User: Password:
|
|
Subscribe / Log in / New account

Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE

From:  Rusty Russell <rusty-AT-rustcorp.com.au>
To:  Steven Rostedt <rostedt-AT-goodmis.org>
Subject:  Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
Date:  Fri, 14 Feb 2014 11:21:19 +1030
Message-ID:  <878uteecu0.fsf@rustcorp.com.au>
Cc:  Ingo Molnar <mingo-AT-kernel.org>, Mathieu Desnoyers <mathieu.desnoyers-AT-efficios.com>, linux-kernel-AT-vger.kernel.org, Ingo Molnar <mingo-AT-redhat.com>, Thomas Gleixner <tglx-AT-linutronix.de>, David Howells <dhowells-AT-redhat.com>, Greg Kroah-Hartman <gregkh-AT-linuxfoundation.org>
Archive-link:  Article

Steven Rostedt <rostedt@goodmis.org> writes:
> On Thu, 13 Feb 2014 13:54:42 +1030
> Rusty Russell <rusty@rustcorp.com.au> wrote:
>
>
>> I'm ambivalent towards out-of-tree modules, so not tempted unless I see
>> a bug report indicating a concrete problem.  Then we can discuss...
>
> As I replied in another email, this is a concrete problem, and affects
> in-tree kernel modules.
>
> If you have the following in your .config:
>
> CONFIG_MODULE_SIG=y
> # CONFIG_MODULE_SIG_FORCE is not set
> # CONFIG_MODULE_SIG_ALL is not set

This means you've set the "I will arrange my own module signing" config
option:

	  Sign all modules during make modules_install. Without this option,
	  modules must be signed manually, using the scripts/sign-file tool.

comment "Do not forget to sign required modules with scripts/sign-file"
	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL

Then you didn't do that.  You broke it, you get to keep both pieces.

Again: is there an actual valid use case?
Rusty.


(Log in to post comments)


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds