| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Jan 2013 14:09:12 -0500
From: Josh Boyer <jwboyer@...hat.com>
To: Rusty Russell <rusty@...tcorp.com.au>
Cc: "Frank Ch. Eigler" <fche@...hat.com>, dhowells@...hat.com,
linux-kernel@...r.kernel.org, peterz@...radead.org,
mingo@...hat.com
Subject: [PATCH] MODSIGN: Add TAINT_NOKEY_MODULE
With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, if we encounter an unsigned
module we currently taint the module and kernel with TAINT_FORCED_MODULE.
That also disables lockdep within the kernel.
Given that we aren't in enforcing mode in this case, and we aren't
actually forcing the module to be loaded, that seems to be an incorrect
representation of what happened on module load. This adds a new
TAINT_NOKEY_MODULE flag to be used in this case instead. We also allow
lockdep to continue to work in this case, similar to the TAINT_OOT_MODULE
and TAINT_WARN cases.
Reported-by: Frank Ch. Eigler <fche@...hat.com>
Signed-off-by: Josh Boyer <jwboyer@...hat.com>
---
include/linux/kernel.h | 1 +
kernel/module.c | 4 +++-
kernel/panic.c | 3 +++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index c566927..a2bbddb 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -427,6 +427,7 @@ extern enum system_states {
#define TAINT_CRAP 10
#define TAINT_FIRMWARE_WORKAROUND 11
#define TAINT_OOT_MODULE 12
+#define TAINT_NOKEY_MODULE 13
extern const char hex_asc[];
#define hex_asc_lo(x) hex_asc[((x) & 0x0f)]
diff --git a/kernel/module.c b/kernel/module.c
index 250092c..5dc9263 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1025,6 +1025,8 @@ static size_t module_flags_taint(struct module *mod, char *buf)
buf[l++] = 'F';
if (mod->taints & (1 << TAINT_CRAP))
buf[l++] = 'C';
+ if (mod->taints & (1 << TAINT_NOKEY_MODULE))
+ buf[l++] = 'K';
/*
* TAINT_FORCED_RMMOD: could be added.
* TAINT_UNSAFE_SMP, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
@@ -3116,7 +3118,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
#ifdef CONFIG_MODULE_SIG
mod->sig_ok = info->sig_ok;
if (!mod->sig_ok)
- add_taint_module(mod, TAINT_FORCED_MODULE);
+ add_taint_module(mod, TAINT_NOKEY_MODULE);
#endif
/* Now module is in final location, initialize linked lists, etc. */
diff --git a/kernel/panic.c b/kernel/panic.c
index e1b2822..e909abb 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -206,6 +206,7 @@ static const struct tnt tnts[] = {
{ TAINT_CRAP, 'C', ' ' },
{ TAINT_FIRMWARE_WORKAROUND, 'I', ' ' },
{ TAINT_OOT_MODULE, 'O', ' ' },
+ { TAINT_NOKEY_MODULE, 'K', ' ' },
};
/**
@@ -224,6 +225,7 @@ static const struct tnt tnts[] = {
* 'C' - modules from drivers/staging are loaded.
* 'I' - Working around severe firmware bug.
* 'O' - Out-of-tree module has been loaded.
+ * 'K' - Module with missing or unknown signature key has been loaded.
*
* The string is overwritten by the next call to print_tainted().
*/
@@ -273,6 +275,7 @@ void add_taint(unsigned flag)
case TAINT_OOT_MODULE:
case TAINT_WARN:
case TAINT_FIRMWARE_WORKAROUND:
+ case TAINT_NOKEY_MODULE:
break;
default:
--
1.8.0.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists