[PATCH RFC v7 3/8] security: Export security_inode_init_security_anon for KVM guest_memfd
David Hildenbrand
david at redhat.com
Tue Apr 22 16:49:14 UTC 2025
On 11.04.25 08:07, Shivank Garg wrote:
> Hi Paul,
>
> On 4/10/2025 1:49 AM, Paul Moore wrote:
>> On Tue, Apr 8, 2025 at 7:25 AM Shivank Garg <shivankg at amd.com> wrote:
>>>
>>> KVM guest_memfd is implementing its own inodes to store metadata for
>>> backing memory using a custom filesystem. This requires the ability to
>>> initialize anonymous inode using security_inode_init_security_anon().
>>>
>>> As guest_memfd currently resides in the KVM module, we need to export this
>>> symbol for use outside the core kernel. In the future, guest_memfd might be
>>> moved to core-mm, at which point the symbols no longer would have to be
>>> exported. When/if that happens is still unclear.
>>
>> Can you help me understand the timing just a bit more ... do you
>> expect the move to the core MM code to happen during the lifetime of
>> this patchset, or is it just some hand-wavy "future date"? No worries
>> either way, just trying to understand things a bit better.
>
> I am not sure about it, any ideas David?
Sorry for the late reply.
Hand-wavy future date after this series. Elliot was working on this, but
IIRC he now has a new job and might no longer be able to work on this.
Ackerley+Patrick started looking into this, and will likely require it
for other guest_memfd features (hugetlb support, directmap removal).
--
Cheers,
David / dhildenb
More information about the Linux-security-module-archive
mailing list