From c3bbf62ebf8c9e87cea875cfa146f44f46af4145 Mon Sep 17 00:00:00 2001 From: Luis Chamberlain Date: Sun, 19 Mar 2023 14:27:44 -0700 Subject: [PATCH] module: move signature taint to module_augment_kernel_taints() Just move the signature taint into the helper: module_augment_kernel_taints() Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1aa71f8..2f19881 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1984,6 +1984,15 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i mod->name); add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); } +#ifdef CONFIG_MODULE_SIG + mod->sig_ok = info->sig_ok; + if (!mod->sig_ok) { + pr_notice_once("%s: module verification failed: signature " + "and/or required key missing - tainting " + "kernel\n", mod->name); + add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); + } +#endif } static int check_modinfo(struct module *mod, struct load_info *info, int flags) @@ -2770,15 +2779,6 @@ static int load_module(struct load_info *info, const char __user *uargs, * We should compromise and converge. */ module_augment_kernel_taints(mod, info); -#ifdef CONFIG_MODULE_SIG - mod->sig_ok = info->sig_ok; - if (!mod->sig_ok) { - pr_notice_once("%s: module verification failed: signature " - "and/or required key missing - tainting " - "kernel\n", mod->name); - add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); - } -#endif /* To avoid stressing percpu allocator, do this once we're unique. */ err = percpu_modalloc(mod, info); -- 2.7.4