From patchwork Sat Nov 25 12:52:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 17096 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp1911957vqx; Sat, 25 Nov 2023 04:53:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IFEaeZbKk27GQHBnONdX5E2jYGBErO2VA5rVF4X64qehk3QM5oVNKpweUP+d//sFWUNCvvU X-Received: by 2002:a17:90b:17c7:b0:285:9b51:64f with SMTP id me7-20020a17090b17c700b002859b51064fmr3346055pjb.36.1700916805450; Sat, 25 Nov 2023 04:53:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700916805; cv=none; d=google.com; s=arc-20160816; b=NfyWpYyrRMEi9ZUZzf+IAHu9qZxnOGaeRz9Gjt2cabZUTZzhC8Y/FErzUrwmYopHai kkygR5w9WyiP3kRA2CqXMJEiiIlIqZoGLd67Ltt41ZWR1xb2TtJlteyz3gSoYW4pCrg8 bDDn9MF3Tov2PomJbHYW+0QqYvhtEaY1Ix9rT/t+GYa2LN7htECWYGK/fWwh2Btgfh3O QrT6kiC0GthTbHQbj+4YYWHyodBF9pdy52qgCA66e8+e8Ru/nqjHoLU7QAs0pg0LRON9 l6nvGG6TH5zk3LtpCJOamzP9Vsg3RWrhmVbxNONwcHR73nLZj75K3Prv2SkORwBUj6R3 76Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:content-transfer-encoding:mime-version :message-id:date:subject:from:dkim-signature; bh=gVcoNqxF8QFQP5T094lDjWs+TlCUQnvtpdB6cRoJBBA=; fh=1v5zqbO9sIGUc9bsdyhYE0zxdK1knZz2xnJYWUWMFKo=; b=xgII6g12H3EkjhamNvks8mLCm1j4UqZ7IMNdNmzQ6DIWN2FQ5lP5yZmg2DURxV4DBv RAmWctGXHDJ7NcZyT12RCR/ZoqOXBqkpCgV92orNmJ3kbYd9sUVpTWLzOe+1eIPCfGp7 1YNyyn6v0s9AJiYNakzaJ0/LvaIOtSrevnmRbmxX9TvVAdI1TxLxmzAXrRTOgaDc0LfH deZgy0OucJ6ktj1OJf0Jdvi+c1NLiQ4QFOAFONkAFAniQqHB0Xoq7icQGb92KRT6wmiR 8gnGhD/5xxr+HludP4Tsxs18Ib7LWHRTnteKZi8FZn2FVU+OjLtgCi2ouisVRaZ9eiSt fVow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=I8SiL3KL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id u4-20020a17090282c400b001ca0a487ab2si4920469plz.200.2023.11.25.04.53.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 04:53:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=I8SiL3KL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 9F5048063D63; Sat, 25 Nov 2023 04:53:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232120AbjKYMxB (ORCPT + 99 others); Sat, 25 Nov 2023 07:53:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231933AbjKYMwy (ORCPT ); Sat, 25 Nov 2023 07:52:54 -0500 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C476B8; Sat, 25 Nov 2023 04:52:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1700916776; bh=8RBixFRBTmKUrLM1q1IL2B0QZNBqk4iPlBDUCbp6lfA=; h=From:Subject:Date:To:Cc:From; b=I8SiL3KL/XYeDM0VPw9zjtesa2gYkLoHvkBcnTC3TsJr2k7NNfsoyNj+C9j9og+56 AkX+gId2Yz6MztTTHIohQIY9gqR9Y9xgd3/bj+gpodmrkmlSpmtGdYd1uIPeTdBMg+ PTaEITi9y7n3HQj7sMX05fg2kfZV8MHEYebhPjw0= From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= Subject: [PATCH RFC 0/7] sysctl: constify sysctl ctl_tables Date: Sat, 25 Nov 2023 13:52:49 +0100 Message-Id: <20231125-const-sysctl-v1-0-5e881b0e0290@weissschuh.net> MIME-Version: 1.0 X-B4-Tracking: v=1; b=H4sIACHuYWUC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE vPSU3UzU4B8JSMDI2NDQ0Mz3eT8vOIS3eLK4uSSHN1UQxMzI5M0QyNL02QloJaCotS0zAqwcdF KQW7OSrG1tQBowj1BYwAAAA== To: Kees Cook , "Gustavo A. R. Silva" , Luis Chamberlain , Iurii Zaikin , Greg Kroah-Hartman , Joel Granados Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=ed25519-sha256; t=1700916776; l=5646; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=8RBixFRBTmKUrLM1q1IL2B0QZNBqk4iPlBDUCbp6lfA=; b=yn5sxyWjNwIg3MCvIyTri53+1hRNy7eWYmeevr24Fh4Kc7YwoBmv6NGIzQUUIsojWtpS2yIxz YWKOMvwkGzZBhqyeOcBcPzisZFK8vH7qkMSjnXwToIQTAgKc1b6fkec X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sat, 25 Nov 2023 04:53:16 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783540539972458798 X-GMAIL-MSGID: 1783540539972458798 Problem description: The kernel contains a lot of struct ctl_table throught the tree. These are very often 'static' definitions. It would be good to mark these tables const to avoid accidental or malicious modifications. Unfortunately the tables can not be made const because the core registration functions expect mutable tables. This is for two reasons: 1) sysctl_{set,clear}_perm_empty_ctl_header in the sysctl core modify the table. This should be fixable by only modifying the header instead of the table itself. 