Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp3359lqh; Fri, 3 May 2024 11:25:44 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW/VGxvQnIx7I2974LxQuXzOprsOZmGe3eLfdNgKG+k59l8aPgWz6YiWs17yckto/zDsRU9l6T7qaLDrx09UP9PmZn3Yx7foVnhTiCuNQ== X-Google-Smtp-Source: AGHT+IF9LqFB4Nxz2WermkSWCMrsg3YsNZ41dhrHp6Ls6+QJ2XYUdMTjcI/oNYuCnm/3uATkhsb+ X-Received: by 2002:a05:620a:4155:b0:790:ea02:b1 with SMTP id k21-20020a05620a415500b00790ea0200b1mr4165067qko.6.1714760744612; Fri, 03 May 2024 11:25:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714760744; cv=pass; d=google.com; s=arc-20160816; b=U6CdAzRZMC63O84q1mHMR9xo2keh/7HXm3AYnl1NIdrdeTZSi+EYu1QDxv3i6P/LDR mZXV0lNxeb04dXZnAUzPYXMzo5QLypKY6DgGfv64jsO4T2AzaPTi8nKlI4zxe0YQcD60 OwHDhM0rqLTxeUx+t2dO14GtuAIsh4EId3e3ozI78SP6dpLYBe3W1JGEAE0wSbL2/wKv cXJOmYj/DvMNyPtRcYKSFHtgWtfyKQCCwLiRfu+Zl0qzx33V/SL8MdpGUEDQhJDpzbYb JjJR1Yen5kecbbMQGRga3XVjQrnhveJ5AOIBlA5EmKc5AT33lPaVs3LQ9WFX1aZu9PTH iaqQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:subject:references:in-reply-to :message-id:cc:to:from:date:dkim-signature; bh=nHVU+u9gtwqSD7LqYNk6t0SbgUJNB+nI7WkfNcanCyA=; fh=Dx166sw7JNyT/CEuK+2JkVNL9vlCA+q930WYSz5saPU=; b=UjmG6cXDG007UMlv2KboLl5R4ZFU5o5CsiGwGI/8I7bZ9GX6OaJqXS+RkF5glKiGXm 7eILqN+1dW1BzdEUHoqqgdreo3a+KCbcFvFq/Fmw0PREDigaN31+K34kriRbJbJz6LVi 6IR3qIyeAz5hdRAOGs8K+0KyBfou+EdXvh8mFuw6ZsTiBTpP85OEwP78ZFST85m9aNrf VY+JhBSpilgRVWkezvokjeGz+YZBioCQmc9XVVtqZoOHexuOEJ2hDIlgA33JlNgET17N pRBYEsZ3mmVwLsUZx95EFaIZFpJtSmBsIgf0cF1KVG9AwbSWbeqaTvTTT7uBXN1hBgcq /P3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=iK2UPsdU; arc=pass (i=1 spf=pass spfdomain=weissschuh.net dkim=pass dkdomain=weissschuh.net); spf=pass (google.com: domain of linux-kernel+bounces-168047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168047-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bs12-20020a05620a470c00b00790946148dasi4076104qkb.475.2024.05.03.11.25.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 May 2024 11:25:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-168047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=iK2UPsdU; arc=pass (i=1 spf=pass spfdomain=weissschuh.net dkim=pass dkdomain=weissschuh.net); spf=pass (google.com: domain of linux-kernel+bounces-168047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168047-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9A2EA1C225E8 for ; Fri, 3 May 2024 18:25:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3BA37158878; Fri, 3 May 2024 18:24:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=weissschuh.net header.i=@weissschuh.net header.b="iK2UPsdU" Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 997A91586D2; Fri, 3 May 2024 18:24:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=159.69.126.157 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714760683; cv=none; b=gqKeEKi+VlO96ydKAZ8CyAYY08CT/qG6bGIN9oV6A9OUuASkvxEWjWXfhWO3thmD6ymxi7Y5o9/9ZwX7q1580ncV01X7hkrCxs2Q4vKsBJ6NI8ITn4XHm/6s0mXD4CdQ8pBhj0RUfAgpaeCMxp6psNHx9E2Q98gQogBj0sudLNA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714760683; c=relaxed/simple; bh=nHVU+u9gtwqSD7LqYNk6t0SbgUJNB+nI7WkfNcanCyA=; h=Date:From:To:Cc:Message-ID:In-Reply-To:References:Subject: MIME-Version:Content-Type; b=Ju8HGjWUhJYJOugNTGd7vLprFts0ly3e49Yl3eEz7LVSEfdQkWzaalQ72LS6o6zC0qk+pk8wdXwY6qmvxE7tmiVdq/wN/OOWJNFBfHSa+0NVRCZL4S/gD3DUyQdzQBv/1X56QClnTTUnuIoGwbk3b4/990krrLWr15hRkTY6cgg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=weissschuh.net; spf=pass smtp.mailfrom=weissschuh.net; dkim=pass (1024-bit key) header.d=weissschuh.net header.i=@weissschuh.net header.b=iK2UPsdU; arc=none smtp.client-ip=159.69.126.157 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=weissschuh.