From: Luis Chamberlain <mcgrof@kernel.org>
To: Yusong Gao <a869920004@gmail.com>
Cc: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] module: Add log info for verifying module signature
Date: Fri, 28 Jun 2024 10:16:25 -0700 [thread overview]
Message-ID: <Zn7v6XGbSTxo3T4f@bombadil.infradead.org> (raw)
In-Reply-To: <20240628103923.1677347-1-a869920004@gmail.com>
On Fri, Jun 28, 2024 at 10:39:23AM +0000, Yusong Gao wrote:
> Add log information in kernel-space when loading module failures.
> Try to load the unsigned module and the module with bad signature
> when set 1 to /sys/module/module/parameters/sig_enforce.
>
> Unsigned module case:
> (linux) insmod unsigned.ko
> [ 18.714661] Loading of unsigned module is rejected
> insmod: can't insert 'unsigned.ko': Key was rejected by service
> (linux)
>
> Bad signature module case:
> (linux) insmod bad_signature.ko
> insmod: can't insert 'bad_signature.ko': Key was rejected by service
> (linux)
>
> There have different logging behavior the bad signature case only log
> in user-space, add log info for fatal errors in module_sig_check().
>
> Signed-off-by: Yusong Gao <a869920004@gmail.com>
> ---
> V3: Clarify the message type and the error code meaning.
> V2: Change print level from notice to debug.
> ---
> kernel/module/signing.c | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
> index a2ff4242e623..826cdab8e3e4 100644
> --- a/kernel/module/signing.c
> +++ b/kernel/module/signing.c
> @@ -67,6 +67,31 @@ int mod_verify_sig(const void *mod, struct load_info *info)
> NULL, NULL);
> }
>
> +static const char *mod_decode_error(int errno)
> +{
> + char *errstr = "Unrecognized error";
This is not safe. You can just extend the existing debug switch for
strict module loading and re-use the variable there and use that,
for example
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..9111822116e6 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -106,6 +106,9 @@ int module_sig_check(struct load_info *info, int flags)
case -ENOKEY:
reason = "module with unavailable key";
break;
+ case -EKEYREJECTED:
+ reason = "Key was rejected by service";
+ break;
default:
/*
@@ -113,6 +116,7 @@ int module_sig_check(struct load_info *info, int flags)
* unparseable signatures, and signature check failures --
* even if signatures aren't required.
*/
+ pr_debug("Verifying module signature failed: %s\n", reason);
return err;
}
Also certs/system_keyring.c already has a lot of pr_devel stuff too, so
do we really need this?
Luis
prev parent reply other threads:[~2024-06-28 17:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-28 10:39 [PATCH v3] module: Add log info for verifying module signature Yusong Gao
2024-06-28 17:16 ` Luis Chamberlain [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zn7v6XGbSTxo3T4f@bombadil.infradead.org \
--to=mcgrof@kernel.org \
--cc=a869920004@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox