Guest Support (Debug support) Kuppuswamy Sathyanarayanan
2021-08-05 23:30 ` [PATCH v3 1/5] x86/tdx: Add #VE tracepoint Kuppuswamy Sathyanarayanan
2021-08-05 23:30 ` [PATCH v3 2/5] x86/tdx: Add TDCALL tracepoint Kuppuswamy Sathyanarayanan
2021-08-05 23:30 ` [PATCH v3 3/5] x86/tdx: Expose TDX Guest #VE count in /proc/interrupts Kuppuswamy Sathyanarayanan
2021-08-05 23:30 ` Kuppuswamy Sathyanarayanan [this message]
2021-08-05 23:30 ` [PATCH v3 5/5] x86/tdx: Add option to override prot values Kuppuswamy Sathyanarayanan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210805233036.2949674-5-sathyanarayanan.kuppuswamy@linux.intel.com \
    --to=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=ak@linux.intel.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=corbet@lwn.net \
    --cc=hpa@zytor.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=knsathya@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=x86@kernel.org \
    --subject='Re: [PATCH v3 4/5] Add taint flag for TDX overrides' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).