Merge tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull lsm fix from Paul Moore: "A single LSM patch to add a missing credential mutex lock to the lsm_set_self_attr(2) syscall so it behaves similar to the associated procfs API and avoids issues with ptrace" * tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: lsm: hold cred_guard_mutex for lsm_set_self_attr()
author: Linus Torvalds <torvalds@linux-foundation.org> 2026-05-19 15:31:35 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2026-05-19 15:31:35 -0500
commit: e312f536f647156ac55e2f12d021cf887af274aa (patch)
tree: cb66bd06492459f9e291ef045effef4927b24744
parent: 27fa82620cbaa89a7fc11ac3057701d598813e87 (diff)
parent: 4a9b16541ad3faf8bccb398532bf3f8b6bbf1188 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c
index 5648b1f0ce9c..08a017669c02 100644
--- a/security/lsm_syscalls.c
+++ b/security/lsm_syscalls.c
@@ -57,7 +57,14 @@ u64 lsm_name_to_attr(const char *name)
 SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
 		ctx, u32, size, u32, flags)
 {
-	return security_setselfattr(attr, ctx, size, flags);
+	int rc;
+
+	rc = mutex_lock_interruptible(&current->signal->cred_guard_mutex);
+	if (rc < 0)
+		return rc;
+	rc = security_setselfattr(attr, ctx, size, flags);
+	mutex_unlock(&current->signal->cred_guard_mutex);
+	return rc;
 }
 
 /**
author	Linus Torvalds <torvalds@linux-foundation.org>	2026-05-19 15:31:35 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2026-05-19 15:31:35 -0500
commit	e312f536f647156ac55e2f12d021cf887af274aa (patch)
tree	cb66bd06492459f9e291ef045effef4927b24744
parent	27fa82620cbaa89a7fc11ac3057701d598813e87 (diff)
parent	4a9b16541ad3faf8bccb398532bf3f8b6bbf1188 (diff)