lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 30 May 2024 16:40:40 +0200
From: Mateusz Guzik <mjguzik@...il.com>
To: linux-security-module@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
	paul@...l-moore.com,
	Mateusz Guzik <mjguzik@...il.com>
Subject: [PATCH] cred: plug a hole in struct cred

/*     40      |       4 */    unsigned int securebits;
/* XXX  4-byte hole      */
/*     48      |       8 */    kernel_cap_t cap_inheritable;
[snip]
/*     88      |       1 */    unsigned char jit_keyring;
/* XXX  7-byte hole      */
/*     96      |       8 */    struct key *session_keyring;

jit_keyring can be moved up to the 4-byte hole.

Size goes down from 184 to 176 bytes.

Note total memory usage does not go down because the struct remains
backed by 192-byte chunks, but space is made for future expansion.

No functional changes.

Signed-off-by: Mateusz Guzik <mjguzik@...il.com>
---

I have some plans to hack up distributed reference counting for this
struct, soon(tm). Should it land it is going to add at least 8 bytes.

But even if nothing comes out of it this looks like a trivial clean up
worth including.

 include/linux/cred.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 2976f534a7a3..a936a291e9b1 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -107,6 +107,9 @@ static inline int groups_search(const struct group_info *group_info, kgid_t grp)
  * that task is going to act upon another object.  This may be overridden
  * temporarily to point to another security context, but normally points to the
  * same context as task->real_cred.
+ *
+ * NOTE: some fields have placement picked to plug alignment gaps -- don't
+ * shuffle things around without looking at output of pahole(1).
  */
 struct cred {
 	atomic_long_t	usage;
@@ -119,14 +122,16 @@ struct cred {
 	kuid_t		fsuid;		/* UID for VFS ops */
 	kgid_t		fsgid;		/* GID for VFS ops */
 	unsigned	securebits;	/* SUID-less security management */
+#ifdef CONFIG_KEYS
+	unsigned char	jit_keyring;	/* default keyring to attach requested
+					 * keys to */
+#endif
 	kernel_cap_t	cap_inheritable; /* caps our children can inherit */
 	kernel_cap_t	cap_permitted;	/* caps we're permitted */
 	kernel_cap_t	cap_effective;	/* caps we can actually use */
 	kernel_cap_t	cap_bset;	/* capability bounding set */
 	kernel_cap_t	cap_ambient;	/* Ambient capability set */
 #ifdef CONFIG_KEYS
-	unsigned char	jit_keyring;	/* default keyring to attach requested
-					 * keys to */
 	struct key	*session_keyring; /* keyring inherited over fork */
 	struct key	*process_keyring; /* keyring private to this process */
 	struct key	*thread_keyring; /* keyring private to this thread */
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