On Thu, 13 Feb 2014 15:10:14 +0000 (UTC) Mathieu Desnoyers <[email protected]> wrote:
> ----- Original Message ----- > > From: "Steven Rostedt" <[email protected]> > > To: "Ingo Molnar" <[email protected]> > > Cc: "Mathieu Desnoyers" <[email protected]>, > > [email protected], "Ingo Molnar" > > <[email protected]>, "Thomas Gleixner" <[email protected]>, "Rusty Russell" > > <[email protected]>, "David Howells" > > <[email protected]>, "Greg Kroah-Hartman" <[email protected]> > > Sent: Tuesday, February 11, 2014 11:45:34 PM > > Subject: Re: [RFC PATCH] Fix: module signature vs tracepoints: add new > > TAINT_UNSIGNED_MODULE > > > > > [...] > > But if the kernel expects to have signed modules, and you force a > > module to be loaded that is not signed, then you still get that > > "forced" module taint, which is the same one as loading a module from > > an older kernel into a newer kernel. It's a different problem, and I > > can see having a different taint flag be more informative to kernel > > developers in general. I would welcome that change with or without > > letting tracepoints be set for that module. > > There is one important inaccuracy in your explanation above: a > kernel supporting signed modules, but not enforcing "sig_force", > can load unsigned modules with a simple modprobe or insmod, without > any "--force" argument. Therefore, tainting the module as > "TAINT_FORCED_MODULE" is misleading. > Oh! You are saying that if the kernel only *supports* signed modules, and you load a module that is not signed, it will taint the kernel? -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
