lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240221-idmap-fscap-refactor-v2-3-3039364623bd@kernel.org>
Date: Wed, 21 Feb 2024 15:24:34 -0600
From: "Seth Forshee (DigitalOcean)" <sforshee@...nel.org>
To: Christian Brauner <brauner@...nel.org>, 
 Seth Forshee <sforshee@...nel.org>, Serge Hallyn <serge@...lyn.com>, 
 Paul Moore <paul@...l-moore.com>, Eric Paris <eparis@...hat.com>, 
 James Morris <jmorris@...ei.org>, Alexander Viro <viro@...iv.linux.org.uk>, 
 Jan Kara <jack@...e.cz>, Stephen Smalley <stephen.smalley.work@...il.com>, 
 Ondrej Mosnacek <omosnace@...hat.com>, 
 Casey Schaufler <casey@...aufler-ca.com>, Mimi Zohar <zohar@...ux.ibm.com>, 
 Roberto Sassu <roberto.sassu@...wei.com>, 
 Dmitry Kasatkin <dmitry.kasatkin@...il.com>, 
 Eric Snowberg <eric.snowberg@...cle.com>, 
 "Matthew Wilcox (Oracle)" <willy@...radead.org>, 
 Jonathan Corbet <corbet@....net>, Miklos Szeredi <miklos@...redi.hu>, 
 Amir Goldstein <amir73il@...il.com>
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
 linux-security-module@...r.kernel.org, audit@...r.kernel.org, 
 selinux@...r.kernel.org, linux-integrity@...r.kernel.org, 
 linux-doc@...r.kernel.org, linux-unionfs@...r.kernel.org
Subject: [PATCH v2 03/25] capability: add static asserts for comapatibility
 of vfs_cap_data and vfs_ns_cap_data

Capability code depends on vfs_ns_cap_data being an extension of
vfs_cap_data, so verify this at compile time.

Suggested-by: Christian Brauner <brauner@...nel.org>
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@...nel.org>
---
 include/uapi/linux/capability.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 5bb906098697..0fd75aab9754 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -16,6 +16,10 @@
 
 #include <linux/types.h>
 
+#ifdef __KERNEL__
+#include <linux/build_bug.h>
+#endif
+
 /* User-level do most of the mapping between kernel and user
    capabilities based on the version tag given by the kernel. The
    kernel might be somewhat backwards compatible, but don't bet on
@@ -100,6 +104,15 @@ struct vfs_ns_cap_data {
 #define _LINUX_CAPABILITY_VERSION  _LINUX_CAPABILITY_VERSION_1
 #define _LINUX_CAPABILITY_U32S     _LINUX_CAPABILITY_U32S_1
 
+#else
+
+static_assert(offsetof(struct vfs_cap_data, magic_etc) ==
+	      offsetof(struct vfs_ns_cap_data, magic_etc));
+static_assert(offsetof(struct vfs_cap_data, data) ==
+	      offsetof(struct vfs_ns_cap_data, data));
+static_assert(sizeof(struct vfs_cap_data) ==
+	      offsetof(struct vfs_ns_cap_data, rootid));
+
 #endif
 
 

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