From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AE77C77B7F for ; Mon, 23 Jun 2025 14:23:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DFB1D6B00C6; Mon, 23 Jun 2025 10:23:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DAC006B00C8; Mon, 23 Jun 2025 10:23:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C9A726B00C9; Mon, 23 Jun 2025 10:23:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id B68176B00C6 for ; Mon, 23 Jun 2025 10:23:06 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 6A16F1A05CC for ; Mon, 23 Jun 2025 14:23:06 +0000 (UTC) X-FDA: 83586882372.23.0D1CE21 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf15.hostedemail.com (Postfix) with ESMTP id 7755EA001F for ; Mon, 23 Jun 2025 14:23:04 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b="I/7kBapV"; spf=none (imf15.hostedemail.com: domain of BATV+617475e3227a0a436e26+7974+infradead.org+hch@bombadil.srs.infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=BATV+617475e3227a0a436e26+7974+infradead.org+hch@bombadil.srs.infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750688584; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ounh5g8nmQna3ynAqQoYNAJIx8BI+xFyYBBxhBPvMuE=; b=holmCS1Ty+F/BtoUemqnSmZwEunwsFiPWhZukK1H+Eua92+hzXuAeKk5mhQKDx7nVjBvi2 adNMNUgHCFMaefxRDCF/LSCztJ/4iI8AH7b2lKDpsIfDLW3F3B/Op3cl5cBTaDnj9BjKN6 7uMvAvN/XC1ArdTPHD7Q8muuzJmmZEc= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b="I/7kBapV"; spf=none (imf15.hostedemail.com: domain of BATV+617475e3227a0a436e26+7974+infradead.org+hch@bombadil.srs.infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=BATV+617475e3227a0a436e26+7974+infradead.org+hch@bombadil.srs.infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750688584; a=rsa-sha256; cv=none; b=ryQOn0bJ5YvNQ6CCCG9dkpBXDDXWe62h8iPUciZvq6flAmb1aDsdW4RZ7LcffHsk9OTpCF kMKZnVV6drAg1SYtQb0dmmvYgeqVUBXJhGU+tmvadFZ01ZNV7wNhAZa3coCiuhVkIIDwNs BTNX6pC/jC3xZviX9BB5Rioki4EyaTA= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Ounh5g8nmQna3ynAqQoYNAJIx8BI+xFyYBBxhBPvMuE=; b=I/7kBapVVQnuoXY3Ck7sT4+W1R 2kO2gM+Hk1gbBN1KdkyaodQn7pBQNlPPU6Z/7CpxrBJNHCUiu4+AmAqVozrCp9z6ySxptXcFcjElt Rzy4wTJcDfLMvVPRAwUKZyriRBtMplSrgZqhTUDi7AZVM3jVm0AkbJGWVYbY1XHRd71HUHJkCBibG 8FIHHant993zYDUge1ZA2ddOTImOYpMnu46nUVsxhjpgDFPTqKQoXsg2hE0awdd80TnpL8cJeQuyJ m/nIlUBF7lwDFEDASHciX0mCgXxQzn3w/vgxll/zr9CdeF1ajfgOl6fM0b60OLSLrLlhQoZgCOr/k P2uMarCg==; Received: from hch by bombadil.infradead.org with local (Exim 4.98.2 #2 (Red Hat Linux)) id 1uTi4X-0000000324c-2UWR; Mon, 23 Jun 2025 14:22:57 +0000 Date: Mon, 23 Jun 2025 07:22:57 -0700 From: Christoph Hellwig To: Vlastimil Babka Cc: Christoph Hellwig , Christian Brauner , Sean Christopherson , Mike Rapoport , Shivank Garg , david@redhat.com, akpm@linux-foundation.org, paul@paul-moore.com, viro@zeniv.linux.org.uk, willy@infradead.org, pbonzini@redhat.com, tabba@google.com, afranji@google.com, ackerleytng@google.com, jack@suse.cz, cgzones@googlemail.com, ira.weiny@intel.com, roypat@amazon.co.uk, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Peter