[PATCH V2] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
Shivank Garg
shivankg at amd.com
Thu Jun 26 19:46:04 UTC 2025
On 6/23/2025 7:58 PM, Vlastimil Babka wrote:
> On 6/23/25 16:13, Vlastimil Babka wrote:
>> On 6/23/25 16:08, Shivank Garg wrote:
>>>
>>>
>>>>
>>>> In general, LGTM, but I think the actual fix should be separated from exporting it for guest_memfd purposes?
>>>>
>>>> Also makes backporting easier, when EXPORT_SYMBOL_GPL_FOR_MODULES does not exist yet ...
>>>>
>>> I agree. I did not think about backporting conflicts when sending the patch.
>>>
>>> Christian, I can send it as 2 separate patches to make it easier?
>>
>> The proper way is to send the fix without the export, and then add the
>> export only when adding its user.
>
> Note: AFAIU either way the new user would be depending on a patch in a vfs
> tree (maybe scheduled for an 6.16 rc and not the next merge window?) if
> that's an issue for the development.
Thanks Vlastimil.
I have sent a revised patch [1] without EXPORT. The EXPORT can be added later through
the KVM tree with the guest_memfd changes. Hopefully, anon_inode_make_secure_inode() change
will be merged by then.
Christian, could you please replace the current patch with V3 [1]? And Would you also
be willing to provide your Acked-by when EXPORT_SYMBOL_GPL_FOR_MODULES change addition
is submitted later?
Thank you for the patience and review :)
[1] https://lore.kernel.org/all/20250626191425.9645-5-shivankg@amd.com
Best Regards,
Shivank
More information about the Linux-security-module-archive
mailing list