From: David Hildenbrand <david@redhat.com>
To: Vlastimil Babka <vbabka@suse.cz>, Peter Zijlstra <peterz@infradead.org>
Cc: Christoph Hellwig <hch@infradead.org>,
Christian Brauner <brauner@kernel.org>,
Sean Christopherson <seanjc@google.com>,
Mike Rapoport <rppt@kernel.org>, Shivank Garg <shivankg@amd.com>,
akpm@linux-foundation.org, paul@paul-moore.com,
viro@zeniv.linux.org.uk, willy@infradead.org,
pbonzini@redhat.com, tabba@google.com, afranji@google.com,
ackerleytng@google.com, jack@suse.cz, cgzones@googlemail.com,
ira.weiny@intel.com, roypat@amazon.co.uk,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Date: Wed, 25 Jun 2025 10:09:28 +0200 [thread overview]
Message-ID: <cb15403f-27ba-4410-b702-8148abfb0247@redhat.com> (raw)
In-Reply-To: <e5d11288-ef0c-4a82-b117-6d12d2357964@suse.cz>
On 25.06.25 10:02, Vlastimil Babka wrote:
> On 6/23/25 16:28, Peter Zijlstra wrote:
>> On Mon, Jun 23, 2025 at 04:21:15PM +0200, Vlastimil Babka wrote:
>>> On 6/23/25 16:01, Christoph Hellwig wrote:
>>>> On Mon, Jun 23, 2025 at 07:00:39AM -0700, Christoph Hellwig wrote:
>>>>> On Mon, Jun 23, 2025 at 12:16:27PM +0200, Christian Brauner wrote:
>>>>>> I'm more than happy to switch a bunch of our exports so that we only
>>>>>> allow them for specific modules. But for that we also need
>>>>>> EXPOR_SYMBOL_FOR_MODULES() so we can switch our non-gpl versions.
>>>>>
>>>>> Huh? Any export for a specific in-tree module (or set thereof) is
>>>>> by definition internals and an _GPL export if perfectly fine and
>>>>> expected.
>>>
>>> Peterz tells me EXPORT_SYMBOL_GPL_FOR_MODULES() is not limited to in-tree
>>> modules, so external module with GPL and matching name can import.
>>>
>>> But if we're targetting in-tree stuff like kvm, we don't need to provide a
>>> non-GPL variant I think?
>>
>> So the purpose was to limit specific symbols to known in-tree module
>> users (hence GPL only).
>>
>> Eg. KVM; x86 exports a fair amount of low level stuff just because KVM.
>> Nobody else should be touching those symbols.
>>
>> If you have a pile of symbols for !GPL / out-of-tree consumers, it
>> doesn't really make sense to limit the export to a named set of modules,
>> does it?
>>
>> So yes, nothing limits things to in-tree modules per-se. The
>> infrastructure only really cares about module names (and implicitly
>> trusts the OS to not overwrite existing kernel modules etc.). So you
>> could add an out-of-tree module name to the list (or have an out-of-free
>> module have a name that matches a glob; "kvm-vmware" would match "kvm-*"
>> for example).
>>
>> But that is very much beyond the intention of things.
>
> So AFAIK we have a way to recognize out of tree modules when loading, as
> there's a taint just for that. Then the same mechanism could perhaps just
> refuse loading them if they use any _FOR_MODULES() export, regardless of
> name? Then the _GPL_ part would become implicit and redundant and we could
> drop it as Christoph suggested?
If that is possible, that sounds indeed nice.
--
Cheers,
David / dhildenb
prev parent reply other threads:[~2025-06-25 8:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 7:31 [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shivank Garg
2025-06-19 8:45 ` Christian Brauner
2025-06-19 9:13 ` Vlastimil Babka
2025-06-19 9:53 ` Shivank Garg
2025-06-19 10:38 ` Christian Brauner
2025-06-19 11:01 ` Mike Rapoport
2025-06-19 12:06 ` Christian Brauner
2025-06-19 12:19 ` Mike Rapoport
2025-06-20 15:02 ` Sean Christopherson
2025-06-23 5:32 ` Shivank Garg
2025-06-23 10:16 ` Christian Brauner
2025-06-23 14:00 ` Christoph Hellwig
2025-06-23 14:01 ` Christoph Hellwig
2025-06-23 14:21 ` Vlastimil Babka
2025-06-23 14:22 ` Christoph Hellwig
2025-06-23 14:28 ` Peter Zijlstra
2025-06-24 9:02 ` Christian Brauner
2025-06-25 9:05 ` Christian Brauner
2025-06-25 9:18 ` Vlastimil Babka
2025-06-25 8:02 ` Vlastimil Babka
2025-06-25 8:09 ` David Hildenbrand [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb15403f-27ba-4410-b702-8148abfb0247@redhat.com \
--to=david@redhat.com \
--cc=ackerleytng@google.com \
--cc=afranji@google.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=cgzones@googlemail.com \
--cc=hch@infradead.org \
--cc=ira.weiny@intel.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=roypat@amazon.co.uk \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=shivankg@amd.com \
--cc=tabba@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).