[PATCH] module: log OOT_MODULE tainting

[PATCH] module: log OOT_MODULE tainting

[Jiri Kosina]

Follow what we do with other taints and output a message into kernel ring 
buffer once tainting a kernel because out-of-tree module is being loaded.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/kernel/module.c b/kernel/module.c
index b02d633..3f52b3e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2478,8 +2478,11 @@ static int check_modinfo(struct module *mod, struct load_info *info)
 		return -ENOEXEC;
 	}
 
-	if (!get_modinfo(info, "intree"))
+	if (!get_modinfo(info, "intree")) {
 		add_taint_module(mod, TAINT_OOT_MODULE);
+		printk(KERN_WARNING "%s: out of tree module taints kernel\n",
+				mod->name);
+	}
 
 	if (get_modinfo(info, "staging")) {
 		add_taint_module(mod, TAINT_CRAP);

Re: [PATCH] module: log OOT_MODULE tainting

[Rusty Russell]

On Mon, 2 Jan 2012 14:58:51 +0100 (CET), Jiri Kosina <jkosina@suse.cz> wrote:
> Follow what we do with other taints and output a message into kernel ring 
> buffer once tainting a kernel because out-of-tree module is being loaded.
> 
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

I don't like this, actually.  There's a wish among some distributions to
know that OOT modules are in use in panic messages, but not by others.
Certainly, there's no reason to warn the user.

Thanks,
Rusty.

Re: [PATCH] module: log OOT_MODULE tainting

[Jiri Kosina]

On Tue, 3 Jan 2012, Rusty Russell wrote:

> > Follow what we do with other taints and output a message into kernel ring 
> > buffer once tainting a kernel because out-of-tree module is being loaded.
> > 
> > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> 
> I don't like this, actually.  There's a wish among some distributions to
> know that OOT modules are in use in panic messages, but not by others.
> Certainly, there's no reason to warn the user.

I do get your point, but it seems to me that we are at least not 
consistent here. Why would we then log messages in cases of 
TAINT_FORCED_MODULE for example? The user knows that he has forced the 
module load, right?

-- 
Jiri Kosina
SUSE Labs

Re: [PATCH] module: log OOT_MODULE tainting

[Rusty Russell]

On Tue, 3 Jan 2012 09:47:02 +0100 (CET), Jiri Kosina <jkosina@suse.cz> wrote:
> On Tue, 3 Jan 2012, Rusty Russell wrote:
> 
> > > Follow what we do with other taints and output a message into kernel ring 
> > > buffer once tainting a kernel because out-of-tree module is being loaded.
> > > 
> > > Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> > 
> > I don't like this, actually.  There's a wish among some distributions to
> > know that OOT modules are in use in panic messages, but not by others.
> > Certainly, there's no reason to warn the user.
> 
> I do get your point, but it seems to me that we are at least not 
> consistent here. Why would we then log messages in cases of 
> TAINT_FORCED_MODULE for example? The user knows that he has forced the 
> module load, right?

Agreed, we're not consistent at all.  But a forcing a module is such a
weird and risky thing to do, the user can ignore a warning message.

Cheers,
Rusty.