Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY

From: Rusty Russell
Date: Fri Jan 11 2013 - 20:17:17 EST

Next message: Rusty Russell: "Re: [RFCv2 00/12] Introduce host-side virtio queue and CAIF Virtio."
Previous message: Steven Rostedt: "[PATCH] staging/sb105x: PARPORT config is not good enough must usePARPORT_PC"
In reply to: Josh Boyer: "Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY"
Next in thread: Chris Samuel: "Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Josh Boyer <jwboyer@xxxxxxxxx> writes:

> On Fri, Jan 11, 2013 at 4:44 AM, Chris Samuel <chris@xxxxxxxxxxx> wrote:
>> /* Please CC me in responses, I am not subscribed to LKML */
>>
>> Currently if a signature check fails on module load due to not having
>> the appropriate key (-ENOKEY) and we are not doing strict checking
>> there is no information provided to the user other than the lock debug
>> taint warning:
>>
>> Disabling lock debugging due to kernel taint
>>
>> This patch causes a single warning to be emitted to explain why the
>> kernel is being tainted, before the above taint warning occurs.
>>
>> Module verification failed, required key not present, tainting kernel
>>
>> Found whilst trying to work out why all the 3.8 development kernels
>> I was building and testing were warning about taints and why all modules
>> were listed as forced load (F) in /proc/modules when that wasn't the
>> case in the 3.5, 3.6 or 3.7 kernels I'd tried.
>>
>> Signed-off-by: Christopher Samuel <chris@xxxxxxxxxxx>
>> ---
>> kernel/module.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index 250092c..27de534 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -2443,8 +2443,10 @@ static int module_sig_check(struct load_info *info)
>> if (err < 0 && fips_enabled)
>> panic("Module verification failed with error %d in FIPS
>> mode\n",
>> err);
>> - if (err == -ENOKEY && !sig_enforce)
>> + if (err == -ENOKEY && !sig_enforce) {
>> + printk_once(KERN_DEBUG "Module verification failed, required
>> key not present, tainting kernel\n");
>> err = 0;
>> + }
>> return err;
>
> I'd suggest putting the printk in load_module where we call the
> add_taint_module function instead. Also, you might want to make the
> priority a bit higher if it's meant to be informative. Something like
> KERN_INFO.

Agreed. KERN_NOTICE, I think: we really want to see if someone's
inserting an unsigned module!

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [RFCv2 00/12] Introduce host-side virtio queue and CAIF Virtio."
Previous message: Steven Rostedt: "[PATCH] staging/sb105x: PARPORT config is not good enough must usePARPORT_PC"
In reply to: Josh Boyer: "Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY"
Next in thread: Chris Samuel: "Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]