kasan: always taint kernel on report

Currently we already taint the kernel in some cases.  E.g.  if we hit some
bug in slub memory we call object_err() which will taint the kernel with
TAINT_BAD_PAGE flag.  But for other kind of bugs kernel left untainted.

Always taint with TAINT_BAD_PAGE if kasan found some bug.  This is useful
for automated testing.

Signed-off-by: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Reviewed-by: Dmitry Vyukov <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index f5e068afb58eed92fecca38c44f8f0587e99d0c1..12f222d0224b93120ed7131a80172666e78276d4 100644 (file)
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -238,6 +238,7 @@ static void kasan_report_error(struct kasan_access_info *info)
        }
        pr_err("================================="
                "=================================\n");
+       add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
        spin_unlock_irqrestore(&report_lock, flags);
        kasan_enable_current();
 }