On Fri, Apr 29, 2022 at 3:09 PM Greg KH gregkh@linuxfoundation.org wrote:
On Fri, Apr 29, 2022 at 12:39:14PM +0800, David Gow wrote:
KUnit tests are not supposed to run on production systems: they may do deliberately illegal things to trigger errors, and have security implications (assertions will often deliberately leak kernel addresses).
Add a new taint type, TAINT_KUNIT to signal that a KUnit test has been run. This will be printed as 'N' (for kuNit, as K, U and T were already taken).
This should discourage people from running KUnit tests on production systems, and to make it easier to tell if tests have been run accidentally (by loading the wrong configuration, etc.)
Signed-off-by: David Gow davidgow@google.com
< snip >
[ TAINT_KUNIT ] = { 'N', ' ', false },As kunit tests can be in modules, shouldn't this be "true" here?
Ah, good catch. While I tend to use either built-in tests (or modules which are immediately unloaded), there are definitely some cases where the tests are part of long-lasting modules.
I'll send out v2 with that changed.
Overall, I like it, makes sense to me. The "N" will take some getting used to, and I have no idea why "T" was for "struct randomization", that would have allowed you to use "T" instead. Oh well.
Yeah, 'T' would've been nice, but I doubt it'd be worth trying to change it now. At least we haven't had to resort to emoji...
Adding an actual name as Jani suggested would be a good idea, IMHO, though obviously best done in a separate patch.
Cheers, -- David