On Sun, May 4, 2025 at 7:36 PM Paul Moore wrote:
>
> On Fri, May 2, 2025 at 5:00 PM KP Singh wrote:
> >
> > > This patch series introduces the Hornet LSM. The goal of Hornet is to
> > > provide
> > > a signature verification mechanism for eBPF programs.
> > >
> >
> > [...]
> >
> > >
> > > Refere
On Fri, May 2, 2025 at 5:00 PM KP Singh wrote:
>
> > This patch series introduces the Hornet LSM. The goal of Hornet is to
> > provide
> > a signature verification mechanism for eBPF programs.
> >
>
> [...]
>
> >
> > References: [1]
> > https://lore.kernel.org/bpf/20220209054315.73833-1-alexei.st
On Sat, May 03, 2025 at 11:02:57PM +0800, Herbert Xu wrote:
> On Sat, May 03, 2025 at 05:39:16PM +0300, Jarkko Sakkinen wrote:
> > On Wed, Apr 30, 2025 at 06:25:53PM +0300, Jarkko Sakkinen wrote:
> > > Rely only on the memory ordering of spin_unlock() when setting
> > > KEY_FLAG_FINAL_PUT under key
On Sat, May 03, 2025 at 11:19:21PM +0100, David Howells wrote:
> Jarkko Sakkinen wrote:
>
> > Oops, my bad (order swap), sorry. Should have been:
> >
> > spin_unlock_irqrestore(&key->user->lock, flags);
> > } else {
> >
On Fri, May 2, 2025 at 2:44 PM Blaise Boscaccy
wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs. This allows users to continue to
> maintain an invariant that all code running inside of the kernel has
> been signed.
>
> The primary targ
On Sun, May 04, 2025 at 08:44:13AM +0100, David Howells wrote:
>
> You need __set_bit() or 1< Also, don't really like the name, but that's just bikeshedding. I think I'd
> lean more to your initial suggestion of KEY_FLAG_ALIVE.
I was going to do that but there is already a flag called
KEY_FLAG_D
Herbert Xu wrote:
> + key->flags |= KEY_FLAG_DONT_GC_YET;
You need __set_bit() or 1<
