projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5294bac)
LSM: SafeSetID: Fix warnings reported by test bot
authorThomas Cedeno <thomascedeno@google.com>
Tue, 11 Aug 2020 15:39:51 +0000 (15:39 +0000)
committerMicah Morton <mortonm@chromium.org>
Tue, 13 Oct 2020 16:17:36 +0000 (09:17 -0700)
Fix multiple cast-to-union warnings related to casting kuid_t and kgid_t
types to kid_t union type. Also fix incompatible type warning that
arises from accidental omission of "__rcu" qualifier on the struct
setid_ruleset pointer in the argument list for safesetid_file_read().

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Thomas Cedeno <thomascedeno@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
security/safesetid/lsm.c patch | blob | history
security/safesetid/securityfs.c patch | blob | history

diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index c08e671..8a176b6 100644 (file)
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -116,7 +116,7 @@ static int safesetid_security_capable(const struct cred *cred,
                * If no policy applies to this task, allow the use of CAP_SETUID for
                * other purposes.
                */
-               if (setid_policy_lookup((kid_t)cred->uid, INVALID_ID, UID) == SIDPOL_DEFAULT)
+               if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
                        return 0;
                /*
                 * Reject use of CAP_SETUID for functionality other than calling
@@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred,
                * If no policy applies to this task, allow the use of CAP_SETGID for
                * other purposes.
                */
-               if (setid_policy_lookup((kid_t)cred->gid, INVALID_ID, GID) == SIDPOL_DEFAULT)
+               if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
                        return 0;
                /*
                 * Reject use of CAP_SETUID for functionality other than calling
@@ -174,7 +174,7 @@ static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum set
         * RUID.
         */
        permitted =
-           setid_policy_lookup((kid_t)old->uid, new_id, new_type) != SIDPOL_CONSTRAINED;
+           setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;
 
        if (!permitted) {
                if (new_type == UID) {
@@ -202,13 +202,13 @@ static int safesetid_task_fix_setuid(struct cred *new,
 {
 
        /* Do nothing if there are no setuid restrictions for our old RUID. */
-       if (setid_policy_lookup((kid_t)old->uid, INVALID_ID, UID) == SIDPOL_DEFAULT)
+       if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
                return 0;
 
-       if (id_permitted_for_cred(old, (kid_t)new->uid, UID) &&
-           id_permitted_for_cred(old, (kid_t)new->euid, UID) &&
-           id_permitted_for_cred(old, (kid_t)new->suid, UID) &&
-           id_permitted_for_cred(old, (kid_t)new->fsuid, UID))
+       if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&
+           id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&
+           id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&
+           id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))
                return 0;
 
        /*
@@ -226,13 +226,13 @@ static int safesetid_task_fix_setgid(struct cred *new,
 {
 
        /* Do nothing if there are no setgid restrictions for our old RGID. */
-       if (setid_policy_lookup((kid_t)old->gid, INVALID_ID, GID) == SIDPOL_DEFAULT)
+       if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
                return 0;
 
-       if (id_permitted_for_cred(old, (kid_t)new->gid, GID) &&
-           id_permitted_for_cred(old, (kid_t)new->egid, GID) &&
-           id_permitted_for_cred(old, (kid_t)new->sgid, GID) &&
-           id_permitted_for_cred(old, (kid_t)new->fsgid, GID))
+       if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&
+           id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&
+           id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&
+           id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))
                return 0;
 
        /*
diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index 6421390..2531046 100644 (file)
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -261,7 +261,7 @@ static ssize_t safesetid_gid_file_write(struct file *file,
 }
 
 static ssize_t safesetid_file_read(struct file *file, char __user *buf,
-                                  size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct setid_ruleset* ruleset)
+                                  size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset)
 {
        ssize_t res = 0;
        struct setid_ruleset *pol;
Domain: System / Kernel;