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=weissschuh.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1714760672; bh=nHVU+u9gtwqSD7LqYNk6t0SbgUJNB+nI7WkfNcanCyA=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=iK2UPsdUeDGgzYC4aPzbt3fpyn39PM/C+qWPGYU+6SkJksSUvzq8USxZ/VRBzGQJF rG/hzFUiInQOW7DXDPAJyyJ/fHeLzyPugOLmFhxWPvLiLkykEV2kM+PJvZmlnR4r1j xwOrmZOoFQ0JfgOiMHK//Qr/P5C5LPyeAvnOPiBk= Date: Fri, 3 May 2024 20:24:24 +0200 (GMT+02:00) From: linux@weissschuh.net To: Kees Cook Cc: =?UTF-8?Q?Thomas_Wei=C3=9Fschuh?= , Alexander Popov , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Luis Chamberlain , Joel Granados Message-ID: <266bd6e1-d444-43f5-a98f-c7069819029b@weissschuh.net> In-Reply-To: <202405031054.9FFA75B@keescook> References: <20240503-sysctl-const-stackleak-v1-1-603fecb19170@weissschuh.net> <202405031054.9FFA75B@keescook> Subject: Re: [PATCH] stackleak: don't modify ctl_table argument Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Correlation-ID: <266bd6e1-d444-43f5-a98f-c7069819029b@weissschuh.net> May 3, 2024 19:55:37 Kees Cook : > On Fri, May 03, 2024 at 03:44:09PM +0200, Thomas Wei=C3=9Fschuh wrote: >> Sysctl handlers are not supposed to modify the ctl_table passed to them. >> Adapt the logic to work with a temporary >> variable, similar to how it is done in other parts of the kernel. >> >> This is also a prerequisite to enforce the immutability of the argument >> through the callbacks prototy. >> >> Fixes: 964c9dff0091 ("stackleak: Allow runtime disabling of kernel stack= erasing") >> Cc: stable@vger.kernel.org > > I realize I've already Acked, but does this actually need to be CCed > to stable? You acked it without the Cc stable. I shouldn't have kept your Ack, sorry. Feel free to drop the Cc, it shouldn't be critical. I suspect the bots will pick it up anyways. >> Acked-by: Kees Cook >> Reviewed-by: Luis Chamberlain >> Signed-off-by: Thomas Wei=C3=9Fschuh >> --- >> This was split out of my sysctl-const-handler series [0]. >> >> As that series will take some more time, submit the patch on its own, >> as it is a generic bugfix that is valuable on its own. >> And I can get it out of my books. >> >> Changelog in contrast to the patch in the series: >> * Reword commit message to remove strong relation to the constification >> * Cc stable >> >> [0] https://lore.kernel.org/lkml/20240423-sysctl-const-handler-v3-0-e0be= ccb836e2@weissschuh.net/ >> >> Cc: Joel Granados >> --- >> kernel/stackleak.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/kernel/stackleak.c b/kernel/stackleak.c >> index 34c9d81eea94..b292e5ca0b7d 100644 >> --- a/kernel/stackleak.c >> +++ b/kernel/stackleak.c >> @@ -27,10 +27,11 @@ static int stack_erasing_sysctl(struct ctl_table *ta= ble, int write, >> =C2=A0=C2=A0=C2=A0 int ret =3D 0; >> =C2=A0=C2=A0=C2=A0 int state =3D !static_branch_unlikely(&stack_erasing_= bypass); >> =C2=A0=C2=A0=C2=A0 int prev_state =3D state; >> +=C2=A0=C2=A0 struct ctl_table tmp =3D *table; >> >> -=C2=A0=C2=A0 table->data =3D &state; >> -=C2=A0=C2=A0 table->maxlen =3D sizeof(int); >> -=C2=A0=C2=A0 ret =3D proc_dointvec_minmax(table, write, buffer, lenp, p= pos); >> +=C2=A0=C2=A0 tmp.data =3D &state; >> +=C2=A0=C2=A0 tmp.maxlen =3D sizeof(int); >> +=C2=A0=C2=A0 ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, pp= os); >> =C2=A0=C2=A0=C2=A0 state =3D !!state; >> =C2=A0=C2=A0=C2=A0 if (ret || !write || state =3D=3D prev_state) >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return ret; > > I can pick this up; thanks! Thanks!