* Patch 1 is a bugfix for the stack_erasing sysctl handler
* Patches 2-10 change various helper functions throughout the kernel to
be able to handle 'const ctl_table'.
* Patch 11 changes the signatures of all proc handlers through the tree.
Some other signatures are also adapted, for details see the commit
message.
Only patch 1 changes any code at all.
The series was compile-tested on top of next-20230315 for
i386, x86_64, arm, arm64, riscv, loongarch and s390.
This series was split from my larger series sysctl-const series [0].
It only focusses on the proc_handlers but is an important step to be
able to move all static definitions of ctl_table into .rodata.
[0] https://lore.kernel.org/lkml/[email protected]/
Signed-off-by: Thomas Weißschuh <[email protected]>
---
Thomas Weißschuh (11):
stackleak: don't modify ctl_table argument
cgroup: bpf: constify ctl_table arguments and fields
hugetlb: constify ctl_table arguments of utility functions
utsname: constify ctl_table arguments of utility function
neighbour: constify ctl_table arguments of utility function
ipv4/sysctl: constify ctl_table arguments of utility functions
ipv6/addrconf: constify ctl_table arguments of utility functions
ipv6/ndisc: constify ctl_table arguments of utility function
ipvs: constify ctl_table arguments of utility functions
sysctl: constify ctl_table arguments of utility function
sysctl: treewide: constify the ctl_table argument of handlers
arch/arm64/kernel/armv8_deprecated.c | 2 +-
arch/arm64/kernel/fpsimd.c | 2 +-
arch/s390/appldata/appldata_base.c | 10 +--
arch/s390/kernel/debug.c | 2 +-
arch/s390/kernel/topology.c | 2 +-
arch/s390/mm/cmm.c | 6 +-
arch/x86/kernel/itmt.c | 2 +-
drivers/cdrom/cdrom.c | 6 +-
drivers/char/random.c | 5 +-
drivers/macintosh/mac_hid.c | 2 +-
drivers/net/vrf.c | 2 +-
drivers/parport/procfs.c | 14 ++--
drivers/perf/arm_pmuv3.c | 6 +-
drivers/perf/riscv_pmu_sbi.c | 2 +-
fs/coredump.c | 4 +-
fs/dcache.c | 3 +-
fs/drop_caches.c | 4 +-
fs/exec.c | 6 +-
fs/file_table.c | 3 +-
fs/fs-writeback.c | 2 +-
fs/inode.c | 3 +-
fs/pipe.c | 2 +-
fs/quota/dquot.c | 4 +-
fs/xfs/xfs_sysctl.c | 33 ++++-----
include/linux/filter.h | 2 +-
include/linux/ftrace.h | 4 +-
include/linux/mm.h | 8 +--
include/linux/perf_event.h | 6 +-
include/linux/security.h | 2 +-
include/linux/sysctl.h | 36 +++++-----
include/linux/vmstat.h | 6 +-
include/linux/writeback.h | 2 +-
include/net/ndisc.h | 2 +-
include/net/neighbour.h | 6 +-
include/net/netfilter/nf_hooks_lwtunnel.h | 2 +-
ipc/ipc_sysctl.c | 14 ++--
kernel/bpf/syscall.c | 4 +-
kernel/delayacct.c | 5 +-
kernel/events/callchain.c | 2 +-
kernel/events/core.c | 9 ++-
kernel/fork.c | 2 +-
kernel/hung_task.c | 7 +-
kernel/kexec_core.c | 2 +-
kernel/kprobes.c | 2 +-
kernel/latencytop.c | 5 +-
kernel/pid_namespace.c | 4 +-
kernel/pid_sysctl.h | 2 +-
kernel/printk/internal.h | 2 +-
kernel/printk/printk.c | 2 +-
kernel/printk/sysctl.c | 6 +-
kernel/sched/core.c | 15 ++--
kernel/sched/rt.c | 20 +++---
kernel/sched/topology.c | 6 +-
kernel/seccomp.c | 7 +-
kernel/stackleak.c | 12 ++--
kernel/sysctl.c | 109 ++++++++++++++++--------------
kernel/time/timer.c | 4 +-
kernel/trace/ftrace.c | 2 +-
kernel/trace/trace.c | 2 +-
kernel/trace/trace_events_user.c | 3 +-
kernel/trace/trace_stack.c | 2 +-
kernel/umh.c | 4 +-
kernel/utsname_sysctl.c | 6 +-
kernel/watchdog.c | 15 ++--
mm/compaction.c | 17 +++--
mm/hugetlb.c | 20 +++---
mm/page-writeback.c | 27 +++++---
mm/page_alloc.c | 43 ++++++++----
mm/util.c | 15 ++--
mm/vmstat.c | 6 +-
net/bridge/br_netfilter_hooks.c | 2 +-
net/core/neighbour.c | 26 ++++---
net/core/sysctl_net_core.c | 24 ++++---
net/ipv4/devinet.c | 6 +-
net/ipv4/route.c | 4 +-
net/ipv4/sysctl_net_ipv4.c | 40 ++++++-----
net/ipv6/addrconf.c | 38 ++++++-----
net/ipv6/ndisc.c | 7 +-
net/ipv6/route.c | 4 +-
net/ipv6/sysctl_net_ipv6.c | 6 +-
net/mpls/af_mpls.c | 4 +-
