task_struct::cred (subjective credentials) is *always* used task-synchronously, hence, does not require RCU semantics.
task_struct::real_cred (objective credentials) can be used in RCU context and its __rcu annotation is retained. However, task_struct::cred and task_struct::real_cred *may* point to the same object, hence, the object pointed to by task_struct::cred *may* have RCU delayed freeing. Suggested-by: Jann Horn <[email protected]> Co-developed-by: Joel Fernandes (Google) <[email protected]> Signed-off-by: Joel Fernandes (Google) <[email protected]> Signed-off-by: Amol Grover <[email protected]> --- include/linux/sched.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index 716ad1d8d95e..39924e6e0cf2 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -879,8 +879,11 @@ struct task_struct { /* Objective and real subjective task credentials (COW): */ const struct cred __rcu *real_cred; - /* Effective (overridable) subjective task credentials (COW): */ - const struct cred __rcu *cred; + /* + * Effective (overridable) subjective task credentials (COW) + * which is used task-synchronously + */ + const struct cred *cred; #ifdef CONFIG_KEYS /* Cached requested key. */ -- 2.24.1 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
