lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 16 Sep 2021 10:07:12 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Ondrej Mosnacek <omosnace@...hat.com>
Cc:     kernel test robot <lkp@...el.com>, kbuild-all@...ts.01.org,
        Linux kernel mailing list <linux-kernel@...r.kernel.org>,
        linux-security-module@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [selinuxproject-selinux:stable-5.15 1/1] include/linux/rcupdate.h:395:2:
 warning: passing argument 1 of 'security_locked_down' discards 'const'
 qualifier from pointer target type

On Thu, Sep 16, 2021 at 8:22 AM Ondrej Mosnacek <omosnace@...hat.com> wrote:
> On Thu, Sep 16, 2021 at 2:08 PM kernel test robot <lkp@...el.com> wrote:
> > tree:   https://github.com/SELinuxProject/selinux-kernel stable-5.15
> > head:   c491f0a471580712a4254adece400c3ebb3d8e44
> > commit: c491f0a471580712a4254adece400c3ebb3d8e44 [1/1] lockdown,selinux: fix wrong subject in some SELinux lockdown checks
> > config: um-x86_64_defconfig (attached as .config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > reproduce (this is a W=1 build):
> >         # https://github.com/SELinuxProject/selinux-kernel/commit/c491f0a471580712a4254adece400c3ebb3d8e44
> >         git remote add selinuxproject-selinux https://github.com/SELinuxProject/selinux-kernel
> >         git fetch --no-tags selinuxproject-selinux stable-5.15
> >         git checkout c491f0a471580712a4254adece400c3ebb3d8e44
> >         # save the attached .config to linux build tree
> >         make W=1 ARCH=um SUBARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@...el.com>
> >
> > All warnings (new ones prefixed by >>):
> >
> >    In file included from include/linux/rbtree.h:24,
> >                     from include/linux/mm_types.h:10,
> >                     from include/linux/mmzone.h:21,
> >                     from include/linux/gfp.h:6,
> >                     from include/linux/mm.h:10,
> >                     from drivers/char/mem.c:12:
> >    drivers/char/mem.c: In function 'open_port':
> > >> include/linux/rcupdate.h:395:2: warning: passing argument 1 of 'security_locked_down' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
> >      395 | ({ \
> >          | ~^~~
> >      396 |  RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      397 |  rcu_check_sparse(p, space); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      398 |  ((typeof(*p) __force __kernel *)(p)); \
> >          |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      399 | })
> >          | ~~
> >    include/linux/rcupdate.h:587:2: note: in expansion of macro '__rcu_dereference_protected'
> >      587 |  __rcu_dereference_protected((p), (c), __rcu)
> >          |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> >    include/linux/cred.h:299:2: note: in expansion of macro 'rcu_dereference_protected'
> >      299 |  rcu_dereference_protected(current->cred, 1)
> >          |  ^~~~~~~~~~~~~~~~~~~~~~~~~
> >    drivers/char/mem.c:620:28: note: in expansion of macro 'current_cred'
> >      620 |  rc = security_locked_down(current_cred(), LOCKDOWN_DEV_MEM);
> >          |                            ^~~~~~~~~~~~
> >    In file included from include/linux/fs_context.h:14,
> >                     from include/linux/fs_parser.h:11,
> >                     from include/linux/shmem_fs.h:11,
> >                     from drivers/char/mem.c:25:
> >    include/linux/security.h:1347:53: note: expected 'struct cred *' but argument is of type 'const struct cred *'
> >     1347 | static inline int security_locked_down(struct cred *cred, enum lockdown_reason what)
> >          |                                        ~~~~~~~~~~~~~^~~~
>
> Ah, I forgot to add the const qualifier to the function definition in
> the CONFIG_SECURITY=n branch... Paul, will you amend the commit or
> should I send an updated patch?

This patch is cursed.  I had to hack up a fixup patch to test this in
my Rawhide test automation last night too; evidently Rawhide carries
an out-of-tree lockdown patch which results in some merge rejects.

Sigh.

Yes, the quickest path is for me to just fix up the dummy function and
do a force-push (grrrrrr) back on top of selinux/stable-5.15.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