[Devel] [PATCH] module: do not taint kernel with TAINT_OOT_MODULE
Evgenii Shatokhin
eshatokhin at odin.com
Mon Nov 23 05:03:41 PST 2015
https://jira.sw.ru/browse/PSBM-41455
When an out-of-tree kernel module is loaded, the kernel is tainted with
TAINT_OOT_MODULE (see check_modinfo() in kernel/module.c).
add_taint() will dump the stack trace in this case. If I understand it
correctly, this will be seen as an error during the testing, and that is
intentional.
However, there are going to be out-of-tree modules which are trusted and
OK to load, for example, Kpatch core module and the Kpatch-based kernel
updates.
The trusted kernel modules will be signed with an appropriate key and
the kernel will be able to verify it
(https://jira.sw.ru/browse/PSBM-41385).
On the other hand, if some untrusted external kernel module is loaded,
the kernel will be tainted twice:
* with TAINT_OOT_MODULE because the module is out-of-tree
* with TAINT_FORCED_MODULE (see load_module() in kernel/module.c)
because the module is unsigned, has an invalid signature or is signed
with an unknown key.
I propose to replace tainting the kernel with TAINT_OOT_MODULE with a
simple message to the kernel log.
In this case, the trusted (and properly signed) kernel modules will load
without taints. If the user tries to load an untrusted module, the
kernel will be tainted with TAINT_FORCED_MODULE anyway because the
signature verification will fail. So it will be clearly visible in the
kernel log what is going on.
Signed-off-by: Evgenii Shatokhin <eshatokhin at odin.com>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index d600158..5a8dbcc 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2767,7 +2767,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
if (!get_modinfo(info, "intree"))
- add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
+ pr_notice("%s: out-of-tree module.\n", mod->name);
if (get_modinfo(info, "staging")) {
add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
--
2.3.2
More information about the Devel
mailing list