search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
80 stars 5 forks source link

Replace 1-element array in struct pid #231

Closed skitt closed 7 months ago

skitt commented 1 year ago

struct pid uses a 1-element array:

struct pid
{
        refcount_t count;
        unsigned int level;
        spinlock_t lock;
        /* lists of tasks that use this pid */
        struct hlist_head tasks[PIDTYPE_MAX];
        struct hlist_head inodes;
        /* wait queue for pidfd notifications */
        wait_queue_head_t wait_pidfd;
        struct rcu_head rcu;
        struct upid numbers[1];
};

I suspect that part of the reason for this is so that a single struct pid is a valid level-0 pid, without needing a complementary array allocation; initial allocation of the 0-level cache (pid_idr_init() in kernel/pid.c) relies on this:

        init_pid_ns.pid_cachep = KMEM_CACHE(pid,
                        SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT);

However the other caches are allocated (create_pid_cachep in kernel/pid_namespace.c) using a manually setup call to kmem_cache_create:

                *pkc = kmem_cache_create(name, len, 0,
                                         SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, NULL);

Presumably using the same pattern (with SLAB_PANIC added) would be acceptable for pid_cachep.

kees commented 1 year ago

https://lore.kernel.org/lkml/20230517225838.never.965-kees@kernel.org/