Linux v4.2

This is a squashed patch of the history from F22 + the 4.2 rebase

1 files changed, 59 insertions, 0 deletions

diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch
new file mode 100644
index 000000000..158e7f1d2
--- /dev/null
+++ b/Add-secure_modules-call.patch
@@ -0,0 +1,59 @@
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Fri, 9 Aug 2013 17:58:15 -0400
+Subject: [PATCH] Add secure_modules() call
+
+Provide a single call to allow kernel code to determine whether the system
+has been configured to either disable module loading entirely or to load
+only modules signed with a trusted key.
+
+Bugzilla: N/A
+Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
+
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ include/linux/module.h |  6 ++++++
+ kernel/module.c        | 10 ++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/include/linux/module.h b/include/linux/module.h
+index d67b1932cc59..57474384b66b 100644
+--- a/include/linux/module.h
++++ b/include/linux/module.h
+@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
+ 	return module && module->async_probe_requested;
+ }
+ 
++extern bool secure_modules(void);
++
+ #else /* !CONFIG_MODULES... */
+ 
+ /* Given an address, look for it in the exception tables. */
+@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
+ 	return false;
+ }
+ 
++static inline bool secure_modules(void)
++{
++	return false;
++}
+ #endif /* CONFIG_MODULES */
+ 
+ #ifdef CONFIG_SYSFS
+diff --git a/kernel/module.c b/kernel/module.c
+index 4d2b82e610e2..e9869c497175 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
+ }
+ EXPORT_SYMBOL(module_layout);
+ #endif
++
++bool secure_modules(void)
++{
++#ifdef CONFIG_MODULE_SIG
++	return (sig_enforce || modules_disabled);
++#else
++	return modules_disabled;
++#endif
++}
++EXPORT_SYMBOL(secure_modules);