[GIT PULL] lsm/lsm-pr-20260410

public inbox for linux-security-module@vger.kernel.org
 help / color / mirror / Atom feed

* [GIT PULL] lsm/lsm-pr-20260410
@ 2026-04-10 23:26 Paul Moore
  2026-04-10 23:28 ` Paul Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Paul Moore @ 2026-04-10 23:26 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: linux-security-module, linux-kernel

Linus,

We only have five patches in the LSM tree, but three of the five are for
an important bugfix relating to overlayfs and the mmap() and mprotect()
access controls for LSMs.  Highlights below:

- Fix problems with the mmap() and mprotect() LSM hooks on overlayfs

As we are dealing with problems both in mmap() and mprotect() there are
essentially two components to this fix, spread across three patches with
all marked for stable.

The simplest portion of the fix is the creation of a new LSM hook,
security_mmap_backing_file(), that is used to enforce LSM mmap() access
controls on backing files in the stacked/overlayfs case.  The existing
security_mmap_file() does not have visibility past the user file.  You
can see from the associated SELinux hook callback the code is fairly
straightforward.

The mprotect() fix is a bit more complicated as there is no way in the
mprotect() code path to inspect both the user and backing files, and
bolting on a second file reference to vm_area_struct wasn't really an
option.  The solution taken here adds a LSM security blob and associated
hooks to the backing_file struct that LSMs can use to capture and store
relevant information from the user file.  While the necessary SELinux
information is relatively small, a single u32, I expect other LSMs to
require more than that, and a dedicated backing_file LSM blob provides
a storage mechanism without negatively impacting other filesystems.

I want to note that other LSMs beyond SELinux have been involved in the
discussion of the fixes presented here and they are working on their own
related changes using these new hooks, but due to other issues those
patches will be coming at a later date.

- Use kstrdup_const()/kfree_const() for securityfs symlink targets

- Resolve a handful of kernel-doc warnings in cred.h

Paul

--
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:

  Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
    tags/lsm-pr-20260410

for you to fetch changes up to 82544d36b1729153c8aeb179e84750f0c085d3b1:

  selinux: fix overlayfs mmap() and mprotect() access checks
    (2026-04-03 16:53:50 -0400)

----------------------------------------------------------------
lsm/stable-7.1 PR 20260410
----------------------------------------------------------------

Amir Goldstein (1):
      fs: prepare for adding LSM blob to backing_file

Dmitry Antipov (1):
      securityfs: use kstrdup_const() to manage symlink targets

Paul Moore (2):
      lsm: add backing_file LSM hooks
      selinux: fix overlayfs mmap() and mprotect() access checks

Randy Dunlap (1):
      cred: fix kernel-doc warnings in cred.h

 fs/backing-file.c                 |   18 +-
 fs/erofs/ishare.c                 |   10 +
 fs/file_table.c                   |   43 ++++-
 fs/fuse/passthrough.c             |    2 
 fs/internal.h                     |    3 
 fs/overlayfs/dir.c                |    2 
 fs/overlayfs/file.c               |    2 
 include/linux/backing-file.h      |    4 
 include/linux/cred.h              |   10 -
 include/linux/fs.h                |   13 +
 include/linux/lsm_audit.h         |    2 
 include/linux/lsm_hook_defs.h     |    5 
 include/linux/lsm_hooks.h         |    1 
 include/linux/security.h          |   22 ++
 security/inode.c                  |   10 -
 security/lsm.h                    |    1 
 security/lsm_init.c               |    9 +
 security/security.c               |  102 +++++++++++
 security/selinux/hooks.c          |  256 +++++++++++++++++++++---------
 security/selinux/include/objsec.h |   11 +
 20 files changed, 431 insertions(+), 95 deletions(-)

--
paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [GIT PULL] lsm/lsm-pr-20260410
  2026-04-10 23:26 [GIT PULL] lsm/lsm-pr-20260410 Paul Moore
@ 2026-04-10 23:28 ` Paul Moore
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2026-04-10 23:28 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: linux-security-module, linux-kernel

On Fri, Apr 10, 2026 at 7:26 PM Paul Moore <paul@paul-moore.com> wrote:
>
> - Fix problems with the mmap() and mprotect() LSM hooks on overlayfs

I forgot to add that you may see a minor merge conflict with the VFS
tree, but based on what was seen in linux-next it was trivial and
easily resolved.  I know you prefer to resolve those yourself, but if
you need a rebased branch/pull-request let me know.

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-04-10 23:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-10 23:26 [GIT PULL] lsm/lsm-pr-20260410 Paul Moore
2026-04-10 23:28 ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox