[PATCH] MODSIGN: Don't taint unless signature enforcing is enabled

From: Josh Boyer
Date: Fri Jan 04 2013 - 14:11:57 EST

With module signing enabled but not in enforcing mode, we don't consider
unsigned modules to be an error. However, we only mark sig_ok as true if
a signature verified. This causes the module to be tainted with the
TAINT_FORCED_MODULE flag. That in turn taints the kernel, which also
disables lockdep.

Tainting the module and kernel when we don't consider something to be an
error seems excessive. This marks sig_ok as true if we aren't in enforcing

Reported-by: Frank Ch. Eigler <fche@xxxxxxxxxx>
Signed-off-by: Josh Boyer <jwboyer@xxxxxxxxxx>
kernel/module.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/module.c b/kernel/module.c
index 250092c..a50172e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2443,8 +2443,10 @@ static int module_sig_check(struct load_info *info)
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",
- if (err == -ENOKEY && !sig_enforce)
+ if (err == -ENOKEY && !sig_enforce) {
+ info->sig_ok = true;
err = 0;
+ }

return err;
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/