net/netfilter/ipvs/ip_vs_ctl.c | 19 +++---
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nf_hooks_lwtunnel.c | 2 +-
net/netfilter/nf_log.c | 4 +-
net/phonet/sysctl.c | 2 +-
net/rds/tcp.c | 4 +-
net/sctp/sysctl.c | 30 ++++----
net/sunrpc/sysctl.c | 5 +-
net/sunrpc/xprtrdma/svc_rdma.c | 2 +-
security/apparmor/lsm.c | 2 +-
security/min_addr.c | 2 +-
security/yama/yama_lsm.c | 2 +-
93 files changed, 467 insertions(+), 376 deletions(-)
---
base-commit: a1e7655b77e3391b58ac28256789ea45b1685abb
change-id: 20231226-sysctl-const-handler-883b5eba7e80
Best regards,
--
Thomas Weißschuh <[email protected]>
In a future commit the proc_handlers will change to
"const struct ctl_table".
As a preparation for that adapt the logic to work with a temporary
variable, similar to how it is done in other parts of the kernel.
Fixes: 964c9dff0091 ("stackleak: Allow runtime disabling of kernel stack erasing")
Acked-by: Kees Cook <[email protected]>
Signed-off-by: Thomas Weißschuh <[email protected]>
---
kernel/stackleak.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/stackleak.c b/kernel/stackleak.c
index 34c9d81eea94..b292e5ca0b7d 100644
--- a/kernel/stackleak.c
+++ b/kernel/stackleak.c
@@ -27,10 +27,11 @@ static int stack_erasing_sysctl(struct ctl_table *table, int write,
int ret = 0;
int state = !static_branch_unlikely(&stack_erasing_bypass);
int prev_state = state;
+ struct ctl_table tmp = *table;
- table->data = &state;
- table->maxlen = sizeof(int);
- ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
+ tmp.data = &state;
+ tmp.maxlen = sizeof(int);
+ ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
state = !!state;
if (ret || !write || state == prev_state)
return ret;
--
2.44.0
In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt the cgroup-bpf
code.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
include/linux/filter.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index c99bc3df2d28..3238dcff5703 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1366,7 +1366,7 @@ struct bpf_sock_ops_kern {
struct bpf_sysctl_kern {
struct ctl_table_header *head;
- struct ctl_table *table;
+ const struct ctl_table *table;
void *cur_val;
size_t cur_len;
void *new_val;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
mm/hugetlb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 23ef240ba48a..b0d89ab98eaa 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4929,7 +4929,7 @@ static unsigned int allowed_mems_nr(struct hstate *h)
}
#ifdef CONFIG_SYSCTL
-static int proc_hugetlb_doulongvec_minmax(struct ctl_table *table, int write,
+static int proc_hugetlb_doulongvec_minmax(const struct ctl_table *table, int write,
void *buffer, size_t *length,
loff_t *ppos, unsigned long *out)
{
@@ -4946,7 +4946,7 @@ static int proc_hugetlb_doulongvec_minmax(struct ctl_table *table, int write,
}
static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
- struct ctl_table *table, int write,
+ const struct ctl_table *table, int write,
void *buffer, size_t *length, loff_t *ppos)
{
struct hstate *h = &default_hstate;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helper.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
kernel/utsname_sysctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
index 019e3a1566cf..46590d4addc8 100644
--- a/kernel/utsname_sysctl.c
+++ b/kernel/utsname_sysctl.c
@@ -15,7 +15,7 @@
#ifdef CONFIG_PROC_SYSCTL
-static void *get_uts(struct ctl_table *table)
+static void *get_uts(const struct ctl_table *table)
{
char *which = table->data;
struct uts_namespace *uts_ns;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helper.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
net/core/neighbour.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 552719c3bbc3..1fb71107accf 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3573,7 +3573,7 @@ static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
