From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2C2C5C83033
	for <linux-mm@archiver.kernel.org>; Tue,  1 Jul 2025 08:33:43 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C2FD06B00A4; Tue,  1 Jul 2025 04:33:42 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C07FE6B00A9; Tue,  1 Jul 2025 04:33:42 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B44A66B00AA; Tue,  1 Jul 2025 04:33:42 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 9DE7B6B00A4
	for <linux-mm@kvack.org>; Tue,  1 Jul 2025 04:33:42 -0400 (EDT)
Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 3DA2A14035B
	for <linux-mm@kvack.org>; Tue,  1 Jul 2025 08:33:42 +0000 (UTC)
X-FDA: 83615032284.18.863D234
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf08.hostedemail.com (Postfix) with ESMTP id 6E5FD160007
	for <linux-mm@kvack.org>; Tue,  1 Jul 2025 08:33:40 +0000 (UTC)
Authentication-Results: imf08.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=clyt4tg2;
	spf=pass (imf08.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1751358820;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=IOedt8oCitHd+KqCn6dQeYR0WmBEs1cBGZIeX1qmjUw=;
	b=Rl7qaLYYd8E+rHUyzCXP9SaInt/e/7L8YpZs2qc3NF4Z9XGGVeUGRCY4sKsMDn4d7Jn6Fb
	SDRXTS3S3Jl7M4YZASoraUliHIkaTRZ7d0cdqaK+fvuvJ3E24ou51O3KZcPG4RLXRu6HdS
	mH6SW9hvohBiZ0NLsRJjMaxbhMn/BwA=
ARC-Authentication-Results: i=1;
	imf08.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=clyt4tg2;
	spf=pass (imf08.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751358820; a=rsa-sha256;
	cv=none;
	b=lXnQKpSAUsfaF8BbHlDICQylpZQKD6xQR0hpEjTMb40DE7DsoCER7uhJCFSxokRTy21oOi
	HyPPNP3eyMB+bGBqAVxKX5mh3scdbiWj9RaouD5d5EPgEn3qh3mncLKZRa3oP853JZIuGw
	0pEfffd1ctm9wSz1RH6IG1p2WtOYoqg=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id 550B55C14FB;
	Tue,  1 Jul 2025 08:33:39 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF7B0C4CEEB;
	Tue,  1 Jul 2025 08:33:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1751358819;
	bh=TwVj/zN+QrMTevzg4950xW7dqK4GoQ4YRfxr5UmUR3I=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=clyt4tg2JL9W3oAXwQtEPB0sIRKcq2cLZWvoPT3ehMRudf5w4bJghFW59PlQUVIa5
	 pBHCd8bZoDxdFy1EvArtcgUmF8pBYGbXh6d9sV5/H4xNTe88pQRLQawAgt1ZZ7g4ui
	 VZ67mMY+MhkySqiNj/u065RMcy8gCwm1cVVOpfXoX80HH5Usns3wWsdGNzCD+qJqSn
	 DhyrbHL+x+8YWtK5nttaXF9Ybm5AHZX/B4yxsFJovS2+Kl6zuauIGkfnHQL0ViLG+z
	 bOx4qN1Csd+Ci+a+tY9TzKvJ+pQFJsEBNyDO9W2nOLKpeUVPOjS0VYCnp2AWGZng9q
	 IcWthVVyhn57g==
From: Christian Brauner <brauner@kernel.org>
To: Shivank Garg <shivankg@amd.com>
Cc: Christian Brauner <brauner@kernel.org>,
	seanjc@google.com,
	vbabka@suse.cz,
	willy@infradead.org,
	pbonzini@redhat.com,
	tabba@google.com,
	afranji@google.com,
	ackerleytng@google.com,
	jack@suse.cz,
	hch@infradead.org,
	cgzones@googlemail.com,
	ira.weiny@intel.com,
	roypat@amazon.co.uk,
	linux-fsdevel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	david@redhat.com,
	akpm@linux-foundation.org,
	paul@paul-moore.com,
	rppt@kernel.org,
	viro@zeniv.linux.org.uk
Subject: Re: [PATCH V3] fs: generalize anon_inode_make_secure_inode() and fix secretmem LSM bypass
