From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D001EC7115A for ; Thu, 19 Jun 2025 12:06:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 75E666B009A; Thu, 19 Jun 2025 08:06:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 736486B009C; Thu, 19 Jun 2025 08:06:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 672856B009E; Thu, 19 Jun 2025 08:06:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 582216B009A for ; Thu, 19 Jun 2025 08:06:28 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id F1B15120F54 for ; Thu, 19 Jun 2025 12:06:27 +0000 (UTC) X-FDA: 83572022814.05.753223E Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf16.hostedemail.com (Postfix) with ESMTP id 435C8180003 for ; Thu, 19 Jun 2025 12:06:26 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZXJSLurJ; spf=pass (imf16.hostedemail.com: domain of brauner@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750334786; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zMcjkdfXYXU5Q2J1U+BiXazs7osCQOSYWF8ASToKb9w=; b=6zUFegzwv/5WYN7jGNwLRUPhy7uhqkdNDCUTV4QbwQ0NdPfI9SDoYNip5/QWJvC+QJOY0B Z70DWZDJRTrrm5/D1BkELXJf6AP1Jv4DhygBoF1tVPILjPxSuGyqRYKEMxCs1ErNNHBWHY 8V7tZ4Ze7ER36cDTgZmdP0Q+0KhTFCo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750334786; a=rsa-sha256; cv=none; b=A6CiqE4FdxQFNKIjR/lJyoiq1VDxkrTApolN9gGqIgxnueN34SInogGIyOdQCqjl++TI56 t96ZnVV+dUg5Ybohn8JcPGvjXI7DJgmmEGsmqHxxeFmGvQAWbKi7Xs1x2ikZXtsXZ8rUgR iER7gdiQx/7Zl2v6W6cJkUJWqTZ/tfg= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZXJSLurJ; spf=pass (imf16.hostedemail.com: domain of brauner@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 01F104A046; Thu, 19 Jun 2025 12:06:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F2C2C4CEEA; Thu, 19 Jun 2025 12:06:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1750334784; bh=qCHpBeYXKcvLBhGYRvbWtM3m7ZUS3RMm3uxtfmdZNfQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZXJSLurJV0FMeFP5DScAD7u8DQTWMZDvGTMxtvmIQM8PosQIckjMSty1/wRiztHLi DOza4j0ZvxolOQhPW/6605ikqSH/FTzFQJG3EZ9BrXG9XPD2fL3Fyvqa0SV5CDiJEV cY9jXFNJ3R6AUASaHlIMQg1BUAwZ6PpQ+sI/RSQCg51U7OkIUKPvHA0PuvYANQmA4h jY7xbgfa1XaYMs0CaMYiGzmGvUyrtOG169+NATQEvDlY5KqyWUkbfeBFHL8V9hkqIF X8IBtDm/O8wzWENYBGoZN4xMFi8eliVnYY/NrAxZVwSUCwteHhYJGfqg2NNBWbvkmQ frNk8QOyxh/Gw== Date: Thu, 19 Jun 2025 14:06:17 +0200 From: Christian Brauner To: Mike Rapoport Cc: Vlastimil Babka , Shivank Garg , david@redhat.com, akpm@linux-foundation.org, paul@paul-moore.com, viro@zeniv.linux.org.uk, seanjc@google.com, willy@infradead.org, pbonzini@redhat.com, tabba@google.com, afranji@google.com, ackerleytng@google.com, jack@suse.cz, hch@infradead.org, cgzones@googlemail.com, ira.weiny@intel.com, roypat@amazon.co.uk, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Message-ID: <20250619-ablichten-korpulent-0efe2ddd0ee6@brauner> References: <20250619073136.506022-2-shivankg@amd.com> <20250619-fixpunkt-querfeldein-53eb22d0135f@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam03 X-Stat-Signature: