On Thu, 13 Feb 2014 15:10:14 +0000 (UTC) Mathieu Desnoyers <mathieu.desnoy...@efficios.com> wrote:
> ----- Original Message ----- > > From: "Steven Rostedt" <rost...@goodmis.org> > > To: "Ingo Molnar" <mi...@kernel.org> > > Cc: "Mathieu Desnoyers" <mathieu.desnoy...@efficios.com>, > > linux-kernel@vger.kernel.org, "Ingo Molnar" > > <mi...@redhat.com>, "Thomas Gleixner" <t...@linutronix.de>, "Rusty Russell" > > <ru...@rustcorp.com.au>, "David Howells" > > <dhowe...@redhat.com>, "Greg Kroah-Hartman" <gre...@linuxfoundation.org> > > Sent: Tuesday, February 11, 2014 11:45:34 PM > > Subject: Re: [RFC PATCH] Fix: module signature vs tracepoints: add new > > TAINT_UNSIGNED_MODULE > > > > > [...] > > But if the kernel expects to have signed modules, and you force a > > module to be loaded that is not signed, then you still get that > > "forced" module taint, which is the same one as loading a module from > > an older kernel into a newer kernel. It's a different problem, and I > > can see having a different taint flag be more informative to kernel > > developers in general. I would welcome that change with or without > > letting tracepoints be set for that module. > > There is one important inaccuracy in your explanation above: a > kernel supporting signed modules, but not enforcing "sig_force", > can load unsigned modules with a simple modprobe or insmod, without > any "--force" argument. Therefore, tainting the module as > "TAINT_FORCED_MODULE" is misleading. > Oh! You are saying that if the kernel only *supports* signed modules, and you load a module that is not signed, it will taint the kernel? -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/