Re: [PATCH v2] sysctl: treewide: constify ctl_table_header::ctl_table_arg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 18, 2024 at 11:40:08AM +0200, Thomas Weißschuh wrote:
> To be able to constify instances of struct ctl_tables it is necessary to
> remove ways through which non-const versions are exposed from the
> sysctl core.
> One of these is the ctl_table_arg member of struct ctl_table_header.
> 
> Constify this reference as a prerequisite for the full constification of
> struct ctl_table instances.
> No functional change.
> 
> Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
> ---
> Changes in v2:
> - Add link to original monolithic series
> - Send to all maintainers again
> - Link to v1: https://lore.kernel.org/r/20240322-sysctl-const-table-arg-v1-1-88436d34961b@xxxxxxxxxxxxxx
> ---
> This is a standalone version of PATCH 11 from my original const-sysctl
> series at
> https://lore.kernel.org/lkml/20231204-const-sysctl-v2-0-7a5060b11447@xxxxxxxxxxxxxx/
> 
> It is based upon the branch constfy of
> https://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl.git/
> 
> This patch is meant to be applied through the sysctl tree.
> 
> It was implemented by manually searching for "ctl_table_arg"
> throughout the tree and inspecing each found site.
> 
> If somebody comes up with a cocciscript for this, I'll be happy to use
> that.

My simple attempt doesn't find any additional instances:

@constify@
identifier VAR;
expression EXP;
@@

-       struct ctl_table *VAR;
+       const struct ctl_table *VAR;
        ...
        VAR = (EXP)->ctl_table_arg

