On 6/19/24 02:54, Luis Chamberlain wrote:
On Fri, Jun 14, 2024 at 09:25:19AM +0000, Yusong Gao wrote:
Add log information in kernel-space when loading module failures.
Try to load the unsigned module and the module with bad signature
when set 1 to /sys/module/module/parameters/sig_enforce.
Unsigned module case:
(linux) insmod unsigned.ko
[ 18.714661] Loading of unsigned module is rejected
insmod: can't insert 'unsigned.ko': Key was rejected by service
(linux)
Bad signature module case:
(linux) insmod bad_signature.ko
insmod: can't insert 'bad_signature.ko': Key was rejected by service
(linux)
There have different logging behavior the bad signature case only log
in user-space, add log info for fatal errors in module_sig_check().
Signed-off-by: Yusong Gao <a869920004@xxxxxxxxx>
---
kernel/module/signing.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..6a6493c8f7e4 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -113,6 +113,7 @@ int module_sig_check(struct load_info *info, int flags)
* unparseable signatures, and signature check failures --
* even if signatures aren't required.
*/
+ pr_notice("Loading module failed (errno=%d)\n", -err);
return err;
I welcome pr_debug() messages but if we were to add a regular print for every
single type of failure we'd clutter the code, we don't want that.
Luis
Thanks for your reply!
Agreed. I'll make that change. The reason I select the notice print
level is because I found the codes in module_sig_check() use notice
level when signature enforced. In fact the pr_debug() is more suitable
for this scene.
BR, Yusong Gao
