From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A295C369C2 for ; Tue, 22 Apr 2025 17:25:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D9DDF6B0005; Tue, 22 Apr 2025 13:25:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D26166B0006; Tue, 22 Apr 2025 13:25:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B4FF56B0008; Tue, 22 Apr 2025 13:25:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 8F5D06B0005 for ; Tue, 22 Apr 2025 13:25:20 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 1A8C380DD6 for ; Tue, 22 Apr 2025 17:25:21 +0000 (UTC) X-FDA: 83362356042.18.309E2BE Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf24.hostedemail.com (Postfix) with ESMTP id AB3B5180013 for ; Tue, 22 Apr 2025 17:25:18 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=DLIaGPcK; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf24.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745342718; a=rsa-sha256; cv=none; b=ZeKCmsI9ivNGPG0YkuvBp2GqraiPOZXk88DqoCRWOTggFpmeF2RY7P667MJZLUNhJQGreO weD4al2L9LsqvZr8sUD0X0CpbxMEJUaUPj57DRiWqLmRHQzC87S81/VEJ4kKktpva9Ta/d k9lPk0xzD1cpzYbbCCJDBASfZELkMnQ= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=DLIaGPcK; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf24.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745342718; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AlsF8bB7mLO6h5yOJV7f9wu/vSQAYRdULalqxfc/a/E=; b=YEK+3hmM0FGon9sA41WffgCKZULts1PSFxDbji6NEQTtJnf8lTyyk9i4lFrw4Rwxox7w6c ZAtrKJY47UKLMoSLkkYOxCj5Jjd8yEdbuvD+WL/bMFH7kE1zlzdm5UDHrSB73/QaMXgt2Y 5if7yf3b2yczLP3sViWwdG+acORfQ9M= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1745342718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=AlsF8bB7mLO6h5yOJV7f9wu/vSQAYRdULalqxfc/a/E=; b=DLIaGPcKbiXApFaiJLVagcaxseMbNQJG8nbvN7/7XKRprlOiILIwG8EVGNpKjvlYdAop6t vF6XPb1gKVFhTwL1+QF3j8EwDI34SuyVghh/rXTYaPmRBDN51ga51QcDLz4gp3GRbGKCIk v6io7ljMi4OUNNupSlHLCqFjhjhiPxY= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-117-ORhvFX6DM_elNc39BOy75w-1; Tue, 22 Apr 2025 13:25:16 -0400 X-MC-Unique: ORhvFX6DM_elNc39BOy75w-1 X-Mimecast-MFC-AGG-ID: ORhvFX6DM_elNc39BOy75w_1745342715 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-43cf446681cso31349975e9.1 for ; Tue, 22 Apr 2025 10:25:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745342715; x=1745947515; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=AlsF8bB7mLO6h5yOJV7f9wu/vSQAYRdULalqxfc/a/E=; b=Vl5IXINGCCYUZfYul/BOcHkVckb7qFdEbN1bOYSHbCwlyGU+KtjUALOO/pY08vUgcq 2OlK7kBiFulZhlRj6GWjzxT8+rav7a6shBtQEt7wqmxSsCwU1hlQ9cldlC/KAvBULa45 7dj7m1HfYrN/qp8aoz6NmvMKg2PMqxyXnKlA3IdtyKiYEYNVbYx9YM6int+1NOJ+za3/ 3rEKutHUAcdPxPiEROipbLAoPEJrSEK+hiS4TMY8MshMAdH5Ao31J3qEiC+NEiG0bIH2 9hkCh+VymKWKdEycqvnZDKwLkib2hqstNUASlwQIrMrS8tksJAcUx5SEOKM5A0Le4wj9 fMVQ== X-Forwarded-Encrypted: i=1; AJvYcCWsEU+AI8obr33g8aKeoS+VB9YTEHGuON2mziXVtKrdWk8brD8YR/ATdeazxv0kkR9OlQCFjmg3Jw==@kvack.org X-Gm-Message-State: AOJu0Yy3m1XUs9rLyat+KghkcNZgt15TxIs0lVopKeP5m5R2Wyvs+Ctf W2N5b1Ggo+16OqbxaXkUwDPtZfpvqWuQGccrtkVo1ahJu1PfME7ussQ0y25ZpJx+eNRcX0nVrx0 F7m5it3c+Kek5lWG7+DjsB/q+X//zv7Clvv9YS2Q+lU7nM6D8 X-Gm-Gg: ASbGncuzPtNPm25LCgDM6BOPfOEw+zQO6/Sl0wm/rUhonCmGSTyDaBktvf3onEvP85K DMVJUEUdwWQ12qY9XE6f7yT95UxpFO9HgjkADhp+aJz9uQR54te/c8cDkW4xVuFJ9aNrZVZrWYO KHNFeq5Y6fOVZy9C6WDXrbfr8f7fd4dBwKdjvk7M5ZNBGPe9yNLtxvAFS4HbWkvfsBqHCYY/IiI