Re: [PATCH] module: Issue warnings when tainting kernel
From: Rusty Russell
Date: Tue Apr 12 2016 - 21:41:23 EST
Libor Pechacek <lpechacek@xxxxxxxx> writes:
> While most of the locations where a kernel taint bit is set are accompanied
> with a warning message, there are two which set their bits silently. If
> the tainting module gets unloaded later on, it is almost impossible to tell
> what was the reason for setting the flag.
>
> Signed-off-by: Libor Pechacek <lpechacek@xxxxxxxx>
Applied, thanks!
Cheers,
Rusty.
> ---
> kernel/module.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 041200ca4a2d..e2d83d77a0e9 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2812,8 +2812,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
> return -ENOEXEC;
> }
>
> - if (!get_modinfo(info, "intree"))
> + if (!get_modinfo(info, "intree")) {
> + if (!test_taint(TAINT_OOT_MODULE))
> + pr_warn("%s: loading out-of-tree module taints kernel.\n",
> + mod->name);
> add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
> + }
>
> if (get_modinfo(info, "staging")) {
> add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
> @@ -2978,6 +2982,8 @@ static int move_module(struct module *mod, struct load_info *info)
>
> static int check_module_license_and_versions(struct module *mod)
> {
> + int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
> +
> /*
> * ndiswrapper is under GPL by itself, but loads proprietary modules.
> * Don't use add_taint_module(), as it would prevent ndiswrapper from
> @@ -2996,6 +3002,9 @@ static int check_module_license_and_versions(struct module *mod)
> add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
> LOCKDEP_NOW_UNRELIABLE);
>
> + if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
> + pr_warn("%s: module license taints kernel.\n", mod->name);
> +
> #ifdef CONFIG_MODVERSIONS
> if ((mod->num_syms && !mod->crcs)
> || (mod->num_gpl_syms && !mod->gpl_crcs)
> --
> 1.7.12.4