Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp123779ybf;
        Wed, 26 Feb 2020 09:59:26 -0800 (PST)
X-Google-Smtp-Source: APXvYqwqGBcSuFd517mSc1g6Kn+C4QdGTK04uj8ETDa8fN3a/5KSQLtVow+32wxhE+KK3o6FVZyW
X-Received: by 2002:aca:5f87:: with SMTP id t129mr183057oib.36.1582739966231;
        Wed, 26 Feb 2020 09:59:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582739966; cv=none;
        d=google.com; s=arc-20160816;
        b=eLesMYSNwzSKoSpiv+DaNucuAHG+EOrCq1BAfntSd0SkI3vL545m72AxL03h6yoR7f
         V62GM7sURZMQcp3aMg/3IHSN5qnvVimaBI6iW9l5+KRdygKx4E7pI1oTiSYAS3F+SLA0
         eabBcpgIdF5eNmo9mhhhiNws2TlJYTUDSqiR/dodgwNbHyUBZf73sWEWGYU1VZBza0jX
         Z0c72bn3BuR/5xZY15iI2ZTxmlphts9YR66ekEoKi+GQ/IO8VMTDl+SUZlPk8AJY7TEy
         0Vb+G3i+pwASCg8oOBiOePQPAhb9sZsASUf7k+sTj1yBqO1yUOMIj1v2SSD/nZdbBo66
         6X8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=IXQeqlsG+Q8mzfN0lIjRWFWxQMDt7U44AQqzLsenFxs=;
        b=XeNpHbI5RR2NX476jafHYTRne5oK7C8tl3KxG3g2+T3GlopFY0UxUjPK9FWCDb6sRf
         I/j/f5peD2SznxjKdZ6PI4bXKt0IO1Cjo4XEbcFwOspfX3W8JD/BKGhfez1Am5tCXDjR
         yaMjKEI3kBibCYb/zG5Q0MN1V9PlkeOujmEL+/j12jV4lySpk9uN1G/5xus4jIcy6qbY
         CIVzxreIBXcylLzONMRpBFuAlSGH4yn5JybMax8i7qtq8HbgTslxUoF7CaHFF7PoZ8Ud
         9fzrtiPl8TGYXYFsN6UA+IB33rViYE1wEjpXJJw5gRUmFdi1csEEiNHMG1t+NyjB4ERh
         4Fjg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0+USs4ns;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l5si153661otf.37.2020.02.26.09.59.14;
        Wed, 26 Feb 2020 09:59:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=0+USs4ns;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726980AbgBZR65 (ORCPT <rfc822;israelpgz17@gmail.com>
        + 99 others); Wed, 26 Feb 2020 12:58:57 -0500
Received: from mail.kernel.org ([198.145.29.99]:53356 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726688AbgBZR64 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 26 Feb 2020 12:58:56 -0500
Received: from linux-8ccs (p5B2812F9.dip0.t-ipconnect.de [91.40.18.249])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 4BDE424656;
        Wed, 26 Feb 2020 17:58:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1582739935;
        bh=gbiYIrb9qVJDfgN91Du8k34UKtZT8nALXnHYvkQ4qVg=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=0+USs4nsndDOEuS3FrNtmAiAf2QOIxp7rGqG+oY2bFJf7s66F3pWPMTDlAVEIVXsj
         3PFrgFaCqncjZBZ86ohNePitPVwoctQ9BSRsV+s8M7I0FjYwg3VYmLpCjIyMWjcJS5
         zDWPYjRaxaA0reJpysRQrth6JOSCbNyRCanyxNcU=
Date:   Wed, 26 Feb 2020 18:58:50 +0100
From:   Jessica Yu <jeyu@kernel.org>
To:     Martin Haass <vvvrrooomm@gmail.com>
Cc:     linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-modules@vger.kernel.org
Subject: Re: [PATCH] module support: during lockdown, log name of unsigned
 module
Message-ID: <20200226175849.GB20449@linux-8ccs>
References: <CAH3oDPzeu_bzYa3fOUpcjQk4HJ5K2Rx+Qf+qbqxSrmTdrWHm5g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CAH3oDPzeu_bzYa3fOUpcjQk4HJ5K2Rx+Qf+qbqxSrmTdrWHm5g@mail.gmail.com>
X-OS:   Linux linux-8ccs 5.5.0-lp150.12.61-default x86_64
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

+++ Martin Haass [19/02/20 10:02 +0100]:
>during lockdown loading of unsigned modules is restricted to signed
>modules only. The old error message does not show which module misses
>the signature, making it very difficult for a user to determine which
>module is at fault.
>This patch adds a line to the logs which additionally contains the
>module name that caused the error message. The old message cannot
>be replaced as it is generated by lockdown_is_locked_down
>---
> kernel/module.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
>diff --git a/kernel/module.c b/kernel/module.c
>index 33569a01d6e..6dcb28139a0 100644
>--- a/kernel/module.c
>+++ b/kernel/module.c
>@@ -2807,7 +2807,8 @@ static int module_sig_check(struct load_info *info,
>int flags)
>  const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
>  const char *reason;
>  const void *mod = info->hdr;
>-
>+ int is_locked = -EPERM;
>+
>  /*
>  * Require flags == 0, as a module with version information
>  * removed is no longer the module that was signed
>@@ -2843,7 +2844,12 @@ static int module_sig_check(struct load_info *info,
>int flags)
>  return -EKEYREJECTED;
>  }
>
>- return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
>+ is_locked = security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
>+ if (is_locked == -EPERM) {
>+ pr_notice("Lockdown: %s: rejected module '%s' cause: %s",
>+ current->comm, info->name, reason);
>+ }
>+ return is_locked;

Hi!

Actually, I think we can just reuse the pr_notice() from the previous if
(is_module_sig_enforced()) block. It already logs the module name as well as
the reason. And we'd better leave the lockdown-specific messages to the LSM.
Something like this perhaps?

diff --git a/kernel/module.c b/kernel/module.c
index b88ec9cd2a7f..2c881e3b9d92 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2838,12 +2838,13 @@ static int module_sig_check(struct load_info *info, int flags)
        case -ENOKEY:
                reason = "Loading of module with unavailable key";
        decide:
-               if (is_module_sig_enforced()) {
+               err = is_module_sig_enforced() ? \
+                     -EKEYREJECTED : security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
+
+               if (err)
                        pr_notice("%s: %s is rejected\n", info->name, reason);
-                       return -EKEYREJECTED;
-               }
 
-               return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
+               return err;
 
                /* All other errors are fatal, including nomem, unparseable
                 * signatures and signature check failures - even if signatures