On Sun, Aug 19, 2018 at 4:36 PM Lukas Wunner <lukas@xxxxxxxxx> wrote: > > Hotplug drivers cannot declare their hotplug_slot_ops const, making them > attractive targets for attackers, because upon registration of a hotplug > slot, __pci_hp_initialize() writes to the "owner" and "mod_name" members > in that struct. > > Fix by moving these members to struct hotplug_slot and constify every > driver's hotplug_slot_ops except for pciehp. > > pciehp constructs its hotplug_slot_ops at runtime based on the PCIe > port's capabilities, hence cannot declare them const. It can be > converted to __write_rarely once that's mainlined: > http://www.openwall.com/lists/kernel-hardening/2016/11/16/3 > > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx> > Cc: Rafael J. Wysocki <rjw@xxxxxxxxxxxxx> > Cc: Len Brown <lenb@xxxxxxxxxx> > Cc: Scott Murray <scott@xxxxxxxxxxxx> > Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> > Cc: Paul Mackerras <paulus@xxxxxxxxx> > Cc: Michael Ellerman <mpe@xxxxxxxxxxxxxx> > Cc: Gavin Shan <gwshan@xxxxxxxxxxxxxxxxxx> > Cc: Sebastian Ott <sebott@xxxxxxxxxxxxxxxxxx> > Cc: Gerald Schaefer <gerald.schaefer@xxxxxxxxxx> > Cc: Corentin Chary <corentin.chary@xxxxxxxxx> > Cc: Darren Hart <dvhart@xxxxxxxxxxxxx> > Cc: Andy Shevchenko <andy@xxxxxxxxxxxxx> > --- > drivers/pci/hotplug/acpiphp_core.c | 2 +- > drivers/pci/hotplug/cpci_hotplug_core.c | 2 +- > drivers/pci/hotplug/cpqphp_core.c | 2 +- > drivers/pci/hotplug/ibmphp.h | 2 +- > drivers/pci/hotplug/ibmphp_core.c | 2 +- > drivers/pci/hotplug/pci_hotplug_core.c | 27 +++++++++++++------------ > drivers/pci/hotplug/pnv_php.c | 2 +- > drivers/pci/hotplug/rpaphp.h | 2 +- > drivers/pci/hotplug/rpaphp_core.c | 2 +- > drivers/pci/hotplug/s390_pci_hpc.c | 2 +- > drivers/pci/hotplug/sgi_hotplug.c | 2 +- > drivers/pci/hotplug/shpchp_core.c | 2 +- > drivers/pci/pci.c | 4 ++-- > drivers/pci/slot.c | 2 +- > drivers/platform/x86/asus-wmi.c | 3 +-- > drivers/platform/x86/eeepc-laptop.c | 3 +-- > include/linux/pci_hotplug.h | 10 ++++----- > 17 files changed, 35 insertions(+), 36 deletions(-) Nice! Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
