diff mbox series

[01/29] xattr: make the xattr array itself const

Message ID 20230930050033.41174-2-wedsonaf@gmail.com (mailing list archive)
State New, archived
Headers show
Series const xattr tables | expand

Commit Message

Wedson Almeida Filho Sept. 30, 2023, 5 a.m. UTC
From: Wedson Almeida Filho <walmeida@microsoft.com>

As it is currently declared, the xattr_handler structs are const but the
array containing their pointers is not. This patch makes it so that fs
modules can place them in .rodata, which makes it harder for
accidental/malicious modifications at runtime.

Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
---
 fs/xattr.c         | 6 +++---
 include/linux/fs.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

kernel test robot Sept. 30, 2023, 6:54 a.m. UTC | #1
Hi Wedson,

kernel test robot noticed the following build warnings:

[auto build test WARNING on 2dde18cd1d8fac735875f2e4987f11817cc0bc2c]

url:    https://github.com/intel-lab-lkp/linux/commits/Wedson-Almeida-Filho/xattr-make-the-xattr-array-itself-const/20230930-130453
base:   2dde18cd1d8fac735875f2e4987f11817cc0bc2c
patch link:    https://lore.kernel.org/r/20230930050033.41174-2-wedsonaf%40gmail.com
patch subject: [PATCH 01/29] xattr: make the xattr array itself const
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20230930/202309301437.ZGtqFntR-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230930/202309301437.ZGtqFntR-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202309301437.ZGtqFntR-lkp@intel.com/

All warnings (new ones prefixed by >>):

   fs/reiserfs/xattr.c: In function 'listxattr_filler':
>> fs/reiserfs/xattr.c:822:57: warning: passing argument 1 of 'reiserfs_xattr_list' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
     822 |                 if (!reiserfs_xattr_list(b->dentry->d_sb->s_xattr, name,
         |                                          ~~~~~~~~~~~~~~~^~~~~~~~~
   fs/reiserfs/xattr.c:782:69: note: expected 'const struct xattr_handler **' but argument is of type 'const struct xattr_handler * const*'
     782 | static inline bool reiserfs_xattr_list(const struct xattr_handler **handlers,
         |                                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~


vim +822 fs/reiserfs/xattr.c

^1da177e4c3f41 Linus Torvalds      2005-04-16  811  
25885a35a72007 Al Viro             2022-08-16  812  static bool listxattr_filler(struct dir_context *ctx, const char *name,
ac7576f4b1da8c Miklos Szeredi      2014-10-30  813  			    int namelen, loff_t offset, u64 ino,
ac7576f4b1da8c Miklos Szeredi      2014-10-30  814  			    unsigned int d_type)
^1da177e4c3f41 Linus Torvalds      2005-04-16  815  {
ac7576f4b1da8c Miklos Szeredi      2014-10-30  816  	struct listxattr_buf *b =
ac7576f4b1da8c Miklos Szeredi      2014-10-30  817  		container_of(ctx, struct listxattr_buf, ctx);
48b32a3553a547 Jeff Mahoney        2009-03-30  818  	size_t size;
f3fb9e27325c4e Fabian Frederick    2014-08-08  819  
48b32a3553a547 Jeff Mahoney        2009-03-30  820  	if (name[0] != '.' ||
48b32a3553a547 Jeff Mahoney        2009-03-30  821  	    (namelen != 1 && (name[1] != '.' || namelen != 2))) {
387b96a5891c07 Christian Brauner   2023-02-01 @822  		if (!reiserfs_xattr_list(b->dentry->d_sb->s_xattr, name,
387b96a5891c07 Christian Brauner   2023-02-01  823  					 b->dentry))
25885a35a72007 Al Viro             2022-08-16  824  			return true;
764a5c6b1fa430 Andreas Gruenbacher 2015-12-02  825  		size = namelen + 1;
48b32a3553a547 Jeff Mahoney        2009-03-30  826  		if (b->buf) {
a13f085d111e90 Jann Horn           2018-08-21  827  			if (b->pos + size > b->size) {
a13f085d111e90 Jann Horn           2018-08-21  828  				b->pos = -ERANGE;
25885a35a72007 Al Viro             2022-08-16  829  				return false;
a13f085d111e90 Jann Horn           2018-08-21  830  			}
764a5c6b1fa430 Andreas Gruenbacher 2015-12-02  831  			memcpy(b->buf + b->pos, name, namelen);
764a5c6b1fa430 Andreas Gruenbacher 2015-12-02  832  			b->buf[b->pos + namelen] = 0;
^1da177e4c3f41 Linus Torvalds      2005-04-16  833  		}
48b32a3553a547 Jeff Mahoney        2009-03-30  834  		b->pos += size;
48b32a3553a547 Jeff Mahoney        2009-03-30  835  	}
25885a35a72007 Al Viro             2022-08-16  836  	return true;
^1da177e4c3f41 Linus Torvalds      2005-04-16  837  }
bd4c625c061c2a Linus Torvalds      2005-07-12  838
Thomas Weißschuh Oct. 2, 2023, 9:58 a.m. UTC | #2
On 2023-09-30 02:00:05-0300, Wedson Almeida Filho wrote:
> From: Wedson Almeida Filho <walmeida@microsoft.com>
> 
> As it is currently declared, the xattr_handler structs are const but the
> array containing their pointers is not. This patch makes it so that fs
> modules can place them in .rodata, which makes it harder for
> accidental/malicious modifications at runtime.