i6DekpUO8hxZKDvqE74cnr1WJw3t5QFp5IIbRCL2Ha/M9PdnYvceuQ0RnpBtKxwpUV9AAbvHysN 6iFAKxgb24Lnmutytozqb01LqsN+TD0f/ZXN/u1t//aVC7zn1t7VlXBUIH7qyz0uZiGKEr6iOHe kA74Bcu0CrPYb3e/RMcF77zDjM8RBNuuNtfQC X-Received: by 2002:a05:600c:3154:b0:43d:36c:f24 with SMTP id 5b1f17b1804b1-4406ab97d6amr138565965e9.13.1745342715349; Tue, 22 Apr 2025 10:25:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGFktvjOJw9MtQ957iwKCDYuBMP9s5b2E7h4EADLtf2ryrYEiq0M4Q5bYb99jVnuXjG8D4LoA== X-Received: by 2002:a05:600c:3154:b0:43d:36c:f24 with SMTP id 5b1f17b1804b1-4406ab97d6amr138565515e9.13.1745342714950; Tue, 22 Apr 2025 10:25:14 -0700 (PDT) Received: from ?IPV6:2003:cb:c731:8700:3969:7786:322:9641? (p200300cbc73187003969778603229641.dip0.t-ipconnect.de. [2003:cb:c731:8700:3969:7786:322:9641]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4406d6db10csm180519755e9.27.2025.04.22.10.25.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Apr 2025 10:25:14 -0700 (PDT) Message-ID: Date: Tue, 22 Apr 2025 19:25:12 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH RFC v7 3/8] security: Export security_inode_init_security_anon for KVM guest_memfd To: Christoph Hellwig , Shivank Garg Cc: seanjc@google.com, vbabka@suse.cz, willy@infradead.org, akpm@linux-foundation.org, shuah@kernel.org, pbonzini@redhat.com, ackerleytng@google.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, pvorel@suse.cz, bfoster@redhat.com, tabba@google.com, vannapurve@google.com, chao.gao@intel.com, bharata@amd.com, nikunj@amd.com, michael.day@amd.com, yan.y.zhao@intel.com, Neeraj.Upadhyay@amd.com, thomas.lendacky@amd.com, michael.roth@amd.com, aik@amd.com, jgg@nvidia.com, kalyazin@amazon.com, peterx@redhat.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-coco@lists.linux.dev, =?UTF-8?Q?Christian_G=C3=B6ttsche?= , Paul Moore References: <20250408112402.181574-1-shivankg@amd.com> <20250408112402.181574-4-shivankg@amd.com> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 6vnd-7UgtLIFnNLcgkgnDWC2sjdqMiU-6CS6vgR5Y6o_1745342715 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: AB3B5180013 X-Stat-Signature: odnjdbdidj1dn8daeta4p9iyht6kz8d3 X-Rspam-User: X-HE-Tag: 1745342718-871955 X-HE-Meta: U2FsdGVkX18QQ6uCuKRohIrkn7uMMWZyNKQyHkgrHwWrtP77HDFknOMednA/nQiOwqxDjvQF1iW+fhBv2sihC7ZUHs48xXhbg+tgCkSbaHyNFQ+M+XH5MmrWz7Et4ClcJ3je3ucGFZUYHtPD25SdeRyFa0flYq2QlfxplwTJ/WnTAhlLt6rDA3TW9KkY2i4Ly1hTCUm0mmtCVG79/FXXpggy4GoQ4h7NUKQsnVxapvgU9bX2zWHrF/gBo2g2ZgOBPA/mlxI0N2Ca7xm4X9G/HTEMai1XLtrY0OUJudA1tBtTHBRWcDI1mft160DHZmm6+Mej77LUDaQBgYS6rN677tmtjV/HEW5kB/mN7kwPzPCTHVP+kuTRKJ/6v3vqjRcfgKxA15gHhKEU2Lpgow/tzd4/DM3NGUojAr+5LhVvtwEBbI0O8qDjJ/SSNw35d0MMAu35jdavfWMBuTHS3XlMo0r55+NvBf56moFB+HmmuwilnwNNFzxptAy5FQcvUa9fUNnRGDxCr07YeMSOzoGLNbTf2GggnjxgSKjTmnmOjM/44LU3hhCAm8D8SKcr4O3czV5HB4n0yA0MuMVWOOnvfJnzSepXJbO3RFqCAHHEVCdk0+RnoieFuMvyi5sF8kjhtMrEaCTHu5uqIWYa88XxcIuML+gr/R1guEQq/YbYrR48YiT9NHTQ3Qs/UYikBQcO96EfnTaGvaU9gThYCCgoB5zgn4q8APiN63f8AfyGf3pi7nCzjGjZJRmdfWCqBmLUPagX68qK/C3Xm5/A9X2Hwx+Bm2EtYJmDKV7obc+UWIdXQjxVJbbYus2wmaXldRYrSQwIV+t2FC5djnYifglU1SZthrIN89Rphqmb9b8VY6WxyVKdrLP53Ju4MP6KQmKkuT8r4+UMhtKwAfpkQVN1/AfMZ/Noxc2h+6f8cezlafV6GIGiKvJXuQKjB6EOJnnUgBQPekNgUnGaiRN2VpY 8QNYcWjF