----- Original Message ----- > From: "Steven Rostedt" <rost...@goodmis.org> > To: "Ingo Molnar" <mi...@kernel.org> > Cc: "Mathieu Desnoyers" <mathieu.desnoy...@efficios.com>, > linux-kernel@vger.kernel.org, "Ingo Molnar" > <mi...@redhat.com>, "Thomas Gleixner" <t...@linutronix.de>, "Rusty Russell" > <ru...@rustcorp.com.au>, "David Howells" > <dhowe...@redhat.com>, "Greg Kroah-Hartman" <gre...@linuxfoundation.org> > Sent: Tuesday, February 11, 2014 11:45:34 PM > Subject: Re: [RFC PATCH] Fix: module signature vs tracepoints: add new > TAINT_UNSIGNED_MODULE > > [...] > But if the kernel expects to have signed modules, and you force a > module to be loaded that is not signed, then you still get that > "forced" module taint, which is the same one as loading a module from > an older kernel into a newer kernel. It's a different problem, and I > can see having a different taint flag be more informative to kernel > developers in general. I would welcome that change with or without > letting tracepoints be set for that module.
There is one important inaccuracy in your explanation above: a kernel supporting signed modules, but not enforcing "sig_force", can load unsigned modules with a simple modprobe or insmod, without any "--force" argument. Therefore, tainting the module as "TAINT_FORCED_MODULE" is misleading. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/