Received: by 2002:a05:7412:d008:b0:f9:6acb:47ec with SMTP id bd8csp168848rdb; Tue, 19 Dec 2023 12:40:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IEkVuanMrg8aKvNTCz3rX2T8v1pVXqXiC/D2AkD2RB4I/+3Bhv20gkr99I9ZZRK3OluJNBY X-Received: by 2002:a17:902:e88f:b0:1d0:8876:7078 with SMTP id w15-20020a170902e88f00b001d088767078mr12359661plg.44.1703018420761; Tue, 19 Dec 2023 12:40:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703018420; cv=none; d=google.com; s=arc-20160816; b=miAeMffacf+7LLXHPmNFSwqF1LZmoFZVHnHU2EThYKX84sbJRRbnhRw5cV9gbnJcOC DToIgo/eqjHmf3qoBkufWaHN+4FriijmmLKBxbAVSIaPG+0yfftn9CYs0OZ1DgJpXbNA 7MnQLk0kTXpY26BjcSuGRdit7j2Uf6S+wgr+6/7Sgf4ZUTrTXyluKpJAauvqLbEGL61x uHsfuJ/w5qeNH58pzJA+PcOTaY0vuUDCsBwxRuofi5kOfizbOemQ0YSYktxSBRxro/hB HOFQP4kzuhLg9SNq7wkC+L/0CqF2YUIpXZCWln1LVUh5D89rFySZa0OUepjiwybDn668 zAag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:references:message-id:in-reply-to:subject:cc:to:from :date:dkim-signature; bh=K/lXgN5BftqIB2NPWo5ghozyvDmpveobly1bEzRYtfo=; fh=ZvEDqOrJI51RBFC0vNbUYOHdd/eOwICZsRYsCPcZ9Ys=; b=c/TuN+361J/KWS58g5wvWS3rcNEQHXOMlS7uowyYX0a+e7d1PdQp2f17C0BFNg+kxb pa345OhZHXAJWc0BCOx/17qmlVtgcZkj17DJkqKuo3RyzjJ4CdVdjPc3u9nBJZF2w+v4 9fFMAmvExSSjQJcBNEfzRmfqv+h+eJpjareVS0Zt+ALFwXLS3Xx0QXan1l+aO1LriCNt sI4JrhxUEVlPXJJ5z5LgaOOeHD64H9JwkMXZnwCT9HeujWtjmOioDEoPKJciU8dr8vZf ACJosdA1FdVlnEHMW9otJbdg2pJOK6CTIG8OrSegSKl1cr2M9U3QObpYrE2s0ww5wjGc Y6Mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@inria.fr header.s=dc header.b=ByeeiWdZ; spf=pass (google.com: domain of linux-kernel+bounces-5931-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5931-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=inria.fr Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id j5-20020a170903024500b001d344ae7ac3si13086097plh.533.2023.12.19.12.40.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 12:40:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-5931-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@inria.fr header.s=dc header.b=ByeeiWdZ; spf=pass (google.com: domain of linux-kernel+bounces-5931-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5931-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=inria.fr Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 62B7528853C for ; Tue, 19 Dec 2023 20:40:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E6C3539AF4; Tue, 19 Dec 2023 20:40:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=inria.fr header.i=@inria.fr header.b="ByeeiWdZ" X-Original-To: linux-kernel@vger.kernel.org Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 350AD39AD0; Tue, 19 Dec 2023 20:40:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=inria.fr Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=inria.fr DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=K/lXgN5BftqIB2NPWo5ghozyvDmpveobly1bEzRYtfo=; b=ByeeiWdZVs/N8IODVg/UcgtGwAvK+qr1ZWWrOxCRnxdAn7U5qwBy4qI3 Odb/P86f2dnAjZ9YAR969oYQ2ZodM5xs0YsUs40EOkobCvwIDdgJ55KHz LVK6xdjh+8HTNSgLpaRHb8ZqsakIck30oAmF8x81VpnbBqjgLKICGOl8F g=; Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=julia.lawall@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.04,289,1695679200"; d="scan'208";a="74895525" Received: from 231.85.89.92.rev.sfr.net (HELO hadrien) ([92.89.85.231]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Dec 2023 21:39:57 +0100 Date: Tue, 19 Dec 2023 21:39:56 +0100 (CET) From: Julia Lawall X-X-Sender: jll@hadrien To: =?ISO-8859-15?Q?Thomas_Wei=DFschuh?= cc: Luis Chamberlain , Joel Granados , Dan Carpenter , Kees Cook , "Gustavo A. R. Silva" , Iurii Zaikin , Greg Kroah-Hartman , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2 00/18] sysctl: constify sysctl ctl_tables In-Reply-To: Message-ID: References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net> <20231207104357.kndqvzkhxqkwkkjo@localhost> <20231208095926.aavsjrtqbb5rygmb@localhost> <8509a36b-ac23-4fcd-b797-f8915662d5e1@t-8ch.de> <20231212090930.y4omk62wenxgo5by@localhost> <20231217120201.z4gr3ksjd4ai2nlk@localhost> <908dc370-7cf6-4b2b-b7c9-066779bc48eb@t-8ch.de> User-Agent: Alpine 2.22 (DEB 394 2020-01-19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323329-627943610-1703018397=:3196" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-627943610-1703018397=:3196 