s1zE0/unsu2j9+9jC7AEMyxNJOm8hnSf3S1Zj7EC1vj4S6QB3Wz+1o4p4QlvGkVuUDZjT6nAwt8geIiPOaEY5unDUd/EvYkkyHdjZhCQjmZS1IIeCHHVSgernUaCC+A9tSzLoRrjoYtj0D4yEK7n2sZapEDH8NsscFWzqOnMJipg/ekLPeiLKsZHFvBnAoBdV/+6ITOc4Ev74obtbsSdJTNrU2eCZWlkhSzm840IiuOzFFvZzqm3Zs2GW0ukFnlMkobVt5yzGB193A27I3SQ5ZOwFPeObawkti7/VFabBFQpK7BFhld5via5/mtQHgjYUUDAq6Bf9i2ASo9B8FPcLaY7DxQZRZ7IMXHuIs93MlM5BaOuFYfHKgVxD7f9fUxJ1vLKKat0Y0V7dzes2BHwG3GydnmkKpmD3Tu8UWkwVTu0q1vy9MrdYMvBMcCRTbsGY6TgZKhI0KCzcfJNvpoi0FMLaIQ4l/7fu5QL4VOg12tK0Jp9z7b7VCR0LM4rpOPVuWCl9vKTM07+Bqke/sFfq/dnY8r9z53W9w1AZUE88lZnCHGVumR3rBE/kJCLgEmZDR+bW3WSEQ3KUpirVVnO4d+WH4w/QDuzjNI1nt7mJbANVtl8fj9hjTsBL8VvjflrPn9sZ1Ddd2b0baOZbVZuyB/UfkR1xAfYbAX6B X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 10.04.25 10:41, Christoph Hellwig wrote: > On Tue, Apr 08, 2025 at 11:23:57AM +0000, Shivank Garg wrote: >> KVM guest_memfd is implementing its own inodes to store metadata for >> backing memory using a custom filesystem. This requires the ability to >> initialize anonymous inode using security_inode_init_security_anon(). >> >> As guest_memfd currently resides in the KVM module, we need to export this >> symbol for use outside the core kernel. In the future, guest_memfd might be >> moved to core-mm, at which point the symbols no longer would have to be >> exported. When/if that happens is still unclear. > > This really should be a EXPORT_SYMBOL_GPL, if at all. > > But you really should look into a new interface in anon_inode.c that > can be reused instead of duplicating anonymouns inode logic in kvm.ko. I assume you mean combining the alloc_anon_inode()+ security_inode_init_security_anon(), correct? I can see mm/secretmem.c doing the same thing, so agreed that we're duplicating it. Regarding your other mail, I am also starting to wonder where/why we want security_inode_init_security_anon(). At least for mm/secretmem.c, it was introduced by: commit 2bfe15c5261212130f1a71f32a300bcf426443d4 Author: Christian Göttsche Date: Tue Jan 25 15:33:04 2022 +0100 mm: create security context for memfd_secret inodes Create a security context for the inodes created by memfd_secret(2) via the LSM hook inode_init_security_anon to allow a fine grained control. As secret memory areas can affect hibernation and have a global shared limit access control might be desirable. Signed-off-by: Christian Göttsche Signed-off-by: Paul Moore In combination with Paul's review comment [1] " This seems reasonable to me, and I like the idea of labeling the anon inode as opposed to creating a new set of LSM hooks. If we want to apply access control policy to the memfd_secret() fds we are going to need to attach some sort of LSM state to the inode, we might as well use the mechanism we already have instead of inventing another one. " IIUC, we really only want security_inode_init_security_anon() when there might be interest to have global access control. Given that guest_memfd already shares many similarities with guest_memfd (e.g., pages not swappable/migratable) and might share even more in the future (e.g., directmap removal), I assume that we want the same thing for guest_memfd. Would something like the following seem reasonable? We should be adding some documentation for the new function, and I wonder if S_PRIVATE should actually be cleared for secretmem + guest_memfd (I have no idea what this "fs-internal" flag affects). From 782a6053268d8a2bddf90ba18c008495b0791710 