Commit 2992ef29 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Jiri Kosina

livepatch/module: make TAINT_LIVEPATCH module-specific

There's no reliable way to determine which module tainted the kernel
with TAINT_LIVEPATCH.  For example, /sys/module/<klp module>/taint
doesn't report it.  Neither does the "mod -t" command in the crash tool.

Make it crystal clear who the guilty party is by associating
TAINT_LIVEPATCH with any module which sets the "livepatch" modinfo
attribute.  The flag will still get set in the kernel like before, but
now it also sets the same flag in mod->taint.

Note that now the taint flag gets set when the module is loaded rather
than when it's enabled.

I also renamed find_livepatch_modinfo() to check_modinfo_livepatch() to
better reflect its purpose: it's basically a livepatch-specific
sub-function of check_modinfo().
Reported-by: default avatarChunyu Hu <chuhu@redhat.com>
Reviewed-by: default avatarPetr Mladek <pmladek@suse.com>
Acked-by: default avatarMiroslav Benes <mbenes@suse.cz>
Acked-by: default avatarJessica Yu <jeyu@redhat.com>
Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 5ad75fcd
...@@ -545,9 +545,6 @@ static int __klp_enable_patch(struct klp_patch *patch) ...@@ -545,9 +545,6 @@ static int __klp_enable_patch(struct klp_patch *patch)
list_prev_entry(patch, list)->state == KLP_DISABLED) list_prev_entry(patch, list)->state == KLP_DISABLED)
return -EBUSY; return -EBUSY;
pr_notice_once("tainting kernel with TAINT_LIVEPATCH\n");
add_taint(TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
pr_notice("enabling patch '%s'\n", patch->mod->name); pr_notice("enabling patch '%s'\n", patch->mod->name);
klp_for_each_object(patch, obj) { klp_for_each_object(patch, obj) {
......
...@@ -1149,6 +1149,8 @@ static size_t module_flags_taint(struct module *mod, char *buf) ...@@ -1149,6 +1149,8 @@ static size_t module_flags_taint(struct module *mod, char *buf)
buf[l++] = 'C'; buf[l++] = 'C';
if (mod->taints & (1 << TAINT_UNSIGNED_MODULE)) if (mod->taints & (1 << TAINT_UNSIGNED_MODULE))
buf[l++] = 'E'; buf[l++] = 'E';
if (mod->taints & (1 << TAINT_LIVEPATCH))
buf[l++] = 'K';
/* /*
* TAINT_FORCED_RMMOD: could be added. * TAINT_FORCED_RMMOD: could be added.
* TAINT_CPU_OUT_OF_SPEC, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't * TAINT_CPU_OUT_OF_SPEC, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
...@@ -2792,14 +2794,17 @@ static int copy_chunked_from_user(void *dst, const void __user *usrc, unsigned l ...@@ -2792,14 +2794,17 @@ static int copy_chunked_from_user(void *dst, const void __user *usrc, unsigned l
} }
#ifdef CONFIG_LIVEPATCH #ifdef CONFIG_LIVEPATCH
static int find_livepatch_modinfo(struct module *mod, struct load_info *info) static int check_modinfo_livepatch(struct module *mod, struct load_info *info)
{ {
mod->klp = get_modinfo(info, "livepatch") ? true : false; if (get_modinfo(info, "livepatch")) {
mod->klp = true;
add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
}
return 0; return 0;
} }
#else /* !CONFIG_LIVEPATCH */ #else /* !CONFIG_LIVEPATCH */
static int find_livepatch_modinfo(struct module *mod, struct load_info *info) static int check_modinfo_livepatch(struct module *mod, struct load_info *info)
{ {
if (get_modinfo(info, "livepatch")) { if (get_modinfo(info, "livepatch")) {
pr_err("%s: module is marked as livepatch module, but livepatch support is disabled", pr_err("%s: module is marked as livepatch module, but livepatch support is disabled",
...@@ -2969,7 +2974,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) ...@@ -2969,7 +2974,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
"is unknown, you have been warned.\n", mod->name); "is unknown, you have been warned.\n", mod->name);
} }
err = find_livepatch_modinfo(mod, info); err = check_modinfo_livepatch(mod, info);
if (err) if (err)
return err; return err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment