Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions
From: Sasha Levin
Date: Sun May 24 2020 - 17:20:05 EST
On Sun, May 24, 2020 at 12:45:18PM -0700, hpa@xxxxxxxxx wrote:
There are legitimate reasons to write a root-hole module, the main one being able to test security features like SMAP. I have requested before a TAINT flag specifically for this purpose, because TAINT_CRAP is nowhere near explicit enough, and is also used for staging drivers. Call it TAINT_TOXIC or TAINT_ROOTHOLE; it should always be accompanied with a CRIT level alert.
What I don't like about our current system of TAINT_* flags is that
while we can improve it as much as we want, no one outside of the kernel
tree seems to be using it. While Thomas may have been commenting on
Graphene's behaviour, look at any other code that did the same thing:
- Graphene: https://github.com/oscarlab/graphene-sgx-driver/blob/master/gsgx.c
- Occlum: https://github.com/occlum/enable_rdfsbase/blob/master/enable_rdfsbase.c
- SGX-LKL: https://github.com/lsds/sgx-lkl/blob/master/tools/kmod-set-fsgsbase/mod_set_cr4_fsgsbase.c
None of which set even the CRAP flag.
--
Thanks,
Sasha