Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp639576ybg; Wed, 10 Jun 2020 09:45:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwOwyoqBAtlt2Xq5XuyAY+AHBg/uLRWhoBP3pLDFF88W8y7O/30vW/tshxJAMLQ7uX6VJgj X-Received: by 2002:a17:906:7d91:: with SMTP id v17mr4288530ejo.463.1591807543315; Wed, 10 Jun 2020 09:45:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591807543; cv=none; d=google.com; s=arc-20160816; b=IXYxIKdbVBil+pnqFBzNSvroaYBTPtiM5TT5XdpzopiZeywdqsWLNhRcmFsRNoEe7X zrEIC02Gb4oXuPBSbXc4ybUawM2Kw5rm/7/Txj9ln80qd04nOyHSqTNz+k18EKkmu9OW xWhFxABv+X9bNbminTYuPUoEboPJNLUhgSaqSxN23LIIeKm8WdntNoSXa3NapXi3UdiP wWvzJaNOyACTavY0QJlon/jvV8cKBKcCl5T2Hu/OZUi7DNyb3kdGMpHprL9V9IhV/TUm wYeIS9+KLeZAhBQhOnf1NaxSmO2ik118ExuFRhKgE6s9sRJjpfJneaAZ1zhWfwfiYzCl At5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=nSrxQmx8OQXcvrgfYZ3Ii8n691C/NKWfhW+AS/SHoA4=; b=MemdputRaSPN6bZkhJisa3gJV6oP011EgduH0d77jFU/+dCfrUEe3+XtuzSYMocJFJ cgWuah2Tti/5gA/YcNB626B4xRVjIJc6PE7x8Aq7Q1x9fPnPm/91toeQMTVwkBEtW91C nPocpjZHLWLxMHgZz71KUbn16vdwfx1HOpfSZ/n2mC2sf5h9D1+IClTcjQIxG2VvdBV6 yhcUeiOxgY5F2MUjoVTiNuFArCfqVxieXg5J+nR0BYLkQhAWXp6y8Il3no/3sOB78hz/ /LYn8tJJzcpg5M7cjRst3KlEHWHt1xv2mQI914w8DgE1UDmHMuaLmepVpsUu1tGAqMzN V3XA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i7si352862ejo.684.2020.06.10.09.45.20; Wed, 10 Jun 2020 09:45:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729782AbgFJOSB (ORCPT + 99 others); Wed, 10 Jun 2020 10:18:01 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:36342 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727913AbgFJOSB (ORCPT ); Wed, 10 Jun 2020 10:18:01 -0400 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 7821D2A478008854BE00; Wed, 10 Jun 2020 22:17:55 +0800 (CST) Received: from [127.0.0.1] (10.67.102.197) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.487.0; Wed, 10 Jun 2020 22:17:49 +0800 Subject: Re: [PATCH] sysctl: Delete the code of sys_sysctl To: Kees Cook CC: , , , , References: <1591683605-8585-1-git-send-email-nixiaoming@huawei.com> <202006090839.6EDB4BA@keescook> From: Xiaoming Ni Message-ID: <21a9d711-af31-f7bd-1143-af2ca5b77ba9@huawei.com> Date: Wed, 10 Jun 2020 22:17:49 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <202006090839.6EDB4BA@keescook> Content-Type: text/plain; charset="gbk"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.102.197] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/6/9 23:40, Kees Cook wrote: > On Tue, Jun 09, 2020 at 02:20:05PM +0800, Xiaoming Ni wrote: >> Since the commit 61a47c1ad3a4dc ("sysctl: Remove the sysctl system call"), >> sys_sysctl has lost its actual role: any input can only return an error. >> >> Delete the code and return -ENOSYS directly at the function entry >> >> Signed-off-by: Xiaoming Ni > > Looks right to me. > > Reviewed-by: Kees Cook > > Should this be taken a step further and just remove the syscall entirely > and update the per-arch tables with the ENOSYS hole? > > -Kees > Searching for git log, I found a commit record that deleted syscall: commit f5b94099739722 ("All Arch: remove linkage for sys_nfsservctl system call"). Could I use sys_ni_syscall to implement the hole as in the example here? E.g: diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index 7b3832d..f36fda6 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -162,7 +162,7 @@ 146 common writev sys_writev 147 common getsid sys_getsid 148 common fdatasync sys_fdatasync -149 common _sysctl sys_sysctl +149 common _sysctl sys_ni_syscall 150 common mlock sys_mlock 151 common munlock sys_munlock 152 common mlockall sys_mlockall diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index f8dafe9..ca41bb7 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -308,8 +308,8 @@ __SYSCALL(__NR_getsid, sys_getsid) #define __NR_fdatasync 148 __SYSCALL(__NR_fdatasync, sys_fdatasync) -#define __NR__sysctl 149 -__SYSCALL(__NR__sysctl, compat_sys_sysctl) + /* 149 was sys_sysctl */ +__SYSCALL(149, sys_ni_syscall) #define __NR_mlock 150 __SYSCALL(__NR_mlock, sys_mlock) #define __NR_munlock 151 In this case, I need to modify a lot of code in v2. Can I add "Reviewed-by: Kees Cook " to the v2 patch? Thanks Xiaoming Ni