From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E6C0C19F4F for ; Wed, 8 May 2024 11:37:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 328456B0153; Wed, 8 May 2024 07:37:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B0D36B0154; Wed, 8 May 2024 07:37:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0DDBC6B0155; Wed, 8 May 2024 07:37:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CD6EA6B0154 for ; Wed, 8 May 2024 07:37:31 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 7F0A2810DF for ; Wed, 8 May 2024 11:37:31 +0000 (UTC) X-FDA: 82095028302.22.8B47722 Received: from mailout2.w1.samsung.com (mailout2.w1.samsung.com [210.118.77.12]) by imf18.hostedemail.com (Postfix) with ESMTP id 897F41C0013 for ; Wed, 8 May 2024 11:37:28 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b=MGedoFgJ; spf=pass (imf18.hostedemail.com: domain of j.granados@samsung.com designates 210.118.77.12 as permitted sender) smtp.mailfrom=j.granados@samsung.com; dmarc=pass (policy=none) header.from=samsung.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715168248; a=rsa-sha256; cv=none; b=fnPwXflcVp1S1MXHYLSDZil8QTwTOg4Xx1EJGa2ZQ0gSbmVyq1xVa4UB6mjdz01u6FFT/J GzYxS6EX37LaFGExNJ6X5EsBftqBlvsq02qa7Sg4Xqt9p5Bu9LEQuInC6rF7n3nZSmF9er erETLPcFmeg08llhsWWx0nbvV6DuxLM= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b=MGedoFgJ; spf=pass (imf18.hostedemail.com: domain of j.granados@samsung.com designates 210.118.77.12 as permitted sender) smtp.mailfrom=j.granados@samsung.com; dmarc=pass (policy=none) header.from=samsung.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715168248; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cF90zorX3Vhkec3/TFj+N593dqTmsatotOCQjHSZEbM=; b=jMqDjUdGNmDIW+Xt+6SH11Ov4sRo1kqe+Yfq9+Uzr4axJuV41VzrUdWzbWF/RQdXnpjYW4 oJg4dgkyiYMek/GfBGjK7bBkki7hlHhF4Bywo6cCGArNF0Ua9x5mf3VmbPlZgZExGsxfiX sQvh9JtVlkyjC3Psi8fLA9Mcgf/FPBo= Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20240508113726euoutp023b917c183029915f96a388a085ef9f3c~NgG6-85E21770217702euoutp02_; Wed, 8 May 2024 11:37:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20240508113726euoutp023b917c183029915f96a388a085ef9f3c~NgG6-85E21770217702euoutp02_ DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1715168246; bh=cF90zorX3Vhkec3/TFj+N593dqTmsatotOCQjHSZEbM=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=MGedoFgJUxqsWS+zDcnWEQjCsAolmv6XQq26O3hTwtnVUXsPIbO123xNVdDsR1wi8 4ruaFwHk37WfH/K8Vb94HbGRPKKEv2Im4rxPFviwViSVpO0j+oN5tsVWmyq70AhMUk fkBQHu/4DdTej80roiXkz13NiIEQJKgdnVvkytNE= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20240508113725eucas1p16225069534576a85124b13399ba8b854~NgG6vou7Z2221222212eucas1p1K; Wed, 8 May 2024 11:37:25 +0000 (GMT) Received: from eucas1p1.samsung.com ( [182.198.249.206]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id C2.CE.09624.5F36B366; Wed, 8 May 2024 12:37:25 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20240508113725eucas1p1c73dc1b7bc2780f99b281e4cc534d1a0~NgG6RWhmU1576115761eucas1p1a; Wed, 8 May 2024 11:37:25 