From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF7F3C7115D for ; Sun, 22 Jun 2025 18:20:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1166A6B00A1; Sun, 22 Jun 2025 14:20:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0EEE26B00A3; Sun, 22 Jun 2025 14:20:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 02B546B00A4; Sun, 22 Jun 2025 14:20:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E83346B00A1 for ; Sun, 22 Jun 2025 14:20:18 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 7FD6780C35 for ; Sun, 22 Jun 2025 18:20:18 +0000 (UTC) X-FDA: 83583851316.22.66314A1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id CAAA3160009 for ; Sun, 22 Jun 2025 18:20:16 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=0PRlNCEP; spf=pass (imf08.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750616416; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LCD8IkB5rO5wyVxNKV/XSVcTyvCjeKXWVrr1VP62jpE=; b=ezWh1ka1YySyKlZNohNLleSOJA9/XafkzKR4uuApAtdmOUQI4x8lIWYQrzL9QXdMz7o6a7 67s+vDsG7Tjcs0GhZ/dqvRmy2B6m7zEYnfNJwsij5k9KIKiw1QYIwE7NyGF3b2rgWEuP2H NtjZToKTJRj/A+UjuYOO+r0PlutD0mo= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=0PRlNCEP; spf=pass (imf08.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750616416; a=rsa-sha256; cv=none; b=aWdy8SST3aecW691hqev6A/SAOpBc+rPbMhxJdwmNFvaqXjDqhazq46L/M/tGAtRRs0Wd/ xdEOrKC7I2Zgrcqn5yDKC8Ygmiemtu+azrrqGiT90qDmU15vYAU+fMiaaR/wTTGlGqA4el ITReSyoJXXWF4BXHHWz9yVtRIaGc1Ow= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 151A45C0669; Sun, 22 Jun 2025 18:17:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BE17AC4CEE3; Sun, 22 Jun 2025 18:20:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1750616415; bh=xKpjszj45fccyF1wniGznLW5sJu/kWH0mimsGFl4PHs=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=0PRlNCEP8rSWb7O6GfUFvJYxk9E9xLV6tn+3XmNq/Sh/bsTbwOcbOF35r64cC55Tk ZlsN2aFPatj5qhqfY2CUeB4epG4XgQFLWa3V4OEnqgDpt0n3zJ7LOEmj+gxs+HD/Rd fGc9E1e/gTr2y1q5FNO5XhmCARnUFIe8xPRE6SJ0= Date: Sun, 22 Jun 2025 11:20:14 -0700 From: Andrew Morton To: Sabyrzhan Tasbolatov Cc: andreyknvl@gmail.com, arnd@arndb.de, david@redhat.com, dvyukov@google.com, elver@google.com, glider@google.com, hch@infradead.org, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, vincenzo.frascino@arm.com Subject: Re: [PATCH v2] mm: unexport globally copy_to_kernel_nofault Message-Id: <20250622112014.76bdd8929ecdb1c1fb3015b5@linux-foundation.org> In-Reply-To: <20250622141142.79332-1-snovitoll@gmail.com> References: <20250622141142.79332-1-snovitoll@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: CAAA3160009 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: q7d6j9geiaizhjm6enie89a8yspxtza3 X-HE-Tag: 1750616416-166660 X-HE-Meta: U2FsdGVkX1+Ev1tGE4XnWRsNaXHIYJ9StLGJmpyKb5lTNb8Fhyr+AyLhlhP40BwRy3/LfzX9Y2cwvLD7DxulWb+/AcETtN7LPJ/Mlf4QZBLdqEGhjF+UmzOW/AjJSpEfa6HJJSzC2MNsBm380k/IDC8hQNOVZD2pG62F6nOf39Ii713XFPI1wO54cC2xUs0S0uC2G+5Ooo/3UJhpQE6WP98vse9O0ujNuTQKjOINahQ0YgfCU7BgaTKgRB6hMEWW4wyBBMxJhShcTofeDNrOr3/a/X+t5Avu7ncGyIQhHbAakyRfhClQ0tQbQNbcewxOxaY6weZ/GH3DLetMdbsMzFqxb10WxJZLF90gGy+cmLcQKLFGMCkb/P4QW8ToJG60jvnNsikTnQO8bIY55SB6BD32qiTkr9gpDfRFUf3uY41YqNqPddM4YIqSR6hxUrQx+eLWJ/qurNc3ntGbx2epmGLxUdu/wU7pMH9ybiQplTVzyOa4Zu1Ih+lxFJUOQY+8DwyQL7Ro9uMVQLxErhR4h0m9wbUWW7cMvOgmYhvL0HtRRfnm1g0UuhGliwB0elBjC3boM+7yTr8QIaAC/IT2wjKWhbsLVZuDvEpM7Wbaib8VV2uv5X94U33Ez2EH0/z92IhMwwZshfcal2NfgvaFZjYcE9bEc50PhWzvGBKbzd194+VsPje+owRL3KXjnkKpIpzpnWWqIixH5gbud7mKF3yHEAmAEoT+ttfddJuWX8mTC4+WXY/26pT6Bifa2gyQ9eZyP3uTk16h2Dm0ERNsD/YK6Q/0CzVTdO4pNHIBd31eYxenG1xSh1iLVvBX5I8RtNFjBdASkrRs5XacuJQV+MX8LwKh7csx4BRSPHH2ifNuUu2Byx4un7Avppktb76fGPi1SkP/wNoRmL0grG0duGCatw/zPRFxhg+K5bhUlnscTvIbki+wqUKMvbZyxP3BZNkJfsMM18SE4Cqb25x ++hiBZD3 W84ddUrnSFckrY7B2/2RcjQnHgPm7GCSg5TrEaWdpOQ1laR+ZMHcWbvtWoOlEotLqNKWtv2q0greX9fhzI/K9b/c6bJtRvpDA489ef7AOjU9Lii951BcSRrPXJy8OaSuHbbk4+XagCzdYefa/fUznopYUj8k4y/oUxLlknUWlmhSz04HW/BzCFcllnbQcAgAgjM80c2BUtdpCydg1+GVUgdnepGUjJJ9eNev2ncgwyzGYJAMwYzn+sx9XQe4UT/EnJWdZ3sFRlD0vjTwl7g45Q7Psm/OpVBS1TBumwHeJFr4SIegCgrUwRNzpi1GeL1F7i3O9faRyMMtelKzQQYbPpZXA7dU7R7E4LZiZt/ZtcTZSU6S6gcFRL4ynQ2rHRgoTao011WL/JuWp6zwvRz+UqTrt7jY09jI4Tw4j X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, 22 Jun 2025 19:11:42 +0500 Sabyrzhan Tasbolatov wrote: > `copy_to_kernel_nofault()` is an internal helper which should not be > visible to loadable modules – exporting it would give exploit code a > cheap oracle to probe kernel addresses. Instead, keep the helper > un-exported and compile the kunit case that exercises it only when > `mm/kasan/kasan_test.o` is linked into vmlinux. The recent 707f853d7fa3 ("module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper") quietly added a thing which might be useful here. As far as I understand it, this will permit us to export copy_to_kernel_nofault to kasan_test_c.o and to nothing else. "might". It depends on how "exploit code" might get hold of the symbol. Perhaps you/we can discuss this further. Is the problem that copy_to_kernel_nofault() is non-static? Or it the problem that "exploit code" is itself a kernel module? In other words, a fuller investigation of how this export presently benefits exploiters would help us understand how much EXPORT_SYMBOL_GPL_FOR_MODULES() will improve the situation.