From nobody Fri Apr 3 12:26:40 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39708315D32 for ; Fri, 20 Feb 2026 09:19:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771579187; cv=none; b=fb5LOkbBAESQTYDA0EQO1snrigUjLya0G5IA16HTiqtv3Tb5DkRvB+E69ldRhlBfJEm2GhZp5Z5kVSFLskwdyJgcpadX5hdHzoyCmxaT7WuyXSTSpFywMZsUtVs+r/Py2+fzIgDR3ezQ1Iqq5mVoDylY72/KXY2k01S/ZgqPUog= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771579187; c=relaxed/simple; bh=RzVAsmgCX+eNpk235zObjm0hV3fCfptaf/FTUdQJ9Vs=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=mUM9ywwyfZ/8lG3pkny/4h/rIPC07JnZB/bBPi+OghJkxrYAHzL6EPhnWR8TP3YHmFhxHEv7LF5gUGqGqs4FMAa9AeYUrdbpRLmid3qyxOWGTwSywXPZY8wfSIIsqUTsph76EQahoKRNVYYhyiEmB3Lhabgs64d/VH+1bKGIZH4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=zT5BGU2L; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="zT5BGU2L" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4836cd6dfe6so14573625e9.2 for ; Fri, 20 Feb 2026 01:19:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771579184; x=1772183984; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=gprspD6DwdfqC1wGIsWpNbG9c6i9DJdCUwDwX2fyK2k=; b=zT5BGU2LnopXgvvhUXgO1jkKOjePPIQcvIO8YUQCMF1JJTPs/KpHWQRC4eLdEWjYRJ bqlIx4xFtNOKODafRsRhZOJH4V6ri8yZtRvw44ZTeGUQeVJyn5QeWf56PLBsW6Y6IkQZ XtVpKWRSgZv+SnVlGqNeKkUP1pjH3h6WtM8nEaVHVsLlHdjYft+acXaZcrURgbKt6zNZ wTXdaccTQAFSPIudSkSRiHUB/PpoI4SiioXsJZhWI0XKr/nUrby0kIGf5pXXoxiIoFuT 7nqHZr8PHEsZFrAk2wATioN+8uq5LNFrLLyn8XOSNbyKy5Y0ycQC7aO4kNHcDxTnZ5Qe 6zRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771579184; x=1772183984; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=gprspD6DwdfqC1wGIsWpNbG9c6i9DJdCUwDwX2fyK2k=; b=gk+M4W1AZi20JU8DLzgsp3tkFtxdCJQv7y1krWOPJVzOEQHEf6RFs59CDhD3VkXE0E zAFn3cz+yis10mxR0tqFZjHgmX7JzaWZnBRSme/mJy4lGjfshTa8kACL7s+/4eLXg1mV Hu1ueApQ9IybS7h+0JlneN1s5Bka11MBbfR4T4aodjN5p3MMlqT92Zv7H7X0td1onFGT oNcMyOu8p94zSnUwjOr9Ra3MMXsYjq0CBJfxp8ol3segP878pu3Bk6mlcAeKCbQACz91 jFQMYqRqA9LQnm53ovX0miVpNrA3s2oD2zM9m0mZ/BOqzZd6CkrSUSJBKdL95+/9e2HN u0PQ== X-Forwarded-Encrypted: i=1; AJvYcCW23JB/8H2kl9VZ+mydXl5i7SMBic8eCtGNwP/I/7kKFApaf6rfEacSwj4W1pduW+rkuoPnGPa3uZxWFA4=@vger.kernel.org X-Gm-Message-State: AOJu0YxFWU9ViBVn/7vR2v+xgamcmnq7wTkcWdRzUMKAfPuYVo6HcQfY 401kAMRyke+oLTkvmmihJk0k9QeKHDnPUANePf6Bj0ixapWk5yEjWvG3WYNATsNZowKqMO5T+Mz nYhlqSyMryW4ALJ2tBA== X-Received: from wmos16.prod.google.com ([2002:a05:600c:45d0:b0:477:a181:1922]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6389:b0:477:7af8:c8ad with SMTP id 5b1f17b1804b1-48379c1f4d3mr395686105e9.31.1771579184414; Fri, 20 Feb 2026 01:19:44 -0800 (PST) Date: Fri, 20 Feb 2026 09:19:40 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=2483; i=aliceryhl@google.com; h=from:subject; bh=RzVAsmgCX+eNpk235zObjm0hV3fCfptaf/FTUdQJ9Vs=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBpmCcG2dYFauWFQwfok8OjVnzYeu//VaM+84liw zR2AoeZbkuJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCaZgnBgAKCRAEWL7uWMY5 RrHrEACR2OjvRIIbN//bRm/Sq1IOsPBvNbqKAvgjXkAydF1JViFY/R5Ly3aA8ht1NBkzmGA2WFJ RxuOLw98H4TKei1QuJ7hXXOb7KijtWM3Rd+5zN8mZr1/AtEaIK2TR1p9JcAiLNIxUDzMVyl8Pfx