Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

2025-05-02 Thread Peter Zijlstra
On Fri, May 02, 2025 at 11:55:54AM +, Roy, Patrick wrote: > Hi Peter, > > Are you still working on this patch series? I'm working on having KVM remove > virtual machine memory from the kernel's direct map, to harden again > speculative execution attacks [1]. At David H.'s LSF/MM/BPF task on >

RE: [PATCH -v2 0/7] module: Strict per-modname namespaces

2025-05-02 Thread Roy, Patrick
Hi Peter, Are you still working on this patch series? I'm working on having KVM remove virtual machine memory from the kernel's direct map, to harden again speculative execution attacks [1]. At David H.'s LSF/MM/BPF task on guest_memfd, it was suggested to use per-modname namespaces to export set_

Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

2025-02-07 Thread Masahiro Yamada
On Wed, Feb 5, 2025 at 7:14 PM Petr Pavlu wrote: > > On 12/16/24 17:43, Petr Pavlu wrote: > > On 12/2/24 15:59, Peter Zijlstra wrote: > >> Hi! > >> > >> Implement a means for exports to be available only to an explicit list of > >> named > >> modules. By explicitly limiting the usage of certain e

Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

2025-02-05 Thread Petr Pavlu
On 12/16/24 17:43, Petr Pavlu wrote: > On 12/2/24 15:59, Peter Zijlstra wrote: >> Hi! >> >> Implement a means for exports to be available only to an explicit list of >> named >> modules. By explicitly limiting the usage of certain exports, the abuse >> potential/risk is greatly reduced. >> >> The

Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

2024-12-16 Thread Petr Pavlu
On 12/2/24 15:59, Peter Zijlstra wrote: > Hi! > > Implement a means for exports to be available only to an explicit list of > named > modules. By explicitly limiting the usage of certain exports, the abuse > potential/risk is greatly reduced. > > The first 'patch' is an awk scripts that cleans u

[PATCH -v2 0/7] module: Strict per-modname namespaces

2024-12-02 Thread Peter Zijlstra
Hi! Implement a means for exports to be available only to an explicit list of named modules. By explicitly limiting the usage of certain exports, the abuse potential/risk is greatly reduced. The first 'patch' is an awk scripts that cleans up the existing module namespace code along the same lines

Re: [PATCH -v2 0/7] module: Strict per-modname namespaces

2024-12-02 Thread Andi Kleen
Peter Zijlstra writes: > Hi! > > Implement a means for exports to be available only to an explicit list of > named > modules. By explicitly limiting the usage of certain exports, the abuse > potential/risk is greatly reduced. Blast from the past: https://lists.linuxcoding.com/kernel/2007-q4/msg