From bda0401cd827cd4b92637071e514fe7127a07a56 Mon Sep 17 00:00:00 2001
From: Giuliano Procida <gprocida@google.com>
Date: Wed, 11 Dec 2024 09:59:42 +0000
Subject: [PATCH] ANDROID: GKI: load vendor modules without tainting the kernel

GKI repurposes module signing to distinguish GKI and vendor modules.
It was unhelpful and sometimes confusing to taint the kernel when
loading vendor modules.

Bug: 232430739
Bug: 383260800
Change-Id: If05a9e7d8e28954eba0472149fe312045c9c4fad
Signed-off-by: Giuliano Procida <gprocida@google.com>
(cherry picked from commit 23313da5700f038f95a82a695392e5bb5b550ba6)
---
 kernel/module/main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/module/main.c b/kernel/module/main.c
index ddd12405683e..8cc13c2adc11 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2813,12 +2813,14 @@ static int load_module(struct load_info *info, const char __user *uargs,
 
 #ifdef CONFIG_MODULE_SIG
 	mod->sig_ok = info->sig_ok;
+#ifndef CONFIG_MODULE_SIG_PROTECT
 	if (!mod->sig_ok) {
 		pr_notice_once("%s: module verification failed: signature "
 			       "and/or required key missing - tainting "
 			       "kernel\n", mod->name);
 		add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
 	}
+#endif
 #else
 	mod->sig_ok = 0;
 #endif