it actually misses a few. :P

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

> ---
>  drivers/net/vrf.c                       | 2 +-
>  include/linux/sysctl.h                  | 2 +-
>  ipc/ipc_sysctl.c                        | 2 +-
>  ipc/mq_sysctl.c                         | 2 +-
>  kernel/ucount.c                         | 2 +-
>  net/ax25/sysctl_net_ax25.c              | 2 +-
>  net/bridge/br_netfilter_hooks.c         | 2 +-
>  net/core/sysctl_net_core.c              | 2 +-
>  net/ieee802154/6lowpan/reassembly.c     | 2 +-
>  net/ipv4/devinet.c                      | 2 +-
>  net/ipv4/ip_fragment.c                  | 2 +-
>  net/ipv4/route.c                        | 2 +-
>  net/ipv4/sysctl_net_ipv4.c              | 2 +-
>  net/ipv4/xfrm4_policy.c                 | 2 +-
>  net/ipv6/addrconf.c                     | 2 +-
>  net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +-
>  net/ipv6/reassembly.c                   | 2 +-
>  net/ipv6/sysctl_net_ipv6.c              | 6 +++---
>  net/ipv6/xfrm6_policy.c                 | 2 +-
>  net/mpls/af_mpls.c                      | 4 ++--
>  net/mptcp/ctrl.c                        | 2 +-
>  net/netfilter/nf_conntrack_standalone.c | 2 +-
>  net/netfilter/nf_log.c                  | 2 +-
>  net/sctp/sysctl.c                       | 2 +-
>  net/smc/smc_sysctl.c                    | 2 +-
>  net/unix/sysctl_net_unix.c              | 2 +-
>  net/xfrm/xfrm_sysctl.c                  | 2 +-
>  27 files changed, 30 insertions(+), 30 deletions(-)
> 
> diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
> index bb95ce43cd97..66f8542f3b18 100644
> --- a/drivers/net/vrf.c
> +++ b/drivers/net/vrf.c
> @@ -1971,7 +1971,7 @@ static int vrf_netns_init_sysctl(struct net *net, struct netns_vrf *nn_vrf)
>  static void vrf_netns_exit_sysctl(struct net *net)
>  {
>  	struct netns_vrf *nn_vrf = net_generic(net, vrf_net_id);
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = nn_vrf->ctl_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(nn_vrf->ctl_hdr);
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index 47bd28ffa88f..09db2f2e6488 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -171,7 +171,7 @@ struct ctl_table_header {
>  		struct rcu_head rcu;
>  	};
>  	struct completion *unregistering;
> -	struct ctl_table *ctl_table_arg;
> +	const struct ctl_table *ctl_table_arg;
>  	struct ctl_table_root *root;
>  	struct ctl_table_set *set;
>  	struct ctl_dir *parent;
> diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
> index 19b2a67aef40..113452038303 100644
> --- a/ipc/ipc_sysctl.c
> +++ b/ipc/ipc_sysctl.c
> @@ -305,7 +305,7 @@ bool setup_ipc_sysctls(struct ipc_namespace *ns)
>  
>  void retire_ipc_sysctls(struct ipc_namespace *ns)
>  {
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = ns->ipc_sysctls->ctl_table_arg;
>  	unregister_sysctl_table(ns->ipc_sysctls);
> diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
> index 43c0825da9e8..068e7d5aa42b 100644
> --- a/ipc/mq_sysctl.c
> +++ b/ipc/mq_sysctl.c
> @@ -159,7 +159,7 @@ bool setup_mq_sysctls(struct ipc_namespace *ns)
>  
>  void retire_mq_sysctls(struct ipc_namespace *ns)
>  {
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = ns->mq_sysctls->ctl_table_arg;
>  	unregister_sysctl_table(ns->mq_sysctls);
> diff --git a/kernel/ucount.c b/kernel/ucount.c
> index 90300840256b..366a2c1971f5 100644
> --- a/kernel/ucount.c
> +++ b/kernel/ucount.c
> @@ -119,7 +119,7 @@ bool setup_userns_sysctls(struct user_namespace *ns)
>  void retire_userns_sysctls(struct user_namespace *ns)
>  {
>  #ifdef CONFIG_SYSCTL
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = ns->sysctls->ctl_table_arg;
>  	unregister_sysctl_table(ns->sysctls);
> diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
> index db66e11e7fe8..e0128dc9def3 100644
> --- a/net/ax25/sysctl_net_ax25.c
> +++ b/net/ax25/sysctl_net_ax25.c
> @@ -171,7 +171,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
>  void ax25_unregister_dev_sysctl(ax25_dev *ax25_dev)
>  {
>  	struct ctl_table_header *header = ax25_dev->sysheader;
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	if (header) {
>  		ax25_dev->sysheader = NULL;
> diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
> index 35e10c5a766d..a09118c56c7d 100644
> --- a/net/bridge/br_netfilter_hooks.c
> +++ b/net/bridge/br_netfilter_hooks.c
> @@ -1268,7 +1268,7 @@ static int br_netfilter_sysctl_init_net(struct net *net)
>  static void br_netfilter_sysctl_exit_net(struct net *net,
>  					 struct brnf_net *brnet)
>  {
> -	struct ctl_table *table = brnet->ctl_hdr->ctl_table_arg;
> +	const struct ctl_table *table = brnet->ctl_hdr->ctl_table_arg;
>  
>  	unregister_net_sysctl_table(brnet->ctl_hdr);
>  	if (!net_eq(net, &init_net))
> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> index 6973dda3abda..903ab4a51c17 100644
> --- a/net/core/sysctl_net_core.c
> +++ b/net/core/sysctl_net_core.c
> @@ -743,7 +743,7 @@ static __net_init int sysctl_core_net_init(struct net *net)
>  
>  static __net_exit void sysctl_core_net_exit(struct net *net)
>  {
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = net->core.sysctl_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->core.sysctl_hdr);
> diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c
> index 6dd960ec558c..2a983cf450da 100644
> --- a/net/ieee802154/6lowpan/reassembly.c
> +++ b/net/ieee802154/6lowpan/reassembly.c
> @@ -399,7 +399,7 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
>  
>  static void __net_exit lowpan_frags_ns_sysctl_unregister(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  	struct netns_ieee802154_lowpan *ieee802154_lowpan =
>  		net_ieee802154_lowpan(net);
>  
> diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
> index 7a437f0d4190..7592f242336b 100644
> --- a/net/ipv4/devinet.c
> +++ b/net/ipv4/devinet.c
> @@ -2749,7 +2749,7 @@ static __net_init int devinet_init_net(struct net *net)
>  static __net_exit void devinet_exit_net(struct net *net)
>  {
>  #ifdef CONFIG_SYSCTL
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = net->ipv4.forw_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->ipv4.forw_hdr);
> diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
> index a4941f53b523..6b9285fd6f06 100644
> --- a/net/ipv4/ip_fragment.c
> +++ b/net/ipv4/ip_fragment.c
> @@ -632,7 +632,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
>  
>  static void __net_exit ip4_frags_ns_ctl_unregister(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->ipv4.frags_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->ipv4.frags_hdr);
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index c8f76f56dc16..af30b5942ba4 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -3590,7 +3590,7 @@ static __net_init int sysctl_route_net_init(struct net *net)
>  
>  static __net_exit void sysctl_route_net_exit(struct net *net)
>  {
> -	struct ctl_table *tbl;
> +	const struct ctl_table *tbl;
>  
>  	tbl = net->ipv4.route_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->ipv4.route_hdr);
> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
> index 7e4f16a7dcc1..ce5d19978a26 100644
> --- a/net/ipv4/sysctl_net_ipv4.c
> +++ b/net/ipv4/sysctl_net_ipv4.c
> @@ -1554,7 +1554,7 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
>  
>  static __net_exit void ipv4_sysctl_exit_net(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	kfree(net->ipv4.sysctl_local_reserved_ports);
>  	table = net->ipv4.ipv4_hdr->ctl_table_arg;
> diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
> index c33bca2c3841..1dda59e0aeab 100644
> --- a/net/ipv4/xfrm4_policy.c
> +++ b/net/ipv4/xfrm4_policy.c
> @@ -186,7 +186,7 @@ static __net_init int xfrm4_net_sysctl_init(struct net *net)
>  
>  static __net_exit void xfrm4_net_sysctl_exit(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	if (!net->ipv4.xfrm4_hdr)
>  		return;
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 247bd4d8ee45..9c34a351f115 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -7235,7 +7235,7 @@ static int __addrconf_sysctl_register(struct net *net, char *dev_name,
>  static void __addrconf_sysctl_unregister(struct net *net,
>  					 struct ipv6_devconf *p, int ifindex)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	if (!p->sysctl_header)
>  		return;
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index 1a51a44571c3..98809f846229 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -105,7 +105,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
>  static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net)
>  {
>  	struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = nf_frag->nf_frag_frags_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr);
> diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
> index acb4f119e11f..ee95cdcc8747 100644
> --- a/net/ipv6/reassembly.c
> +++ b/net/ipv6/reassembly.c
> @@ -487,7 +487,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
>  
>  static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->ipv6.sysctl.frags_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr);
> diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
> index 888676163e90..75de55f907b0 100644
> --- a/net/ipv6/sysctl_net_ipv6.c
> +++ b/net/ipv6/sysctl_net_ipv6.c
> @@ -313,9 +313,9 @@ static int __net_init ipv6_sysctl_net_init(struct net *net)
>  
>  static void __net_exit ipv6_sysctl_net_exit(struct net *net)
>  {
> -	struct ctl_table *ipv6_table;
> -	struct ctl_table *ipv6_route_table;
> -	struct ctl_table *ipv6_icmp_table;