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20240508113725eusmtrp125fc799878405e7480db3ef8c0ccefef~NgG6P556t0870508705eusmtrp1k; Wed, 8 May 2024 11:37:25 +0000 (GMT) X-AuditID: cbfec7f2-c11ff70000002598-a3-663b63f58af9 Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 28.7B.09010.5F36B366; Wed, 8 May 2024 12:37:25 +0100 (BST) Received: from CAMSVWEXC02.scsc.local (unknown [106.1.227.72]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20240508113725eusmtip245b7460632450ec5f8efcdd3ed3a83f1~NgG6AtV8G1709017090eusmtip2g; Wed, 8 May 2024 11:37:25 +0000 (GMT) Received: from localhost (106.110.32.44) by CAMSVWEXC02.scsc.local (2002:6a01:e348::6a01:e348) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 8 May 2024 12:37:24 +0100 Date: Wed, 8 May 2024 13:37:19 +0200 From: Joel Granados To: Kees Cook CC: Jakub Kicinski , Luis Chamberlain , Kees Cook , Eric Dumazet , Dave Chinner , , , , , , , , , , , , , , , , , , , , , , , , Subject: Re: [PATCH v3 00/11] sysctl: treewide: constify ctl_table argument of sysctl handlers Message-ID: <20240508113719.pccjkyd5nk5soqrg@joelS2.panther.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="v7sa5w52x2sbyktg" Content-Disposition: inline In-Reply-To: X-Originating-IP: [106.110.32.44] X-ClientProxiedBy: CAMSVWEXC01.scsc.local (2002:6a01:e347::6a01:e347) To CAMSVWEXC02.scsc.local (2002:6a01:e348::6a01:e348) X-Brightmail-Tracker: H4sIAAAAAAAAA2WSf0wTZxzG917vrkez4lGdvIDOwQCz6RhuKO8C21RMdsuiwy1b4pJldnAU Ai2kBabgsiKObvwQtJnQKrMgItCFstI1/DISwDIps0WJkskgqeAmUGB0hSBa13KQmey/z/N8 v0/u+7w5iie6RwZTabJsVi4TZ4SRAtxsWb75mjspLiV61L0bFVh0BHL19ZPIfKkEQ0/aVTxk sowBNGlx8NFgiRR1Wt0YsptPE8h4/w6Buq7ewNGPhmWAbndcINHYT08JZO+2Emj4l2YcPegp w5HZdYpEFTWFPDSpmybQfKmDRH2G33DU8biNj1aWPAQqvLjAQyMVkwBZdJtRRfMAjm62uoi9 W5nzyiGcGaiFjM6YwxibvicZ48JZPtNa9w3zV6sGMLaqGsDcGRnHGefKrxhjr58hGZfxxcTn PxPEJ7MZabms/PV3jgpSda4JkPVzyLG66iq+EjzZXAz8KEjHwMFyKygGAkpENwBYvzTI58Q/ AFaZ7DgnXACqp5r465H2yi6MG1wBcLh4XXi3ZvvH1vJGABufthG+CE6Hw85zHatM0juhbWaU 5+NNdARculW4yjy6nQ9trgAfb6SPQtNlNfCxkN4LtY4hnOMAeEMzgXP7x2Dhmcfej1FeDoFX PJTP9qPjYdt5O4+7NBS6L43hHH8NB0y/rx4K6QkB1HTZMG5wALYM95Mcb4RT/aa1mlugVV2K cwE1gNc883xO6L3PVOBeS8fBU8MTa4l90GawEb6LIO0PR5wB3KH+8Ky5ksfZQvhdkYjbjoT6 sRm8Arysfaaa9plq2v+qcfZOqOtcIP9n74D1NdM8jt+Gzc1zuA7wm0Agm6OQSljFLhn7VZRC LFXkyCRRSZlSI/D+81ZP/0IbqJ76O6oHYBToAeHesKNFbwfBuCxTxoZtEl5XxaaIhMni43ms PPMLeU4Gq+gBIRQeFiiMSN7GimiJOJtNZ9ksVr4+xSi/YCW2R1rSi4Qx4elB5/Z35R9871Za +ZbjQfXKdOsrOUox3EDMsoJq43MJ6pZDi+P63LRti5GzjTXXFoNky/5FR8J6Ba4909mfJm73 XF94kFCg/OHkwzJxxMcn4lRJwsqBw2/2FVyIVmtFcTumh2rclm/z/+guS7g6cyLrYt49Z+Mg 9uHIbodGETtep6ib3G9yOJY/Kv38S6vmtqM19uH4n7mS8kfd0p59KU3qOfP9w+ly+uDoXfTG J1Wt+TAy3vnBkeTodztDscsr5g3WkwcOba/tdeclKopWnI3stIQ1vBWTF/8CnZrUwDc1hJd6 5k8Hzhnuvk/lT6q2htbqx19iMUr1KAxXpIp3vcqTK8T/AgNMPNVuBAAA X-Brightmail-Tracker: H4sIAAAAAAAAA2WSfUxTZxTG896vtmrntaC+gDpX2WaYVlpofWHAIDHLXXTL9seyZROxK1dg 0pb1w+AWNwxmzDIWQCICMotCJ4UUdmGErw1XWSlUpLjJ0Gx11kEmH9mgA0OKZYVmmcn+++V5 8jzn5OTwcdEiGcnP0RhYnUaZK6bWEa7AgGfvgurFY7HW4nB02mEmka9/gEIdV4ox9LirCEft Dg9AEw4vD90oVqMe1wKG3B1fkIh7MEai3m8HCfRlyxJAP3ZfpJCneYVE7msuEv30jY1Ak/YS