Re: [PATCH] MODSIGN: Warn when module signature checking fails

[Rusty Russell]

Chris Samuel <chris@xxxxxxxxxxx> writes:
> /* Please CC me, I'm not on LKML */
>
> On 21/01/13 10:36, Rusty Russell wrote:
>
>> We have errnos for a reason; let's not pollute the kernel logs.  That's
>> a userspace job.
>
> Fair enough.
>
>> This part is OK, but I'll add mod->name to the printk.
>
> Sounds good.
>
>> How's this:
>
> Looks fine, modulo the lack of mod->name as Stephen mentioned.

Yeah, here's what is now in Linus' tree:

commit 64748a2c9062da0c32b59c1b368a86fc4613b1e1
Author: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Date:   Mon Jan 21 17:03:02 2013 +1030

    module: printk message when module signature fail taints kernel.
    
    Reported-by: Chris Samuel <chris@xxxxxxxxxxx>
    Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx>

diff --git a/kernel/module.c b/kernel/module.c
index eab0827..e69a5a6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3192,8 +3192,13 @@ again:
 
 #ifdef CONFIG_MODULE_SIG
 	mod->sig_ok = info->sig_ok;
-	if (!mod->sig_ok)
+	if (!mod->sig_ok) {
+		printk_once(KERN_NOTICE
+			    "%s: module verification failed: signature and/or"
+			    " required key missing - tainting kernel\n",
+			    mod->name);
 		add_taint_module(mod, TAINT_FORCED_MODULE);
+	}
 #endif
 
 	/* Now module is in final location, initialize linked lists, etc. */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/