[PATCH] lsm: use unrcu_pointer() for current->cred in security_init()
Paul Moore
paul at paul-moore.com
Wed Nov 19 15:36:03 UTC 2025
On Tue, Nov 18, 2025 at 10:49 PM Xiujianfeng
<xiujianfeng at huaweicloud.com> wrote:
> On 11/19/2025 8:28 AM, Paul Moore wrote:
> > We need to directly allocate the cred's LSM state for the initial task
> > when we initialize the LSM framework. Unfortunately, this results in a
> > RCU related type mismatch, use the unrcu_pointer() macro to handle this
> > a bit more elegantly.
> >
> > The explicit type casting still remains as we need to work around the
> > constification of current->cred in this particular case.
> >
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> > security/lsm_init.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/security/lsm_init.c b/security/lsm_init.c
> > index 6bb67d41ce52..4dec9199e4c2 100644
> > --- a/security/lsm_init.c
> > +++ b/security/lsm_init.c
> > @@ -467,7 +467,8 @@ int __init security_init(void)
> > blob_sizes.lbs_inode, 0,
> > SLAB_PANIC, NULL);
> >
> > - if (lsm_cred_alloc((struct cred __rcu *)current->cred, GFP_KERNEL))
> > + if (lsm_cred_alloc(unrcu_pointer((struct cred __rcu *)current->cred),
> > + GFP_KERNEL))
>
> Since the casting from const to non-const is inevitable, why not
> directly cast it to (struct cred *)?
I like having the call to the unrcu_pointer() macro as it helps bring
attention to this corner case should things change in the task_struct,
however, I do think you have a point about moving the cast to *after*
the unrcu_pointer() call as we could so a simpler "(struct cred *)"
cast.
v2 coming shortly.
> > panic("early LSM cred alloc failed\n");
> > if (lsm_task_alloc(current))
> > panic("early LSM task alloc failed\n");
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list