From: Joel Granados <joel.granados@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "Alexander Gordeev" <agordeev@linux.ibm.com>,
"Thomas Weißschuh" <linux@weissschuh.net>,
"Kees Cook" <kees@kernel.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
linux-crypto@vger.kernel.org,
openipmi-developer@lists.sourceforge.net,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
intel-xe@lists.freedesktop.org, linux-hyperv@vger.kernel.org,
linux-rdma@vger.kernel.org, linux-raid@vger.kernel.org,
linux-scsi@vger.kernel.org, linux-serial@vger.kernel.org,
xen-devel@lists.xenproject.org, linux-aio@kvack.org,
linux-fsdevel@vger.kernel.org, netfs@lists.linux.dev,
codalist@coda.cs.cmu.edu, linux-mm@kvack.org,
linux-nfs@vger.kernel.org, ocfs2-devel@lists.linux.dev,
fsverity@lists.linux.dev, linux-xfs@vger.kernel.org,
io-uring@vger.kernel.org, bpf@vger.kernel.org,
kexec@lists.infradead.org, linux-trace-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org, apparmor@lists.ubuntu.com,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
"Song Liu" <song@kernel.org>,
"Steven Rostedt (Google)" <rostedt@goodmis.org>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
"Darrick J. Wong" <djwong@kernel.org>,
"Jani Nikula" <jani.nikula@intel.com>,
"Corey Minyard" <cminyard@mvista.com>
Subject: Re: Re: Re: [PATCH v2] treewide: const qualify ctl_tables where applicable
Date: Mon, 27 Jan 2025 14:49:55 +0100 [thread overview]
Message-ID: <f4lfo2fb7ajogucsvisfd5sg2avykavmkizr6ycsllcrco4mo3@qt2zx4zp57zh> (raw)
In-Reply-To: <CAMj1kXEZPe8zk7s67SADK9wVH3cfBup-sAZSC6_pJyng9QT7aw@mail.gmail.com>
On Wed, Jan 22, 2025 at 01:41:35PM +0100, Ard Biesheuvel wrote:
> On Wed, 22 Jan 2025 at 13:25, Joel Granados <joel.granados@kernel.org> wrote:
> >
> > On Tue, Jan 21, 2025 at 02:40:16PM +0100, Alexander Gordeev wrote:
> > > On Fri, Jan 10, 2025 at 03:16:08PM +0100, Joel Granados wrote:
> > >
> > > Hi Joel,
> > >
> > > > Add the const qualifier to all the ctl_tables in the tree except for
> > > > watchdog_hardlockup_sysctl, memory_allocation_profiling_sysctls,
> > > > loadpin_sysctl_table and the ones calling register_net_sysctl (./net,
> > > > drivers/inifiniband dirs). These are special cases as they use a
> > > > registration function with a non-const qualified ctl_table argument or
> > > > modify the arrays before passing them on to the registration function.
> > > >
> > > > Constifying ctl_table structs will prevent the modification of
> > > > proc_handler function pointers as the arrays would reside in .rodata.
> > > > This is made possible after commit 78eb4ea25cd5 ("sysctl: treewide:
> > > > constify the ctl_table argument of proc_handlers") constified all the
> > > > proc_handlers.
> > >
> > > I could identify at least these occurences in s390 code as well:
> > Hey Alexander
> >
> > Thx for bringing these to my attention. I had completely missed them as
> > the spatch only deals with ctl_tables outside functions.
> >
> > Short answer:
> > These should not be included in the current patch because they are a
> > different pattern from how sysctl tables are usually used. So I will not
> > include them.
> >
> > With that said, I think it might be interesting to look closer at them
> > as they seem to be complicating the proc_handler (I have to look at them
> > closer).
> >
> > I see that they are defining a ctl_table struct within the functions and
> > just using the data (from the incoming ctl_table) to forward things down
> > to proc_do{u,}intvec_* functions. This is very odd and I have only seen
> > it done in order to change the incoming ctl_table (which is not what is
> > being done here).
> >
> > I will take a closer look after the merge window and circle back with
> > more info. Might take me a while as I'm not very familiar with s390
> > code; any additional information on why those are being used inside the
> > functions would be helpfull.
> >
>
> Using const data on the stack is not as useful, because the stack is
> always mapped writable.
>
> Global data structures marked 'const' will be moved into an ELF
> section that is typically mapped read-only in its entirely, and so the
> data cannot be modified by writing to it directly. No such protection
> is possible for the stack, and so the constness there is only enforced
> at compile time.
I completely agree with you. No reason to use const within those
functions. But why define those ctl_tables in function to begin with.
Can't you just use the ones that are defined outside the functions?
Best
--
Joel Granados
next prev parent reply other threads:[~2025-01-27 13:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-10 14:16 Joel Granados
2025-01-10 18:28 ` Anna Schumaker
2025-01-12 10:36 ` Baoquan He
2025-01-15 17:52 ` Thomas Gleixner
2025-01-15 20:09 ` Wei Liu
2025-01-15 20:30 ` Bill O'Donnell
2025-01-21 13:40 ` Alexander Gordeev
2025-01-22 12:25 ` Joel Granados
2025-01-22 12:41 ` Ard Biesheuvel
2025-01-27 13:49 ` Joel Granados [this message]
2025-01-27 14:55 ` Jani Nikula
2025-01-27 15:42 ` Matthew Wilcox
2025-01-28 11:22 ` Joel Granados
2025-01-28 15:43 ` Paul Moore
2025-01-29 8:49 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4lfo2fb7ajogucsvisfd5sg2avykavmkizr6ycsllcrco4mo3@qt2zx4zp57zh \
--to=joel.granados@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=apparmor@lists.ubuntu.com \
--cc=ardb@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=cminyard@mvista.com \
--cc=codalist@coda.cs.cmu.edu \
--cc=djwong@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=fsverity@lists.linux.dev \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-xe@lists.freedesktop.org \
--cc=io-uring@vger.kernel.org \
--cc=jani.nikula@intel.com \
--cc=kees@kernel.org \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-aio@kvack.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=martin.petersen@oracle.com \
--cc=mcgrof@kernel.org \
--cc=netfs@lists.linux.dev \
--cc=ocfs2-devel@lists.linux.dev \
--cc=openipmi-developer@lists.sourceforge.net \
--cc=rostedt@goodmis.org \
--cc=song@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox