#include <linux/mm.h>
#include <linux/file.h>
#include <linux/kexec.h>
+#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/syscalls.h>
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
+ /*
+ * kexec can be used to circumvent module loading restrictions, so
+ * prevent loading in that case
+ */
+ if (secure_modules())
+ return -EPERM;
+
/*
* Verify we have a legal set of flags
* This leaves us room for future extensions.