Re: [RFC] taint: add module firmware crash taint support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Luis Chamberlain <mcgrof@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: jeyu@kernel.org, akpm@linux-foundation.org, arnd@arndb.de,
	rostedt@goodmis.org, mingo@redhat.com, aquini@redhat.com,
	cai@lca.pw, dyoung@redhat.com, bhe@redhat.com,
	peterz@infradead.org, tglx@linutronix.de, gpiccoli@canonical.com,
	pmladek@suse.com, tiwai@suse.de, schlad@suse.de,
	andriy.shevchenko@linux.intel.com, daniel.vetter@ffwll.ch,
	will@kernel.org, mchehab+samsung@kernel.org,
	kvalo@codeaurora.org, davem@davemloft.net,
	linux-kernel@vger.kernel.org
Subject: Re: [RFC] taint: add module firmware crash taint support
Date: Fri, 8 May 2020 06:04:17 +0000	[thread overview]
Message-ID: <20200508060417.GE11244@42.do-not-panic.com> (raw)
In-Reply-To: <202005072244.F2E0286@keescook>

On Thu, May 07, 2020 at 10:47:08PM -0700, Kees Cook wrote:
> On Fri, May 08, 2020 at 02:14:38AM +0000, Luis Chamberlain wrote:
> > Device driver firmware can crash, and sometimes, this can leave your
> > system in a state which makes the device or subsystem completely
> > useless. Detecting this by inspecting /proc/sys/kernel/tainted instead
> > of scraping some magical words from the kernel log, which is driver
> > specific, is much easier. So instead provide a helper which lets drivers
> > annotate this.
> > 
> > Once this happens, scrapers can easily scrape modules taint flags.
> > This will taint both the kernel and respective calling module.
> > 
> > The new helper module_firmware_crashed() uses LOCKDEP_STILL_OK as
> > this fact should in no way shape or form affect lockdep. This taint
> > is device driver specific.
> > 
> > Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
> > ---
> > 
> > Below is the full diff stat of manual inspection throughout the kernel
> > when this happens. My methodology is to just scrape for "crash" and
> > then study the driver a bit to see if indeed it seems like that the
> > firmware crashes there. In *many* cases there is even infrastructure
> > for this, so this is sometimes clearly obvious. Some other times it
> > required a bit of deciphering.
> > 
> > The diff stat below is what I have so far, however the patch below
> > only includes the drivers that start with Q, as they were a source of
> > inspiration for this, and to make this RFC easier to read.
> > 
> > If this seems sensible, I can follow up with the kernel helper first,
> > and then tackle each subsystem independently.
> > 
> > I purposely skipped review of remoteproc and virtualization. That should
> > require its own separate careful review and considerations.
> 
> This all seems reasonable to me. You might need to break these up into
> per-maintainer patches to get appropriate review. Perhaps land the
> infrastructure and some initial patches via netdev and in the next
> release send patches for DRM, media, etc?

Works for me.

I'll give it a few more days for review on the RFC before I shoot out a
series for netdev.

  Luis

next prev parent reply	other threads:[~2020-05-08  6:04 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-08  2:14 [RFC] taint: add module firmware crash taint support Luis Chamberlain
2020-05-08  2:18 ` Luis Chamberlain
2020-05-08  5:47 ` Kees Cook
2020-05-08  6:04   ` Luis Chamberlain [this message]
2020-05-08  6:11 ` Daniel Vetter
2020-05-08  6:24   ` Luis Chamberlain
2020-05-08 10:16 ` Andy Shevchenko
2020-05-08 13:49   ` Steven Rostedt
2020-05-08 14:04 ` Rafael Aquini
2020-05-08 15:37 ` Steven Rostedt
2020-05-08 20:37 ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200508060417.GE11244@42.do-not-panic.com \
    --to=mcgrof@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=aquini@redhat.com \
    --cc=arnd@arndb.de \
    --cc=bhe@redhat.com \
    --cc=cai@lca.pw \
    --cc=daniel.vetter@ffwll.ch \
    --cc=davem@davemloft.net \
    --cc=dyoung@redhat.com \
    --cc=gpiccoli@canonical.com \
    --cc=jeyu@kernel.org \
    --cc=keescook@chromium.org \
    --cc=kvalo@codeaurora.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mchehab+samsung@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pmladek@suse.com \
    --cc=rostedt@goodmis.org \
    --cc=schlad@suse.de \
    --cc=tglx@linutronix.de \
    --cc=tiwai@suse.de \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.