Hi! Implement means for exports to be available to an explicit list of named modules. By explicitly limiting the usage of certain exports, the abuse potential/risk is greatly reduced. Changes since v2: - switch to "module:" prefix (Masahiro) - removed some patch noise (Masahiro) - strstarts() and strlen() usage for prefixes (Masahiro) - simpler ___EXPORT_SYMBOL() changes (Masahiro) Not making using of glob_match() / fnmatch(); this would result in more complicated code for very little gain.
On 5/2/25 16:12, Peter Zijlstra wrote: > Hi! > > Implement means for exports to be available to an explicit list of named > modules. By explicitly limiting the usage of certain exports, the abuse > potential/risk is greatly reduced. > > Changes since v2: > > - switch to "module:" prefix (Masahiro) > - removed some patch noise (Masahiro) > - strstarts() and strlen() usage for prefixes (Masahiro) > - simpler ___EXPORT_SYMBOL() changes (Masahiro) > > Not making using of glob_match() / fnmatch(); this would result in more > complicated code for very little gain. @Masahiro, please let me know if you're still reviewing the modpost or other changes, or the series now looks good to you. I'd like to take it for v6.16-rc1. -- Thanks, Petr
On Wed, May 14, 2025 at 5:48 PM Petr Pavlu <petr.pavlu@suse.com> wrote: > > On 5/2/25 16:12, Peter Zijlstra wrote: > > Hi! > > > > Implement means for exports to be available to an explicit list of named > > modules. By explicitly limiting the usage of certain exports, the abuse > > potential/risk is greatly reduced. > > > > Changes since v2: > > > > - switch to "module:" prefix (Masahiro) > > - removed some patch noise (Masahiro) > > - strstarts() and strlen() usage for prefixes (Masahiro) > > - simpler ___EXPORT_SYMBOL() changes (Masahiro) > > > > Not making using of glob_match() / fnmatch(); this would result in more > > complicated code for very little gain. > > @Masahiro, please let me know if you're still reviewing the modpost or > other changes, or the series now looks good to you. I'd like to take it > for v6.16-rc1. The first patch was applied to linux-kbuild. I think I can take it. Peter did not use the common API for glob matching. I will check this part. -- Best Regards Masahiro Yamada
On 5/17/25 08:48, Masahiro Yamada wrote: > On Wed, May 14, 2025 at 5:48 PM Petr Pavlu <petr.pavlu@suse.com> wrote: >> >> On 5/2/25 16:12, Peter Zijlstra wrote: >>> Hi! >>> >>> Implement means for exports to be available to an explicit list of named >>> modules. By explicitly limiting the usage of certain exports, the abuse >>> potential/risk is greatly reduced. >>> >>> Changes since v2: >>> >>> - switch to "module:" prefix (Masahiro) >>> - removed some patch noise (Masahiro) >>> - strstarts() and strlen() usage for prefixes (Masahiro) >>> - simpler ___EXPORT_SYMBOL() changes (Masahiro) >>> >>> Not making using of glob_match() / fnmatch(); this would result in more >>> complicated code for very little gain. >> >> @Masahiro, please let me know if you're still reviewing the modpost or >> other changes, or the series now looks good to you. I'd like to take it >> for v6.16-rc1. > > > The first patch was applied to linux-kbuild. > > I think I can take it. Ok, that works for me. -- Thanks, Petr
On Fri, May 02, 2025 at 04:12:04PM +0200, Peter Zijlstra wrote: > Hi! > > Implement means for exports to be available to an explicit list of named > modules. By explicitly limiting the usage of certain exports, the abuse > potential/risk is greatly reduced. > > Changes since v2: > > - switch to "module:" prefix (Masahiro) > - removed some patch noise (Masahiro) > - strstarts() and strlen() usage for prefixes (Masahiro) > - simpler ___EXPORT_SYMBOL() changes (Masahiro) > > Not making using of glob_match() / fnmatch(); this would result in more > complicated code for very little gain. > Nice work! Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
© 2016 - 2025 Red Hat, Inc.