All of lore.kernel.org
 help / color / mirror / Atom feed
From: Arnd Bergmann <arnd@arndb.de>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
	Greg Ungerer <gerg@snapgear.com>,
	Gavin Lambert <gavinl@compacsort.com>,
	uClinux development list <uclinux-dev@uclinux.org>,
	Philippe De Muyter <phdm@macqel.be>,
	Linux/m68k <linux-m68k@lists.linux-m68k.org>,
	linux-arch@vger.kernel.org
Subject: Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table)
Date: Tue, 19 Apr 2011 09:48:36 +0200	[thread overview]
Message-ID: <201104190948.36517.arnd@arndb.de> (raw)
In-Reply-To: <m2y637bkep.fsf@igel.home>

On Monday 18 April 2011, Andreas Schwab wrote:
> >  
> > -void *sys_call_table[__NR_syscalls] = {
> > +const void *sys_call_table[__NR_syscalls] = {
> 
> That's not making it read-only.  You need to move the const to the other
> side of the pointer.

D'oh!

8<--------
[PATCH] mark sys_call_table as const

There is no reason to have sys_call_table writable, and putting
it into the rodata section can make it harder for malicious users
to overwrite the entry points.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
diff --git a/arch/score/kernel/sys_call_table.c b/arch/score/kernel/sys_call_table.c
index 287369b..6d61120 100644
--- a/arch/score/kernel/sys_call_table.c
+++ b/arch/score/kernel/sys_call_table.c
@@ -7,6 +7,6 @@
 #undef __SYSCALL
 #define __SYSCALL(nr, call) [nr] = (call),
 
-void *sys_call_table[__NR_syscalls] = {
+void *const sys_call_table[__NR_syscalls] = {
 #include <asm/unistd.h>
 };
diff --git a/arch/tile/include/asm/syscalls.h b/arch/tile/include/asm/syscalls.h
index 3b5507c..c0d6914 100644
--- a/arch/tile/include/asm/syscalls.h
+++ b/arch/tile/include/asm/syscalls.h
@@ -25,9 +25,9 @@
 #include <linux/compat.h>
 
 /* The array of function pointers for syscalls. */
-extern void *sys_call_table[];
+extern void *const sys_call_table[];
 #ifdef CONFIG_COMPAT
-extern void *compat_sys_call_table[];
+extern void *const compat_sys_call_table[];
 #endif
 
 /*
diff --git a/arch/tile/kernel/compat.c b/arch/tile/kernel/compat.c
index dbc213a..aedf769 100644
--- a/arch/tile/kernel/compat.c
+++ b/arch/tile/kernel/compat.c
@@ -166,7 +166,7 @@ long tile_compat_sys_msgrcv(int msqid,
  * Note that we can't include <linux/unistd.h> here since the header
  * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well.
  */
-void *compat_sys_call_table[__NR_syscalls] = {
+void *const compat_sys_call_table[__NR_syscalls] = {
 	[0 ... __NR_syscalls-1] = sys_ni_syscall,
 #include <asm/unistd.h>
 };
diff --git a/arch/tile/kernel/sys.c b/arch/tile/kernel/sys.c
index e2187d2..1fb2480 100644
--- a/arch/tile/kernel/sys.c
+++ b/arch/tile/kernel/sys.c
@@ -122,7 +122,7 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
  * Note that we can't include <linux/unistd.h> here since the header
  * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well.
  */
-void *sys_call_table[__NR_syscalls] = {
+void *const sys_call_table[__NR_syscalls] = {
 	[0 ... __NR_syscalls-1] = sys_ni_syscall,
 #include <asm/unistd.h>
 };
diff --git a/arch/unicore32/kernel/sys.c b/arch/unicore32/kernel/sys.c
index 3afe60a..00f3046 100644
--- a/arch/unicore32/kernel/sys.c
+++ b/arch/unicore32/kernel/sys.c
@@ -120,7 +120,7 @@ SYSCALL_DEFINE6(mmap2, unsigned long, addr, unsigned long, len,
 #define __SYSCALL(nr, call)	[nr] = (call),
 
 /* Note that we don't include <linux/unistd.h> but <asm/unistd.h> */
-void *sys_call_table[__NR_syscalls] = {
+void *const sys_call_table[__NR_syscalls] = {
 	[0 ... __NR_syscalls-1] = sys_ni_syscall,
 #include <asm/unistd.h>
 };

  reply	other threads:[~2011-04-19  7:48 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-13 18:05 Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) Geert Uytterhoeven
2011-04-18 14:49 ` Arnd Bergmann
2011-04-18 16:21   ` Andreas Schwab
2011-04-19  7:48     ` Arnd Bergmann [this message]
2011-04-19  8:12       ` Finn Thain
2011-04-19 11:54         ` Andreas Schwab
2011-04-19 11:54         ` Andreas Schwab
2011-04-19 12:16           ` Arnd Bergmann
2011-04-19 13:25             ` Andreas Schwab
2011-04-19 13:25             ` Andreas Schwab
2011-04-19 15:31           ` Finn Thain
2011-04-19 15:31           ` Finn Thain
  -- strict thread matches above, loose matches on Subject: below --
2011-04-13 18:05 Geert Uytterhoeven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201104190948.36517.arnd@arndb.de \
    --to=arnd@arndb.de \
    --cc=gavinl@compacsort.com \
    --cc=geert@linux-m68k.org \
    --cc=gerg@snapgear.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-m68k@lists.linux-m68k.org \
    --cc=phdm@macqel.be \
    --cc=schwab@linux-m68k.org \
    --cc=uclinux-dev@uclinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.