Thread (2 messages) 2 messages, 2 authors, 2020-05-15

Re: [PATCH v5] kernel: add panic_on_taint

From: Luis Chamberlain <mcgrof@kernel.org>
Date: 2020-05-15 20:27:03
Also in: kexec, linux-fsdevel, lkml

On Fri, May 15, 2020 at 01:55:02PM -0400, Rafael Aquini wrote:
Analogously to the introduction of panic_on_warn, this patch introduces a kernel
option named panic_on_taint in order to provide a simple and generic way to stop
execution and catch a coredump when the kernel gets tainted by any given flag.

This is useful for debugging sessions as it avoids having to rebuild the kernel
to explicitly add calls to panic() into the code sites that introduce the taint
flags of interest. For instance, if one is interested in proceeding with a
post-mortem analysis at the point a given code path is hitting a bad page
(i.e. unaccount_page_cache_page(), or slab_bug()), a coredump can be collected
by rebooting the kernel with 'panic_on_taint=0x20' amended to the command line.

Another, perhaps less frequent, use for this option would be as a mean for
assuring a security policy case where only a subset of taints, or no single
taint (in paranoid mode), is allowed for the running system.
The optional switch 'nousertaint' is handy in this particular scenario,
as it will avoid userspace induced crashes by writes to sysctl interface
/proc/sys/kernel/tainted causing false positive hits for such policies.

Suggested-by: Qian Cai <redacted>
Signed-off-by: Rafael Aquini <redacted>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help