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Tue, 22 Apr 2025 19:22:00 +0200 Subject: [PATCH] tmp Signed-off-by: David Hildenbrand --- fs/anon_inodes.c | 20 ++++++++++++++------ include/linux/fs.h | 1 + mm/secretmem.c | 9 +-------- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 583ac81669c24..ea51fd582deb4 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -55,17 +55,18 @@ static struct file_system_type anon_inode_fs_type = { .kill_sb = kill_anon_super, }; -static struct inode *anon_inode_make_secure_inode( - const char *name, - const struct inode *context_inode) +static struct inode *anon_inode_make_secure_inode(struct super_block *s, + const char *name, const struct inode *context_inode, + bool fs_internal) { struct inode *inode; int error; - inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); + inode = alloc_anon_inode(s); if (IS_ERR(inode)) return inode; - inode->i_flags &= ~S_PRIVATE; + if (!fs_internal) + inode->i_flags &= ~S_PRIVATE; error = security_inode_init_security_anon(inode, &QSTR(name), context_inode); if (error) { @@ -75,6 +76,12 @@ static struct inode *anon_inode_make_secure_inode( return inode; } +struct inode *alloc_anon_secure_inode(struct super_block *s, const char *name) +{ + return anon_inode_make_secure_inode(s, name, NULL, true); +} +EXPORT_SYMBOL_GPL(alloc_anon_secure_inode); + static struct file *__anon_inode_getfile(const char *name, const struct file_operations *fops, void *priv, int flags, @@ -88,7 +95,8 @@ static struct file *__anon_inode_getfile(const char *name, return ERR_PTR(-ENOENT); if (make_inode) { - inode = anon_inode_make_secure_inode(name, context_inode); + inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb, + name, context_inode, false); if (IS_ERR(inode)) { file = ERR_CAST(inode); goto err; diff --git a/include/linux/fs.h b/include/linux/fs.h index 016b0fe1536e3..0fded2e3c661a 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3550,6 +3550,7 @@ extern int simple_write_begin(struct file *file, struct address_space *mapping, extern const struct address_space_operations ram_aops; extern int always_delete_dentry(const struct dentry *); extern struct inode *alloc_anon_inode(struct super_block *); +extern struct inode *alloc_anon_secure_inode(struct super_block *, const char *); extern int simple_nosetlease(struct file *, int, struct file_lease **, void **); extern const struct dentry_operations simple_dentry_operations; diff --git a/mm/secretmem.c b/mm/secretmem.c index 1b0a214ee5580..c0e459e58cb65 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -195,18 +195,11 @@ static struct file *secretmem_file_create(unsigned long flags) struct file *file; struct inode *inode; const char *anon_name = "[secretmem]"; - int err; - inode = alloc_anon_inode(secretmem_mnt->mnt_sb); + inode = alloc_anon_secure_inode(secretmem_mnt->mnt_sb, anon_name); if (IS_ERR(inode)) return ERR_CAST(inode); - err = security_inode_init_security_anon(inode, &QSTR(anon_name), NULL); - if (err) { - file = ERR_PTR(err); - goto err_free_inode; - } - file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem", O_RDWR, &secretmem_fops); if (IS_ERR(file)) -- 2.49.0 [1] https://lore.kernel.org/lkml/CAHC9VhSdGeZ9x-0Hvk9mE=YMXbpk-tC5Ek+uGFGq5U+51qjChw@mail.gmail.com/ -- Cheers, David / dhildenb