diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-08-20 13:22:24 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-08-20 13:22:24 -0400 |
commit | 6a91557e4cd508858eca5aba5406a9109861d4de (patch) | |
tree | c57990ccc4a28a9933db2aebba1006f46c619f44 /Add-secure_modules-call.patch | |
parent | a99be7d4cf2fae68a0562a7687d89ee61c6b9f98 (diff) | |
download | kernel-6a91557e4cd508858eca5aba5406a9109861d4de.tar.gz kernel-6a91557e4cd508858eca5aba5406a9109861d4de.tar.xz kernel-6a91557e4cd508858eca5aba5406a9109861d4de.zip |
Patch file cleanup
Do a couple things here:
- Split the mega-patches into individual patches. Should help with rebasing.
- Make all patches 'git am' acceptable.
There should be no functional or actual code differences from before
Diffstat (limited to 'Add-secure_modules-call.patch')
-rw-r--r-- | Add-secure_modules-call.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch new file mode 100644 index 000000000..25a60e5b6 --- /dev/null +++ b/Add-secure_modules-call.patch @@ -0,0 +1,64 @@ +From 2b10c8cae99674ce201497dda8830d13291f46b5 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett <matthew.garrett@nebula.com> +Date: Fri, 9 Aug 2013 17:58:15 -0400 +Subject: [PATCH] Add secure_modules() call + +Provide a single call to allow kernel code to determine whether the system +has been configured to either disable module loading entirely or to load +only modules signed with a trusted key. + +Bugzilla: N/A +Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd + +Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> +--- + include/linux/module.h | 7 +++++++ + kernel/module.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/include/linux/module.h b/include/linux/module.h +index 71f282a4e307..341a73ecea2e 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb); + + extern void print_modules(void); + ++extern bool secure_modules(void); ++ + #else /* !CONFIG_MODULES... */ + + /* Given an address, look for it in the exception tables. */ +@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb) + static inline void print_modules(void) + { + } ++ ++static inline bool secure_modules(void) ++{ ++ return false; ++} + #endif /* CONFIG_MODULES */ + + #ifdef CONFIG_SYSFS +diff --git a/kernel/module.c b/kernel/module.c +index 03214bd288e9..1f7b4664300e 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod, + } + EXPORT_SYMBOL(module_layout); + #endif ++ ++bool secure_modules(void) ++{ ++#ifdef CONFIG_MODULE_SIG ++ return (sig_enforce || modules_disabled); ++#else ++ return modules_disabled; ++#endif ++} ++EXPORT_SYMBOL(secure_modules); +-- +1.9.3 + |