Re: [PATCH] sched: move stack_canary to the start of the randomizable region

[K Prateek Nayak]

Hello Ruidong,

On 5/8/2026 11:45 AM, Ruidong Tian wrote:
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 368c7b4d7cb5..d9ee2381c3a3 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -836,6 +836,11 @@ struct task_struct {
>          */
>         randomized_struct_fields_start
> 
> +#ifdef CONFIG_STACKPROTECTOR
> +       /* Canary value for the -fstack-protector GCC feature: */
> +       unsigned long                   stack_canary;
> +#endif

So I'm looking at pahole and I see the following on mainline
(v7.1-rc2):

struct task_struct {
        struct thread_info         thread_info;          /*     0    24 */
        unsigned int               __state;              /*    24     4 */
        unsigned int               saved_state;          /*    28     4 */
        void *                     stack;                /*    32     8 */
        refcount_t                 usage;                /*    40     4 */
        unsigned int               flags;                /*    44     4 */
        unsigned int               ptrace;               /*    48     4 */
        int                        on_cpu;               /*    52     4 */
        struct __call_single_node  wake_entry;           /*    56    16 */
        /* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
        unsigned int               wakee_flips;          /*    72     4 */

        /* XXX 4 bytes hole, try to pack */

        long unsigned int          wakee_flip_decay_ts;  /*    80     8 */
        struct task_struct *       last_wakee;           /*    88     8 */
        int                        recent_used_cpu;      /*    96     4 */
        int                        wake_cpu;             /*   100     4 */
        int                        on_rq;                /*   104     4 */
        int                        prio;                 /*   108     4 */
        int                        static_prio;          /*   112     4 */
        int                        normal_prio;          /*   116     4 */
        unsigned int               rt_priority;          /*   120     4 */

        /* XXX 4 bytes hole, try to pack */

        /* --- cacheline 2 boundary (128 bytes) --- */

        ...
};


Except for alloc_tag, nothing in here is config dependent, and if we
move "wakee_flips" to after "last_wakee", we open up 8 bytes in this
cache line and "stack_canary" should be able to fit in there without
needing any additional space wrt to where we are at.

It'll look like:

struct task_struct {

        ...

        int                        on_cpu;               /*    52     4 */
        struct __call_single_node  wake_entry;           /*    56    16 */

        /* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */

        unsigned long              stack_canary;         /*    72     8 */
        long unsigned int          wakee_flip_decay_ts;  /*    80     8 */
        struct task_struct *       last_wakee;           /*    88     8 */
        unsigned int               wakee_flips;          /*    96     4 */

        ...
}


An offset of 72 bytes should be fine right? I doubt we'll ever add 2KB
worth of data in this area to worry about this again.

> +
>         void                            *stack;
>         refcount_t                      usage;
>         /* Per task flags (PF_*), defined further below: */
-- 
Thanks and Regards,
Prateek