2020-05-18 16:00:18

by Stephen Kitt

[permalink] [raw]
Subject: [PATCH] sysctl: const-ify ngroups_max

ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
it const, in the same way as cap_last_cap.

Signed-off-by: Stephen Kitt <[email protected]>
---
This is split out from 2f4c33063ad7 ("docs: sysctl/kernel: document
ngroups_max") which conflicted with f461d2dcd511 ("sysctl: avoid forward
declarations").

kernel/sysctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 349cab382081..cc1fcba9d4d2 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -133,7 +133,7 @@ static unsigned long dirty_bytes_min = 2 * PAGE_SIZE;
static int maxolduid = 65535;
static int minolduid;

-static int ngroups_max = NGROUPS_MAX;
+static const int ngroups_max = NGROUPS_MAX;
static const int cap_last_cap = CAP_LAST_CAP;

/*
@@ -2232,7 +2232,7 @@ static struct ctl_table kern_table[] = {
#endif
{
.procname = "ngroups_max",
- .data = &ngroups_max,
+ .data = (void *)&ngroups_max,
.maxlen = sizeof (int),
.mode = 0444,
.proc_handler = proc_dointvec,

base-commit: bdecf38f228bcca73b31ada98b5b7ba1215eb9c9
--
2.20.1


2020-05-18 16:13:38

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] sysctl: const-ify ngroups_max

On Mon, May 18, 2020 at 05:57:27PM +0200, Stephen Kitt wrote:
> ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
> it const, in the same way as cap_last_cap.
>
> Signed-off-by: Stephen Kitt <[email protected]>

Reviewed-by: Kees Cook <[email protected]>

--
Kees Cook

2020-05-18 17:29:23

by Luis Chamberlain

[permalink] [raw]
Subject: Re: [PATCH] sysctl: const-ify ngroups_max

On Mon, May 18, 2020 at 09:08:22AM -0700, Kees Cook wrote:
> On Mon, May 18, 2020 at 05:57:27PM +0200, Stephen Kitt wrote:
> > ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
> > it const, in the same way as cap_last_cap.
> >
> > Signed-off-by: Stephen Kitt <[email protected]>
>
> Reviewed-by: Kees Cook <[email protected]>

Kees, since there is quite a bit of sysctl cleanup stuff going on and I
have a fs sysctl kitchen cleanup, are you alright if I carry this in a
tree and send this to Andrew once done? This would hopefully avoid
merge conflicts between these patches.

I have to still re-spin my fs sysctl stuff, but will wait to do that
once Xiaoming bases his series on linux-next.

Luis

2020-05-18 19:54:24

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] sysctl: const-ify ngroups_max

On Mon, May 18, 2020 at 05:25:09PM +0000, Luis Chamberlain wrote:
> On Mon, May 18, 2020 at 09:08:22AM -0700, Kees Cook wrote:
> > On Mon, May 18, 2020 at 05:57:27PM +0200, Stephen Kitt wrote:
> > > ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
> > > it const, in the same way as cap_last_cap.
> > >
> > > Signed-off-by: Stephen Kitt <[email protected]>
> >
> > Reviewed-by: Kees Cook <[email protected]>
>
> Kees, since there is quite a bit of sysctl cleanup stuff going on and I
> have a fs sysctl kitchen cleanup, are you alright if I carry this in a
> tree and send this to Andrew once done? This would hopefully avoid
> merge conflicts between these patches.
>
> I have to still re-spin my fs sysctl stuff, but will wait to do that
> once Xiaoming bases his series on linux-next.

Yeah, totally. I don't technically have a sysctl tree (I've always just
had akpm take stuff), so go for it. I'm just doing reviews. :)

--
Kees Cook

2020-05-18 20:02:00

by Luis Chamberlain

[permalink] [raw]
Subject: Re: [PATCH] sysctl: const-ify ngroups_max

On Mon, May 18, 2020 at 11:17:47AM -0700, Kees Cook wrote:
> On Mon, May 18, 2020 at 05:25:09PM +0000, Luis Chamberlain wrote:
> > On Mon, May 18, 2020 at 09:08:22AM -0700, Kees Cook wrote:
> > > On Mon, May 18, 2020 at 05:57:27PM +0200, Stephen Kitt wrote:
> > > > ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
> > > > it const, in the same way as cap_last_cap.
> > > >
> > > > Signed-off-by: Stephen Kitt <[email protected]>
> > >
> > > Reviewed-by: Kees Cook <[email protected]>
> >
> > Kees, since there is quite a bit of sysctl cleanup stuff going on and I
> > have a fs sysctl kitchen cleanup, are you alright if I carry this in a
> > tree and send this to Andrew once done? This would hopefully avoid
> > merge conflicts between these patches.
> >
> > I have to still re-spin my fs sysctl stuff, but will wait to do that
> > once Xiaoming bases his series on linux-next.
>
> Yeah, totally. I don't technically have a sysctl tree (I've always just
> had akpm take stuff), so go for it. I'm just doing reviews. :)

Oh, I don't want a tree either, it was just that I can imagine these
series can easily create conflcits, so I wanted to avoid that before
passing them on to Andrew.

Luis

2020-05-18 21:16:25

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] sysctl: const-ify ngroups_max

On Mon, May 18, 2020 at 06:30:55PM +0000, Luis Chamberlain wrote:
> On Mon, May 18, 2020 at 11:17:47AM -0700, Kees Cook wrote:
> > On Mon, May 18, 2020 at 05:25:09PM +0000, Luis Chamberlain wrote:
> > > On Mon, May 18, 2020 at 09:08:22AM -0700, Kees Cook wrote:
> > > > On Mon, May 18, 2020 at 05:57:27PM +0200, Stephen Kitt wrote:
> > > > > ngroups_max is a read-only sysctl entry, reflecting NGROUPS_MAX. Make
> > > > > it const, in the same way as cap_last_cap.
> > > > >
> > > > > Signed-off-by: Stephen Kitt <[email protected]>
> > > >
> > > > Reviewed-by: Kees Cook <[email protected]>
> > >
> > > Kees, since there is quite a bit of sysctl cleanup stuff going on and I
> > > have a fs sysctl kitchen cleanup, are you alright if I carry this in a
> > > tree and send this to Andrew once done? This would hopefully avoid
> > > merge conflicts between these patches.
> > >
> > > I have to still re-spin my fs sysctl stuff, but will wait to do that
> > > once Xiaoming bases his series on linux-next.
> >
> > Yeah, totally. I don't technically have a sysctl tree (I've always just
> > had akpm take stuff), so go for it. I'm just doing reviews. :)
>
> Oh, I don't want a tree either, it was just that I can imagine these
> series can easily create conflcits, so I wanted to avoid that before
> passing them on to Andrew.

Yup, that's cool. I happily defer to you on these cleanups! :)

--
Kees Cook