kernel/linux.git/fs/overlayfs/file.c, branch v7.1Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v7.12026-04-03T20:53:50+00:00lsm: add backing_file LSM hooks2026-04-03T20:53:50+00:00Paul Moorepaul@paul-moore.com2025-12-19T18:18:22+00:00urn:sha1:6af36aeb147a06dea47c49859cd6ca5659aeb987
Stacked filesystems such as overlayfs do not currently provide the
necessary mechanisms for LSMs to properly enforce access controls on the
mmap() and mprotect() operations. In order to resolve this gap, a LSM
security blob is being added to the backing_file struct and the following
new LSM hooks are being created:
security_backing_file_alloc()
security_backing_file_free()
security_mmap_backing_file()
The first two hooks are to manage the lifecycle of the LSM security blob
in the backing_file struct, while the third provides a new mmap() access
control point for the underlying backing file. It is also expected that
LSMs will likely want to update their security_file_mprotect() callback
to address issues with their mprotect() controls, but that does not
require a change to the security_file_mprotect() LSM hook.
There are a three other small changes to support these new LSM hooks:
* Pass the user file associated with a backing file down to
alloc_empty_backing_file() so it can be included in the
security_backing_file_alloc() hook.
* Add getter and setter functions for the backing_file struct LSM blob
as the backing_file struct remains private to fs/file_table.c.
* Constify the file struct field in the LSM common_audit_data struct to
better support LSMs that need to pass a const file struct pointer into
the common LSM audit code.
Thanks to Arnd Bergmann for identifying the missing EXPORT_SYMBOL_GPL()
and supplying a fixup.
Cc: stable@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-unionfs@vger.kernel.org
Cc: linux-erofs@lists.ozlabs.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument2026-02-22T01:09:51+00:00Linus Torvaldstorvalds@linux-foundation.org2026-02-22T00:37:42+00:00urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43
This was done entirely with mindless brute force, using
git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' |
xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/'
to convert the new alloc_obj() users that had a simple GFP_KERNEL
argument to just drop that argument.
Note that due to the extreme simplicity of the scripting, any slightly
more complex cases spread over multiple lines would not be triggered:
they definitely exist, but this covers the vast bulk of the cases, and
the resulting diff is also then easier to check automatically.
For the same reason the 'flex' versions will be done as a separate
conversion.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
treewide: Replace kmalloc with kmalloc_obj for non-scalar types2026-02-21T09:02:28+00:00Kees Cookkees@kernel.org2026-02-21T07:49:23+00:00urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:
Single allocations: kmalloc(sizeof(TYPE), ...)
are replaced with: kmalloc_obj(TYPE, ...)
Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with: kmalloc_objs(TYPE, COUNT, ...)
Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...)
(where TYPE may also be *VAR)
The resulting allocations no longer return "void *", instead returning
"TYPE *".
Signed-off-by: Kees Cook <kees@kernel.org>
overlayfs: add setlease file operation2026-01-12T09:55:47+00:00Jeff Laytonjlayton@kernel.org2026-01-08T17:13:12+00:00urn:sha1:94a3f60af5dca72fffc041a64d4c3de5a066f98e
Add the setlease file_operation to ovl_file_operations and
ovl_dir_operations, pointing to generic_setlease. A future patch will
change the default behavior to reject lease attempts with -EINVAL when
there is no setlease file operation defined. Add generic_setlease to
retain the ability to set leases on this filesystem.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://patch.msgid.link/20260108-setlease-6-20-v1-17-ea4dec9b67fa@kernel.org
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_copyfile() to cred guard2025-11-19T20:58:24+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:34:07+00:00urn:sha1:14d35fda5b1139bacefb47c69f083fe2cfad211b
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-36-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_flush() to cred guard2025-11-19T20:58:21+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:33:43+00:00urn:sha1:9763970984511861505a88b038dbee2c8c5e1623
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-12-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_fadvise() to cred guard2025-11-19T20:58:21+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:33:42+00:00urn:sha1:8e8f4df93c1d32e57e3d6cb7ac8233c959423597
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-11-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_fallocate() to cred guard2025-11-19T20:58:21+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:33:41+00:00urn:sha1:2468017783027a9fb90fcb336094cc7c880f46ed
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-10-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_fsync() to cred guard2025-11-19T20:58:21+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:33:40+00:00urn:sha1:07a891c34676205a12caa002b22d30e6d9bed49d
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-9-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ovl: port ovl_llseek() to cred guard2025-11-19T20:58:20+00:00Christian Braunerbrauner@kernel.org2025-11-17T09:33:39+00:00urn:sha1:1fc4bc77c7865732694c6d32c98d990b2b1cddc8
Use the scoped ovl cred guard.
Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-v4-8-b31603935724@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>