Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> writes: > Currently we're hiding mod->sig_ok under an ifdef in open code. > This patch adds a module_sig_ok accessor function and removes that > ifdef. > > Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx> > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Did you want me to take this via modules-next? Assuming not. So: Acked-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx> Thanks, Rusty. > diff --git a/crypto/algapi.c b/crypto/algapi.c > index 8057c9f..c63836f 100644 > --- a/crypto/algapi.c > +++ b/crypto/algapi.c > @@ -44,12 +44,9 @@ static inline int crypto_set_driver_name(struct crypto_alg *alg) > > static inline void crypto_check_module_sig(struct module *mod) > { > -#ifdef CONFIG_CRYPTO_FIPS > - if (fips_enabled && mod && !mod->sig_ok) > + if (fips_enabled && mod && !module_sig_ok(mod)) > panic("Module %s signature verification failed in FIPS mode\n", > mod->name); > -#endif > - return; > } > > static int crypto_check_alg(struct crypto_alg *alg) > diff --git a/include/linux/module.h b/include/linux/module.h > index c883b86..1e54360 100644 > --- a/include/linux/module.h > +++ b/include/linux/module.h > @@ -655,4 +655,16 @@ static inline void module_bug_finalize(const Elf_Ehdr *hdr, > static inline void module_bug_cleanup(struct module *mod) {} > #endif /* CONFIG_GENERIC_BUG */ > > +#ifdef CONFIG_MODULE_SIG > +static inline bool module_sig_ok(struct module *module) > +{ > + return module->sig_ok; > +} > +#else /* !CONFIG_MODULE_SIG */ > +static inline bool module_sig_ok(struct module *module) > +{ > + return true; > +} > +#endif /* CONFIG_MODULE_SIG */ > + > #endif /* _LINUX_MODULE_H */ > -- > Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html