----- Original Message ----- > From: "Steven Rostedt" <[email protected]> > To: "Ingo Molnar" <[email protected]> > Cc: "Mathieu Desnoyers" <[email protected]>, > [email protected], "Ingo Molnar" > <[email protected]>, "Thomas Gleixner" <[email protected]>, "Rusty Russell" > <[email protected]>, "David Howells" > <[email protected]>, "Greg Kroah-Hartman" <[email protected]> > Sent: Tuesday, February 11, 2014 11:45:34 PM > Subject: Re: [RFC PATCH] Fix: module signature vs tracepoints: add new > TAINT_UNSIGNED_MODULE > > [...] > But if the kernel expects to have signed modules, and you force a > module to be loaded that is not signed, then you still get that > "forced" module taint, which is the same one as loading a module from > an older kernel into a newer kernel. It's a different problem, and I > can see having a different taint flag be more informative to kernel > developers in general. I would welcome that change with or without > letting tracepoints be set for that module.
There is one important inaccuracy in your explanation above: a kernel supporting signed modules, but not enforcing "sig_force", can load unsigned modules with a simple modprobe or insmod, without any "--force" argument. Therefore, tainting the module as "TAINT_FORCED_MODULE" is misleading. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
