Re: [PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE

From: Rusty Russell
Date: Mon Mar 31 2014 - 00:36:00 EST


Takashi Iwai <tiwai@xxxxxxx> writes:
> At Thu, 13 Mar 2014 11:30:47 +1030,
> Rusty Russell wrote:
>>
>> Steven Rostedt <rostedt@xxxxxxxxxxx> writes:
>> > Mathieu, you should have added a v2 to the subject ie: [PATCH V2]
>> >
>> > Rusty,
>> >
>> > If you want to take this, please add my
>> > Acked-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
>>
>> Thanks, I updated my copy and have pushed this into modules-next.
>
> The letter 'X' has been already used for SUSE kernels for very long
> time, to indicate the external supported modules. Can the new flag be
> changed to another letter for avoiding conflict...?
> (BTW, we also use 'N' for "no support", too.)

Sure... As I've already applied it, I've had to add this new patch:

Subject: Use 'E' instead of 'X' for unsigned module taint flag.

66cc69e34e86a231fbe68d8918c6119e3b7549a3 added 'X' for unsigned module
taints, but Takashi Iwai <tiwai@xxxxxxx> says:

The letter 'X' has been already used for SUSE kernels for very long
time, to indicate the external supported modules. Can the new flag be
changed to another letter for avoiding conflict...?
(BTW, we also use 'N' for "no support", too.)

Note: this code should be cleaned up, so we don't have such maps in
three places!

Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx>

diff --git a/Documentation/ABI/testing/sysfs-module b/Documentation/ABI/testing/sysfs-module
index b9a29cdbaccb..66a110b4c48a 100644
--- a/Documentation/ABI/testing/sysfs-module
+++ b/Documentation/ABI/testing/sysfs-module
@@ -49,4 +49,4 @@ Description: Module taint flags:
O - out-of-tree module
F - force-loaded module
C - staging driver module
- X - unsigned module
+ E - unsigned module
diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index b6af42e4d790..db1c49e17aa2 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -54,7 +54,7 @@ This has a number of options available:
If this is off (ie. "permissive"), then modules for which the key is not
available and modules that are unsigned are permitted, but the kernel will
be marked as being tainted, and the concerned modules will be marked as
- tainted, shown with the character 'X'.
+ tainted, shown with the character 'E'.

If this is on (ie. "restrictive"), only modules that have a valid
signature that can be verified by a public key in the kernel's possession
diff --git a/Documentation/oops-tracing.txt b/Documentation/oops-tracing.txt
index 879abe289523..fa86b85d2821 100644
--- a/Documentation/oops-tracing.txt
+++ b/Documentation/oops-tracing.txt
@@ -265,7 +265,7 @@ characters, each representing a particular tainted value.

13: 'O' if an externally-built ("out-of-tree") module has been loaded.

- 14: 'X' if an unsigned module has been loaded in a kernel supporting
+ 14: 'E' if an unsigned module has been loaded in a kernel supporting
module signature.

The primary reason for the 'Tainted: ' string is to tell kernel
diff --git a/kernel/module.c b/kernel/module.c
index c1acb0c5b637..6d620199b892 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1014,7 +1014,7 @@ static size_t module_flags_taint(struct module *mod, char *buf)
if (mod->taints & (1 << TAINT_CRAP))
buf[l++] = 'C';
if (mod->taints & (1 << TAINT_UNSIGNED_MODULE))
- buf[l++] = 'X';
+ buf[l++] = 'E';
/*
* TAINT_FORCED_RMMOD: could be added.
* TAINT_UNSAFE_SMP, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
diff --git a/kernel/panic.c b/kernel/panic.c
index 0e25fe10871e..dbee7fe2a0c0 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -210,7 +210,7 @@ static const struct tnt tnts[] = {
{ TAINT_CRAP, 'C', ' ' },
{ TAINT_FIRMWARE_WORKAROUND, 'I', ' ' },
{ TAINT_OOT_MODULE, 'O', ' ' },
- { TAINT_UNSIGNED_MODULE, 'X', ' ' },
+ { TAINT_UNSIGNED_MODULE, 'E', ' ' },
};

/**
@@ -229,7 +229,7 @@ static const struct tnt tnts[] = {
* 'C' - modules from drivers/staging are loaded.
* 'I' - Working around severe firmware bug.
* 'O' - Out-of-tree module has been loaded.
- * 'X' - Unsigned module has been loaded.
+ * 'E' - Unsigned module has been loaded.
*
* The string is overwritten by the next call to print_tainted().
*/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/