From: Rusty Russell <rusty@rustcorp.com.au>
To: Josh Boyer <jwboyer@gmail.com>, Chris Samuel <chris@csamuel.org>
Cc: linux-kernel@vger.kernel.org, dhowells@redhat.com
Subject: Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY
Date: Sat, 12 Jan 2013 11:00:02 +1030 [thread overview]
Message-ID: <87vcb3z1it.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CA+5PVA7F1RV3=Ynv+et=ZzOTRszop=sXY2QscuuHGO2RhLpSYg@mail.gmail.com>
Josh Boyer <jwboyer@gmail.com> writes:
> On Fri, Jan 11, 2013 at 4:44 AM, Chris Samuel <chris@csamuel.org> wrote:
>> /* Please CC me in responses, I am not subscribed to LKML */
>>
>> Currently if a signature check fails on module load due to not having
>> the appropriate key (-ENOKEY) and we are not doing strict checking
>> there is no information provided to the user other than the lock debug
>> taint warning:
>>
>> Disabling lock debugging due to kernel taint
>>
>> This patch causes a single warning to be emitted to explain why the
>> kernel is being tainted, before the above taint warning occurs.
>>
>> Module verification failed, required key not present, tainting kernel
>>
>> Found whilst trying to work out why all the 3.8 development kernels
>> I was building and testing were warning about taints and why all modules
>> were listed as forced load (F) in /proc/modules when that wasn't the
>> case in the 3.5, 3.6 or 3.7 kernels I'd tried.
>>
>> Signed-off-by: Christopher Samuel <chris@csamuel.org>
>> ---
>> kernel/module.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index 250092c..27de534 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -2443,8 +2443,10 @@ static int module_sig_check(struct load_info *info)
>> if (err < 0 && fips_enabled)
>> panic("Module verification failed with error %d in FIPS
>> mode\n",
>> err);
>> - if (err == -ENOKEY && !sig_enforce)
>> + if (err == -ENOKEY && !sig_enforce) {
>> + printk_once(KERN_DEBUG "Module verification failed, required
>> key not present, tainting kernel\n");
>> err = 0;
>> + }
>> return err;
>
> I'd suggest putting the printk in load_module where we call the
> add_taint_module function instead. Also, you might want to make the
> priority a bit higher if it's meant to be informative. Something like
> KERN_INFO.
Agreed. KERN_NOTICE, I think: we really want to see if someone's
inserting an unsigned module!
Cheers,
Rusty.
next prev parent reply other threads:[~2013-01-12 1:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-11 9:44 [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY Chris Samuel
2013-01-11 13:49 ` Josh Boyer
2013-01-12 0:30 ` Rusty Russell [this message]
2013-01-12 7:50 ` Chris Samuel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vcb3z1it.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=chris@csamuel.org \
--cc=dhowells@redhat.com \
--cc=jwboyer@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox