Re: [selinuxproject-selinux:stable-5.15 1/1] include/linux/rcupdate.h:395:2: warning: passing argument 1 of 'security_locked_down' discards 'const' qualifier from pointer target type
From: Paul Moore
Date: Thu Sep 16 2021 - 10:07:31 EST
On Thu, Sep 16, 2021 at 8:22 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Thu, Sep 16, 2021 at 2:08 PM kernel test robot <lkp@xxxxxxxxx> wrote:
> > tree: https://github.com/SELinuxProject/selinux-kernel stable-5.15
> > head: c491f0a471580712a4254adece400c3ebb3d8e44
> > commit: c491f0a471580712a4254adece400c3ebb3d8e44 [1/1] lockdown,selinux: fix wrong subject in some SELinux lockdown checks
> > config: um-x86_64_defconfig (attached as .config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > reproduce (this is a W=1 build):
> > # https://github.com/SELinuxProject/selinux-kernel/commit/c491f0a471580712a4254adece400c3ebb3d8e44
> > git remote add selinuxproject-selinux https://github.com/SELinuxProject/selinux-kernel
> > git fetch --no-tags selinuxproject-selinux stable-5.15
> > git checkout c491f0a471580712a4254adece400c3ebb3d8e44
> > # save the attached .config to linux build tree
> > make W=1 ARCH=um SUBARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@xxxxxxxxx>
> >
> > All warnings (new ones prefixed by >>):
> >
> > In file included from include/linux/rbtree.h:24,
> > from include/linux/mm_types.h:10,
> > from include/linux/mmzone.h:21,
> > from include/linux/gfp.h:6,
> > from include/linux/mm.h:10,
> > from drivers/char/mem.c:12:
> > drivers/char/mem.c: In function 'open_port':
> > >> include/linux/rcupdate.h:395:2: warning: passing argument 1 of 'security_locked_down' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
> > 395 | ({ \
> > | ~^~~
> > 396 | RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
> > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 397 | rcu_check_sparse(p, space); \
> > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 398 | ((typeof(*p) __force __kernel *)(p)); \
> > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 399 | })
> > | ~~
> > include/linux/rcupdate.h:587:2: note: in expansion of macro '__rcu_dereference_protected'
> > 587 | __rcu_dereference_protected((p), (c), __rcu)
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> > include/linux/cred.h:299:2: note: in expansion of macro 'rcu_dereference_protected'
> > 299 | rcu_dereference_protected(current->cred, 1)
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/char/mem.c:620:28: note: in expansion of macro 'current_cred'
> > 620 | rc = security_locked_down(current_cred(), LOCKDOWN_DEV_MEM);
> > | ^~~~~~~~~~~~
> > In file included from include/linux/fs_context.h:14,
> > from include/linux/fs_parser.h:11,
> > from include/linux/shmem_fs.h:11,
> > from drivers/char/mem.c:25:
> > include/linux/security.h:1347:53: note: expected 'struct cred *' but argument is of type 'const struct cred *'
> > 1347 | static inline int security_locked_down(struct cred *cred, enum lockdown_reason what)
> > | ~~~~~~~~~~~~~^~~~
>
> Ah, I forgot to add the const qualifier to the function definition in
> the CONFIG_SECURITY=n branch... Paul, will you amend the commit or
> should I send an updated patch?
This patch is cursed. I had to hack up a fixup patch to test this in
my Rawhide test automation last night too; evidently Rawhide carries
an out-of-tree lockdown patch which results in some merge rejects.
Sigh.
Yes, the quickest path is for me to just fix up the dummy function and
do a force-push (grrrrrr) back on top of selinux/stable-5.15.
--
paul moore
www.paul-moore.com