Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

From: Randy Dunlap
Date: Mon Mar 05 2018 - 21:13:35 EST


Hi,

On 03/05/2018 05:34 PM, Alexei Starovoitov wrote:

> diff --git a/kernel/module.c b/kernel/module.c
> index ad2d420024f6..6cfa35795741 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c

> @@ -3669,6 +3683,17 @@ static int load_module(struct load_info *info, const char __user *uargs,
> if (err)
> goto free_copy;
>
> + if (info->hdr->e_type == ET_EXEC) {
> +#ifdef CONFIG_MODULE_SIG
> + if (!info->sig_ok) {
> + pr_notice_once("umh %s verification failed: signature and/or required key missing - tainting kernel\n",

That's not a very friendly message to tell a user. "umh" eh?

> + info->file->f_path.dentry->d_name.name);
> + add_taint(TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
> + }

And since the signature failed, why is it being loaded at all?
Is this in the "--force" load path?

> +#endif
> + return 0;
> + }
> +
> /* Figure out module layout, and allocate all the memory. */
> mod = layout_and_allocate(info, flags);
> if (IS_ERR(mod)) {

thanks,
--
~Randy