AnX4zlCotK4QRxPmaRL99bmXQv0twwTqXu7kIf+jAIkKL83jaLx0AiCHeQsqtQ0R6Gabj0zd ztQUjBLM0GXImDkjw1nPUgw3X85j2uo/Yf5oqwLMyIU6wIyN3yOYWb8TY9yWGYrxcTte3/CO JEmnNRrYndlavSFZ/K4UySTSBCSRxSdIpHH70xNlcvG+lKRMNjfnBKvbl3JUkl356U2Q1xKV f8ZnIguAf4sJCPiQjoddlb2YCazji+gGAE3dFVTI2Aa//vs2GeIwuDxmWtNF9ByAjdbnQgEO QEuZiVg1CDoa9pzvXgtQ9B44MvMLvsrh9LPw0a3CNcbpLh50LdKrHEYfhe0N58AqC+lUWO0d JUKlrRicthfgIWMTHKz6nQiFT0Bn61xwAD/IUfCrAH9VFtBJsLPGjYcWfQYuXPEQIT4FfY8n QSkIq36iqfqJpur/mkJyDBwPPMT+J78ALXXTeIiToc32J2EGPCsIZ416dZZaL5PolWq9UZMl UWnVHAg+XYdjqb0TNE7NSewA4wM7iA4mva1NbhBJaLQaVhwu/KFo/zGRMFN58kNWp83QGXNZ vR3Ig1cswyM3q7TBD9YYMqSKWLk0XpEQK09QxIm3Cl/J+0wporOUBvY4y+axun9zGF8QWYBZ xWWJk1SvYtDoUnNPN78hM3Utbnq+XvLqaLIqrNZ2teTNuqKLUa7E9T1X9wzE7Bqv2VbW4Tni TO07HXjZ7uZ+Tn1YNb6oqLxeUrzT3HZj5Xr+3ZOXn7LMpsRNC5oiJu+0FH+wvn+0YkzRJapP Gz4gqFj43nJhKOOU//D93VjfsNOmOh/RMLx1Y9TB3dQSeXfzHe39CKtAmNW84S3pvHTO7n+t Nquitqnc8etvM40jMUcyPVPXyvEIWWv0jrRdG8/mr/i42733Bt7P+ah50n8rZuptc7r4Y2c6 zTsIdZVNndF732ugqeTD574T9jNpPO/x7QuH+l56oNTL5YYD0uUAb1ZM6LOV0hhcp1f+Aw47 jhcJBAAA X-CMS-MailID: 20240508113725eucas1p1c73dc1b7bc2780f99b281e4cc534d1a0 X-Msg-Generator: CA X-RootMTR: 20240425031241eucas1p1fb0790e0d03ccbe4fca2b5f6da83d6db X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20240425031241eucas1p1fb0790e0d03ccbe4fca2b5f6da83d6db References: <20240423-sysctl-const-handler-v3-0-e0beccb836e2@weissschuh.net> <20240424201234.3cc2b509@kernel.org> <20240425110412.2n5d27smecfncsfa@joelS2.panther.com> X-Stat-Signature: ww4ib5tunbz6qsrqtaae1thcp1ngh4cp X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 897F41C0013 X-HE-Tag: 1715168248-912249 X-HE-Meta: U2FsdGVkX1/qFQ0f02hGnpgZ/3uOgB/9xH3hFl1eO+5cOFTMr8xgpO9YASjnGrMW1LleEHD2h3OdMpm7zO7xTj+/KJ+npL1CQxi0AX2F8Td8fCtpNFW+jpwpgSgMBaQRhWJRuw7LWNpnIq5fj31NPFRoKvQoIhkl0P5Z3Gc9gF8VwZ6zBvu/My5X+4N/AGcgdhB40+Mlu9EcsbD5MMzb0EMdWBIWbrN8r09jqDEmEfQS/bYIO1e0pFGrH2UHmzt55WREL7umOoGT92GIb7/VAN2Ptoz+dY3azhResQV5KFnx9jVZTy7nWg5sRdM4HvP+vV/NRUZQ0vrJOiQWPuCalU1LVv3byJ3/SpddIWMcYgawLCKVLW6YdNldLPMZgGOB6ZkYoHAQPRA5NGCqnZDQOdSeDi/sk1KCWldv8r3/KZD0XaaTF6Su3Rbuzg4mfcFwcuX6oHmyJAxX2fhhz8CvjqIGWMylYuxeYkPhvfYEomRdbXwYhHgIyp+8ckTImOSjnjeksabYmyhJkA0fQn25h80Ntm1eZR1+0TZF5uSKvdj7L6Fr+5jy425o/ASKJis3T1k2yCtmo5JbNjlBJ2APZxYvDqVDSS0eWfdPY+wHzF9HT5RE64JM4HGt13+7PNqayhK1VS3jMjKq8WCs/jF3fc/mmSCHZIwaoK3BEIX62DBS3+G5L7vcdZJ140S9dqY+T76fc/BeAa9AnImPnRUbxtvbao9T8TnMx0gpJ/VBzDmrZcAXZRlG0hWKwVP9xnbzHI3enJwHkviFo8IjvSIYwkM4iKIGYaPETSYgsWsR6UYeN+NILADBoEeUoZ4KAq+N5awVePqApgh85cpTjs1FVdRSHZB/6cGac6gX+fYGq+0z6v+2TlLg3+CHWuovFj1DpDVdpikhbPu2efKRtFJavEBbq9efjra9Zr/ISrL7CB+2pCUyZbDUIFLCNGHO//G10EFOZKKpIB/uS8JHFvT s5EJWXLm 4Undt+S1FLowilShDmBSd7PvWUOuKltQKsf5pBxP4kAM/O6S+6ETbpkQUCqTEOZnOVKu4sYGJXboJ5fLSLikNUwctPHFeSsVhFz1WyA5RU67ijXm3JIplZa4JE9diIohkKVkChBeZEHq+SOYHSuMuuTGAdpOZSrLSI72j5I/ohKkM+m5ru4XkGHaZYQvOhTzlGNcRyQ6KXQnYDWY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --v7sa5w52x2sbyktg Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kees Could you comment on the feasibility of this alternative from the Control Flow Integrity perspective. My proposal is to change