Date: Tue,  1 Jul 2025 10:33:25 +0200
Message-ID: <20250701-liberal-geklebt-4c929903fc02@brauner>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250626191425.9645-5-shivankg@amd.com>
References: <20250626191425.9645-5-shivankg@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
X-Developer-Signature: v=1; a=openpgp-sha256; l=1243; i=brauner@kernel.org; h=from:subject:message-id; bh=TwVj/zN+QrMTevzg4950xW7dqK4GoQ4YRfxr5UmUR3I=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWQkz4369uyfx9MFk40U1jtLFLQGXDktILn382QexrUt+ 6Z8fHXeraOUhUGMi0FWTJHFod0kXG45T8Vmo0wNmDmsTCBDGLg4BWAi0/sZ/vB9eqQQbS76p7Hh 2OF7aXq72v9busjsjbgRf37LZf7ghV6MDLc2H53dIzkz6VTth6A7O9quq2T9vSLe2cGg1n7ctTp gCh8A
X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624
Content-Transfer-Encoding: 8bit
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 6E5FD160007
X-Stat-Signature: tyrdofxft64onkachupq3w1cex5fsrcc
X-HE-Tag: 1751358820-314074
X-HE-Meta: U2FsdGVkX18yM33z+7+GxiwcHtw49E7uO8VJCu0kAXeDc2RQ7u+O4MXTI5k+VbtyWPtUdLiHIKBlORO+DFIE0nw+snG3xX2AVLS36L0Ch848e0ihVv2jbWnTHQlEEAaQxMU3EMuiO9ZVAZKIIKGOekvBY9k2DEodcMs8FdQBnX0clnuIN+goSrQijbu8TG9lcM5NjHG0gF6X9wp0/AuwHOzYvoBBkX9dr70PCFTpOU2Ews1IxRds738T1sXkUEiQmN2vxdixK5lmfk3/zkwuNuLaHjbMw7vAcs54P+StxPDHAmpMJ4mhdBcgk48LL+eNVkw/torHdJ3xejfEgIbws3wU8N7S1E9CKQfofPeSBh6bekFFQ0U4IfjNcWl4JwIblZNotJoJMGNQjdGoqvWfyk+6+oygMGg+2+FpGAz97iPc4zyssFqUgM9IaAQGO+Br9w5zbi9/9AShYT5U+Z5KS67xKdCHDUb25UVHPtFVmYG1xdnaVLcxVoV6vY/lPjHYsNwDcm7qts+PuiyYEK14fJjpkPJjWQj1pKKAneYMYHh/4SWhWxifcIHu5gYHIREFYJ/m3/YGwfBa6Q3rR0kDciW54+YB2AXDFLZcIFxQ0tqfn1zb0N9awAByNr6PjbQT7zW3Oni4fRZFO1L16ntmx0DexJe94bBp8IWjJkQFS9HYY9L5/wRmdwY8Dwm9OJwP1rbI06dOn35J3+1EK04l3F3IqycxpesxtKivrcqb6W+YeN0Mb/yStHVCPi3To1yAdsi2ga1ErZQ8aKfZJqJgtOsT1Ot+nUDvDZRhv1Nk2gRQBpUUm7hw7wjPx3SbYWnN0+HAqEpLOvAlizWkp6Y5uXPd7zXKFJ/NR14BPWn21An3dbx86lJDZ3EpnPCv1KI+FuNNNEveAc6wDczJA3Q/1GS/vxGZhWdoic8J69JPlXj+lionJvHA/yOW9ma5VWU0W5tDuV/cGlWQ8XDwW/g
 FM1jSNrU
 fF/RLTP/l8uFJdHMroBxoezuGJZMYi52jN/9Xg+pff6PvF0bOt8lHgmutLRjbC8IS+x80dJV4XQWj8g0N1d54FhH6/OY1sPT3cxMCqeP+BDJB/7zEm4B41QooIOXsRoV2idLgPYmQCpcS7tUUGcEEtBhtMtvAkmObei6C6YRaaw037YUWhPIXQdJX3zEMpBroI1fgq7k1DzCwMsNAmWuz1bGWTjgf0oFR+XaDBXwnEVwMlGsluYYDz6AnqGvQX0Jmtwt854qFUbH0scUHJsKbLkr3BJxcnj7fldYyhpEEWwyiQbpQmPrf1ZWj6JPUGU08Ns/gNWVfba0VrXBxmgnsGX6HIA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, 26 Jun 2025 19:14:29 +0000, Shivank Garg wrote:
> Extend anon_inode_make_secure_inode() to take superblock parameter and
> make it available via fs.h. This allows other subsystems to create
> anonymous inodes with proper security context.
> 
> Use this function in secretmem to fix a security regression, where
> S_PRIVATE flag wasn't cleared after alloc_anon_inode(), causing
> LSM/SELinux checks to be skipped.
> 
> [...]

Applied to the vfs-6.17.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.17.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.17.misc

[1/1] fs: generalize anon_inode_make_secure_inode() and fix secretmem LSM bypass
      https://git.kernel.org/vfs/vfs/c/4dc65f072c2b