lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZY12SeFBVb46iUg5@bombadil.infradead.org>
Date: Thu, 28 Dec 2023 05:21:13 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Kees Cook <keescook@...omium.org>,
	Joel Granados <j.granados@...sung.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH] sysctl: treewide: constify ctl_table_root::permissions

On Tue, Dec 26, 2023 at 01:08:48PM +0100, Thomas Weißschuh wrote:
> The permissions callback is not supposed to modify the ctl_table.
> Enforce this expectation via the typesystem.
> 
> The patch was created with the following coccinelle script:
> 
>   virtual patch
>   virtual context
>   virtual report

Nit:

The virtual stuff is not needed really, specially if you are not
creating rules which depend on them, they are used mostly if you
want to use coccicheck, but you could just simplify things further,
by removing them, it is implied we are expected to just run coccinelle
manually against the linux kernel tree.

So the above 3 virtual lines can be removed.

>   @@
>   identifier func, head, ctl;
>   @@
> 
>   int func(
>     struct ctl_table_header *head,
>   - struct ctl_table *ctl)
>   + const struct ctl_table *ctl)
>   { ... }
> 
> (insert_entry() from fs/proc/proc_sysctl.c is a false-positive)
> 
> This change also is a step to put "struct ctl_table" into .rodata
> throughout the kernel.
> 
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> ---
> The patch is meant to be merged via the sysctl tree.
> 
> This change was originally part of the sysctl-const series [0].
> To slim down that series and reduce the message load on other
> maintainers to a minimumble, submit this patch on its own.
> 
> [0] https://lore.kernel.org/lkml/20231204-const-sysctl-v2-2-7a5060b11447@weissschuh.net/

It does that since the diff stat is small build tests suffice to ensure
in this case that no users exist which do modify the tables.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