From: Kees Cook <keescook@chromium.org>
To: Xiaoming Ni <nixiaoming@huawei.com>
Cc: ebiederm@xmission.com, ak@linux.intel.com,
alex.huangjianhui@huawei.com, linzichang@huawei.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] sysctl: Delete the code of sys_sysctl
Date: Wed, 10 Jun 2020 08:03:45 -0700 [thread overview]
Message-ID: <202006100803.87D14D1CC7@keescook> (raw)
In-Reply-To: <21a9d711-af31-f7bd-1143-af2ca5b77ba9@huawei.com>
On Wed, Jun 10, 2020 at 10:17:49PM +0800, Xiaoming Ni wrote:
> On 2020/6/9 23:40, Kees Cook wrote:
> > On Tue, Jun 09, 2020 at 02:20:05PM +0800, Xiaoming Ni wrote:
> > > Since the commit 61a47c1ad3a4dc ("sysctl: Remove the sysctl system call"),
> > > sys_sysctl has lost its actual role: any input can only return an error.
> > >
> > > Delete the code and return -ENOSYS directly at the function entry
> > >
> > > Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com>
> >
> > Looks right to me.
> >
> > Reviewed-by: Kees Cook <keescook@chromium.org>
> >
> > Should this be taken a step further and just remove the syscall entirely
> > and update the per-arch tables with the ENOSYS hole?
> >
> > -Kees
> >
> Searching for git log, I found a commit record that deleted syscall:
> commit f5b94099739722 ("All Arch: remove linkage for sys_nfsservctl system
> call"). Could I use sys_ni_syscall to implement the hole as in the example
> here?
> E.g:
> diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
> index 7b3832d..f36fda6 100644
> --- a/arch/arm/tools/syscall.tbl
> +++ b/arch/arm/tools/syscall.tbl
> @@ -162,7 +162,7 @@
> 146 common writev sys_writev
> 147 common getsid sys_getsid
> 148 common fdatasync sys_fdatasync
> -149 common _sysctl sys_sysctl
> +149 common _sysctl sys_ni_syscall
> 150 common mlock sys_mlock
> 151 common munlock sys_munlock
> 152 common mlockall sys_mlockall
> diff --git a/arch/arm64/include/asm/unistd32.h
> b/arch/arm64/include/asm/unistd32.h
> index f8dafe9..ca41bb7 100644
> --- a/arch/arm64/include/asm/unistd32.h
> +++ b/arch/arm64/include/asm/unistd32.h
> @@ -308,8 +308,8 @@
> __SYSCALL(__NR_getsid, sys_getsid)
> #define __NR_fdatasync 148
> __SYSCALL(__NR_fdatasync, sys_fdatasync)
> -#define __NR__sysctl 149
> -__SYSCALL(__NR__sysctl, compat_sys_sysctl)
> + /* 149 was sys_sysctl */
> +__SYSCALL(149, sys_ni_syscall)
> #define __NR_mlock 150
> __SYSCALL(__NR_mlock, sys_mlock)
> #define __NR_munlock 151
>
>
> In this case, I need to modify a lot of code in v2.
Yeah, that looks like a good example.
> Can I add "Reviewed-by:
> Kees Cook <keescook@chromium.org>" to the v2 patch?
No, it'll be very different. I'm still a fan of the change, but send v2
and I can review that separately. Thanks!
--
Kees Cook
next prev parent reply other threads:[~2020-06-10 15:03 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-09 6:20 [PATCH] sysctl: Delete the code of sys_sysctl Xiaoming Ni
2020-06-09 15:40 ` Kees Cook
2020-06-10 14:17 ` Xiaoming Ni
2020-06-10 15:03 ` Kees Cook [this message]
2020-06-09 19:20 ` Eric W. Biederman
2020-06-10 14:19 ` Xiaoming Ni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006100803.87D14D1CC7@keescook \
--to=keescook@chromium.org \
--cc=ak@linux.intel.com \
--cc=alex.huangjianhui@huawei.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linzichang@huawei.com \
--cc=nixiaoming@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox