Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE

From: Steven Rostedt
Date: Thu Feb 13 2014 - 16:12:13 EST

Next message: Paul Gortmaker: "[PATCH] sparc32: make copy_to/from_user_page() usable from modular code"
Previous message: Mark Brown: "Re: [PATCH] regulator: gpio-regulator: fix forgotten gpios-states reading"
In reply to: Rusty Russell: "Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE"
Next in thread: Steven Rostedt: "Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Feb 2014 13:54:42 +1030
Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

> I'm ambivalent towards out-of-tree modules, so not tempted unless I see
> a bug report indicating a concrete problem. Then we can discuss...

As I replied in another email, this is a concrete problem, and affects
in-tree kernel modules.

If you have the following in your .config:

CONFIG_MODULE_SIG=y
# CONFIG_MODULE_SIG_FORCE is not set
# CONFIG_MODULE_SIG_ALL is not set

Modules will not be signed at build, and they can be loaded with a
simple modprobe or insmod with no --force flag set. You may get an
error message like:

sunrpc: module verification failed: signature and/or required key missing - tainting kernel

But nothing else that indicates a problem.

In the module code, the above was printed by:

#ifdef CONFIG_MODULE_SIG
mod->sig_ok = info->sig_ok;
if (!mod->sig_ok) {
pr_notice_once("%s: module verification failed: signature "
"and/or required key missing - tainting "
"kernel\n", mod->name);
add_taint_module(mod, TAINT_FORCED_MODULE, LOCKDEP_STILL_OK);
}
#endif

Now in the tracepoint code, we have:

in tracepoint_module_coming():

if (mod->taints & ~((1 << TAINT_OOT_MODULE) | (1 << TAINT_CRAP)))
return 0;

If the module is tainted as other than out-of-tree or crap (staging),
the module is ignored with respect to tracepoints. No error, no nothing.

This means that all modules loaded with the config will not have their
tracepoints enabled.

I highly doubt this is the expected result. I think Mathieu's patch is
a fix to this problem (and my patch fixes the problem where tracepoints
do not give any feedback that they failed to be enabled).

Are you fine with his fix, if so, please ack it, and I'll apply it.

Although, is "N" the best letter to use for this taint? Not sure, but
everything else I can think of looks to be already taken. Maybe "X"?
You know. When you sign your name and don't know how to spell it, you
just simply use an "X". :-)

Thanks!

-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Gortmaker: "[PATCH] sparc32: make copy_to/from_user_page() usable from modular code"
Previous message: Mark Brown: "Re: [PATCH] regulator: gpio-regulator: fix forgotten gpios-states reading"
In reply to: Rusty Russell: "Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE"
Next in thread: Steven Rostedt: "Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]