From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B7387C7115B
	for <linux-mm@archiver.kernel.org>; Thu, 19 Jun 2025 12:19:39 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 5CA186B007B; Thu, 19 Jun 2025 08:19:39 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 579A76B008A; Thu, 19 Jun 2025 08:19:39 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 468B26B0093; Thu, 19 Jun 2025 08:19:39 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 329F36B007B
	for <linux-mm@kvack.org>; Thu, 19 Jun 2025 08:19:39 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 05FA4160F03
	for <linux-mm@kvack.org>; Thu, 19 Jun 2025 12:19:39 +0000 (UTC)
X-FDA: 83572056078.03.A618602
Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])
	by imf04.hostedemail.com (Postfix) with ESMTP id 3F2EF4000A
	for <linux-mm@kvack.org>; Thu, 19 Jun 2025 12:19:37 +0000 (UTC)
Authentication-Results: imf04.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=NbrveWT3;
	spf=pass (imf04.hostedemail.com: domain of rppt@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=rppt@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750335577; a=rsa-sha256;
	cv=none;
	b=8givohgMHw9Thd6uj8RCpjbvewSc4uSfU5Y1nOwPBg3VYInHiZ2VJlzjLbOtCdBYK6NIsK
	6lwqFiyFm4QKxpHaGb9hhv1a/otRB5j0XdSEtUOQe48X4ZGY46d/Aszwz8fhcDYKEdsfz1
	IK/2tuciFV/uhKxJZsF5WOjX/AI4As8=
ARC-Authentication-Results: i=1;
	imf04.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=NbrveWT3;
	spf=pass (imf04.hostedemail.com: domain of rppt@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=rppt@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1750335577;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=BD62gBZriyH4uzIVxNy82ufA9QnQHey2uMZDBKyarRA=;
	b=V5NE9cr1PXooJCVhvJfrSrggnl3rhRStQwRuZl675FdqR1tD/vw0/oLcDJirrA7M0CknOR
	ts+A+HkgYvdp3qpq/muye0pA2M9+/uevOvhN8K0wUnOgRiM8a2ZmjSonhT6J5oocwNGf3R
	RJOplo6GIljYCRwdM/l4yzzdaDRnNfQ=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by sea.source.kernel.org (Postfix) with ESMTP id CB18C49C86;
	Thu, 19 Jun 2025 12:19:35 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C377C4CEEA;
	Thu, 19 Jun 2025 12:19:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1750335575;
	bh=bWucXohm5UQliw0jgNdes75056dCx0VKGA2x7BaDfjk=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=NbrveWT3Ix1MhEG9PoRbqXv+NwtVpookYbG87CTowWUM78ftAPSq3WhwrvGffRsly
	 Ss3Of6FJDub6bzJagswOrvX0zhzFraXBQAo6+pCbQ29lZIaFHTe1afbHVg3pSVSYsw
	 nULaNztFF7DU160x9Wv/KV9OwfOJ9XriFpBXA+6HQdEi4/fAaY2eKtmRP6+hst7AgQ
	 Yhl6G6+hp0fP/NPzVW2ZUwo0y+OF8szvwQrClId6cEIilOm3pDahCRqgupYlBepxhy
	 HelF+ftHLlfEQKrvP1AsVqknQbnT0Njhsfr8JeZbgI/5tXAOXxrfg7OZV0klKur9sX
	 vfWnJXwi5dYNg==
Date: Thu, 19 Jun 2025 15:19:25 +0300
From: Mike Rapoport <rppt@kernel.org>
To: Christian Brauner <brauner@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>, Shivank Garg <shivankg@amd.com>,
	david@redhat.com, akpm@linux-foundation.org, paul@paul-moore.com,
	viro@zeniv.linux.org.uk, seanjc@google.com, willy@infradead.org,
	pbonzini@redhat.com, tabba@google.com, afranji@google.com,
	ackerleytng@google.com, jack@suse.cz, hch@infradead.org,
	cgzones@googlemail.com, ira.weiny@intel.com, roypat@amazon.co.uk,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH] fs: export anon_inode_make_secure_inode() and fix
 secretmem LSM bypass
Message-ID: <aFQATWEX2h4LaQZb@kernel.org>
References: <20250619073136.506022-2-shivankg@amd.com>
 <da5316a7-eee3-4c96-83dd-78ae9f3e0117@suse.cz>
 <20250619-fixpunkt-querfeldein-53eb22d0135f@brauner>
 <aFPuAi8tPcmsbTF4@kernel.org>