z871481k3prpg3ehiw76wwya7uuicaem X-Rspam-User: X-Rspamd-Queue-Id: 435C8180003 X-HE-Tag: 1750334786-603144 X-HE-Meta: U2FsdGVkX1/sY1mB6uIhT0n3jhh8XyAJTtjduT4C9JzLt0sqhhWEyvzdlVHhQ5x+JEtPwIBYeQ0B/XPPKHHBvIln+UomRdvFEP8JOgRlZ9/g4/rfjIe1cgcC6WazKj+wszeKc2O4wmgIFiwycrlYBdoLagH+zYFfUBx4YnJWOdStv/xXjOF8B7P3ydA78piAFMuc1ygtx1O8ygnDb1pp8b5Vs6qdXYnYWi15XtUmFwUsoQQQzBLYAiO3lTrIQw3DM+JQ1ebn7m1ESsPL2m/N+G0jmcxKa95OBM/DHugWfZ92USMVVkgUWTbIUuVB84/PsUZn/wyv+NOWRcYW86mMQ5dlWseoDTGisRKfOltHiRoUQoZ0f2moCFHx1VLGUpdXOPSzQXDrawUWJYfeJ1coe8BwkYFUxuwWWN9+a3jNuOFjeKvzDC9EFVnnb6yIEKCnvypGYayV2eWPphYqTKBVjlJnJp60p0oemCGbsVgwJgfs8EhstO2pk9lhlF2v2S5mtG2TW66Z5XrrkR1bef+roc1GgT/CfmZ6Dc+I+dVhMpvpa7qPQ/P4pWu0ZbNmmmvwVQ0p+VclMAA7PmrX7LmerGe5/cPScx4l6btHqfyoBG+OBJs7NaJs77KNtfOEUipYrZhGdd8b+fnKzSJE9Ya/AB7MS7kVcsT88A9R7D8WsvhUZtrAp76AA/yv4Tjd6zEKuXi+uqOva9U0ICenQsrhOoFf8nlJ1Lyid65fLLcNBEgATP1VUb/C7iyYpFrD0ikyiHXG3R+T+IAdC2vybrWO+b9KI273xFAIvVAQwlOy6I9tde0EqrWW5EjXFLDwq+1bLs4X1CUYQquqAhS6ZNAmaXqslprvsv3YdgdvMi2h7tHvhUvPz/K/Om7tJhZR8cNWWZPM4t33nm65IrGpIh7a8gmUHByOCLN00QcdnWcyRNImti61U04JB4zPwQNc/JnXQgVchPF8xxF2nzg6LxQ EgwvIunY yyu5G6fIwkbMkNClgbow7wwVxZdm0568p9hzz+BnYAKOtufIhEAfFhcwnc1/WjOdkb8gwkRyMW4sD2q77SMEHb+qsNfx1UVcu1WDjQItF3yta8WWL8wvNXBk7nln5WdzRij4yhMGQdWXQr7SJDYOpBlr6XHoQaoYCGSVtTLRMJyDnbVORTA94WKjECuK44RMRepIZ+4kO+myDyCjpUsN0kLrfUSs6p9PbDYNOrPcj2S7o7lyLKKT9HeW6JikX0RQvdCxvaXziN8vt9GZlPk0TzJt/HK66gh/BJHu0p5IaurJM5utYpWDNPuVLOT+YXeK0hBr4OGEjQqYEFucqzxn9zY6xCd12/OJNTL0z X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jun 19, 2025 at 02:01:22PM +0300, Mike Rapoport wrote: > On Thu, Jun 19, 2025 at 12:38:25PM +0200, Christian Brauner wrote: > > On Thu, Jun 19, 2025 at 11:13:49AM +0200, Vlastimil Babka wrote: > > > On 6/19/25 09:31, Shivank Garg wrote: > > > > Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create > > > > anonymous inodes with proper security context. This replaces the current > > > > pattern of calling alloc_anon_inode() followed by > > > > inode_init_security_anon() for creating security context manually. > > > > > > > > This change also fixes a security regression in secretmem where the > > > > S_PRIVATE flag was not cleared after alloc_anon_inode(), causing > > > > LSM/SELinux checks to be bypassed for secretmem file descriptors. > > > > > > > > As guest_memfd currently resides in the KVM module, we need to export this > > > > > > Could we use the new EXPORT_SYMBOL_GPL_FOR_MODULES() thingy to make this > > > explicit for KVM? > > > > Oh? Enlighten me about that, if you have a second, please. > > From Documentation/core-api/symbol-namespaces.rst: > > The macro takes a comma separated list of module names, allowing only those > modules to access this symbol. Simple tail-globs are supported. > > For example:: > > EXPORT_SYMBOL_GPL_FOR_MODULES(preempt_notifier_inc, "kvm,kvm-*") > > will limit usage of this symbol to modules whoes name matches the given > patterns. Is that still mostly advisory and can still be easily circumenvented?