lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240724210014.mc6nima6cekgiukx@joelS2.panther.com>
Date: Wed, 24 Jul 2024 23:00:14 +0200
From: Joel Granados <j.granados@...sung.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
CC: Joel Granados <j.granados@...sung.com>, Thomas
	Wei�schuh <linux@...ssschuh.net>, Luis Chamberlain
	<mcgrof@...nel.org>, Kees Cook <kees@...nel.org>, Jakub Kicinski
	<kuba@...nel.org>, Dave Chinner <david@...morbit.com>,
	<linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
	<linux-s390@...r.kernel.org>, <linuxppc-dev@...ts.ozlabs.org>,
	<netdev@...r.kernel.org>, <linux-riscv@...ts.infradead.org>,
	<linux-fsdevel@...r.kernel.org>, <linux-mm@...ck.org>,
	<linux-xfs@...r.kernel.org>, <linux-trace-kernel@...r.kernel.org>,
	<linux-perf-users@...r.kernel.org>, <linux-security-module@...r.kernel.org>,
	<netfilter-devel@...r.kernel.org>, <coreteam@...filter.org>,
	<bpf@...r.kernel.org>, <kexec@...ts.infradead.org>,
	<linux-hardening@...r.kernel.org>, <bridge@...ts.linux.dev>,
	<mptcp@...ts.linux.dev>, <lvs-devel@...r.kernel.org>,
	<linux-rdma@...r.kernel.org>, <rds-devel@....oracle.com>,
	<linux-sctp@...r.kernel.org>, <linux-nfs@...r.kernel.org>,
	<apparmor@...ts.ubuntu.com>
Subject: [GIT PULL] sysctl constification changes for v6.11-rc1

Linus

Constifying ctl_table structs will prevent the modification of
proc_handler function pointers as they would reside in .rodata. To get
there, the proc_handler arguments must first be const qualified which
requires this (fairly large) treewide PR. Sending it in the tail end of
of the merge window after a suggestion from Kees to avoid unneeded merge
conflicts. It has been rebased on top of 7a3fad30fd8b4b5e370906b3c554f64026f56c2f.
I can send it later if it makes more sense on your side; please tell me
what you prefer.

This PR applies on top of what I see as your latest master, but if you
need to generate it, you can do so by executing two commands:
1. Semantic patch: The coccinelle script is here [1]
  `make coccicheck MODE=patch SPFLAGS="--in-place --include-headers --smpl-spacing" COCCI=COCCI_SCRIPT`
2. Sed command: The sed script is here [2]
  `sed --in-place -f SED_SCRIPT fs/xfs/xfs_sysctl.c kernel/watchdog.c`
This is my first time sending out a semantic patch, so get back to me if
you have issues or prefer some other way of receiving it.

Testing was done in sysctl-testing (0-day) to avoid generating
unnecessary merge conflicts in linux-next. I do not expect any
error/regression given that all changes contained in this PR are
non-functional.

[1]
```
virtual patch

@r1@
identifier ctl, write, buffer, lenp, ppos;
identifier func !~ "appldata_(timer|interval)_handler|sched_(rt|rr)_handler|rds_tcp_skbuf_handler|proc_sctp_do_(hmac_alg|rto_min|rto_max|udp_port|alpha_beta|auth|probe_interval)";
@@

int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
  ,int write, void *buffer, size_t *lenp, loff_t *ppos);

@r2@
identifier func, ctl, write, buffer, lenp, ppos;
@@

int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
  ,int write, void *buffer, size_t *lenp, loff_t *ppos)
{ ... }

@r3@
identifier func;
@@

int func(
- struct ctl_table *
+ const struct ctl_table *
  ,int , void *, size_t *, loff_t *);

@r4@
identifier func, ctl;
@@

int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
  ,int , void *, size_t *, loff_t *);

@r5@
identifier func, write, buffer, lenp, ppos;
@@

int func(
- struct ctl_table *
+ const struct ctl_table *
  ,int write, void *buffer, size_t *lenp, loff_t *ppos);
```

[2]
```
s/^xfs_stats_clear_proc_handler(const struct ctl_table \*ctl,$/xfs_stats_clear_proc_handler(\
\tconst struct ctl_table\t*ctl,/
s/^xfs_panic_mask_proc_handler(const struct ctl_table \*ctl,$/xfs_panic_mask_proc_handler(\
\tconst struct ctl_table\t*ctl,/
s/^xfs_deprecated_dointvec_minmax(const struct ctl_table \*ctl,$/xfs_deprecated_dointvec_minmax(\
\tconst struct ctl_table\t*ctl,/
s/proc_watchdog_common(int which, struct ctl_table \*table/proc_watchdog_common(int which, const struct ctl_table *table/
```

The following changes since commit 7a3fad30fd8b4b5e370906b3c554f64026f56c2f:

  Merge tag 'random-6.11-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random (2024-07-24 10:29:50 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl.git/ tags/constfy-sysctl-6.11-rc1

for you to fetch changes up to 78eb4ea25cd5fdbdae7eb9fdf87b99195ff67508:

  sysctl: treewide: constify the ctl_table argument of proc_handlers (2024-07-24 20:59:29 +0200)

----------------------------------------------------------------
sysctl: treewide: constify the ctl_table argument of proc_handlers

Summary
- const qualify struct ctl_table args in proc_handlers:
  This is a prerequisite to moving the static ctl_table structs into .rodata
  data which will ensure that proc_handler function pointers cannot be
  modified.

