[PATCH] MODSIGN: Warn when module signature checking fails

From: Chris Samuel
Date: Wed Jan 16 2013 - 05:14:32 EST

Next message: Alexander Gordeev: "[PATCH -tip] sched: Pair ttwu_activate() with uwtt_deactivate()"
Previous message: Sedat Dilek: "Re: [3.8-{rc1,rc2}] ata1.00: failed to get Identify Device Data,Emask 0x1"
Next in thread: Rusty Russell: "Re: [PATCH] MODSIGN: Warn when module signature checking fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

/* Please CC me, I'm not on LKML */

* Reworked from the original patch based on feedback from Josh Boyer
* (putting the code in load_module()) and Rusty Russel (use
* KERN_NOTICE). Extended to cover the other failure modes.

Currently if a signature check fails on module load for any reason no
feedback is given, except if the failure is due to either not having
the appropriate key or the signature is missing (both -ENOKEY) *and*
we are not doing strict checking (module.sig_enforce is not set). In
that situation only a contextless kernel taint message appears:

Disabling lock debugging due to kernel taint

This patch:

a) Reports the reason why a module has failed to load (either one of
the explicit failures or an error propagated back from the crypto
infrastructure) if it is going to be a hard failure (err is set).

b) causes a single warning to be emitted to explain why the kernel
is being tainted, before the above taint warning is output, when
the error is -ENOKEY (implicit in err=0 and sig_ok not being true)
and module.sig_enforce is not set.

Found whilst trying to work out why all the 3.8 development kernels
I was building and testing were warning about taints and why all modules
were listed as forced load (F) in /proc/modules.

It would be really nice to be able to work out what the name of the
module is, but that doesn't appear to be possible from the information
load_module() has access to, plus my kernel-fu is not great.

Signed-off-by: Christopher Samuel <chris@xxxxxxxxxxx>
---
kernel/module.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index 250092c..ec789d3 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3099,8 +3099,23 @@ static int load_module(struct load_info *info, const char __user *uargs,
long err;
err = module_sig_check(info);
- if (err)
+ if (err) {
+ switch (err) {
+ case -EBADMSG:
+ printk(KERN_NOTICE "Module verification failed: module signature corrupt or unrecognised - not loading\n");
+ break;
+ case -ENOPKG:
+ printk(KERN_NOTICE "Module verification failed: requisite algorithm unavailable - not loading\n");
+ break;
+ case -ENOKEY:
+ printk(KERN_NOTICE "Module verification failed: signature and/or required key missing - not loading\n");
+ break;
+ default:
+ printk(KERN_NOTICE "Module verification failed: supporting code reported failure %ld - not loading\n",err);
+ break;
+ }
goto free_copy;
+ }
err = elf_header_check(info);
if (err)
@@ -3115,8 +3130,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
#ifdef CONFIG_MODULE_SIG
mod->sig_ok = info->sig_ok;
- if (!mod->sig_ok)
+ if (!mod->sig_ok) {
+ printk_once(KERN_NOTICE "Module verification failed: signature and/or required key missing - tainting kernel\n");
add_taint_module(mod, TAINT_FORCED_MODULE);
+ }
#endif
/* Now module is in final location, initialize linked lists, etc. */
--
1.7.10.4

Next message: Alexander Gordeev: "[PATCH -tip] sched: Pair ttwu_activate() with uwtt_deactivate()"
Previous message: Sedat Dilek: "Re: [3.8-{rc1,rc2}] ata1.00: failed to get Identify Device Data,Emask 0x1"
Next in thread: Rusty Russell: "Re: [PATCH] MODSIGN: Warn when module signature checking fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]