lsm/stable-7.1 PR 20260519

-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmoMpZAUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNJ2xAAk2PLXepc0tY306zUsgSF92V58tTs
 eI+TBppUC6cSISo63ym40Nv+fQTB9HyEVX5GXxOqjIxh9terD1UEWWUV4Idfi85t
 UP00AklRB6xrAA7rmPy/u7QYNPM8HRecFB+7jLsV19FRujKGLJCHfZjj/CmLQZaN
 KBHakQl4qD6eng1bST9S1WbUe3pr2YwujlBizE5+gHWdtx5+ElVoTWGlYNnAsfNh
 PZzl0PPAPCEcfUljl2gVpW6zgxqVvsB/HI63DU/bE7XYQ8T+pzw52ghffIIbQits
 1t5BGPfdgt1vXGk73QTl69Pk4wc3niaH/gM/80pfzEevHVEu9dcn6hu6yULlGkjz
 P3d/AacCjc4e1O2Jt3QoYBNfmkv5ceIEByKiX2SScNE8bHYI16jkmWj+MR0NA9PC
 9CxL+AhWzx8R1nGEUl+zNnzyVZPpFqJb5B8dZ+xxPHwPZev6pGjpKH00ZqLLzV2n
 PQce1Y8jzIGVSCQpJJvrnYiNg4quEKQ3wCI6hnPNxPgBN4U6dGRQ0fU1K/coG2o2
 1YXwIktKJRNR0cB8rEqXMnoGxR9q0JsDanpMB9tH3XKCU4kpfTkp40lpvtF2z2SB
 K9zSVvd3otQmbiKwD+rDoIoZJc97ZhYDADAKsixNh/Mnn1eTQF8L8FxBEcmIvrCX
 ZnS/KWRrxoAqYnc=
 =yDvf
 -----END PGP SIGNATURE-----

Merge tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull lsm fix from Paul Moore:
 "A single LSM patch to add a missing credential mutex lock to the
  lsm_set_self_attr(2) syscall so it behaves similar to the associated
  procfs API and avoids issues with ptrace"

* tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  lsm: hold cred_guard_mutex for lsm_set_self_attr()

security/lsm_syscalls.c

@@ -57,7 +57,14 @@ u64 lsm_name_to_attr(const char *name)
 SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
 		ctx, u32, size, u32, flags)
 {
-	return security_setselfattr(attr, ctx, size, flags);
+	int rc;
+
+	rc = mutex_lock_interruptible(&current->signal->cred_guard_mutex);
+	if (rc < 0)
+		return rc;
+	rc = security_setselfattr(attr, ctx, size, flags);
+	mutex_unlock(&current->signal->cred_guard_mutex);
+	return rc;
 }
 
 /**