[selinuxproject-selinux:stable-5.15 1/1] include/linux/rcupdate.h:395:2: warning: passing argument 1 of 'security_locked_down' discards 'const' qualifier from pointer target type

Paul Moore paul at paul-moore.com
Thu Sep 16 14:07:12 UTC 2021


On Thu, Sep 16, 2021 at 8:22 AM Ondrej Mosnacek <omosnace at redhat.com> wrote:
> On Thu, Sep 16, 2021 at 2:08 PM kernel test robot <lkp at intel.com> wrote:
> > tree:   https://github.com/SELinuxProject/selinux-kernel stable-5.15
> > head:   c491f0a471580712a4254adece400c3ebb3d8e44
> > commit: c491f0a471580712a4254adece400c3ebb3d8e44 [1/1] lockdown,selinux: fix wrong subject in some SELinux lockdown checks
> > config: um-x86_64_defconfig (attached as .config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > reproduce (this is a W=1 build):
> >         # https://github.com/SELinuxProject/selinux-kernel/commit/c491f0a471580712a4254adece400c3ebb3d8e44
> >         git remote add selinuxproject-selinux https://github.com/SELinuxProject/selinux-kernel
> >         git fetch --no-tags selinuxproject-selinux stable-5.15
> >         git checkout c491f0a471580712a4254adece400c3ebb3d8e44
> >         # save the attached .config to linux build tree
> >         make W=1 ARCH=um SUBARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp at intel.com>
> >
> > All warnings (new ones prefixed by >>):
> >
> >    In file included from include/linux/rbtree.h:24,
> >                     from include/linux/mm_types.h:10,
> >                     from include/linux/mmzone.h:21,
> >                     from include/linux/gfp.h:6,
> >                     from include/linux/mm.h:10,
> >                     from drivers/char/mem.c:12:
> >    drivers/char/mem.c: In function 'open_port':
> > >> include/linux/rcupdate.h:395:2: warning: passing argument 1 of 'security_locked_down' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
> >      395 | ({ \
> >          | ~^~~
> >      396 |  RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      397 |  rcu_check_sparse(p, space); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      398 |  ((typeof(*p) __force __kernel *)(p)); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      399 | })
> >          | ~~
> >    include/linux/rcupdate.h:587:2: note: in expansion of macro '__rcu_dereference_protected'
> >      587 |  __rcu_dereference_protected((p), (c), __rcu)
> >          |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> >    include/linux/cred.h:299:2: note: in expansion of macro 'rcu_dereference_protected'
> >      299 |  rcu_dereference_protected(current->cred, 1)
> >          |  ^~~~~~~~~~~~~~~~~~~~~~~~~
> >    drivers/char/mem.c:620:28: note: in expansion of macro 'current_cred'
> >      620 |  rc = security_locked_down(current_cred(), LOCKDOWN_DEV_MEM);
> >          |                            ^~~~~~~~~~~~
> >    In file included from include/linux/fs_context.h:14,
> >                     from include/linux/fs_parser.h:11,
> >                     from include/linux/shmem_fs.h:11,
> >                     from drivers/char/mem.c:25:
> >    include/linux/security.h:1347:53: note: expected 'struct cred *' but argument is of type 'const struct cred *'
> >     1347 | static inline int security_locked_down(struct cred *cred, enum lockdown_reason what)
> >          |                                        ~~~~~~~~~~~~~^~~~
>
> Ah, I forgot to add the const qualifier to the function definition in
> the CONFIG_SECURITY=n branch... Paul, will you amend the commit or
> should I send an updated patch?

This patch is cursed.  I had to hack up a fixup patch to test this in
my Rawhide test automation last night too; evidently Rawhide carries
an out-of-tree lockdown patch which results in some merge rejects.

Sigh.

Yes, the quickest path is for me to just fix up the dummy function and
do a force-push (grrrrrr) back on top of selinux/stable-5.15.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list