[PATCH V2] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Vlastimil Babka
vbabka at suse.cz
Mon Jun 23 14:28:00 UTC 2025
On 6/23/25 16:13, Vlastimil Babka wrote:
> On 6/23/25 16:08, Shivank Garg wrote:
>>
>>
>>>
>>> In general, LGTM, but I think the actual fix should be separated from exporting it for guest_memfd purposes?
>>>
>>> Also makes backporting easier, when EXPORT_SYMBOL_GPL_FOR_MODULES does not exist yet ...
>>>
>> I agree. I did not think about backporting conflicts when sending the patch.
>>
>> Christian, I can send it as 2 separate patches to make it easier?
>
> The proper way is to send the fix without the export, and then add the
> export only when adding its user.
Note: AFAIU either way the new user would be depending on a patch in a vfs
tree (maybe scheduled for an 6.16 rc and not the next merge window?) if
that's an issue for the development.
>> Thanks,
>> Shivank
>
More information about the Linux-security-module-archive
mailing list