Aaron Tomlin <atomlin@xxxxxxxxxx> wrote: > No functional changes. I could be mistaken, but I think this has a functional change and could break module signature enforcement in some cases. > > This patch moves all module related code into a separate directory, > modifies each file name and creates a new Makefile. Note: this effort > is in preparation to refactor core module code. > > Reviewed-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx> > Signed-off-by: Aaron Tomlin <atomlin@xxxxxxxxxx> > --- > MAINTAINERS | 2 +- > kernel/Makefile | 5 +---- > kernel/module/Makefile | 12 ++++++++++++ > kernel/{module_decompress.c => module/decompress.c} | 2 +- > kernel/{module-internal.h => module/internal.h} | 0 > kernel/{module.c => module/main.c} | 2 +- > kernel/{module_signing.c => module/signing.c} | 2 +- I spent at least an hour trying to figure out how the code below in module/signing.c (was moved from module/main.c in a later patch in this series) managed to have a "module" prefix for "module.sig_enforce" kernel cmdline param and for the /sys/module/module/parameters/sig_enforce file. static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); module_param(sig_enforce, bool_enable_only, 0644); I thought I was missing something until I realized this was a very recent change and might actually be a bug. If I'm not mistaken, the prefix will now become "signing". So the kernel cmdline param would get ignore and any userspace writes to /sys/module/module/parameters/sig_enforce will start failing. I don't have a device to boot 5.19-rcX in, but I think I'm right. Can someone confirm? If my code analysis is right, then the fix seems to be adding this code before the module_param() line. diff --git a/kernel/module/signing.c b/kernel/module/signing.c index 85c8999dfecf..6b0672e4417b 100644 --- a/kernel/module/signing.c +++ b/kernel/module/signing.c @@ -16,6 +16,11 @@ #include <uapi/linux/module.h> #include "internal.h" +#ifdef MODULE_PARAM_PREFIX +#undef MODULE_PARAM_PREFIX +#endif +#define MODULE_PARAM_PREFIX "module." + static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); module_param(sig_enforce, bool_enable_only, 0644); -Saravana