[PATCH stable/linux-5.10.y 0/7] Backport Fix incorrect overlayfs mmap() and mprotect() LSM access controls

Next message: Krzysztof Kozlowski: "Re: [PATCH v6 06/17] pinctrl: airoha: an7583: fix muxing of non-gpio default pins"
Previous message: Santhosh Kumar K: "[PATCH 1/2] dt-bindings: memory: Add TI FSS_FSAS binding"
Next in thread: Cai Xinchen: "[PATCH stable/linux-5.10.y 1/7] ovl: pass layer mnt to ovl_open_realfile()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Cai Xinchen

Date: Mon Jun 29 2026 - 02:44:40 EST

ackport the patch series
"Fix incorrect overlayfs mmap() and mprotect() LSM access controls" [1]
to 5.10 lts

I test selinux-testsuite[2] overlay test, it pass 135 tests.

[1] https://lore.kernel.org/all/20260403030848.731867-5-paul@xxxxxxxxxxxxxx/
[2] https://github.com/SELinuxProject/selinux-testsuite

Amir Goldstein (4):
ovl: pass layer mnt to ovl_open_realfile()
fs: move kmem_cache_zalloc() into alloc_empty_file*() helpers
fs: use backing_file container for internal files with "fake" f_path
fs: prepare for adding LSM blob to backing_file

Khadija Kamran (1):
lsm: constify the 'file' parameter in security_binder_transfer_file()

Paul Moore (2):
lsm: add backing_file LSM hooks
selinux: fix overlayfs mmap() and mprotect() access checks

fs/file_table.c | 125 +++++++++++++--
fs/internal.h | 6 +-
fs/open.c | 46 ++++--
fs/overlayfs/file.c | 32 ++--
fs/overlayfs/overlayfs.h | 1 +
fs/overlayfs/util.c | 14 ++
include/linux/fs.h | 46 +++++-
include/linux/lsm_audit.h | 2 +-
include/linux/lsm_hook_defs.h | 7 +-
include/linux/lsm_hooks.h | 1 +
include/linux/security.h | 26 ++-
security/security.c | 112 ++++++++++++-
security/selinux/hooks.c | 252 ++++++++++++++++++++++--------
security/selinux/include/objsec.h | 11 ++
14 files changed, 560 insertions(+), 121 deletions(-)

--
2.18.0.huawei.25