On Thu, Jan 27, 2022 at 12:14 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Thu, Jan 27, 2022 at 4:57 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > In the process of removing an explicit type cast to preserve a cred
> > const qualifier in cred_init_security() we ran into a problem where
> > the task_struct::real_cred field is defined with the "__rcu"
> > attribute but the selinux_cred() function parameter is not, leading
> > to a sparse warning:
> >
> > security/selinux/hooks.c:216:36: sparse: sparse:
> > incorrect type in argument 1 (different address spaces)
> > @@ expected struct cred const *cred
> > @@ got struct cred const [noderef] __rcu *real_cred
> >
> > As we don't want to add the "__rcu" attribute to the selinux_cred()
> > parameter, we're going to add an explicit cast back to
> > cred_init_security().
> >
> > Fixes: b084e189b01a ("selinux: simplify cred_init_security")
> > Reported-by: kernel test robot <lkp@xxxxxxxxx>
> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > ---
> > security/selinux/hooks.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index eae7dbd62df1..c057896e7dcd 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -213,7 +213,7 @@ static void cred_init_security(void)
> > {
> > struct task_security_struct *tsec;
> >
> > - tsec = selinux_cred(current->real_cred);
> > + tsec = selinux_cred((__force const struct cred *)current->real_cred);
> > tsec->osid = tsec->sid = SECINITSID_KERNEL;
> > }
>
> How about using unrcu_pointer() instead of the cast? It seems to do
> effectively the same while looking less ugly :)
Ah ha! I didn't know that function/macro existed :)
I'm stuck in meetings most of the rest of today but I'll get out a v2
as soon as I can. Thanks.
--
paul-moore.com
