Re: [PATCH] MODSIGN: Add TAINT_NOKEY_MODULE

From: Rafael J. Wysocki
Date: Sun Jan 20 2013 - 19:40:27 EST


On Monday, January 21, 2013 10:30:22 AM Rusty Russell wrote:
> Dave Jones <davej@xxxxxxxxxx> writes:
> > On Thu, Jan 17, 2013 at 11:27:27AM +1030, Rusty Russell wrote:
> >
> > > taint: add explicit flag to show whether lock dep is still OK.
> > >
> > > Fix up all callers as they were before, with make one change: an
> > > unsigned module taints the kernel, but doesn't turn off lockdep.
> > >
> > > Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> >
> > This made my brain itch a little until I got to the bottom of the
> > patch and saw the new definition of add_taint. Perhaps instead of
> > false/true, we have LOCKDEP_LIVES/LOCKDEP_DIES or similar defines
> > to make it clearer what's actually happening without having to
> > go read the function ?
>
> The reason I didn't do that is because it's theoretically more than
> lockdep: it's anything which relies on kernel integrity.
>
> Then I got the true/false thing mixed up myself, so I think you're right
> :)
>
> BTW, ACPI people: those TAINT_OVERRIDDEN_ACPI_TABLE taints were
> disabling lockdep: is that overzealous?

I think so, although it's quite difficult to say what the intention was at
this point.

Thanks,
Rafael


--
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/