From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D4B8C43214 for ; Thu, 5 Aug 2021 23:31:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F305610CD for ; Thu, 5 Aug 2021 23:31:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242481AbhHEXbg (ORCPT ); Thu, 5 Aug 2021 19:31:36 -0400 Received: from mga02.intel.com ([134.134.136.20]:6546 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242385AbhHEXbZ (ORCPT ); Thu, 5 Aug 2021 19:31:25 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10067"; a="201448377" X-IronPort-AV: E=Sophos;i="5.84,296,1620716400"; d="scan'208";a="201448377" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2021 16:31:10 -0700 X-IronPort-AV: E=Sophos;i="5.84,296,1620716400"; d="scan'208";a="481043911" Received: from rmgular-mobl2.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.251.138.25]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2021 16:31:09 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Jonathan Corbet , Peter Zijlstra , Andy Lutomirski Cc: "H . Peter Anvin" , Kuppuswamy Sathyanarayanan , Andi Kleen , Tony Luck , Andy Shevchenko , "Kirill A . Shutemov" , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, Kuppuswamy Sathyanarayanan Subject: [PATCH v3 4/5] Add taint flag for TDX overrides Date: Thu, 5 Aug 2021 16:30:35 -0700 Message-Id: <20210805233036.2949674-5-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210805233036.2949674-1-sathyanarayanan.kuppuswamy@linux.intel.com> References: <20210805233036.2949674-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andi Kleen Add a new taint flag TAINT_CONF_NO_LOCKDOWN that is set when the default hardening against untrusted hosts in TDX is overridden on the command line. The flag is set when the device or ACPI filters are disabled. The main use cases is for applications to detect that they might run in a potentially insecure configuration through /proc/sys/kernel/taint. The setting is not intended for attestation, which should attest the kernel command line anyways. I picked 'Y' for the oops flag, although this type of taint is probably not too useful for crashes, since there weren't any other good letters left. Signed-off-by: Andi Kleen Signed-off-by: Kuppuswamy Sathyanarayanan --- Documentation/admin-guide/tainted-kernels.rst | 7 ++++++- include/linux/panic.h | 3 ++- kernel/panic.c | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..65c58092ec35 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -100,7 +100,8 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin -=== === ====== ======================================================== + 18 _/Y 262144 confidential guest (like TDX guest) without full lockdown +=== === ====== ========================================================= Note: The character ``_`` is representing a blank in this table to make reading easier. @@ -175,3 +176,7 @@ More detailed explanation for tainting produce extremely unusual kernel structure layouts (even performance pathological ones), which is important to know when debugging. Set at build time. + + 18) ``Y`` Kernel is running as a confidential guest on a untrusted + hypervisor (e.g. TDX), but has disabled some lock down options that could + make the kernel attackable from the host. diff --git a/include/linux/panic.h b/include/linux/panic.h index f5844908a089..9ac10689a432 100644 --- a/include/linux/panic.h +++ b/include/linux/panic.h @@ -74,7 +74,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout) #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_CONF_NO_LOCKDOWN 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index edad89660a2b..1557f864bec0 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -387,6 +387,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_CONF_NO_LOCKDOWN ] = { 'Y', ' ', true }, }; /** -- 2.25.1