git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Shivank Garg <shivankg@amd.com>
	Fri, 20 Jun 2025 07:03:30 +0000 (07:03 +0000)
committer	Christian Brauner <brauner@kernel.org>
	Mon, 23 Jun 2025 10:41:17 +0000 (12:41 +0200)
commit	cbe4134ea4bc493239786220bd69cb8a13493190
tree	32d1967bb871d7bf30675ee4e17c3b2ce5c3ab4e	tree
parent	6a68d28066b6257b8d09b1daa91db43d56dbb6ad	commit \| diff

fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create
anonymous inodes with proper security context. This replaces the current
pattern of calling alloc_anon_inode() followed by
inode_init_security_anon() for creating security context manually.

This change also fixes a security regression in secretmem where the
S_PRIVATE flag was not cleared after alloc_anon_inode(), causing
LSM/SELinux checks to be bypassed for secretmem file descriptors.

As guest_memfd currently resides in the KVM module, we need to export this
symbol for use outside the core kernel. In the future, guest_memfd might be
moved to core-mm, at which point the symbols no longer would have to be
exported. When/if that happens is still unclear.

Fixes: 2bfe15c52612 ("mm: create security context for memfd_secret inodes")
Suggested-by: David Hildenbrand <david@redhat.com>
Suggested-by: Mike Rapoport <rppt@kernel.org>
Signed-off-by: Shivank Garg <shivankg@amd.com>
Link: https://lore.kernel.org/20250620070328.803704-3-shivankg@amd.com
Acked-by: "Mike Rapoport (Microsoft)" <rppt@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>

fs/anon_inodes.c		diff \| blob \| blame \| history
include/linux/fs.h		diff \| blob \| blame \| history
mm/secretmem.c		diff \| blob \| blame \| history