On 3/5/18 6:13 PM, Randy Dunlap wrote:
Hi,
On 03/05/2018 05:34 PM, Alexei Starovoitov wrote:
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420024f6..6cfa35795741 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3669,6 +3683,17 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_copy;
+ if (info->hdr->e_type == ET_EXEC) {
+#ifdef CONFIG_MODULE_SIG
+ if (!info->sig_ok) {
+ pr_notice_once("umh %s verification failed: signature and/or required key missing - tainting kernel\n",
That's not a very friendly message to tell a user. "umh" eh?
umh is an abbreviation known to kernel newbies:
https://kernelnewbies.org/KernelProjects/usermode-helper-enhancements
The rest of the message is copy paste of existing one.
+ info->file->f_path.dentry->d_name.name);
+ add_taint(TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
+ }
And since the signature failed, why is it being loaded at all?
because this is how regular kernel modules deal with it.
sig_enforce is handled earlier.
Is this in the "--force" load path?
--force forces modver and modmagic. These things don't apply here.
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
