RE: [PATCH -v2 0/7] module: Strict per-modname namespaces

Posted by Roy, Patrick 9 months, 1 week ago

Hi Peter,

Are you still working on this patch series? I'm working on having KVM remove
virtual machine memory from the kernel's direct map, to harden again
speculative execution attacks [1]. At David H.'s LSF/MM/BPF task on
guest_memfd, it was suggested to use per-modname namespaces to export
set_direct_map_valid() specifically for use in KVM to achieve this.

Is there anything I can do to help get this across the finish line
(testing/etc.)?

Best,
Patrick

[1]: https://lore.kernel.org/kvm/20250221160728.1584559-1-roypat@amazon.co.uk/

Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

Posted by Peter Zijlstra 9 months, 1 week ago

On Fri, May 02, 2025 at 11:55:54AM +0000, Roy, Patrick wrote:
> Hi Peter,
> 
> Are you still working on this patch series? I'm working on having KVM remove
> virtual machine memory from the kernel's direct map, to harden again
> speculative execution attacks [1]. At David H.'s LSF/MM/BPF task on
> guest_memfd, it was suggested to use per-modname namespaces to export
> set_direct_map_valid() specifically for use in KVM to achieve this.
> 
> Is there anything I can do to help get this across the finish line
> (testing/etc.)?

Hmm, I had more or less forgotten about this.

Let me rebase and address the comments.