On 11/14/18 8:39 AM, Christoph Hellwig wrote: > On Wed, Nov 14, 2018 at 08:33:06AM -0700, Jens Axboe wrote: >> It's measurable. It doesn't defeat the const at all, the mq_ops >> is still const and is never modified outside of when the queue >> is allocated. The only difference is of course that it is no >> longer residing in a read only mapped section, which is a shame. > > And the separate section is very much the point of the const. > > Without it attackers can easily overwrite the function pointer and > use it for exploits, as the C const attribute by itself doesn't > protect from that in any way. But once it is in a read-only section > it can't easily be modified. Are we really worried about this as an attack surface? I get it for other types of ops, but for mq_ops, I'd be more worried about callers changing it inadvertently, and they still can't do that. It's not a huge deal to me, I can drop this one for now and revisit at a later time. -- Jens Axboe
