[GIT PULL] Block fixes for 6.18-rc3
Linus Torvalds
torvalds at linux-foundation.org
Sun Oct 26 22:57:28 UTC 2025
On Sun, 26 Oct 2025 at 14:10, Serge E. Hallyn <serge at hallyn.com> wrote:
>
> The keychains are all NULL and won't be allocated (by init) without
> copying a new cred, right?
Right. As mentioned, 'struct init_cred' really should be 'const' -
it's not *technically* really constant, because the reference counting
casts away the const, but refs are designed to be copy-on-write apart
from the reference counting.
So whenever you change it, that's when you are supposed to always copy
things. So that prepare_kernel_cred() thing exists for a good reason.
But the pattern here in nbd (and the other three usage cases I found)
is really just "use the kernel creds as-is".
They don't even need any reference counting as long as they can just
rely on the cred staying around for the duration of the use - which
obviously is the case for init_cred.
> Now, in theory, some LSM *could* come by and try to merge
> current's info with init's, but that would probably be misguided.
>
> So this does seem like it should work.
Yeah, I can't see how any LSM could possibly do anything about
init_cred - it really ends up being the source of all other creds. You
can't really validly mess with it or deny it anything.
Linus
More information about the Linux-security-module-archive
mailing list