Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757494AbcDMBlS (ORCPT <rfc822;w@1wt.eu>);
	Tue, 12 Apr 2016 21:41:18 -0400
Received: from ozlabs.org ([103.22.144.67]:36553 "EHLO ozlabs.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756403AbcDMBlR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 12 Apr 2016 21:41:17 -0400
From: Rusty Russell <rusty@rustcorp.com.au>
To: Libor Pechacek <lpechacek@suse.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] module: Issue warnings when tainting kernel
In-Reply-To: <20160412064737.GA5549@fm.suse.cz>
References: <20160412064737.GA5549@fm.suse.cz>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Wed, 13 Apr 2016 11:07:17 +0930
Message-ID: <87potumgqa.fsf@rustcorp.com.au>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1981
Lines: 56

Libor Pechacek <lpechacek@suse.com> writes:
> While most of the locations where a kernel taint bit is set are accompanied
> with a warning message, there are two which set their bits silently.  If
> the tainting module gets unloaded later on, it is almost impossible to tell
> what was the reason for setting the flag.
>
> Signed-off-by: Libor Pechacek <lpechacek@suse.com>

Applied, thanks!

Cheers,
Rusty.

> ---
>  kernel/module.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 041200ca4a2d..e2d83d77a0e9 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2812,8 +2812,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
>  		return -ENOEXEC;
>  	}
>  
> -	if (!get_modinfo(info, "intree"))
> +	if (!get_modinfo(info, "intree")) {
> +		if (!test_taint(TAINT_OOT_MODULE))
> +			pr_warn("%s: loading out-of-tree module taints kernel.\n",
> +				mod->name);
>  		add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
> +	}
>  
>  	if (get_modinfo(info, "staging")) {
>  		add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
> @@ -2978,6 +2982,8 @@ static int move_module(struct module *mod, struct load_info *info)
>  
>  static int check_module_license_and_versions(struct module *mod)
>  {
> +	int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
> +
>  	/*
>  	 * ndiswrapper is under GPL by itself, but loads proprietary modules.
>  	 * Don't use add_taint_module(), as it would prevent ndiswrapper from
> @@ -2996,6 +3002,9 @@ static int check_module_license_and_versions(struct module *mod)
>  		add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
>  				 LOCKDEP_NOW_UNRELIABLE);
>  
> +	if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
> +		pr_warn("%s: module license taints kernel.\n", mod->name);
> +
>  #ifdef CONFIG_MODVERSIONS
>  	if ((mod->num_syms && !mod->crcs)
>  	    || (mod->num_gpl_syms && !mod->gpl_crcs)
> -- 
> 1.7.12.4