lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3fdab328-dda3-4685-b5a9-3aba2a40621c@amd.com>
Date: Fri, 27 Jun 2025 01:16:04 +0530
From: Shivank Garg <shivankg@....com>
To: Vlastimil Babka <vbabka@...e.cz>, David Hildenbrand <david@...hat.com>,
 akpm@...ux-foundation.org, brauner@...nel.org, paul@...l-moore.com,
 rppt@...nel.org, viro@...iv.linux.org.uk
Cc: seanjc@...gle.com, willy@...radead.org, pbonzini@...hat.com,
 tabba@...gle.com, afranji@...gle.com, ackerleytng@...gle.com, jack@...e.cz,
 hch@...radead.org, cgzones@...glemail.com, ira.weiny@...el.com,
 roypat@...zon.co.uk, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH V2] fs: export anon_inode_make_secure_inode() and fix
 secretmem LSM bypass



On 6/23/2025 7:58 PM, Vlastimil Babka wrote:
> On 6/23/25 16:13, Vlastimil Babka wrote:
>> On 6/23/25 16:08, Shivank Garg wrote:
>>>
>>>
>>>>
>>>> In general, LGTM, but I think the actual fix should be separated from exporting it for guest_memfd purposes?
>>>>
>>>> Also makes backporting easier, when EXPORT_SYMBOL_GPL_FOR_MODULES does not exist yet ...
>>>>
>>> I agree. I did not think about backporting conflicts when sending the patch.
>>>
>>> Christian, I can send it as 2 separate patches to make it easier?
>>
>> The proper way is to send the fix without the export, and then add the
>> export only when adding its user.
> 
> Note: AFAIU either way the new user would be depending on a patch in a vfs
> tree (maybe scheduled for an 6.16 rc and not the next merge window?) if
> that's an issue for the development.

Thanks Vlastimil.

I have sent a revised patch [1] without EXPORT. The EXPORT can be added later through
the KVM tree with the guest_memfd changes. Hopefully, anon_inode_make_secure_inode() change
will be merged by then.

Christian, could you please replace the current patch with V3 [1]? And Would you also
be willing to provide your Acked-by when EXPORT_SYMBOL_GPL_FOR_MODULES change addition
is submitted later?

Thank you for the patience and review :)

[1] https://lore.kernel.org/all/20250626191425.9645-5-shivankg@amd.com

Best Regards,
Shivank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