On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > Don't use the cred->security pointer directly. > Provide a helper function that provides the security blob pointer. > > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Like smack, this seems to be largely: s/$identifier->security/selinux_cred($identifier)/ s/current_security()/selinux_cred(current_cred())/ Is that right? The one __task_cred() use seemed to be fully contained under rcu read lock. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security