JMJL48Ps5SO9gRBOuExZGVDgL9gnn6D68JijUpe4ahgBDByI560TftG2k3oPh6avxXtulJ2U6Tq lwEirut3U+D9yBBVo+w12TmkurNU0jUWDwDqONBR1Gw6NYXApSYO6Eog23vrIRlvWKcfiDJhwHJ x+Gj+ONcLZPkMD7o9ECm5fBQXK11+PqjK/G03Z4oRZ2XLVidDcZ2sHlK7OcvyNLnWcq36BrSY2g bWCWyvj52cdAW0lMUUUKA0ds525fzke3DdDEWsx06EL2yuC00SldVADVqsxARmbQZJzp9bGjYyl aKQHf4C5l1uQvfYugMJpKqm7pOXmSMs8H/mEvIysxN5q8hckyWdFaMBrrymJDuODxqCA0C1jxR8 viG8KUcrfhUMs2s/axMXUaA1g1LnOWsBFfXn3xic+UKCyk4Rx5UO9t/9+LBlhb24tWAKuhm9hX3 vq03S0O0ZxAzaZ8OR9wNGf7W17wIXzNQ8YCTrugua2d0WoxIbs/bPRPp0W6MkKgICqsrURmYGoN bL3G6pnj6GL6EBQ== X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260220091941.1520313-1-aliceryhl@google.com> Subject: [PATCH] cred: clarify usage of get_cred_rcu() From: Alice Ryhl To: Paul Moore , Serge Hallyn Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Alice Ryhl Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After being confused by looking at get_cred() and get_cred_rcu(), I figured out what's going on. Thus, add some comments to clarify how get_cred_rcu() works for the benefit of others looking in the future. Note that in principle we could add an assertion that non_rcu is zero in the failure path of atomic_long_inc_not_zero(). Signed-off-by: Alice Ryhl --- include/linux/cred.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/linux/cred.h b/include/linux/cred.h index ed1609d78cd7..95dcf5e967c7 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -213,32 +213,50 @@ * get_cred_many - Get references on a set of credenti= als static inline const struct cred *get_cred_many(const struct cred *cred, in= t nr) { struct cred *nonconst_cred =3D (struct cred *) cred; if (!cred) return cred; nonconst_cred->non_rcu =3D 0; atomic_long_add(nr, &nonconst_cred->usage); return cred; } =20 /* * get_cred - Get a reference on a set of credentials * @cred: The credentials to reference * * Get a reference on the specified set of credentials. The caller must * release the reference. If %NULL is passed, it is returned with no acti= on. * * This is used to deal with a committed set of credentials. */ static inline const struct cred *get_cred(const struct cred *cred) { return get_cred_many(cred, 1); } =20 +/* + * get_cred_rcu - Get a reference on a set of credentials under rcu + * @cred: The credentials to reference + * + * Get a reference on the specified set of credentials, or %NULL if the la= st + * refcount has already been put. + * + * This is used to obtain a reference under an rcu read lock. + */ static inline const struct cred *get_cred_rcu(const struct cred *cred) { struct cred *nonconst_cred =3D (struct cred *) cred; if (!cred) return NULL; if (!atomic_long_inc_not_zero(&nonconst_cred->usage)) return NULL; + /* + * If non_rcu is not already zero, then this call to get_cred_rcu() is + * probably wrong because if 'usage' goes to zero prior to this call, + * then get_cred_rcu() assumes it is freed with rcu. + * + * However, an exception to this is using get_cred_rcu() in cases where + * get_cred() would have been okay. To support that case, we do not + * check non_rcu and set it to zero regardless. + */ nonconst_cred->non_rcu =3D 0; return cred; } --=20 2.53.0.345.g96ddfc5eaa-goog