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT On Tue, 19 Dec 2023, Thomas Weißschuh wrote: > Hi Luis and Julia, > > (Julia, there is a question and context for you inline, marked with your name) > > On 2023-12-18 13:21:49-0800, Luis Chamberlain wrote: > > So we can split this up concentually in two: > > > > * constificaiton of the table handlers > > * constification of the table struct itself > > > > On Sun, Dec 17, 2023 at 11:10:15PM +0100, Thomas Weißschuh wrote: > > > The handlers can already be made const as shown in this series, > > > > The series did already produce issues with some builds, and so > > Julia's point is confirmed that the series only proves hanlders > > which you did build and for which 0-day has coverage for. > > > > The challenge here was to see if we could draw up a test case > > that would prove this without build tests, and what occurred to > > me was coccinelle or smatch. > > I used the following coccinelle script to find more handlers that I > missed before: > > virtual patch > virtual context > virtual report > > @@ > identifier func; > identifier ctl; > identifier write; > identifier buffer; > identifier lenp; > identifier ppos; > type loff_t; > @@ > > int func( > - struct ctl_table *ctl, > + const struct ctl_table *ctl, > int write, void *buffer, size_t *lenp, loff_t *ppos) { ... } > > It did not find any additional occurrences while it was able to match > the existing changes. > > After that I manually reviewed all handlers that they are not modifying > their table argument, which they don't. > > Should we do more? > > > For Julia: > > Maybe you could advise on how to use coccinelle to find where a const > function argument or one of its members are modified directly or passed > to some other function as non-const arguments. > See the coccinelle patch above. > > Is this possible? I will propose something. > > > > > If that is indeed what you are proposing, you might not even need the > > > > un-register step as all the mutability that I have seen occurs before > > > > the register. So maybe instead of re-registering it, you can so a copy > > > > (of the changed ctl_table) to a const pointer and then pass that along > > > > to the register function. > > > > > > Tables that are modified, but *not* through the handler, would crop > > > during the constification of the table structs. > > > Which should be a second step. > > > > Instead of "croping up" at build time again, I wonder if we can do > > better with coccinelle / smatch. > > As for smatch: > > Doesn't smatch itself run as part of a normal build [0]? > So it would have the same visibility issues as the compiler itself. I also believe that this is the case. julia > > Joel, and yes, what you described is what I was suggesting, that is to > > avoid having to add a non-const handler a first step, instead we modify > > those callers which do require to modify the table by first a > > deregistration and later a registration. In fact to make this even > > easier a new call would be nice so to aslo be able to git grep when > > this is done in the kernel. > > > > But if what you suggest is true that there are no registrations which > > later modify the table, we don't need that. It is the uncertainty that > > we might have that this is a true statment that I wanted to challenge > > to see if we could do better. Can we avoid this being a stupid > > regression later by doing code analysis with coccinelle / smatch? > > > > The template of the above endeavor seems useful not only to this use > > case but to any place in the kernel where this previously has been done > > before, and hence my suggestion that this seems like a sensible thing > > to think over to see if we could generalize. > > I'd like to split the series and submit the part up until and including > the constification of arguments first and on its own. > It keeps the subsystem maintainers out of the discussion of the core > sysctl changes. > > I'll submit the core sysctl changes after I figure out proper responses > to all review comments and we can do this in parallel to the tree-wide > preparation. > > What do you think Luis and Joel? > > [0] https://repo.or.cz/smatch.git/blob/HEAD:/smatch_scripts/test_kernel.sh > --8323329-627943610-1703018397=:3196--