Message ID | 20240628103923.1677347-1-a869920004@gmail.com (mailing list archive) |
---|---|
State | Handled Elsewhere |
Headers | show |
Series | [v3] module: Add log info for verifying module signature | expand |
On Fri, Jun 28, 2024 at 10:39:23AM +0000, Yusong Gao wrote: > Add log information in kernel-space when loading module failures. > Try to load the unsigned module and the module with bad signature > when set 1 to /sys/module/module/parameters/sig_enforce. > > Unsigned module case: > (linux) insmod unsigned.ko > [ 18.714661] Loading of unsigned module is rejected > insmod: can't insert 'unsigned.ko': Key was rejected by service > (linux) > > Bad signature module case: > (linux) insmod bad_signature.ko > insmod: can't insert 'bad_signature.ko': Key was rejected by service > (linux) > > There have different logging behavior the bad signature case only log > in user-space, add log info for fatal errors in module_sig_check(). > > Signed-off-by: Yusong Gao <a869920004@gmail.com> > --- > V3: Clarify the message type and the error code meaning. > V2: Change print level from notice to debug. > --- > kernel/module/signing.c | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) > > diff --git a/kernel/module/signing.c b/kernel/module/signing.c > index a2ff4242e623..826cdab8e3e4 100644 > --- a/kernel/module/signing.c > +++ b/kernel/module/signing.c > @@ -67,6 +67,31 @@ int mod_verify_sig(const void *mod, struct load_info *info) > NULL, NULL); > } > > +static const char *mod_decode_error(int errno) > +{ > + char *errstr = "Unrecognized error"; This is not safe. You can just extend the existing debug switch for strict module loading and re-use the variable there and use that, for example diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..9111822116e6 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -106,6 +106,9 @@ int module_sig_check(struct load_info *info, int flags) case -ENOKEY: reason = "module with unavailable key"; break; + case -EKEYREJECTED: + reason = "Key was rejected by service"; + break; default: /* @@ -113,6 +116,7 @@ int module_sig_check(struct load_info *info, int flags) * unparseable signatures, and signature check failures -- * even if signatures aren't required. */ + pr_debug("Verifying module signature failed: %s\n", reason); return err; } Also certs/system_keyring.c already has a lot of pr_devel stuff too, so do we really need this? Luis
diff --git a/kernel/module/signing.c b/kernel/module/signing.c index a2ff4242e623..826cdab8e3e4 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -67,6 +67,31 @@ int mod_verify_sig(const void *mod, struct load_info *info) NULL, NULL); } +static const char *mod_decode_error(int errno) +{ + char *errstr = "Unrecognized error"; + + switch (errno) { + case -ENOMEM: + errstr = "Out of memory"; + break; + case -EINVAL: + errstr = "Invalid argument"; + break; + case -EBADMSG: + errstr = "Invaild module signature format"; + break; + case -EMSGSIZE: + errstr = "Message too long"; + break; + case -EKEYREJECTED: + errstr = "Key was rejected by service"; + break; + } + + return errstr; +} + int module_sig_check(struct load_info *info, int flags) { int err = -ENODATA; @@ -113,6 +138,8 @@ int module_sig_check(struct load_info *info, int flags) * unparseable signatures, and signature check failures -- * even if signatures aren't required. */ + pr_debug("Verifying module signature failed: %s\n", + mod_decode_error(err)); return err; }
Add log information in kernel-space when loading module failures. Try to load the unsigned module and the module with bad signature when set 1 to /sys/module/module/parameters/sig_enforce. Unsigned module case: (linux) insmod unsigned.ko [ 18.714661] Loading of unsigned module is rejected insmod: can't insert 'unsigned.ko': Key was rejected by service (linux) Bad signature module case: (linux) insmod bad_signature.ko insmod: can't insert 'bad_signature.ko': Key was rejected by service (linux) There have different logging behavior the bad signature case only log in user-space, add log info for fatal errors in module_sig_check(). Signed-off-by: Yusong Gao <a869920004@gmail.com> --- V3: Clarify the message type and the error code meaning. V2: Change print level from notice to debug. --- kernel/module/signing.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)