> +	const struct ctl_table *ipv6_table;
> +	const struct ctl_table *ipv6_route_table;
> +	const struct ctl_table *ipv6_icmp_table;
>  
>  	ipv6_table = net->ipv6.sysctl.hdr->ctl_table_arg;
>  	ipv6_route_table = net->ipv6.sysctl.route_hdr->ctl_table_arg;
> diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
> index 42fb6996b077..4891012b692f 100644
> --- a/net/ipv6/xfrm6_policy.c
> +++ b/net/ipv6/xfrm6_policy.c
> @@ -218,7 +218,7 @@ static int __net_init xfrm6_net_sysctl_init(struct net *net)
>  
>  static void __net_exit xfrm6_net_sysctl_exit(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	if (!net->ipv6.sysctl.xfrm6_hdr)
>  		return;
> diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
> index 6dab883a08dd..973881b8faa3 100644
> --- a/net/mpls/af_mpls.c
> +++ b/net/mpls/af_mpls.c
> @@ -1438,7 +1438,7 @@ static void mpls_dev_sysctl_unregister(struct net_device *dev,
>  				       struct mpls_dev *mdev)
>  {
>  	struct net *net = dev_net(dev);
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	if (!mdev->sysctl)
>  		return;
> @@ -2706,7 +2706,7 @@ static void mpls_net_exit(struct net *net)
>  {
>  	struct mpls_route __rcu **platform_label;
>  	size_t platform_labels;
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  	unsigned int index;
>  
>  	table = net->mpls.ctl->ctl_table_arg;
> diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c
> index 13fe0748dde8..8d661156ab8c 100644
> --- a/net/mptcp/ctrl.c
> +++ b/net/mptcp/ctrl.c
> @@ -198,7 +198,7 @@ static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet)
>  
>  static void mptcp_pernet_del_table(struct mptcp_pernet *pernet)
>  {
> -	struct ctl_table *table = pernet->ctl_table_hdr->ctl_table_arg;
> +	const struct ctl_table *table = pernet->ctl_table_hdr->ctl_table_arg;
>  
>  	unregister_net_sysctl_table(pernet->ctl_table_hdr);
>  
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 0ee98ce5b816..bb9dea676ec1 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -1122,7 +1122,7 @@ static int nf_conntrack_standalone_init_sysctl(struct net *net)
>  static void nf_conntrack_standalone_fini_sysctl(struct net *net)
>  {
>  	struct nf_conntrack_net *cnet = nf_ct_pernet(net);
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = cnet->sysctl_header->ctl_table_arg;
>  	unregister_net_sysctl_table(cnet->sysctl_header);
> diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
> index 370f8231385c..efedd2f13ac7 100644
> --- a/net/netfilter/nf_log.c
> +++ b/net/netfilter/nf_log.c
> @@ -514,7 +514,7 @@ static int netfilter_log_sysctl_init(struct net *net)
>  
>  static void netfilter_log_sysctl_exit(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->nf.nf_log_dir_header->ctl_table_arg;
>  	unregister_net_sysctl_table(net->nf.nf_log_dir_header);
> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
> index f65d6f92afcb..25bdf17c7262 100644
> --- a/net/sctp/sysctl.c
> +++ b/net/sctp/sysctl.c
> @@ -624,7 +624,7 @@ int sctp_sysctl_net_register(struct net *net)
>  
>  void sctp_sysctl_net_unregister(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->sctp.sysctl_header->ctl_table_arg;
>  	unregister_net_sysctl_table(net->sctp.sysctl_header);
> diff --git a/net/smc/smc_sysctl.c b/net/smc/smc_sysctl.c
> index a5946d1b9d60..4e8baa2e7ea4 100644
> --- a/net/smc/smc_sysctl.c
> +++ b/net/smc/smc_sysctl.c
> @@ -133,7 +133,7 @@ int __net_init smc_sysctl_net_init(struct net *net)
>  
>  void __net_exit smc_sysctl_net_exit(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->smc.smc_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->smc.smc_hdr);
> diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
> index 3e84b31c355a..44996af61999 100644
> --- a/net/unix/sysctl_net_unix.c
> +++ b/net/unix/sysctl_net_unix.c
> @@ -52,7 +52,7 @@ int __net_init unix_sysctl_register(struct net *net)
>  
>  void unix_sysctl_unregister(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->unx.ctl->ctl_table_arg;
>  	unregister_net_sysctl_table(net->unx.ctl);
> diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
> index 7fdeafc838a7..e972930c292b 100644
> --- a/net/xfrm/xfrm_sysctl.c
> +++ b/net/xfrm/xfrm_sysctl.c
> @@ -76,7 +76,7 @@ int __net_init xfrm_sysctl_init(struct net *net)
>  
>  void __net_exit xfrm_sysctl_fini(struct net *net)
>  {
> -	struct ctl_table *table;
> +	const struct ctl_table *table;
>  
>  	table = net->xfrm.sysctl_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->xfrm.sysctl_hdr);
> 
> ---
> base-commit: 48a8b5270db856be233021e47a5f1dc02d47ed0d
> change-id: 20231226-sysctl-const-table-arg-2c828e0264dc
> 
> Best regards,
> -- 
> Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
> 

-- 
Kees Cook




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux