64 lines
1.7 KiB
Diff
64 lines
1.7 KiB
Diff
From 3213f1513a744fb21b6b9e4d4f2650a204855b3e Mon Sep 17 00:00:00 2001
|
|
From: Matthew Garrett <matthew.garrett@nebula.com>
|
|
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
|
Subject: [PATCH] Add secure_modules() call
|
|
|
|
Provide a single call to allow kernel code to determine whether the system
|
|
has been configured to either disable module loading entirely or to load
|
|
only modules signed with a trusted key.
|
|
|
|
Bugzilla: N/A
|
|
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
|
|
|
|
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|
---
|
|
include/linux/module.h | 6 ++++++
|
|
kernel/module.c | 10 ++++++++++
|
|
2 files changed, 16 insertions(+)
|
|
|
|
diff --git a/include/linux/module.h b/include/linux/module.h
|
|
index 0c3207d..05bd6c9 100644
|
|
--- a/include/linux/module.h
|
|
+++ b/include/linux/module.h
|
|
@@ -641,6 +641,8 @@ static inline bool is_livepatch_module(struct module *mod)
|
|
}
|
|
#endif /* CONFIG_LIVEPATCH */
|
|
|
|
+extern bool secure_modules(void);
|
|
+
|
|
#else /* !CONFIG_MODULES... */
|
|
|
|
static inline struct module *__module_address(unsigned long addr)
|
|
@@ -750,6 +752,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
|
return false;
|
|
}
|
|
|
|
+static inline bool secure_modules(void)
|
|
+{
|
|
+ return false;
|
|
+}
|
|
#endif /* CONFIG_MODULES */
|
|
|
|
#ifdef CONFIG_SYSFS
|
|
diff --git a/kernel/module.c b/kernel/module.c
|
|
index 529efae..0332fdd 100644
|
|
--- a/kernel/module.c
|
|
+++ b/kernel/module.c
|
|
@@ -4279,3 +4279,13 @@ void module_layout(struct module *mod,
|
|
}
|
|
EXPORT_SYMBOL(module_layout);
|
|
#endif
|
|
+
|
|
+bool secure_modules(void)
|
|
+{
|
|
+#ifdef CONFIG_MODULE_SIG
|
|
+ return (sig_enforce || modules_disabled);
|
|
+#else
|
|
+ return modules_disabled;
|
|
+#endif
|
|
+}
|
|
+EXPORT_SYMBOL(secure_modules);
|
|
--
|
|
2.9.2
|
|
|