From: Jeff Layton <jlayton@redhat.com>
To: Christoph Hellwig <hch@lst.de>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
"J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 33/33] nfsd4: const-ify nfsd4_ops
Date: Fri, 12 May 2017 14:42:21 -0400 [thread overview]
Message-ID: <1494614541.4227.12.camel@redhat.com> (raw)
In-Reply-To: <20170512161701.22468-34-hch@lst.de>
On Fri, 2017-05-12 at 18:17 +0200, Christoph Hellwig wrote:
> nfsd4_ops contains function pointers, and marking it as constant avoids
> it being able to be used as an attach vector for code injections.
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> fs/nfsd/nfs4proc.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index e814c1946f6e..fe6cb5b6d31c 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -1584,7 +1584,7 @@ struct nfsd4_operation {
> union nfsd4_op_u *);
> };
>
> -static struct nfsd4_operation nfsd4_ops[];
> +static const struct nfsd4_operation nfsd4_ops[];
>
> static const char *nfsd4_op_name(unsigned opnum);
>
> @@ -1621,7 +1621,7 @@ static __be32 nfs41_check_op_ordering(struct nfsd4_compoundargs *args)
> return nfs_ok;
> }
>
> -static inline struct nfsd4_operation *OPDESC(struct nfsd4_op *op)
> +static inline const struct nfsd4_operation *OPDESC(struct nfsd4_op *op)
> {
> return &nfsd4_ops[op->opnum];
> }
> @@ -1639,10 +1639,9 @@ static bool need_wrongsec_check(struct svc_rqst *rqstp)
> struct nfsd4_compoundargs *argp = rqstp->rq_argp;
> struct nfsd4_op *this = &argp->ops[resp->opcnt - 1];
> struct nfsd4_op *next = &argp->ops[resp->opcnt];
> - struct nfsd4_operation *thisd;
> - struct nfsd4_operation *nextd;
> + const struct nfsd4_operation *thisd = OPDESC(this);
> + const struct nfsd4_operation *nextd;
>
> - thisd = OPDESC(this);
> /*
> * Most ops check wronsec on our own; only the putfh-like ops
> * have special rules.
> @@ -1695,7 +1694,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
> struct nfsd4_compoundargs *args = rqstp->rq_argp;
> struct nfsd4_compoundres *resp = rqstp->rq_resp;
> struct nfsd4_op *op;
> - struct nfsd4_operation *opdesc;
> + const struct nfsd4_operation *opdesc;
> struct nfsd4_compound_state *cstate = &resp->cstate;
> struct svc_fh *current_fh = &cstate->current_fh;
> struct svc_fh *save_fh = &cstate->save_fh;
> @@ -2109,7 +2108,7 @@ static inline u32 nfsd4_seek_rsize(struct svc_rqst *rqstp, struct nfsd4_op *op)
> return (op_encode_hdr_size + 3) * sizeof(__be32);
> }
>
> -static struct nfsd4_operation nfsd4_ops[] = {
> +static const struct nfsd4_operation nfsd4_ops[] = {
> [OP_ACCESS] = {
> .op_func = nfsd4_access,
> .op_name = "OP_ACCESS",
...and I'll save us some emails. You can add my Reviewed-by to the whole
set. Nice cleanup/prophylaxis!
--
Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2017-05-12 18:42 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-12 16:16 remove function pointer casts and constify function tables Christoph Hellwig
2017-05-12 16:16 ` [PATCH 01/33] sunrpc: properly type argument to kxdreproc_t Christoph Hellwig
2017-05-12 16:16 ` [PATCH 02/33] sunrpc: fix encoder callback prototypes Christoph Hellwig
2017-05-12 16:16 ` [PATCH 03/33] lockd: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 04/33] nfs: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 05/33] nfsd: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 06/33] sunrpc/auth_gss: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 07/33] sunrpc: properly type argument to kxdrdproc_t Christoph Hellwig
2017-05-12 16:16 ` [PATCH 08/33] sunrpc: fix decoder callback prototypes Christoph Hellwig
2017-05-12 16:16 ` [PATCH 09/33] sunrpc/auth_gss: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 10/33] nfsd: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 11/33] lockd: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 12/33] nfs: " Christoph Hellwig
2017-05-12 16:16 ` [PATCH 13/33] nfs: don't cast callback decode/proc/encode routines Christoph Hellwig
2017-05-12 16:16 ` [PATCH 14/33] lockd: fix some weird indentation Christoph Hellwig
2017-05-12 18:01 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 15/33] sunrpc: move p_count out of struct rpc_procinfo Christoph Hellwig
2017-05-12 18:24 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 16/33] nfs: use ARRAY_SIZE() in the nfsacl_version3 declaration Christoph Hellwig
2017-05-12 18:25 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 17/33] sunrpc: mark all struct rpc_procinfo instances as const Christoph Hellwig
2017-05-12 18:30 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 18/33] nfsd4: const-ify nfs_cb_version4 Christoph Hellwig
2017-05-12 18:31 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 19/33] nfsd: use named initializers in PROC() Christoph Hellwig
2017-05-12 18:32 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 20/33] nfsd: remove the unused PROC() macro in nfs3proc.c Christoph Hellwig
2017-05-12 18:33 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 21/33] sunrpc: properly type pc_func callbacks Christoph Hellwig
2017-05-12 18:34 ` Jeff Layton
2017-05-12 16:16 ` [PATCH 22/33] sunrpc: properly type pc_release callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 23/33] sunrpc: properly type pc_decode callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 24/33] sunrpc: properly type pc_encode callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 25/33] sunrpc: remove kxdrproc_t Christoph Hellwig
2017-05-12 16:16 ` [PATCH 26/33] nfsd4: properly type op_set_currentstateid callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 27/33] nfsd4: properly type op_get_currentstateid callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 28/33] nfsd4: remove nfsd4op_rsize Christoph Hellwig
2017-05-12 16:16 ` [PATCH 29/33] nfsd4: properly type op_func callbacks Christoph Hellwig
2017-05-12 16:16 ` [PATCH 30/33] sunrpc: move pc_count out of struct svc_procinfo Christoph Hellwig
2017-05-12 16:16 ` [PATCH 31/33] sunrpc: mark all struct svc_procinfo instances as const Christoph Hellwig
2017-05-12 16:17 ` [PATCH 32/33] sunrpc: mark all struct svc_version " Christoph Hellwig
2017-05-12 16:17 ` [PATCH 33/33] nfsd4: const-ify nfsd4_ops Christoph Hellwig
2017-05-12 18:42 ` Jeff Layton [this message]
2017-05-12 20:14 ` remove function pointer casts and constify function tables Trond Myklebust
2017-05-12 22:04 ` bfields
2017-05-13 7:25 ` hch
2017-05-13 16:10 ` Trond Myklebust
2017-05-15 15:21 ` bfields
2017-05-15 15:44 ` hch
2017-05-23 8:11 ` hch
2017-05-23 12:23 ` bfields
2017-05-26 15:08 ` bfields
2017-05-26 15:09 ` bfields
2017-05-26 19:31 ` bfields
2017-05-30 16:26 ` Michael S. Tsirkin
2017-05-30 16:58 ` Michael S. Tsirkin
2017-05-31 20:57 ` bfields
2017-05-31 21:09 ` bfields
2017-05-31 21:15 ` bfields
2017-05-30 17:03 ` Michael S. Tsirkin
2017-05-31 21:00 ` bfields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1494614541.4227.12.camel@redhat.com \
--to=jlayton@redhat.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=hch@lst.de \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).