Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp674552lqo; Wed, 8 May 2024 11:09:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU64L2Gb2xqkW7tl97vUpt5ufOYUc22Bfz4u0BdlzONb9e6pwKTTWAaQs3SqnYr31Vk9JH3yFJ7/Gz9GZJORjugB7K6ntBrbqtfINJ8Wg== X-Google-Smtp-Source: AGHT+IFaUBnWAGIc+8DR7FrZIPremq+0IaxdgShXqDtiDnHeP7v5yILzrBYiqzoPbJHNqLcW1Z6b X-Received: by 2002:a05:6a21:998:b0:1ae:4269:eada with SMTP id adf61e73a8af0-1afc8e075cemr3268635637.61.1715191750193; Wed, 08 May 2024 11:09:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715191750; cv=pass; d=google.com; s=arc-20160816; b=tar1Q6o1myeh2toKhcOOWSHMdG6ULuyfFrMyCOSbYONryoc7porgUytaB+i+9CVbMT JFgo2HTqQHpDCXhXP1/BZAp6Z2SGjm0YIUrqcM8d2jWflZObdKyZbMBmMUnRVzpwdsCO nqk+dZ7YGMiQRbmZ169osg1oubzQ7nhi0P+tf42l4YVzcnQlE3M4M4svbXR6IUJVRRtV cIltZDai42jpYhSsaxbErby4nJhlKdowcXo7BhYE8b1JHgW6ilZwrDxVVgtxN+UiW3xC SSFr4XBkp5tynr2j6lqmP+ddyLkDPilF7efUjyDoA0KJgeDpvoDlPEMHQWSYgXD5jKNh cw1Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=jfaftQwy+nAb223uWbo3bpe0MHVr5C/Axqjz5Ff0ee0=; fh=yJ8YHHwFNe44tlnK5r751uA2FH0+AjhgTyPc0+MFims=; b=FHK0IdyqIA6FOPbz4KF7+wg7ml1/D73SxitCpC1mL/QM2/+bOgeG2t7MVeLvRK0zW8 hWcINiptJONBBLZ+G49ZxpHwCB8QoYOBzJWFvr3NQ1JcVkKmMJcDWSkzTkeTCM2/UTkB ldKUYad5Ty5NiXjdOXYIZ/I7G/syOMqQFvDuWgzv0fk1+ROwocBcN8hAVTLIXN34jUOw ssy0UJy08pDIcUE5Mo5RlNDXs/39UasmQeBuLvhCmGAJ92LSURiBUr0kwNI551Ldq6tB Wb7grFQIHX/EglCUngwPQgMo/fLoFbp7c5xnHPoktH5JnBMxzbhY9NWSbeIQlzJt3WQN x0gg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=Rq+glfXL; arc=pass (i=1 spf=pass spfdomain=weissschuh.net dkim=pass dkdomain=weissschuh.net); spf=pass (google.com: domain of linux-kernel+bounces-173682-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173682-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id le17-20020a056a004fd100b006f4743cf2cbsi7686457pfb.304.2024.05.08.11.09.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 11:09:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-173682-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=Rq+glfXL; arc=pass (i=1 spf=pass spfdomain=weissschuh.net dkim=pass dkdomain=weissschuh.net); spf=pass (google.com: domain of linux-kernel+bounces-173682-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-173682-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 315C2B26274 for ; Wed, 8 May 2024 17:59:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7592B12BF23; Wed, 8 May 2024 17:58:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=weissschuh.net header.i=@weissschuh.net header.b="Rq+glfXL" Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53D50128383; Wed, 8 May 2024 17:58:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=159.69.126.157 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715191128; cv=none; b=Hm8tZVA5+UEJgJCWhbWI8zZZOpdjEuo8szrphpY/4gWsIXp6bQLt3TaGFo2S8oztsGFpVBcPIvp0PuZHaRxgMRNTRD4EvvMAVdgVlEnPzAltRrP5orj2o1faO6g9Du1xH/8ZaH4q4Ee8WHzcboD8tI1MLYwCSV3GoIjV4gLgYNM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715191128; c=relaxed/simple; bh=izy9mUQYXVfZMmrD6pld1qKnZtPknLMwwyonH4yL3Vc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=iSMje7ThkHlzloDYPhQlx1YUnCFOepU758HKB2CkSoXpCqUzOdNUsQpfhe14PKI5Moi82KeUYk19MvVf4MoZz77baOiKjogCwVMC33v1oa2IMuRexh+CM4qkMNHvc2VWCidAgMz9aA6QLiIXqEIfFmNscUqpuGH+yrvxwHp7rBc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=weissschuh.net; spf=pass smtp.mailfrom=weissschuh.net; dkim=pass (1024-bit key) header.d=weissschuh.net header.i=@weissschuh.net header.b=Rq+glfXL; arc=none smtp.client-ip=159.69.126.157 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=weissschuh.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=weissschuh.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1715191121; bh=izy9mUQYXVfZMmrD6pld1qKnZtPknLMwwyonH4yL3Vc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Rq+glfXLt289eemZq+1r+iaNMBnTWPvdeQLQ0NyoL09uhVDMAJ3wxRUCjqVjOV2SK YTITbS8yN3LNivomPWmqSMt6P4XqWSDQOn+Y/Up9LO2PRMAfQqTyynHW9Xt5wwqKTD cCLO4/9kms2cEpiWrbhUc1dnRaoQ0XfXj3fWusLw= Date: Wed, 8 May 2024 19:58:41 +0200 From: Thomas =?utf-8?Q?Wei=C3=9Fschuh?= To: Kees Cook Cc: Joel Granados , Luis Chamberlain , Andy Lutomirski , Will Drewry , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] seccomp: Constify sysctl subhelpers Message-ID: <26ee93db-a924-46f3-b7eb-4a89a6a59932@t-8ch.de> References: <20240508171337.work.861-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240508171337.work.861-kees@kernel.org> On 2024-05-08 10:13:41+0000, Kees Cook wrote: > The read_actions_logged() and write_actions_logged() helpers called by the > sysctl proc handler seccomp_actions_logged_handler() are already expecting > their sysctl table argument to be read-only. Actually mark the argument > as const in preparation[1] for global constification of the sysctl tables. > > Suggested-by: "Thomas Weißschuh" > Link: https://lore.kernel.org/lkml/20240423-sysctl-const-handler-v3-11-e0beccb836e2@weissschuh.net/ [1] > Signed-off-by: Kees Cook Thanks! Reviewed-by: "Thomas Weißschuh" > --- > Cc: "Thomas Weißschuh" > Cc: Joel Granados > Cc: Luis Chamberlain > Cc: Andy Lutomirski > Cc: Will Drewry > --- > kernel/seccomp.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index aca7b437882e..f70e031e06a8 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -2334,7 +2334,7 @@ static bool seccomp_actions_logged_from_names(u32 *actions_logged, char *names) > return true; > } > > -static int read_actions_logged(struct ctl_table *ro_table, void *buffer, > +static int read_actions_logged(const struct ctl_table *ro_table, void *buffer, > size_t *lenp, loff_t *ppos) > { > char names[sizeof(seccomp_actions_avail)]; > @@ -2352,7 +2352,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void *buffer, > return proc_dostring(&table, 0, buffer, lenp, ppos); > } > > -static int write_actions_logged(struct ctl_table *ro_table, void *buffer, > +static int write_actions_logged(const struct ctl_table *ro_table, void *buffer, > size_t *lenp, loff_t *ppos, u32 *actions_logged) > { > char names[sizeof(seccomp_actions_avail)]; > -- > 2.34.1 >