git: 664b9fcb1c05 - main - cred: Separate constant for the number of inlined groups

From: Olivier Certner <olce_at_FreeBSD.org>
Date: Sat, 02 Nov 2024 20:39:29 UTC
The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=664b9fcb1c051c17ba11d1e5e8a1db9938d76bd5

commit 664b9fcb1c051c17ba11d1e5e8a1db9938d76bd5
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-16 20:37:44 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-11-02 20:37:40 +0000

    cred: Separate constant for the number of inlined groups
    
    CRED_SMALLGROUPS_NB now holds the number of inlined groups in field
    'cr_smallgroups'.  XU_NGROUPS stays the number of groups allowed in
    'struct xucred'.  The first is an implementation detail, while the
    second is part of a public interface.  All mentions of XU_NGROUPS in the
    tree have been reviewed and only those concerning the implementation
    detail have been changed to use CRED_SMALLGROUPS_NB (they were all in
    'kern_prot.c').
    
    No functional change, as CRED_SMALLGROUPS_NB is set to 16, the same
    value as XU_NGROUPS.
    
    Reviewed by:    mhorne (slightly different version)
    Approved by:    markj (mentor)
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D46911
---
 sys/kern/kern_prot.c |  6 +++---
 sys/sys/ucred.h      | 12 ++++++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index ed20950b12e5..7ca08c3cf490 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -811,7 +811,7 @@ struct setgroups_args {
 int
 sys_setgroups(struct thread *td, struct setgroups_args *uap)
 {
-	gid_t smallgroups[XU_NGROUPS];
+	gid_t smallgroups[CRED_SMALLGROUPS_NB];
 	gid_t *groups;
 	int gidsetsize, error;
 
@@ -819,7 +819,7 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
 	if (gidsetsize > ngroups_max + 1 || gidsetsize < 0)
 		return (EINVAL);
 
-	if (gidsetsize > XU_NGROUPS)
+	if (gidsetsize > CRED_SMALLGROUPS_NB)
 		groups = malloc(gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
 	else
 		groups = smallgroups;
@@ -828,7 +828,7 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
 	if (error == 0)
 		error = kern_setgroups(td, gidsetsize, groups);
 
-	if (gidsetsize > XU_NGROUPS)
+	if (gidsetsize > CRED_SMALLGROUPS_NB)
 		free(groups, M_TEMP);
 	return (error);
 }
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index 9fb3c63bbfdf..4311a73b73a5 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -42,6 +42,14 @@ struct loginclass;
 
 #define	XU_NGROUPS	16
 
+#if defined(_KERNEL) || defined(_WANT_UCRED)
+/*
+ * Number of groups inlined in 'struct ucred'.  It must stay reasonably low as
+ * it is also used by some functions to allocate an array of this size on the
+ * stack.
+ */
+#define	CRED_SMALLGROUPS_NB	16
+
 /*
  * Credentials.
  *
@@ -55,7 +63,6 @@ struct loginclass;
  *
  * See "Credential management" comment in kern_prot.c for more information.
  */
-#if defined(_KERNEL) || defined(_WANT_UCRED)
 struct ucred {
 	struct mtx cr_mtx;
 	long	cr_ref;			/* (c) reference count */
@@ -78,7 +85,8 @@ struct ucred {
 	struct label	*cr_label;	/* MAC label */
 	gid_t	*cr_groups;		/* groups */
 	int	cr_agroups;		/* Available groups */
-	gid_t   cr_smallgroups[XU_NGROUPS];	/* storage for small groups */
+	/* storage for small groups */
+	gid_t   cr_smallgroups[CRED_SMALLGROUPS_NB];
 };
 #define	NOCRED	((struct ucred *)0)	/* no credential available */
 #define	FSCRED	((struct ucred *)-1)	/* filesystem credential */