Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757494AbcDMBlS (ORCPT ); Tue, 12 Apr 2016 21:41:18 -0400 Received: from ozlabs.org ([103.22.144.67]:36553 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756403AbcDMBlR (ORCPT ); Tue, 12 Apr 2016 21:41:17 -0400 From: Rusty Russell To: Libor Pechacek Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] module: Issue warnings when tainting kernel In-Reply-To: <20160412064737.GA5549@fm.suse.cz> References: <20160412064737.GA5549@fm.suse.cz> User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Wed, 13 Apr 2016 11:07:17 +0930 Message-ID: <87potumgqa.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1981 Lines: 56 Libor Pechacek writes: > While most of the locations where a kernel taint bit is set are accompanied > with a warning message, there are two which set their bits silently. If > the tainting module gets unloaded later on, it is almost impossible to tell > what was the reason for setting the flag. > > Signed-off-by: Libor Pechacek Applied, thanks! Cheers, Rusty. > --- > kernel/module.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/kernel/module.c b/kernel/module.c > index 041200ca4a2d..e2d83d77a0e9 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -2812,8 +2812,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) > return -ENOEXEC; > } > > - if (!get_modinfo(info, "intree")) > + if (!get_modinfo(info, "intree")) { > + if (!test_taint(TAINT_OOT_MODULE)) > + pr_warn("%s: loading out-of-tree module taints kernel.\n", > + mod->name); > add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); > + } > > if (get_modinfo(info, "staging")) { > add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); > @@ -2978,6 +2982,8 @@ static int move_module(struct module *mod, struct load_info *info) > > static int check_module_license_and_versions(struct module *mod) > { > + int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE); > + > /* > * ndiswrapper is under GPL by itself, but loads proprietary modules. > * Don't use add_taint_module(), as it would prevent ndiswrapper from > @@ -2996,6 +3002,9 @@ static int check_module_license_and_versions(struct module *mod) > add_taint_module(mod, TAINT_PROPRIETARY_MODULE, > LOCKDEP_NOW_UNRELIABLE); > > + if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) > + pr_warn("%s: module license taints kernel.\n", mod->name); > + > #ifdef CONFIG_MODVERSIONS > if ((mod->num_syms && !mod->crcs) > || (mod->num_gpl_syms && !mod->gpl_crcs) > -- > 1.7.12.4