[PATCH RFC v7 3/8] security: Export security_inode_init_security_anon for KVM guest_memfd
Christoph Hellwig
hch at infradead.org
Thu Apr 10 08:41:54 UTC 2025
On Tue, Apr 08, 2025 at 11:23:57AM +0000, Shivank Garg wrote:
> KVM guest_memfd is implementing its own inodes to store metadata for
> backing memory using a custom filesystem. This requires the ability to
> initialize anonymous inode using security_inode_init_security_anon().
>
> As guest_memfd currently resides in the KVM module, we need to export this
> symbol for use outside the core kernel. In the future, guest_memfd might be
> moved to core-mm, at which point the symbols no longer would have to be
> exported. When/if that happens is still unclear.
This really should be a EXPORT_SYMBOL_GPL, if at all.
But you really should look into a new interface in anon_inode.c that
can be reused instead of duplicating anonymouns inode logic in kvm.ko.
More information about the Linux-security-module-archive
mailing list