Commit 6727bb9c authored by Luis R. Rodriguez's avatar Luis R. Rodriguez Committed by Rusty Russell

kernel/module.c: avoid ifdefs for sig_enforce declaration

There's no need to require an ifdef over the declaration
of sig_enforce as IS_ENABLED() can be used. While at it,
there's no harm in exposing this kernel parameter outside of
CONFIG_MODULE_SIG as it'd be a no-op on non module sig

Now, technically we should in theory be able to remove
the #ifdef'ery over the declaration of the module parameter
as we are also trusting the bool_enable_only code for
CONFIG_MODULE_SIG kernels but for now remain paranoid
and keep it.

With time if no one can put a bullet through bool_enable_only
and if there are no technical requirements over not exposing
CONFIG_MODULE_SIG_FORCE with the measures in place by
bool_enable_only we could remove this last ifdef.

Cc: Rusty Russell <>
Cc: Andrew Morton <>
Cc: Kees Cook <>
Cc: Tejun Heo <>
Cc: Ingo Molnar <>
Signed-off-by: default avatarLuis R. Rodriguez <>
Signed-off-by: default avatarRusty Russell <>
parent 552f530c
......@@ -292,15 +292,10 @@ static void module_assert_mutex_or_preempt(void)
static bool sig_enforce = true;
static bool sig_enforce = false;
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);
#endif /* CONFIG_MODULE_SIG */
/* Block module loading/unloading? */
int modules_disabled = 0;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment