shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 02:50:49 +09:00
Code Issues Packages Projects Releases Wiki Activity

ANDROID: GKI: load vendor modules without tainting the kernel

Browse Source 
GKI repurposes module signing to distinguish GKI and vendor modules.
It was unhelpful and sometimes confusing to taint the kernel when
loading vendor modules.

Bug: 232430739
Bug: 383260800
Change-Id: If05a9e7d8e28954eba0472149fe312045c9c4fad
Signed-off-by: Giuliano Procida <gprocida@google.com>
(cherry picked from commit 23313da5700f038f95a82a695392e5bb5b550ba6)
This commit is contained in:
Giuliano Procida
2024-12-11 09:59:42 +00:00
parent 7e96f2bfaa
commit bda0401cd8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/module/main.c
View File

@@ -2813,12 +2813,14 @@ static int load_module(struct load_info *info, const char __user *uargs,
#ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG
mod->sig_ok = info->sig_ok; mod->sig_ok = info->sig_ok;
#ifndef CONFIG_MODULE_SIG_PROTECT
if (!mod->sig_ok) { if (!mod->sig_ok) {
pr_notice_once("%s: module verification failed: signature " pr_notice_once("%s: module verification failed: signature "
"and/or required key missing - tainting " "and/or required key missing - tainting "
"kernel\n", mod->name); "kernel\n", mod->name);
add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
} }
#endif
#else #else
mod->sig_ok = 0; mod->sig_ok = 0;
#endif #endif