----------------------------------------------------------------
Joel Granados (1):
      sysctl: treewide: constify the ctl_table argument of proc_handlers

 arch/arm64/kernel/armv8_deprecated.c      |  2 +-
 arch/arm64/kernel/fpsimd.c                |  2 +-
 arch/s390/appldata/appldata_base.c        | 10 ++---
 arch/s390/kernel/debug.c                  |  2 +-
 arch/s390/kernel/topology.c               |  2 +-
 arch/s390/mm/cmm.c                        |  6 +--
 arch/x86/kernel/itmt.c                    |  2 +-
 drivers/cdrom/cdrom.c                     |  4 +-
 drivers/char/random.c                     |  4 +-
 drivers/macintosh/mac_hid.c               |  2 +-
 drivers/net/vrf.c                         |  2 +-
 drivers/parport/procfs.c                  | 12 +++---
 drivers/perf/arm_pmuv3.c                  |  2 +-
 drivers/perf/riscv_pmu_sbi.c              |  2 +-
 fs/coredump.c                             |  2 +-
 fs/dcache.c                               |  2 +-
 fs/drop_caches.c                          |  2 +-
 fs/exec.c                                 |  2 +-
 fs/file_table.c                           |  2 +-
 fs/fs-writeback.c                         |  2 +-
 fs/inode.c                                |  2 +-
 fs/pipe.c                                 |  2 +-
 fs/quota/dquot.c                          |  2 +-
 fs/xfs/xfs_sysctl.c                       |  6 +--
 include/linux/ftrace.h                    |  4 +-
 include/linux/mm.h                        |  8 ++--
 include/linux/perf_event.h                |  6 +--
 include/linux/security.h                  |  2 +-
 include/linux/sysctl.h                    | 34 ++++++++--------
 include/linux/vmstat.h                    |  4 +-
 include/linux/writeback.h                 |  2 +-
 include/net/ndisc.h                       |  2 +-
 include/net/neighbour.h                   |  6 +--
 include/net/netfilter/nf_hooks_lwtunnel.h |  2 +-
 ipc/ipc_sysctl.c                          |  6 +--
 kernel/bpf/syscall.c                      |  4 +-
 kernel/delayacct.c                        |  2 +-
 kernel/events/callchain.c                 |  2 +-
 kernel/events/core.c                      |  4 +-
 kernel/fork.c                             |  2 +-
 kernel/hung_task.c                        |  2 +-
 kernel/kexec_core.c                       |  2 +-
 kernel/kprobes.c                          |  2 +-
 kernel/latencytop.c                       |  2 +-
 kernel/pid_namespace.c                    |  2 +-
 kernel/pid_sysctl.h                       |  2 +-
 kernel/printk/internal.h                  |  2 +-
 kernel/printk/printk.c                    |  2 +-
 kernel/printk/sysctl.c                    |  2 +-
 kernel/sched/core.c                       |  6 +--
 kernel/sched/rt.c                         |  8 ++--
 kernel/sched/topology.c                   |  2 +-
 kernel/seccomp.c                          |  2 +-
 kernel/stackleak.c                        |  2 +-
 kernel/sysctl.c                           | 64 +++++++++++++++----------------
 kernel/time/timer.c                       |  2 +-
 kernel/trace/ftrace.c                     |  2 +-
 kernel/trace/trace.c                      |  2 +-
 kernel/trace/trace_events_user.c          |  2 +-
 kernel/trace/trace_stack.c                |  2 +-
 kernel/umh.c                              |  2 +-
 kernel/utsname_sysctl.c                   |  2 +-
 kernel/watchdog.c                         | 12 +++---
 mm/compaction.c                           |  6 +--
 mm/hugetlb.c                              |  6 +--
 mm/page-writeback.c                       | 10 ++---
 mm/page_alloc.c                           | 14 +++----
 mm/util.c                                 |  6 +--
 mm/vmstat.c                               |  4 +-
 net/bridge/br_netfilter_hooks.c           |  2 +-
 net/core/neighbour.c                      | 18 ++++-----
 net/core/sysctl_net_core.c                | 20 +++++-----
 net/ipv4/devinet.c                        |  6 +--
 net/ipv4/route.c                          |  2 +-
 net/ipv4/sysctl_net_ipv4.c                | 30 +++++++--------
 net/ipv6/addrconf.c                       | 16 ++++----
 net/ipv6/ndisc.c                          |  2 +-
 net/ipv6/route.c                          |  2 +-
 net/ipv6/sysctl_net_ipv6.c                |  4 +-
 net/mpls/af_mpls.c                        |  4 +-
 net/mptcp/ctrl.c                          |  4 +-
 net/netfilter/ipvs/ip_vs_ctl.c            | 12 +++---
 net/netfilter/nf_conntrack_standalone.c   |  2 +-
 net/netfilter/nf_hooks_lwtunnel.c         |  2 +-
 net/netfilter/nf_log.c                    |  2 +-
 net/phonet/sysctl.c                       |  2 +-
 net/rds/tcp.c                             |  4 +-
 net/sctp/sysctl.c                         | 28 +++++++-------
 net/sunrpc/sysctl.c                       |  4 +-
 net/sunrpc/xprtrdma/svc_rdma.c            |  2 +-
 security/apparmor/lsm.c                   |  2 +-
 security/min_addr.c                       |  2 +-
 security/yama/yama_lsm.c                  |  2 +-
 93 files changed, 258 insertions(+), 258 deletions(-)

-- 

Joel Granados

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