Why is there an alignment from cred->security?

Denis Obrezkov denisobrezkov at gmail.com
Tue Jan 18 11:33:50 UTC 2022


I am digging through the SMACK code. There are the lines:

static inline struct task_smack *smack_cred(const struct cred *cred)
{
        return cred->security + smack_blob_sizes.lbs_cred;
}

and smack_blob_sizes are defined as:

struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
        .lbs_cred = sizeof(struct task_smack),
        .lbs_file = sizeof(struct smack_known *),
        .lbs_inode = sizeof(struct inode_smack),
        .lbs_ipc = sizeof(struct smack_known *),
        .lbs_msg_msg = sizeof(struct smack_known *),
};

So, basically, to get a struct we take the size of the struct as an
offset for cred->security, right? I can't understand why. So, we have
the following memory layout:

|_________(zeroes)__________|_____task_smack content____|
^                           ^                           ^
cred->security     cred->security +              cred->security +
                 sizeof(struct task_smack)   2*sizeof(struct task_smack)

Do I misunderstand something?


-- 
Regards, Denis Obrezkov



More information about the Linux-security-module-archive mailing list