[PATCH RFC v7 5/8] KVM: guest_memfd: Make guest mem use guest mem inodes instead of anonymous inodes
Christoph Hellwig
hch at infradead.org
Thu Apr 10 14:23:24 UTC 2025
On Thu, Apr 10, 2025 at 06:53:15AM -0700, Ackerley Tng wrote:
> > So why do other alloc_anon_inode callers not need
> > security_inode_init_security_anon?
>
> Thanks for this tip!
>
> When I did this refactoring, I was just refactoring
> anon_inode_create_getfile(), to set up the guest_memfd inode and file in
> separate stages, and anon_inode_create_getfile() was already using
> security_inode_init_security_anon().
>
> In the next revision I can remove this call.
>
> Is it too late to remove the call to security_inode_init_security_anon()
> though? IIUC it is used by LSMs, which means security modules may
> already be assuming this call?
I'd really like to here from the security folks if we need it or not,
both in this case and for other alloc_anon_inode callers.
More information about the Linux-security-module-archive
mailing list