diff mbox series

[v3] module: Add log info for verifying module signature

Message ID 20240628103923.1677347-1-a869920004@gmail.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [v3] module: Add log info for verifying module signature | expand

Commit Message

Yusong Gao June 28, 2024, 10:39 a.m. UTC
Add log information in kernel-space when loading module failures.
Try to load the unsigned module and the module with bad signature
when set 1 to /sys/module/module/parameters/sig_enforce.

Unsigned module case:
(linux) insmod unsigned.ko
[   18.714661] Loading of unsigned module is rejected
insmod: can't insert 'unsigned.ko': Key was rejected by service
(linux)

Bad signature module case:
(linux) insmod bad_signature.ko
insmod: can't insert 'bad_signature.ko': Key was rejected by service
(linux)

There have different logging behavior the bad signature case only log
in user-space, add log info for fatal errors in module_sig_check().

Signed-off-by: Yusong Gao <a869920004@gmail.com>
---
V3: Clarify the message type and the error code meaning.
V2: Change print level from notice to debug.
---
 kernel/module/signing.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

Comments

Luis Chamberlain June 28, 2024, 5:16 p.m. UTC | #1
On Fri, Jun 28, 2024 at 10:39:23AM +0000, Yusong Gao wrote:
> Add log information in kernel-space when loading module failures.
> Try to load the unsigned module and the module with bad signature
> when set 1 to /sys/module/module/parameters/sig_enforce.
> 
> Unsigned module case:
> (linux) insmod unsigned.ko
> [   18.714661] Loading of unsigned module is rejected
> insmod: can't insert 'unsigned.ko': Key was rejected by service
> (linux)
> 
> Bad signature module case:
> (linux) insmod bad_signature.ko
> insmod: can't insert 'bad_signature.ko': Key was rejected by service
> (linux)
> 
> There have different logging behavior the bad signature case only log
> in user-space, add log info for fatal errors in module_sig_check().
> 
> Signed-off-by: Yusong Gao <a869920004@gmail.com>
> ---
> V3: Clarify the message type and the error code meaning.
> V2: Change print level from notice to debug.
> ---
>  kernel/module/signing.c | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
> 
> diff --git a/kernel/module/signing.c b/kernel/module/signing.c
> index a2ff4242e623..826cdab8e3e4 100644
> --- a/kernel/module/signing.c
> +++ b/kernel/module/signing.c
> @@ -67,6 +67,31 @@ int mod_verify_sig(const void *mod, struct load_info *info)
>  				      NULL, NULL);
>  }
>  
> +static const char *mod_decode_error(int errno)
> +{
> +	char *errstr = "Unrecognized error";

This is not safe. You can just extend the existing debug switch for
strict module loading and re-use the variable there and use that,
for example

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..9111822116e6 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -106,6 +106,9 @@ int module_sig_check(struct load_info *info, int flags)
 	case -ENOKEY:
 		reason = "module with unavailable key";
 		break;
+	case -EKEYREJECTED:
+		reason = "Key was rejected by service";
+		break;
 
 	default:
 		/*
@@ -113,6 +116,7 @@ int module_sig_check(struct load_info *info, int flags)
 		 * unparseable signatures, and signature check failures --
 		 * even if signatures aren't required.
 		 */
+		pr_debug("Verifying module signature failed: %s\n", reason);
 		return err;
 	}

Also certs/system_keyring.c already has a lot of pr_devel stuff too, so
do we really need this?

  Luis
diff mbox series

Patch

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..826cdab8e3e4 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -67,6 +67,31 @@  int mod_verify_sig(const void *mod, struct load_info *info)
 				      NULL, NULL);
 }
 
+static const char *mod_decode_error(int errno)
+{
+	char *errstr = "Unrecognized error";
+
+	switch (errno) {
+	case -ENOMEM:
+		errstr = "Out of memory";
+		break;
+	case -EINVAL:
+		errstr = "Invalid argument";
+		break;
+	case -EBADMSG:
+		errstr = "Invaild module signature format";
+		break;
+	case -EMSGSIZE:
+		errstr = "Message too long";
+		break;
+	case -EKEYREJECTED:
+		errstr = "Key was rejected by service";
+		break;
+	}
+
+	return errstr;
+}
+
 int module_sig_check(struct load_info *info, int flags)
 {
 	int err = -ENODATA;
@@ -113,6 +138,8 @@  int module_sig_check(struct load_info *info, int flags)
 		 * unparseable signatures, and signature check failures --
 		 * even if signatures aren't required.
 		 */
+		pr_debug("Verifying module signature failed: %s\n",
+			 mod_decode_error(err));
 		return err;
 	}