forked from rpms/kernel
		
	ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs, timers, crypto merges
		
			
				
	
	
		
			64 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			64 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From 0f6eec5ca124baf1372fb4edeacd11a002378f5e Mon Sep 17 00:00:00 2001
 | |
| From: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| Date: Fri, 9 Aug 2013 17:58:15 -0400
 | |
| Subject: [PATCH 01/20] Add secure_modules() call
 | |
| 
 | |
| Provide a single call to allow kernel code to determine whether the system
 | |
| has been configured to either disable module loading entirely or to load
 | |
| only modules signed with a trusted key.
 | |
| 
 | |
| Bugzilla: N/A
 | |
| Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
 | |
| 
 | |
| Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| ---
 | |
|  include/linux/module.h |  6 ++++++
 | |
|  kernel/module.c        | 10 ++++++++++
 | |
|  2 files changed, 16 insertions(+)
 | |
| 
 | |
| diff --git a/include/linux/module.h b/include/linux/module.h
 | |
| index 3daf2b3..082298a 100644
 | |
| --- a/include/linux/module.h
 | |
| +++ b/include/linux/module.h
 | |
| @@ -655,6 +655,8 @@ static inline bool is_livepatch_module(struct module *mod)
 | |
|  }
 | |
|  #endif /* CONFIG_LIVEPATCH */
 | |
|  
 | |
| +extern bool secure_modules(void);
 | |
| +
 | |
|  #else /* !CONFIG_MODULES... */
 | |
|  
 | |
|  /* Given an address, look for it in the exception tables. */
 | |
| @@ -771,6 +773,10 @@ static inline bool module_requested_async_probing(struct module *module)
 | |
|  	return false;
 | |
|  }
 | |
|  
 | |
| +static inline bool secure_modules(void)
 | |
| +{
 | |
| +	return false;
 | |
| +}
 | |
|  #endif /* CONFIG_MODULES */
 | |
|  
 | |
|  #ifdef CONFIG_SYSFS
 | |
| diff --git a/kernel/module.c b/kernel/module.c
 | |
| index 5f71aa6..3c38496 100644
 | |
| --- a/kernel/module.c
 | |
| +++ b/kernel/module.c
 | |
| @@ -4199,3 +4199,13 @@ void module_layout(struct module *mod,
 | |
|  }
 | |
|  EXPORT_SYMBOL(module_layout);
 | |
|  #endif
 | |
| +
 | |
| +bool secure_modules(void)
 | |
| +{
 | |
| +#ifdef CONFIG_MODULE_SIG
 | |
| +	return (sig_enforce || modules_disabled);
 | |
| +#else
 | |
| +	return modules_disabled;
 | |
| +#endif
 | |
| +}
 | |
| +EXPORT_SYMBOL(secure_modules);
 | |
| -- 
 | |
| 2.5.5
 | |
| 
 |