summaryrefslogtreecommitdiffstats
path: root/kernel/module
diff options
context:
space:
mode:
authorLuis Chamberlain <mcgrof@kernel.org>2023-03-19 22:27:45 +0100
committerLuis Chamberlain <mcgrof@kernel.org>2023-03-24 19:33:08 +0100
commit72f08b3cc631f4ebcaa9f373d18fc0b877fb6458 (patch)
tree39f8f7e52455eae053bb34f5814c68cbd75474f6 /kernel/module
parentmodule: move signature taint to module_augment_kernel_taints() (diff)
downloadlinux-72f08b3cc631f4ebcaa9f373d18fc0b877fb6458.tar.xz
linux-72f08b3cc631f4ebcaa9f373d18fc0b877fb6458.zip
module: converge taint work together
Converge on a compromise: so long as we have a module hit our linked list of modules we taint. That is, the module was about to become live. Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Diffstat (limited to 'kernel/module')
-rw-r--r--kernel/module/main.c52
1 files changed, 24 insertions, 28 deletions
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 2f1988137965..f165d93a4ef9 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1955,6 +1955,8 @@ static int setup_load_info(struct load_info *info, int flags)
* These calls taint the kernel depending certain module circumstances */
static void module_augment_kernel_taints(struct module *mod, struct load_info *info)
{
+ int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
+
if (!get_modinfo(info, "intree")) {
if (!test_taint(TAINT_OOT_MODULE))
pr_warn("%s: loading out-of-tree module taints kernel.\n",
@@ -1993,6 +1995,28 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
}
#endif
+
+ /*
+ * ndiswrapper is under GPL by itself, but loads proprietary modules.
+ * Don't use add_taint_module(), as it would prevent ndiswrapper from
+ * using GPL-only symbols it needs.
+ */
+ if (strcmp(mod->name, "ndiswrapper") == 0)
+ add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);
+
+ /* driverloader was caught wrongly pretending to be under GPL */
+ if (strcmp(mod->name, "driverloader") == 0)
+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
+ LOCKDEP_NOW_UNRELIABLE);
+
+ /* lve claims to be GPL but upstream won't provide source */
+ if (strcmp(mod->name, "lve") == 0)
+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
+ LOCKDEP_NOW_UNRELIABLE);
+
+ if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
+ pr_warn("%s: module license taints kernel.\n", mod->name);
+
}
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
@@ -2198,29 +2222,6 @@ out_enomem:
static int check_module_license_and_versions(struct module *mod)
{
- int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
-
- /*
- * ndiswrapper is under GPL by itself, but loads proprietary modules.
- * Don't use add_taint_module(), as it would prevent ndiswrapper from
- * using GPL-only symbols it needs.
- */
- if (strcmp(mod->name, "ndiswrapper") == 0)
- add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);
-
- /* driverloader was caught wrongly pretending to be under GPL */
- if (strcmp(mod->name, "driverloader") == 0)
- add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
- LOCKDEP_NOW_UNRELIABLE);
-
- /* lve claims to be GPL but upstream won't provide source */
- if (strcmp(mod->name, "lve") == 0)
- add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
- LOCKDEP_NOW_UNRELIABLE);
-
- if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
- pr_warn("%s: module license taints kernel.\n", mod->name);
-
#ifdef CONFIG_MODVERSIONS
if ((mod->num_syms && !mod->crcs) ||
(mod->num_gpl_syms && !mod->gpl_crcs)) {
@@ -2772,11 +2773,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
/*
* We are tainting your kernel if your module gets into
* the modules linked list somehow.
- *
- * We have a descrepancy though, see the other taints for
- * signature and those in check_module_license_and_versions().
- *
- * We should compromise and converge.
*/
module_augment_kernel_taints(mod, info);