the proc_handler to void* and back in the same release. So there would not be a kernel released with a void* proc_handler. > > However, there is an alternative way to do this that allows chunking. We > > first define the proc_handler as a void pointer (casting it where it is > > being used) [1]. Then we could do the constification by subsystem (like > > Jakub proposes). Finally we can "revert the void pointer change so we > > don't have one size fit all pointer as our proc_handler [2]. > >=20 > > Here are some comments about the alternative: > > 1. We would need to make the first argument const in all the derived > > proc_handlers [3]=20 > > 2. There would be no undefined behavior for two reasons: > > 2.1. There is no case where we change the first argument. We know > > this because there are no compile errors after we make it const. > > 2.2. We would always go from non-const to const. This is the case > > because all the stuff that is unchanged in non-const. > > 3. If the idea sticks, it should go into mainline as one patchset. I > > would not like to have a void* proc_handler in a kernel release. > > 4. I think this is a "win/win" solution were the constification goes > > through and it is divided in such a way that it is reviewable. > >=20 > > I would really like to hear what ppl think about this "heretic" > > alternative. @Thomas, @Luis, @Kees @Jakub? >=20 > Thanks for that alternative, I'm not a big fan though. >=20 > Besides the wonky syntax, Control Flow Integrity should trap on > this construct. Functions are called through different pointers than > their actual types which is exactly what CFI is meant to prevent. >=20 > Maybe people find it easier to review when using > "--word-diff" and/or "-U0" with git diff/show. > There is really nothing going an besides adding a few "const"s. >=20 > But if the consensus prefers this solution, I'll be happy to adopt it. >=20 > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/joel.granados/linux= =2Egit/commit/?h=3Djag/constfy_treewide_alternative&id=3D4a383503b1ea650d4e= 12c1f5838974e879f5aa6f > > [2] https://git.kernel.org/pub/scm/linux/kernel/git/joel.granados/linux= =2Egit/commit/?h=3Djag/constfy_treewide_alternative&id=3Da3be65973d27ec2933= b9e81e1bec60be3a9b460d > > [3] proc_dostring, proc_dobool, proc_dointvec.... >=20 >=20 > Thomas Best --=20 Joel Granados --v7sa5w52x2sbyktg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEErkcJVyXmMSXOyyeQupfNUreWQU8FAmY7Y+4ACgkQupfNUreW QU9YEgwAhDVP7Y6eoR6THZeBhX5jlhu2G9nJstttqNF2XutpFKVjE8Z3C89eHNng DCMo7QPRNspNV7452TWHzjB9TyWvZ3WtKaNd1O0ECwCMpZ32/0aZ5SAsMd+cY2D5 yDhAjIzVJups6lQWx1bTMDtuWft9Ebi7Wvd9I3Q+Qjq5khbrSHMCzCr1Bl2ZfscY ApmHqb3v0KxOM+QrrybFvFCD/tt7uYyJfmH96GgBLdl2+7ceoUigiSK5ebySplCo UnNLZi6LEwS1kjyNpbWQbKq9czcSKCCYVM3kzqzcPBdRU/km7XH0oi7SybNt7PSz ZvFQgc34OiFAFcb9twbtzTKfXVBXpBwmOwwgqLw4yNS2C8QH+nbO6qUmHoDp44ZW 6jYrjdWbdDrP+Mwh56FkIcs84+0tgdLgsT6ni9LyK50S8Ik7ivQRCnojjpNJS19p wRnfmB6C3lNH2MWxq9gw8k+RMhDB3eRxcXrTbEjYImsO4zb3xo+CjjPG5TGkvezg ehHTRa51 =YpMU -----END PGP SIGNATURE----- --v7sa5w52x2sbyktg--