git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Shivank Garg <shivankg@amd.com>
	Fri, 20 Jun 2025 07:03:30 +0000 (07:03 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 10 Jul 2025 14:03:18 +0000 (16:03 +0200)
commit	e3eed01347721cd7a8819568161c91d538fbf229
tree	04795f3bf3e9687847081e208c01daeed7378293	tree \| snapshot
parent	adb29b437fe58d41bd5d4a5c3d63bf1bb02f0877	commit \| diff

fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

[ Upstream commit cbe4134ea4bc493239786220bd69cb8a13493190 ]

Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create
anonymous inodes with proper security context. This replaces the current
pattern of calling alloc_anon_inode() followed by
inode_init_security_anon() for creating security context manually.

This change also fixes a security regression in secretmem where the
S_PRIVATE flag was not cleared after alloc_anon_inode(), causing
LSM/SELinux checks to be bypassed for secretmem file descriptors.

As guest_memfd currently resides in the KVM module, we need to export this
symbol for use outside the core kernel. In the future, guest_memfd might be
moved to core-mm, at which point the symbols no longer would have to be
exported. When/if that happens is still unclear.

Fixes: 2bfe15c52612 ("mm: create security context for memfd_secret inodes")
Suggested-by: David Hildenbrand <david@redhat.com>
Suggested-by: Mike Rapoport <rppt@kernel.org>
Signed-off-by: Shivank Garg <shivankg@amd.com>
Link: https://lore.kernel.org/20250620070328.803704-3-shivankg@amd.com
Acked-by: "Mike Rapoport (Microsoft)" <rppt@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/anon_inodes.c		diff \| blob \| blame \| history
include/linux/fs.h		diff \| blob \| blame \| history
mm/secretmem.c		diff \| blob \| blame \| history