Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6533028imu;
        Sun, 2 Dec 2018 21:01:59 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UHUmf5EDKsPmvP89Yq8df1aP1sNGmJmNcd8Ah+aTNCaxFxClbknH+sVmL4tFiVYb7VjnwB
X-Received: by 2002:a62:1289:: with SMTP id 9mr14736776pfs.102.1543813319339;
        Sun, 02 Dec 2018 21:01:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543813319; cv=none;
        d=google.com; s=arc-20160816;
        b=nAyiYlV2uZRcGLBhM0oFqbsbKalPLpRBxQJjZ9KTiixmnjnfYYiFZ+WgYmAshEiNlf
         7dng1KLnNubqpYRVti21PxIdkSJ7UvjQ1Tmlu2Lqao+JlV6/Bb/5yJ/+ns5B7Oc5DUdI
         U6jukqnDSh/zOEdSSlWPImhORQyRkHf8Za7jBb/kq/KSwf3Wu8ejrejKNcZDp7hLyd43
         LCViv2KqRS9ottyPHZWwTluE7GXObnOkX0ivv7EeRIo2O0n4vCRGUo1kEzvhPwes5+yA
         u0Rydnji2COySMV1bZP/Plej+2cT/XAc/o3OKxyWkay6MaL1UPIUQbDtuNgDkh+abLGc
         ZTHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=IFUYMIbAKL+bM+28JWNZ55nQXacADNTDwi8PyURjzv0=;
        b=TXd5aqCCJqX5GBp1w8JzSfNCrRFHeK0cwnQqS2GxTJdIiyyBRpRvZdREFO1zrEh3xS
         9aBhAF1hEZKd8EfkjGBx2GZ3A0vzpGVzz+zV4BYxl1Xxw15F6Sf/UbEpJZ72hOB8+TNN
         /Tcw9K4vubLuFSO83glPbAuXkEreIGc5iUF65ZE9+NN8mvaK+KVHxUJSNTvN6pY9VnDs
         arXm38DOOYu0auED+5j8qNwAZsJsL/6qKyj7+S7JMWigMOdy7T/fA7E7IKj5PxEi+Hbp
         7s4Amn5fBz9L9eo+QDaVFlW5iLijGl3rFTY03fF9EPfV+SJJdLbFWNiBVXSU7VvcDiOT
         21xQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d13si12874807plr.403.2018.12.02.21.01.44;
        Sun, 02 Dec 2018 21:01:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725823AbeLCFBM (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 3 Dec 2018 00:01:12 -0500
Received: from mail.hallyn.com ([178.63.66.53]:54516 "EHLO mail.hallyn.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725807AbeLCFBM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Dec 2018 00:01:12 -0500
Received: by mail.hallyn.com (Postfix, from userid 1001)
        id 7120D64A; Sun,  2 Dec 2018 23:01:08 -0600 (CST)
Date:   Sun, 2 Dec 2018 23:01:08 -0600
From:   "Serge E. Hallyn" <serge@hallyn.com>
To:     Tycho Andersen <tycho@tycho.ws>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Paul Moore <paul@paul-moore.com>
Cc:     Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Oleg Nesterov <oleg@redhat.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Christian Brauner <christian@brauner.io>,
        Tyler Hicks <tyhicks@canonical.com>,
        Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
        Aleksa Sarai <asarai@suse.de>, Jann Horn <jannh@google.com>,
        linux-kernel@vger.kernel.org,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org
Subject: Re: [PATCH v9 2/4] seccomp: switch system call argument type to void
 *
Message-ID: <20181203050108.GB31406@mail.hallyn.com>
References: <20181203032827.27978-1-tycho@tycho.ws>
 <20181203032827.27978-3-tycho@tycho.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181203032827.27978-3-tycho@tycho.ws>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Dec 02, 2018 at 08:28:25PM -0700, Tycho Andersen wrote:
> The const qualifier causes problems for any code that wants to write to the
> third argument of the seccomp syscall, as we will do in a future patch in
> this series.
> 
> The third argument to the seccomp syscall is documented as void *, so
> rather than just dropping the const, let's switch everything to use void *
> as well.
> 
> I believe this is safe because of 1. the documentation above, 2. there's no
> real type information exported about syscalls anywhere besides the man
> pages.
> 
> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> CC: Kees Cook <keescook@chromium.org>
> CC: Andy Lutomirski <luto@amacapital.net>
> CC: Oleg Nesterov <oleg@redhat.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
> CC: "Serge E. Hallyn" <serge@hallyn.com>

Acked-by: Serge Hallyn <serge@hallyn.com>

Though I'm not entirely convinced there will be no ill effects of changing
the argument type.  I'll feel comfortable when Michael and Paul say it's
fine :)

> CC: Christian Brauner <christian@brauner.io>
> CC: Tyler Hicks <tyhicks@canonical.com>
> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
> ---
>  include/linux/seccomp.h | 2 +-
>  kernel/seccomp.c        | 8 ++++----
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
> index e5320f6c8654..b5103c019cf4 100644
> --- a/include/linux/seccomp.h
> +++ b/include/linux/seccomp.h
> @@ -43,7 +43,7 @@ extern void secure_computing_strict(int this_syscall);
>  #endif
>  
>  extern long prctl_get_seccomp(void);
> -extern long prctl_set_seccomp(unsigned long, char __user *);
> +extern long prctl_set_seccomp(unsigned long, void __user *);
>  
>  static inline int seccomp_mode(struct seccomp *s)
>  {
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 96afc32e041d..393e029f778a 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -924,7 +924,7 @@ static long seccomp_get_action_avail(const char __user *uaction)
>  
>  /* Common entry point for both prctl and syscall. */
>  static long do_seccomp(unsigned int op, unsigned int flags,
> -		       const char __user *uargs)
> +		       void __user *uargs)
>  {
>  	switch (op) {
>  	case SECCOMP_SET_MODE_STRICT:
> @@ -944,7 +944,7 @@ static long do_seccomp(unsigned int op, unsigned int flags,
>  }
>  
>  SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
> -			 const char __user *, uargs)
> +			 void __user *, uargs)
>  {
>  	return do_seccomp(op, flags, uargs);
>  }
> @@ -956,10 +956,10 @@ SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
>   *
>   * Returns 0 on success or -EINVAL on failure.
>   */
> -long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
> +long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)
>  {
>  	unsigned int op;
> -	char __user *uargs;
> +	void __user *uargs;
>  
>  	switch (seccomp_mode) {
>  	case SECCOMP_MODE_STRICT:
> -- 
> 2.19.1