Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE

From: Steven Rostedt
Date: Thu Feb 13 2014 - 10:44:38 EST


On Thu, 13 Feb 2014 10:36:35 -0500
fche@xxxxxxxxxx (Frank Ch. Eigler) wrote:

>
> rostedt wrote:
>
> > [...]
> > Oh! You are saying that if the kernel only *supports* signed modules,
> > and you load a module that is not signed, it will taint the kernel?
>
> Yes: this is the default for several distros.
>

Rusty, Ingo,

This looks like a bug to me, as it can affect even in-tree kernel
modules. If you have a kernel that supports signed modules, and you
modify a module, recompile it, apply it, since it is no longer signed,
then it sounds like we just tainted it. Worse yet, we just disabled any
tracepoints on that module, which means it is even harder to debug that
module (if that's the reason you recompiled it in the first place).

-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/