Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

From: hpa
Date: Sun May 24 2020 - 19:45:15 EST


On May 24, 2020 2:19:45 PM PDT, Sasha Levin <sashal@xxxxxxxxxx> wrote:
>On Sun, May 24, 2020 at 12:45:18PM -0700, hpa@xxxxxxxxx wrote:
>>There are legitimate reasons to write a root-hole module, the main one
>being able to test security features like SMAP. I have requested before
>a TAINT flag specifically for this purpose, because TAINT_CRAP is
>nowhere near explicit enough, and is also used for staging drivers.
>Call it TAINT_TOXIC or TAINT_ROOTHOLE; it should always be accompanied
>with a CRIT level alert.
>
>What I don't like about our current system of TAINT_* flags is that
>while we can improve it as much as we want, no one outside of the
>kernel
>tree seems to be using it. While Thomas may have been commenting on
>Graphene's behaviour, look at any other code that did the same thing:
>
>- Graphene:
>https://github.com/oscarlab/graphene-sgx-driver/blob/master/gsgx.c
>- Occlum:
>https://github.com/occlum/enable_rdfsbase/blob/master/enable_rdfsbase.c
>- SGX-LKL:
>https://github.com/lsds/sgx-lkl/blob/master/tools/kmod-set-fsgsbase/mod_set_cr4_fsgsbase.c
>
>None of which set even the CRAP flag.

That's a separate problem, but I would personally want to have it for my own test modules in case one ever escapes.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.