You could also add an entry to scripts/const_structs.checkpatch to make
sure newly introduced usages of the struct are const.

Could be a single dedicated patch after this patch has been applied.

> Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
> ---
>  fs/xattr.c         | 6 +++---
>  include/linux/fs.h | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/xattr.c b/fs/xattr.c
> index e7bbb7f57557..1905f8ede13d 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -56,7 +56,7 @@ strcmp_prefix(const char *a, const char *a_prefix)
>  static const struct xattr_handler *
>  xattr_resolve_name(struct inode *inode, const char **name)
>  {
> -	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
> +	const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
>  	const struct xattr_handler *handler;
>  
>  	if (!(inode->i_opflags & IOP_XATTR)) {
> @@ -162,7 +162,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
>  int
>  xattr_supports_user_prefix(struct inode *inode)
>  {
> -	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
> +	const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
>  	const struct xattr_handler *handler;
>  
>  	if (!(inode->i_opflags & IOP_XATTR)) {
> @@ -999,7 +999,7 @@ int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name)
>  ssize_t
>  generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
>  {
> -	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
> +	const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr;
>  	ssize_t remaining_size = buffer_size;
>  	int err = 0;
>  
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 562f2623c9c9..4d8003f48216 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1172,7 +1172,7 @@ struct super_block {
>  #ifdef CONFIG_SECURITY
>  	void                    *s_security;
>  #endif
> -	const struct xattr_handler **s_xattr;
> +	const struct xattr_handler * const *s_xattr;
>  #ifdef CONFIG_FS_ENCRYPTION
>  	const struct fscrypt_operations	*s_cop;
>  	struct fscrypt_keyring	*s_master_keys; /* master crypto keys in use */
> -- 
> 2.34.1
>
diff mbox series

Patch

diff --git a/fs/xattr.c b/fs/xattr.c
index e7bbb7f57557..1905f8ede13d 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -56,7 +56,7 @@  strcmp_prefix(const char *a, const char *a_prefix)
 static const struct xattr_handler *
 xattr_resolve_name(struct inode *inode, const char **name)
 {
-	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
+	const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
 	const struct xattr_handler *handler;
 
 	if (!(inode->i_opflags & IOP_XATTR)) {
@@ -162,7 +162,7 @@  xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
 int
 xattr_supports_user_prefix(struct inode *inode)
 {
-	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
+	const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
 	const struct xattr_handler *handler;
 
 	if (!(inode->i_opflags & IOP_XATTR)) {
@@ -999,7 +999,7 @@  int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name)
 ssize_t
 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 {
-	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
+	const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr;
 	ssize_t remaining_size = buffer_size;
 	int err = 0;
 
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 562f2623c9c9..4d8003f48216 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1172,7 +1172,7 @@  struct super_block {
 #ifdef CONFIG_SECURITY
 	void                    *s_security;
 #endif
-	const struct xattr_handler **s_xattr;
+	const struct xattr_handler * const *s_xattr;
 #ifdef CONFIG_FS_ENCRYPTION
 	const struct fscrypt_operations	*s_cop;
 	struct fscrypt_keyring	*s_master_keys; /* master crypto keys in use */