Received: by 2002:a05:7412:361b:b0:f9:2edb:3e4d with SMTP id ie27csp52966rdb; Sun, 17 Dec 2023 14:10:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IEkmFllG/GTcFLoIEcSznXsWQGOZ4Ms1GAm1m9p8G6ZeAMXDtey/E4iEQU++CbyGkYlmw1Z X-Received: by 2002:a05:6214:110c:b0:67e:d88f:4641 with SMTP id e12-20020a056214110c00b0067ed88f4641mr12797212qvs.125.1702851030126; Sun, 17 Dec 2023 14:10:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702851030; cv=none; d=google.com; s=arc-20160816; b=EEz7Gib+F8PIGoh4MLcH/l+S12qr+WvBoHPyADOPJJ0h0aFWWtdJZnWsilETZzd1hG J/KC4u+Q3GQpSlPsP9uizUCvjdLjh9HwLlQd/lH8Cy/tgghpINONUAr+BatTRLwoHdvM 4HDpgjbkbCgoiytPd9GjQufA54xtlT5jlMFYog6v3Wv/ol59YaV4vJRMTNY3IEQ8HD2A MV1ZYq/2UcRoNCZPRYe2mNgx1Kt2uy1YwhuDDQabuVCmKmGEwbWh0GAiHcskLKy7xiQ6 txjcHSPCvivTsPhC8M44j3j5E05AH/F85M71plx0inBtu60iM31LEBQP9RRYpgZZ6522 CsqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=VfHZE3FHH8xU9lhCrXN8w92AlYLn2CUxLgauzjpTW1A=; fh=lsKkBdmMA2e40NQz5WrJK6MTmHF7OsMVH4I5Y/650kw=; b=cvgC/8+DPtxbE3DxcapgMBsBR3VczLmoJaEhncCEd2u5x1wL/EUus5tRcYMohqJVE3 Ub0XnyvzAZduFrC10ZckrQ3TUdAmtjnL/NPj9QmdC90nqyF+/imE7Eup+XJ6mnTdhN4z yZTpB+bmdzOfs77fJEa0+CCZn8WFq5L8ajkbAwgrSGwGVmIS+7UJHwCsSCRCWknx9wvL zvpjOY0Wya0V6uRb5aHndXb8Wp7epvAHd77+AWzvtM6J8sa5i0qoKg16E+Rq4e8R0Mn4 dVXFdaRiUGYA7IAHlQZrGkaqa+Jt2CDKLD44bZzh9/zUwwsrGghMGMcSDvDaghdIoJGy JvTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=DdxFoikZ; spf=pass (google.com: domain of linux-kernel+bounces-2844-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2844-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id b7-20020a0cb3c7000000b0067f3dbabee4si1397209qvf.183.2023.12.17.14.10.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Dec 2023 14:10:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-2844-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=DdxFoikZ; spf=pass (google.com: domain of linux-kernel+bounces-2844-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2844-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DE31E1C211BD for ; Sun, 17 Dec 2023 22:10:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E4E8D49F97; Sun, 17 Dec 2023 22:10:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=weissschuh.net header.i=@weissschuh.net header.b="DdxFoikZ" X-Original-To: linux-kernel@vger.kernel.org Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BED54A9A2; Sun, 17 Dec 2023 22:10:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=weissschuh.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=weissschuh.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1702851016; bh=jV/gJmx2dRn8bG3USFFs1YL9j9hEU8IS+OZeoAALh/o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DdxFoikZMeNyWuoAcpms0q4zk04TBG1+e7/RgRUcBAW3qWQyxlpxF8KdpM/9LPfl9 BBHrENFjN2DUvXLi2LoDd4+Kz2e/FTz1/pMX69PXVc2aCnw0eZ33SCunVdMjK7/TE8 WGGHUvAHXg7I7Y4b9/DQW9E3syClaE5qe8IGSFfE= Date: Sun, 17 Dec 2023 23:10:15 +0100 From: Thomas =?utf-8?Q?Wei=C3=9Fschuh?= To: Joel Granados Cc: Luis Chamberlain , Dan Carpenter , Julia Lawall , Kees Cook , "Gustavo A. R. Silva" , Iurii Zaikin , Greg Kroah-Hartman , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2 00/18] sysctl: constify sysctl ctl_tables Message-ID: <908dc370-7cf6-4b2b-b7c9-066779bc48eb@t-8ch.de> References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net> <20231207104357.kndqvzkhxqkwkkjo@localhost> <20231208095926.aavsjrtqbb5rygmb@localhost> <8509a36b-ac23-4fcd-b797-f8915662d5e1@t-8ch.de> <20231212090930.y4omk62wenxgo5by@localhost> <20231217120201.z4gr3ksjd4ai2nlk@localhost> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231217120201.z4gr3ksjd4ai2nlk@localhost> On 2023-12-17 13:02:01+0100, Joel Granados wrote: > Catching up with mail.... > > On Tue, Dec 12, 2023 at 11:51:30PM -0800, Luis Chamberlain wrote: > > On Tue, Dec 12, 2023 at 10:09:30AM +0100, Joel Granados wrote: > > > My idea was to do something similar to your originl RFC, where you have > > > an temporary proc_handler something like proc_hdlr_const (we would need > > > to work on the name) and move each subsystem to the new handler while > > > the others stay with the non-const one. At the end, the old proc_handler > > > function name would disapear and would be completely replaced by the new > > > proc_hdlr_const. > > > > > > This is of course extra work and might not be worth it if you don't get > > > negative feedback related to tree-wide changes. Therefore I stick to my > > > previous suggestion. Send the big tree-wide patches and only explore > > > this option if someone screams. > > > > I think we can do better, can't we just increase confidence in that we > > don't *need* muttable ctl_cables with something like smatch or > > coccinelle so that we can just make them const? > > > > Seems like a noble endeavor for us to generalize. > > > > Then we just breeze through by first fixing those that *are* using > > mutable tables by having it just de-register and then re-register > So let me see if I understand your {de,re}-register idea: > When we have a situation (like in the networking code) where a ctl_table > is being used in an unmuttable way, we do your {de,re}-register trick. unmuttable? > The trick consists in unregistering an old ctl_table and reregistering > with a whole new const changed table. In this way, whatever we register > is always const. > > Once we address all the places where this happens, then we just change > the handler to const and we are done. > > Is that correct? I'm confused. The handlers can already be made const as shown in this series, which does convert the whole kernel tree. There is only one handler (the stackleak one) which modifies the table and this one is fixed as part of the series. (Plus the changes needed to the sysctl core to avoid mutation there) > If that is indeed what you are proposing, you might not even need the > un-register step as all the mutability that I have seen occurs before > the register. So maybe instead of re-registering it, you can so a copy > (of the changed ctl_table) to a const pointer and then pass that along > to the register function. Tables that are modified, but *not* through the handler, would crop during the constification of the table structs. Which should be a second step. But Luis' message was not completely clear to me. I guess I'm missing something. > Can't think of anything else off the top of my head. Would have to > actually see the code to evaluate further I think. > > > new tables if they need to be changed, and then a new series is sent > > once we fix all those muttable tables. Thomas