[Devel] [PATCH] module: do not taint kernel with TAINT_OOT_MODULE

Konstantin Khorenko khorenko at virtuozzo.com
Tue Mar 29 09:36:51 PDT 2016


Rejecting this patch for now.
Will try to skip TAINT_OOT_MODULE taint bit in userspace on problem detection.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 11/23/2015 04:03 PM, Evgenii Shatokhin wrote:
> https://jira.sw.ru/browse/PSBM-41455
>
> When an out-of-tree kernel module is loaded, the kernel is tainted with
> TAINT_OOT_MODULE (see check_modinfo() in kernel/module.c).
>
> add_taint() will dump the stack trace in this case. If I understand it
> correctly, this will be seen as an error during the testing, and that is
> intentional.
>
> However, there are going to be out-of-tree modules which are trusted and
> OK to load, for example, Kpatch core module and the Kpatch-based kernel
> updates.
>
> The trusted kernel modules will be signed with an appropriate key and
> the kernel will be able to verify it
> (https://jira.sw.ru/browse/PSBM-41385).
>
> On the other hand, if some untrusted external kernel module is loaded,
> the kernel will be tainted twice:
> * with TAINT_OOT_MODULE because the module is out-of-tree
> * with TAINT_FORCED_MODULE (see load_module() in kernel/module.c)
>    because the module is unsigned, has an invalid signature or is signed
>    with an unknown key.
>
> I propose to replace tainting the kernel with TAINT_OOT_MODULE with a
> simple message to the kernel log.
>
> In this case, the trusted (and properly signed) kernel modules will load
> without taints. If the user tries to load an untrusted module, the
> kernel will be tainted with TAINT_FORCED_MODULE anyway because  the
> signature verification will fail. So it will be clearly visible in the
> kernel log what is going on.
>
> Signed-off-by: Evgenii Shatokhin <eshatokhin at odin.com>
> ---
>   kernel/module.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index d600158..5a8dbcc 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2767,7 +2767,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
>   	}
>
>   	if (!get_modinfo(info, "intree"))
> -		add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
> +		pr_notice("%s: out-of-tree module.\n", mod->name);
>
>   	if (get_modinfo(info, "staging")) {
>   		add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
>


More information about the Devel mailing list