| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zyv-yxClglfwvmUa@bombadil.infradead.org>
Date: Wed, 6 Nov 2024 15:42:03 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: x86@...nel.org, hpa@...or.com, petr.pavlu@...e.com,
samitolvanen@...gle.com, da.gomez@...sung.com, masahiroy@...nel.org,
nathan@...nel.org, nicolas@...sle.eu, linux-kernel@...r.kernel.org,
linux-modules@...r.kernel.org, linux-kbuild@...r.kernel.org,
hch@...radead.org, gregkh@...uxfoundation.org
Subject: Re: [RFC] module: Strict per-modname namespaces
On Wed, Nov 06, 2024 at 08:02:40PM +0100, Peter Zijlstra wrote:
> Hi,
>
> I've been wanting $topic for a while, and having just stumbled into the
> whole namespace thing by accident, I figured I'd give it a go, most if
> the hard parts seem to have already been done.
Neat, hch suggested something similar a while back
https://lore.kernel.org/all/ZCIiBHyrzDoTJPXT@bombadil.infradead.org/
> It reserves and disallows imports on any "MODULE_${name}" namespace,
> while it implicitly adds the same namespace to every module.
That's simple enough, I like it.
> This allows exports targeted at specific modules and no others -- one
> random example included. I've hated the various kvm exports we've had
> for a while, and strictly limiting them to the kvm module helps
> alleviate some abuse potential.
Yeah we also want:
EXPORT_SYMBOL_NS_GPL(bdev_disk_changed, MODULE_loop);
EXPORT_SYMBOL_NS_GPL(bdev_disk_changed, MODULE_dasd_kmod);
But we might as well have EXPORT_SYMBOL_GPL_FOR() with the implied
module list. We could then add just:
EXPORT_SYMBOL_GPL_FOR(bdev_disk_changed, loop);
But it would be nice to just also support this as well:
EXPORT_SYMBOL_GPL_FOR(bdev_disk_changed, loop, dasd_kmod);
That's possible perhaps something grotesque like this:
#define _EXPORT_SYMBOL_GPL_FOR_EACH(name, module) EXPORT_SYMBOL_NS_GPL(name, MODULE_##module);
#define _GET_MACRO(_1, _2, _3, _4, _5, NAME, ...) NAME
#define _EXPORT_SYMBOL_GPL_FOR1(name, a) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, a)
#define _EXPORT_SYMBOL_GPL_FOR2(name, a, b) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, a) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, b)
#define _EXPORT_SYMBOL_GPL_FOR3(name, a, b, c) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, a) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, b) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, c)
#define _EXPORT_SYMBOL_GPL_FOR4(name, a, b, c, d) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, a) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, b) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, c) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, d)
#define _EXPORT_SYMBOL_GPL_FOR5(name, a, b, c, d, e) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, a) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, b) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, c) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, d) \
_EXPORT_SYMBOL_GPL_FOR_EACH(name, e)
#define EXPORT_SYMBOL_GPL_FOR(name, ...) \
_GET_MACRO(__VA_ARGS__, \
_EXPORT_SYMBOL_GPL_FOR5, \
_EXPORT_SYMBOL_GPL_FOR4, \
_EXPORT_SYMBOL_GPL_FOR3, \
_EXPORT_SYMBOL_GPL_FOR2, \
_EXPORT_SYMBOL_GPL_FOR1)(name, __VA_ARGS__)
Luis
Powered by blists - more mailing lists