 <20250619-ablichten-korpulent-0efe2ddd0ee6@brauner>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20250619-ablichten-korpulent-0efe2ddd0ee6@brauner>
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 3F2EF4000A
X-Stat-Signature: aysqachriwoofxwc4bat7y9uhyjt6bnu
X-Rspam-User: 
X-HE-Tag: 1750335577-444705
X-HE-Meta: U2FsdGVkX1/AWe33xJnYxfWEaDN8VUX9YEtp6cDt4aspWluJQcX5p5oo4cJcjaECTZ1wgAnQSqA8sSO9jZYhQ8wqj1QV+qypyr/U931m8ue7TFKP4/nJlj5/VqALHQfv/F/dRvOpr6jrnmNyJ6p5aHIIQDud/SVBcTUa5+R8HILQAGImkx6fj+tfslAUe5pPb5klnS6sVvzW1zzvjl8FvJ7e5/uusonFtQsyw+9IyeI5p0GdVcwYHr1nrApce9uLKSZDP1JBKvJpteXTy6ULxHUd4yYgAmht+E3uoSDwFjXee82HvDfxj+poH43f5AqQXQ3D2yqGrClwQUCxemtD7z/whaXn3xuxp6bx1G9uUHd/vWwKO8mTpffH8W8e/lR/wXJu5vwQCAOagL/Hx0Nwsi9NfeLaBvkdD71ickCSgvDNSw2qinbYtok7kSHZ3V+6JrujVl7Pmcuu64lrM0aURr2o7uFTgidbeXj0pAwl6/rtKkQqM/M6n4OfvJMRv8Vwc0dfCvWIoGxrcaltOyI8gPtRPGQoLcAVR22FCG97t4s5GD2x8JkSYis1PSnNS6UDl22HCaprNkzb4friJvUFpwxWDXOcEiDu+sEkkYqHGBkUxIT/whvGVViOHizVT3yvBU0Ld1jAIfC1G7mBxbJeqP/TK7vsu22QUiK4vYI7X8KzTCyyIxReNreMSv71rixZJn6xN5cRjaQx5gjHR50nOy7IAnCJJkgWzQaOq2NaQKLJKoDVF1eGEcy23gmBnBFYxEPva8JyOZPuR6Dyo6xLXuQcS8zifmhWZWazYh9ypUa9QZzPUrn723AVhRwpBtGRsPonciVamAQNcgNxcEbz3mT5szqlX2vPuuG/ATFG8/IUcKCstEvm2C6GmkNd9alpCgcDhkPsuwmUhnnfqvaCFW/KgqU5uqLsstaAz9jiEWu/rr5E2ZhpsbhXcBnoQezLMN+9yAXXSzJSDpWBCts
 nehEEeuY
 eEIuLdOkiCc2XnpWrs16if1pfW/sPGFUThdp9Y1ig1vg8ymfKabI3pv9e87Gep2lFsb3WcvbuWPwwgWJWcJJhdNfAgPW58ykpzBYLhq2NwvQVPpDFHuqpVHbpog8BCjrp7cwmP7jHQ3KenEiCHJ/182KyReWacnre6jfEpV7Umow9ZbatTcuuAjUQdswGS+HS3YUPsJygFLkjqKxxahQmxmkyhfK5YftpJn77SQToYw0MKQfRHjMZlT7tVWCQxslnb5gyKgd5GPHVQS4/u5QrH8eWUa20LzCg5RBhnYUliwiRWJa26xsBp75+jQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Jun 19, 2025 at 02:06:17PM +0200, Christian Brauner wrote:
> On Thu, Jun 19, 2025 at 02:01:22PM +0300, Mike Rapoport wrote:
> > On Thu, Jun 19, 2025 at 12:38:25PM +0200, Christian Brauner wrote:
> > > On Thu, Jun 19, 2025 at 11:13:49AM +0200, Vlastimil Babka wrote:
> > > > On 6/19/25 09:31, Shivank Garg wrote:
> > > > > Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create
> > > > > anonymous inodes with proper security context. This replaces the current
> > > > > pattern of calling alloc_anon_inode() followed by
> > > > > inode_init_security_anon() for creating security context manually.
> > > > > 
> > > > > This change also fixes a security regression in secretmem where the
> > > > > S_PRIVATE flag was not cleared after alloc_anon_inode(), causing
> > > > > LSM/SELinux checks to be bypassed for secretmem file descriptors.
> > > > > 
> > > > > As guest_memfd currently resides in the KVM module, we need to export this
> > > > 
> > > > Could we use the new EXPORT_SYMBOL_GPL_FOR_MODULES() thingy to make this
> > > > explicit for KVM?
> > > 
> > > Oh? Enlighten me about that, if you have a second, please. 
> > 
> > From Documentation/core-api/symbol-namespaces.rst:
> > 
> > The macro takes a comma separated list of module names, allowing only those
> > modules to access this symbol. Simple tail-globs are supported.
> > 
> > For example::
> > 
> >   EXPORT_SYMBOL_GPL_FOR_MODULES(preempt_notifier_inc, "kvm,kvm-*")
> > 
> > will limit usage of this symbol to modules whoes name matches the given
> > patterns.
> 
> Is that still mostly advisory and can still be easily circumenvented?

The commit message says

   will limit the use of said function to kvm.ko, any other module trying
   to use this symbol will refure to load (and get modpost build
   failures).
 
-- 
Sincerely yours,
Mike.