rcu_read_unlock();
}
-static void neigh_proc_update(struct ctl_table *ctl, int write)
+static void neigh_proc_update(const struct ctl_table *ctl, int write)
{
struct net_device *dev = ctl->extra1;
struct neigh_parms *p = ctl->extra2;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
net/ipv4/sysctl_net_ipv4.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 7e4f16a7dcc1..363dc2a487ac 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -130,7 +130,8 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write,
return ret;
}
-static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
+static void inet_get_ping_group_range_table(const struct ctl_table *table,
+ kgid_t *low, kgid_t *high)
{
kgid_t *data = table->data;
struct net *net =
@@ -145,7 +146,8 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low
}
/* Update system visible IP port range */
-static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
+static void set_ping_group_range(const struct ctl_table *table,
+ kgid_t low, kgid_t high)
{
kgid_t *data = table->data;
struct net *net =
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
net/netfilter/ipvs/ip_vs_ctl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 143a341bbc0a..689ac521ea2d 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1924,7 +1924,8 @@ proc_do_sync_ports(struct ctl_table *table, int write,
return rc;
}
-static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer)
+static int ipvs_proc_est_cpumask_set(const struct ctl_table *table,
+ void *buffer)
{
struct netns_ipvs *ipvs = table->extra2;
cpumask_var_t *valp = table->data;
@@ -1962,8 +1963,8 @@ static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer)
return ret;
}
-static int ipvs_proc_est_cpumask_get(struct ctl_table *table, void *buffer,
- size_t size)
+static int ipvs_proc_est_cpumask_get(const struct ctl_table *table,
+ void *buffer, size_t size)
{
struct netns_ipvs *ipvs = table->extra2;
cpumask_var_t *valp = table->data;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
net/ipv6/addrconf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 247bd4d8ee45..c72f3b63e41d 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -862,7 +862,7 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
}
}
-static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf)
+static int addrconf_fixup_forwarding(const struct ctl_table *table, int *p, int newf)
{
struct net *net;
int old;
@@ -930,7 +930,7 @@ static void addrconf_linkdown_change(struct net *net, __s32 newf)
}
}
-static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int newf)
+static int addrconf_fixup_linkdown(const struct ctl_table *table, int *p, int newf)
{
struct net *net;
int old;
@@ -6375,7 +6375,7 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
}
}
-static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
+static int addrconf_disable_ipv6(const struct ctl_table *table, int *p, int newf)
{
struct net *net = (struct net *)table->extra2;
int old;
@@ -6666,7 +6666,7 @@ void addrconf_disable_policy_idev(struct inet6_dev *idev, int val)
}
static
-int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val)
+int addrconf_disable_policy(const struct ctl_table *ctl, int *valp, int val)
{
struct net *net = (struct net *)ctl->extra2;
struct inet6_dev *idev;
--
2.44.0
In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helper.
Signed-off-by: Thomas Weißschuh <[email protected]>
---
net/ipv6/ndisc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index ae134634c323..945d5f5ca039 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1936,7 +1936,7 @@ static struct notifier_block ndisc_netdev_notifier = {
};
#ifdef CONFIG_SYSCTL
-static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
+static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
const char *func, const char *dev_name)
{
static char warncomm[TASK_COMM_LEN];
--
2.44.0