* Why is there an alignment from cred->security?
@ 2022-01-18 11:33 Denis Obrezkov
2022-01-18 15:01 ` Casey Schaufler
0 siblings, 1 reply; 2+ messages in thread
From: Denis Obrezkov @ 2022-01-18 11:33 UTC (permalink / raw)
To: linux-security-module, Casey Schaufler
I am digging through the SMACK code. There are the lines:
static inline struct task_smack *smack_cred(const struct cred *cred)
{
return cred->security + smack_blob_sizes.lbs_cred;
}
and smack_blob_sizes are defined as:
struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
.lbs_cred = sizeof(struct task_smack),
.lbs_file = sizeof(struct smack_known *),
.lbs_inode = sizeof(struct inode_smack),
.lbs_ipc = sizeof(struct smack_known *),
.lbs_msg_msg = sizeof(struct smack_known *),
};
So, basically, to get a struct we take the size of the struct as an
offset for cred->security, right? I can't understand why. So, we have
the following memory layout:
|_________(zeroes)__________|_____task_smack content____|
^ ^ ^
cred->security cred->security + cred->security +
sizeof(struct task_smack) 2*sizeof(struct task_smack)
Do I misunderstand something?
--
Regards, Denis Obrezkov
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Why is there an alignment from cred->security?
2022-01-18 11:33 Why is there an alignment from cred->security? Denis Obrezkov
@ 2022-01-18 15:01 ` Casey Schaufler
0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2022-01-18 15:01 UTC (permalink / raw)
To: Denis Obrezkov, linux-security-module; +Cc: Casey Schaufler
On 1/18/2022 3:33 AM, Denis Obrezkov wrote:
> I am digging through the SMACK code. There are the lines:
>
> static inline struct task_smack *smack_cred(const struct cred *cred)
> {
> return cred->security + smack_blob_sizes.lbs_cred;
> }
>
> and smack_blob_sizes are defined as:
>
> struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
> .lbs_cred = sizeof(struct task_smack),
> .lbs_file = sizeof(struct smack_known *),
> .lbs_inode = sizeof(struct inode_smack),
> .lbs_ipc = sizeof(struct smack_known *),
> .lbs_msg_msg = sizeof(struct smack_known *),
> };
>
> So, basically, to get a struct we take the size of the struct as an
> offset for cred->security, right? I can't understand why. So, we have
> the following memory layout:
>
> |_________(zeroes)__________|_____task_smack content____|
> ^ ^ ^
> cred->security cred->security + cred->security +
> sizeof(struct task_smack) 2*sizeof(struct task_smack)
>
> Do I misunderstand something?
There may be more than one security module that uses the credential
security blob. The lbs_cred value will be 0 if only Smack is using
the credential blob. If another security module is also using the
blob that value will reflect where in the blob the Smack data resides.
See security/security.c for the details.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-18 15:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-18 11:33 Why is there an alignment from cred->security? Denis Obrezkov
2022-01-18 15:01 ` Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.