lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a64404f7-9a01-4edb-b6f4-735c706abac8@suse.cz>
Date: Wed, 25 Jun 2025 11:18:37 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: Christian Brauner <brauner@...nel.org>,
 Peter Zijlstra <peterz@...radead.org>
Cc: Christoph Hellwig <hch@...radead.org>,
 Sean Christopherson <seanjc@...gle.com>, Mike Rapoport <rppt@...nel.org>,
 Shivank Garg <shivankg@....com>, david@...hat.com,
 akpm@...ux-foundation.org, paul@...l-moore.com, viro@...iv.linux.org.uk,
 willy@...radead.org, pbonzini@...hat.com, tabba@...gle.com,
 afranji@...gle.com, ackerleytng@...gle.com, jack@...e.cz,
 cgzones@...glemail.com, ira.weiny@...el.com, roypat@...zon.co.uk,
 linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix
 secretmem LSM bypass

On 6/25/25 11:05, Christian Brauner wrote:
> On Tue, Jun 24, 2025 at 11:02:16AM +0200, Christian Brauner wrote:
> I don't understand that argument. I don't care if out-of-tree users
> abuse some symbol because:
> 
> * If they ever show up with a complaint we'll tell them to go away. 
> * If they want to be merged upstream, we'll tell them to either change
>   the code in question to not rely on the offending symbol or we decide
>   that it's ok for them to use it and allow-list them.
> 
> I do however very much care about in-tree consumers even for non-GPLd
> symbols. I want anyone who tries to use a symbol that we decided
> requires substantial arguments to be used to come to us and justify it.
> So EXPORT_*_FOR_MODULES() would certainly help with that.
> 
> The other things is that using EXPORT_SYMBOL() or even
> EXPORT_SYMBOL_GPL() sends the wrong message to other module-like
> wanna-be consumers of these functions. I'm specifically thinking about
> bpf. They more than once argued that anything exposed to modules can
> also be exposed as a bpf kfunc as the stability guarantees are
> comparable.
> 
> And it is not an insane argument. Being able to use
> EXPOR_SYMBOL_FOR_MODULES() would also allow to communicate "Hey, this
> very much just exists for the purpose of this one-off consumer that
> really can't do without it or without some other ugly hack.".
> 
> Because this is where the pain for us is: If you do large-scale
> refactorings (/me glares at Al, Christoph, and in the mirror) the worst
> case is finding out that some special-purpose helper has grown N new
> users with a bunch of them using it completely wrong and now having to
> massage core code to not break something that's technically inherently
> broken.
> 
> Out-of-tree consumers have zero relevance for all of this. For all I
> care they don't exist. It's about the maintainers ability to chop off
> the Kraken's tentacles.

Then I think you can just use EXPORT_SYMBOL_GPL_FOR_MODULES() as it is
today. It's intended for a particular in-tree module, which is by definition
going to be GPL. I doubt anyone will come complaining that you've cut off
their ability to fake the name of the in-tree module while having non-GPL
license. So I don't really see the danger of causing holy license wars
there. The _FOR_MODULES() part is restricting enough even without _GPL_.

But if we can indeed enforce in-tree-ness and drop _GPL_ from the name, it
would be cleaner IMHO.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