Quoting James Morris (jmorris@xxxxxxxxx): > I think it'd be a good idea to constify more of the various operations > structs in the kernel -- our coverage of this is spotty. > > The patch below should provide coverage for all of the eligible > seq_operations structs in the kernel. It's derived from the grsecurity > patch (which I was reading and noticed how many of these we're missing). > > It's possible something's been missed, or that there are problems in code > which I can't test. Please review/comment/test. > > If it looks ok, I suggest pushing this via -mm. > > Note that there are quite a few other similar ops to be constified, such > as file_operations, so if anyone would like to pitch in, please do so. > > --- > > Subject: [PATCH 1/1] security: constify seq_operations > > Make all seq_operations structs const, to help mitigate > against revectoring user-triggerable function pointers. > > This is derived from the grsecurity patch, although generated > from scratch because it's simpler than extracting the changes > from there. > > Signed-off-by: James Morris <jmorris@xxxxxxxxx> I think it's a good idea. I suppose we could add a script to check for any new seq_ops structs not constified... something as simple as find . -type f -print0 | xargs -0 grep 'struct seq_operations' | grep -v const Though what you have here hits all of those and more. Acked-by: Serge Hallyn <serue@xxxxxxxxxx> thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
