Re: [PATCH] MODSIGN: Warn when module signature checking fails

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rusty Russell <rusty@rustcorp.com.au>
To: Chris Samuel <chris@csamuel.org>
Cc: linux-kernel@vger.kernel.org, dhowells@redhat.com,
	Josh Boyer <jwboyer@gmail.com>
Subject: Re: [PATCH] MODSIGN: Warn when module signature checking fails
Date: Tue, 22 Jan 2013 14:54:03 +1030	[thread overview]
Message-ID: <87d2wxhml8.fsf@rustcorp.com.au> (raw)
In-Reply-To: <50FDC712.1030908@csamuel.org>

Chris Samuel <chris@csamuel.org> writes:
> /* Please CC me, I'm not on LKML */
>
> On 21/01/13 10:36, Rusty Russell wrote:
>
>> We have errnos for a reason; let's not pollute the kernel logs.  That's
>> a userspace job.
>
> Fair enough.
>
>> This part is OK, but I'll add mod->name to the printk.
>
> Sounds good.
>
>> How's this:
>
> Looks fine, modulo the lack of mod->name as Stephen mentioned.

Yeah, here's what is now in Linus' tree:

commit 64748a2c9062da0c32b59c1b368a86fc4613b1e1
Author: Rusty Russell <rusty@rustcorp.com.au>
Date:   Mon Jan 21 17:03:02 2013 +1030

    module: printk message when module signature fail taints kernel.
    
    Reported-by: Chris Samuel <chris@csamuel.org>
    Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/kernel/module.c b/kernel/module.c
index eab0827..e69a5a6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3192,8 +3192,13 @@ again:
 
 #ifdef CONFIG_MODULE_SIG
 	mod->sig_ok = info->sig_ok;
-	if (!mod->sig_ok)
+	if (!mod->sig_ok) {
+		printk_once(KERN_NOTICE
+			    "%s: module verification failed: signature and/or"
+			    " required key missing - tainting kernel\n",
+			    mod->name);
 		add_taint_module(mod, TAINT_FORCED_MODULE);
+	}
 #endif
 
 	/* Now module is in final location, initialize linked lists, etc. */

     prev parent reply	other threads:[~2013-01-22  6:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-16 10:14 [PATCH] MODSIGN: Warn when module signature checking fails Chris Samuel
2013-01-20 23:36 ` Rusty Russell
2013-01-21  0:34   ` Stephen Rothwell
2013-01-21  1:41     ` Rusty Russell
2013-01-21 22:54   ` Chris Samuel
2013-01-22  4:24     ` Rusty Russell [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:eab0827 dfblob:e69a5a6 )
 OR (
bs:"Re: [PATCH] MODSIGN: Warn when module signature checking fails" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87d2wxhml8.fsf@rustcorp.com.au \
    --to=rusty@rustcorp.com.au \
    --cc=chris@csamuel.org \
    --cc=dhowells@redhat.com \
    --cc=jwboyer@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.