From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Date: Tue, 11 Aug 2009 14:36:43 +0000 Subject: Re: [PATCH][RFC] security: constify seq_operations Message-Id: <20090811143643.GA15096@us.ibm.com> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: James Morris Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Christoph Hellwig , Arjan van de Ven , kernel-janitors@vger.kernel.org Quoting James Morris (jmorris@namei.org): > I think it'd be a good idea to constify more of the various operations > structs in the kernel -- our coverage of this is spotty. > > The patch below should provide coverage for all of the eligible > seq_operations structs in the kernel. It's derived from the grsecurity > patch (which I was reading and noticed how many of these we're missing). > > It's possible something's been missed, or that there are problems in code > which I can't test. Please review/comment/test. > > If it looks ok, I suggest pushing this via -mm. > > Note that there are quite a few other similar ops to be constified, such > as file_operations, so if anyone would like to pitch in, please do so. > > --- > > Subject: [PATCH 1/1] security: constify seq_operations > > Make all seq_operations structs const, to help mitigate > against revectoring user-triggerable function pointers. > > This is derived from the grsecurity patch, although generated > from scratch because it's simpler than extracting the changes > from there. > > Signed-off-by: James Morris I think it's a good idea. I suppose we could add a script to check for any new seq_ops structs not constified... something as simple as find . -type f -print0 | xargs -0 grep 'struct seq_operations' | grep -v const Though what you have here hits all of those and more. Acked-by: Serge Hallyn thanks, -serge