Zijlstra Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Message-ID: References: <20250619-fixpunkt-querfeldein-53eb22d0135f@brauner> <20250619-ablichten-korpulent-0efe2ddd0ee6@brauner> <20250623-warmwasser-giftig-ff656fce89ad@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html X-Rspamd-Server: rspam11 X-Rspam-User: X-Rspamd-Queue-Id: 7755EA001F X-Stat-Signature: 55wpkqkmpgtnn7iw4ryhx7byc79t1x64 X-HE-Tag: 1750688584-791471 X-HE-Meta: U2FsdGVkX19BKuEP0mrFeMnYicPXwk3vgjZ8ydJwsCjhDKFgrxDiivzWc8TtPVuwWGOSq/oBvMpL9iQ1+xKYgZjT5gMi6XsuPGwkI9pj3Vx3hDvQ7tUS6htGnY0no7k8qzZ1/AinXZcFiS69jF3inJmA0bBRylbW+C4jAXPWpsTu9I878gI0WHOSGI3MmioLDPcV8YR+wJn/s+YEwvC1KcVUAsmh8fWut+vpv1TajWpKLnrf13Ga/TB5oMIs9oiJcnAx6++Tk8e2fZ4BF+bOFrIHTgy2iLIqJdA8cs998/DF4jylevC9bwul5GzFD7c4tT9m9Ue7XZqEhwH2ip6kNmLLeB+1NsWd+h4O5gG4c76AHXQgRLXTYZzwx8PVvLfjxTEgyir7ZOQ+1VIVd5ODO4csc7pk1xm2dOrDSPYBsoM5Bua2Pm3FtqziMK7isfpH7uNELHppRWhY9SFVoydwcWod94ViHlsju9FBuUJXVp8dkUa7AJSf0zJ/PXo8QyuxGOvv3kU7+237EqrkVKaRd2aG5lC5zXRczyJ6yI76dboP5ATy/TlzFGdy2N36SgWzSoxuM1mkYemdgt/CsFAuuqUWV2TNEXrSSdDVf3yYKG6ZdmmxCAuxxYhdtVQhBfVYNw6KJvCsYdu2pn+3JlEpSc0gb1CRI0ojddmHy1FqzIlOnxaze2uNHAeTf/GkzLbDprLcEwrOsTVfC5EYlqM2fzP1ur3MkEIREe8JPcYik+ilk3rV99wBMnov4rkwMX6kKhG1cJGuhKBkmMzjwqshoCbQVKudimNysgwkCyPBWZqsadAFiy7RzZrMNexilizOJaOXO6K7LAlQZVa/IACtvuRasMmjE+f0XcB5w5s8E8AKcaX7tMDepIsIk/5k8u214JDMQdERqI038/8o/yVTdNyEdrUyDnB8lFAKk2lz9iOxB8c0FWDlU5Xf6D2JUDANUUKwfHRBcq2GSRoGBEY 6hCLebiK 0Scls+djIs1aOGEfAvWCfzX9MTyL6ZK9mvsr+sj9iA8wVVgO53AmEf7+uWmSGpgpCPZE6Mr/ynDrqrU0wYjNdD2pKdWwnOsNMDR+ODF6t6HtPYSncpJZW/IS/1g/GzqSVo2NfJTcn89Y7KthUYPckaJ8WEjJ9T3tjmWMcxcNehioKJ2Y52yNd2tHlCEUnqO4wXuzKkvQkbJUIHjFNnYzxlM1yhg7yCZGA1XcKNLEKE9YRpK2nFe7yuUDOplGbwXyKx23JJh0nXzCQjTBfmuu9Dv8xSvB29VaR8aXS/DZd0PfL2dm9HgQIRNrKdTmPji1jmJSSZ0E7/o5mP+EjWv5GBdrovGe5+gqwmUdwBZ3fEeA7DQ93m1PkIYXidnaPYxNYXw1MHqCkIpoC2IB6epq+TN4gsX1e74BE60iMdgb2YkqsDFvaENS8V31KTOVr+f5jM+RanFDkgCfmfhJnw+L1GYHtFUOHremyMEXROzSzTS8op3zMGFMAv7zAHDP9RPtGvzybSTzRSupqW+A4PV9k/9n4bA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jun 23, 2025 at 04:21:15PM +0200, Vlastimil Babka wrote: > On 6/23/25 16:01, Christoph Hellwig wrote: > > On Mon, Jun 23, 2025 at 07:00:39AM -0700, Christoph Hellwig wrote: > >> On Mon, Jun 23, 2025 at 12:16:27PM +0200, Christian Brauner wrote: > >> > I'm more than happy to switch a bunch of our exports so that we only > >> > allow them for specific modules. But for that we also need > >> > EXPOR_SYMBOL_FOR_MODULES() so we can switch our non-gpl versions. > >> > >> Huh? Any export for a specific in-tree module (or set thereof) is > >> by definition internals and an _GPL export if perfectly fine and > >> expected. > > Peterz tells me EXPORT_SYMBOL_GPL_FOR_MODULES() is not limited to in-tree > modules, so external module with GPL and matching name can import. Sure, technically they can. But that's not the intent of the export, but rather abusing it.