2) The table is passed to the handler function as a non-const pointer. This series is an aproach on fixing reason 2). Full process: * Introduce field proc_handler_new for const handlers (this series) * Migrate all core handlers to proc_handler_new (this series, partial) This can hopefully be done in a big switch, as it only involves functions and structures owned by the core sysctl code. * Migrate all other sysctl handlers to proc_handler_new. * Drop the old proc_handler_field. * Fix the sysctl core to not modify the tables anymore. * Adapt public sysctl APIs to take "const struct ctl_table *". * Teach checkpatch.pl to warn on non-const "struct ctl_table" definitions. * Migrate definitions of "struct ctl_table" to "const" where applicable. Notes: Just casting the function pointers around would trigger CFI (control flow integrity) warnings. The name of the new handler "proc_handler_new" is a bit too long messing up the alignment of the table definitions. Maybe "proc_handler2" or "proc_handler_c" for (const) would be better. --- Thomas Weißschuh (7): sysctl: add helper sysctl_run_handler bpf: cgroup: call proc handler through helper sysctl: add proc_handler_new to struct ctl_table net: sysctl: add new sysctl table handler to debug message treewide: sysctl: migrate proc_dostring to proc_handler_new treewide: sysctl: migrate proc_dobool to proc_handler_new treewide: sysctl: migrate proc_dointvec to proc_handler_new arch/arm/kernel/isa.c | 6 +-- arch/csky/abiv1/alignment.c | 8 ++-- arch/powerpc/kernel/idle.c | 2 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/kernel/debug.c | 2 +- crypto/fips.c | 6 +-- drivers/char/hpet.c | 2 +- drivers/char/random.c | 4 +- drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/core/ucma.c | 2 +- drivers/macintosh/mac_hid.c | 4 +- drivers/md/md.c | 4 +- drivers/scsi/sg.c | 2 +- drivers/tty/tty_io.c | 4 +- fs/coda/sysctl.c | 6 +-- fs/coredump.c | 6 +-- fs/devpts/inode.c | 2 +- fs/lockd/svc.c | 4 +- fs/locks.c | 4 +- fs/nfs/nfs4sysctl.c | 2 +- fs/nfs/sysctl.c | 2 +- fs/notify/dnotify/dnotify.c | 2 +- fs/ntfs/sysctl.c | 2 +- fs/ocfs2/stackglue.c | 2 +- fs/proc/proc_sysctl.c | 16 ++++--- fs/quota/dquot.c | 2 +- include/linux/sysctl.h | 29 +++++++++--- init/do_mounts_initrd.c | 2 +- io_uring/io_uring.c | 2 +- ipc/mq_sysctl.c | 2 +- kernel/acct.c | 2 +- kernel/bpf/cgroup.c | 2 +- kernel/locking/lockdep.c | 4 +- kernel/printk/sysctl.c | 4 +- kernel/reboot.c | 4 +- kernel/seccomp.c | 2 +- kernel/signal.c | 2 +- kernel/sysctl-test.c | 20 ++++----- kernel/sysctl.c | 80 ++++++++++++++++----------------- lib/test_sysctl.c | 10 ++--- mm/hugetlb.c | 2 +- mm/hugetlb_vmemmap.c | 2 +- mm/oom_kill.c | 4 +- net/appletalk/sysctl_net_atalk.c | 2 +- net/core/sysctl_net_core.c | 12 ++--- net/ipv4/route.c | 18 ++++---- net/ipv4/sysctl_net_ipv4.c | 38 ++++++++-------- net/ipv4/xfrm4_policy.c | 2 +- net/ipv6/addrconf.c | 72 ++++++++++++++--------------- net/ipv6/route.c | 8 ++-- net/ipv6/sysctl_net_ipv6.c | 18 ++++---- net/ipv6/xfrm6_policy.c | 2 +- net/mptcp/ctrl.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 36 +++++++-------- net/netfilter/nf_conntrack_standalone.c | 8 ++-- net/netfilter/nf_log.c | 2 +- net/rds/ib_sysctl.c | 2 +- net/rds/sysctl.c | 6 +-- net/sctp/sysctl.c | 26 +++++------ net/sunrpc/xprtrdma/transport.c | 2 +- net/sysctl_net.c | 5 ++- net/unix/sysctl_net_unix.c | 2 +- net/x25/sysctl_net_x25.c | 2 +- net/xfrm/xfrm_sysctl.c | 4 +- 64 files changed, 280 insertions(+), 262 deletions(-) --- base-commit: 0f5cc96c367f2e780eb492cc9cab84e3b2ca88da change-id: 20231116-const-sysctl-e14624f1295c Best regards,