From: Christoph Hellwig <hch@infradead.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Hellwig <hch@infradead.org>,
Christian Brauner <brauner@kernel.org>,
Sean Christopherson <seanjc@google.com>,
Mike Rapoport <rppt@kernel.org>, Shivank Garg <shivankg@amd.com>,
david@redhat.com, akpm@linux-foundation.org, paul@paul-moore.com,
viro@zeniv.linux.org.uk, willy@infradead.org,
pbonzini@redhat.com, tabba@google.com, afranji@google.com,
ackerleytng@google.com, jack@suse.cz, cgzones@googlemail.com,
ira.weiny@intel.com, roypat@amazon.co.uk,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Date: Mon, 23 Jun 2025 07:22:57 -0700 [thread overview]
Message-ID: <aFljQTbXXXHG1E6f@infradead.org> (raw)
In-Reply-To: <c0cc4faf-42eb-4c2f-8d25-a2441a36c41b@suse.cz>
On Mon, Jun 23, 2025 at 04:21:15PM +0200, Vlastimil Babka wrote:
> On 6/23/25 16:01, Christoph Hellwig wrote:
> > On Mon, Jun 23, 2025 at 07:00:39AM -0700, Christoph Hellwig wrote:
> >> On Mon, Jun 23, 2025 at 12:16:27PM +0200, Christian Brauner wrote:
> >> > I'm more than happy to switch a bunch of our exports so that we only
> >> > allow them for specific modules. But for that we also need
> >> > EXPOR_SYMBOL_FOR_MODULES() so we can switch our non-gpl versions.
> >>
> >> Huh? Any export for a specific in-tree module (or set thereof) is
> >> by definition internals and an _GPL export if perfectly fine and
> >> expected.
>
> Peterz tells me EXPORT_SYMBOL_GPL_FOR_MODULES() is not limited to in-tree
> modules, so external module with GPL and matching name can import.
Sure, technically they can. But that's not the intent of the export,
but rather abusing it.
next prev parent reply other threads:[~2025-06-23 14:23 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 7:31 [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shivank Garg
2025-06-19 8:45 ` Christian Brauner
2025-06-19 9:13 ` Vlastimil Babka
2025-06-19 9:53 ` Shivank Garg
2025-06-19 10:38 ` Christian Brauner
2025-06-19 11:01 ` Mike Rapoport
2025-06-19 12:06 ` Christian Brauner
2025-06-19 12:19 ` Mike Rapoport
2025-06-20 15:02 ` Sean Christopherson
2025-06-23 5:32 ` Shivank Garg
2025-06-23 10:16 ` Christian Brauner
2025-06-23 14:00 ` Christoph Hellwig
2025-06-23 14:01 ` Christoph Hellwig
2025-06-23 14:21 ` Vlastimil Babka
2025-06-23 14:22 ` Christoph Hellwig [this message]
2025-06-23 14:28 ` Peter Zijlstra
2025-06-24 9:02 ` Christian Brauner
2025-06-25 9:05 ` Christian Brauner
2025-06-25 9:18 ` Vlastimil Babka
2025-06-25 8:02 ` Vlastimil Babka
2025-06-25 8:09 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aFljQTbXXXHG1E6f@infradead.org \
--to=hch@infradead.org \
--cc=ackerleytng@google.com \
--cc=afranji@google.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=cgzones@googlemail.com \
--cc=david@redhat.com \
--cc=ira.weiny@intel.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=roypat@amazon.co.uk \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=shivankg@amd.com \
--cc=tabba@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).