1. Patchew
  2. linux
  3. View series

[PATCH] module: Add log information for loading module failures

Yusong Gao posted 1 patch 1 year, 6 months ago
There is a newer version of this series
kernel/module/signing.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] module: Add log information for loading module failures
Posted by Yusong Gao 1 year, 6 months ago 
Add log information in kernel-space when loading module failures.
Try to load the unsigned module and the module with bad signature
when set 1 to /sys/module/module/parameters/sig_enforce.

Unsigned module case:
(linux) insmod unsigned.ko
[   18.714661] Loading of unsigned module is rejected
insmod: can't insert 'unsigned.ko': Key was rejected by service
(linux)

Bad signature module case:
(linux) insmod bad_signature.ko
insmod: can't insert 'bad_signature.ko': Key was rejected by service
(linux)

There have different logging behavior the bad signature case only log
in user-space, add log info for fatal errors in module_sig_check().

Signed-off-by: Yusong Gao <a869920004@gmail.com>
---
 kernel/module/signing.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..6a6493c8f7e4 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -113,6 +113,7 @@ int module_sig_check(struct load_info *info, int flags)
 		 * unparseable signatures, and signature check failures --
 		 * even if signatures aren't required.
 		 */
+		pr_notice("Loading module failed (errno=%d)\n", -err);
 		return err;
 	}
 
-- 
2.34.1
Re: [PATCH] module: Add log information for loading module failures
Posted by Luis Chamberlain 1 year, 6 months ago 
On Fri, Jun 14, 2024 at 09:25:19AM +0000, Yusong Gao wrote:
> Add log information in kernel-space when loading module failures.
> Try to load the unsigned module and the module with bad signature
> when set 1 to /sys/module/module/parameters/sig_enforce.
> 
> Unsigned module case:
> (linux) insmod unsigned.ko
> [   18.714661] Loading of unsigned module is rejected
> insmod: can't insert 'unsigned.ko': Key was rejected by service
> (linux)
> 
> Bad signature module case:
> (linux) insmod bad_signature.ko
> insmod: can't insert 'bad_signature.ko': Key was rejected by service
> (linux)
> 
> There have different logging behavior the bad signature case only log
> in user-space, add log info for fatal errors in module_sig_check().
> 
> Signed-off-by: Yusong Gao <a869920004@gmail.com>
> ---
>  kernel/module/signing.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
> index a2ff4242e623..6a6493c8f7e4 100644
> --- a/kernel/module/signing.c
> +++ b/kernel/module/signing.c
> @@ -113,6 +113,7 @@ int module_sig_check(struct load_info *info, int flags)
>  		 * unparseable signatures, and signature check failures --
>  		 * even if signatures aren't required.
>  		 */
> +		pr_notice("Loading module failed (errno=%d)\n", -err);
>  		return err;

I welcome pr_debug() messages but if we were to add a regular print for every
single type of failure we'd clutter the code, we don't want that.

  Luis
Re: [PATCH] module: Add log information for loading module failures
Posted by Yusong Gao 1 year, 6 months ago 

On 6/19/24 02:54, Luis Chamberlain wrote:
> On Fri, Jun 14, 2024 at 09:25:19AM +0000, Yusong Gao wrote:
>> Add log information in kernel-space when loading module failures.
>> Try to load the unsigned module and the module with bad signature
>> when set 1 to /sys/module/module/parameters/sig_enforce.
>>
>> Unsigned module case:
>> (linux) insmod unsigned.ko
>> [   18.714661] Loading of unsigned module is rejected
>> insmod: can't insert 'unsigned.ko': Key was rejected by service
>> (linux)
>>
>> Bad signature module case:
>> (linux) insmod bad_signature.ko
>> insmod: can't insert 'bad_signature.ko': Key was rejected by service
>> (linux)
>>
>> There have different logging behavior the bad signature case only log
>> in user-space, add log info for fatal errors in module_sig_check().
>>
>> Signed-off-by: Yusong Gao <a869920004@gmail.com>
>> ---
>>   kernel/module/signing.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
>> index a2ff4242e623..6a6493c8f7e4 100644
>> --- a/kernel/module/signing.c
>> +++ b/kernel/module/signing.c
>> @@ -113,6 +113,7 @@ int module_sig_check(struct load_info *info, int flags)
>>   		 * unparseable signatures, and signature check failures --
>>   		 * even if signatures aren't required.
>>   		 */
>> +		pr_notice("Loading module failed (errno=%d)\n", -err);
>>   		return err;
> 
> I welcome pr_debug() messages but if we were to add a regular print for every
> single type of failure we'd clutter the code, we don't want that.
> 
>    Luis

Thanks for your reply!
Agreed. I'll make that change. The reason I select the notice print 
level is because I found the codes in module_sig_check() use notice 
level when signature enforced. In fact the pr_debug() is more suitable 
for this scene.

BR, Yusong Gao

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.