Commit 93bda330 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'net-constify-ctl_table-arguments-of-utility-functions'

Thomas Weißschuh says:

====================
net: constify ctl_table arguments of utility functions

The sysctl core is preparing to only expose instances of
struct ctl_table as "const".
This will also affect the ctl_table argument of sysctl handlers.

As the function prototype of all sysctl handlers throughout the tree
needs to stay consistent that change will be done in one commit.

To reduce the size of that final commit, switch utility functions which
are not bound by "typedef proc_handler" to "const struct ctl_table".

No functional change.

This patch(set) is meant to be applied through your subsystem tree.
Or at your preference through the sysctl tree.

Motivation
==========

Moving structures containing function pointers into unmodifiable .rodata
prevents attackers or bugs from corrupting and diverting those pointers.

Also the "struct ctl_table" exposed by the sysctl core were never meant
to be mutated by users.

For this goal changes to both the sysctl core and "const" qualifiers for
various sysctl APIs are necessary.
====================

Link: https://lore.kernel.org/r/20240527-sysctl-const-handler-net-v1-0-16523767d0b2@weissschuh.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 982300c1 0a9f788f
...@@ -3578,7 +3578,7 @@ static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p, ...@@ -3578,7 +3578,7 @@ static void neigh_copy_dflt_parms(struct net *net, struct neigh_parms *p,
rcu_read_unlock(); rcu_read_unlock();
} }
static void neigh_proc_update(struct ctl_table *ctl, int write) static void neigh_proc_update(const struct ctl_table *ctl, int write)
{ {
struct net_device *dev = ctl->extra1; struct net_device *dev = ctl->extra1;
struct neigh_parms *p = ctl->extra2; struct neigh_parms *p = ctl->extra2;
......
...@@ -130,7 +130,8 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write, ...@@ -130,7 +130,8 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write,
return ret; return ret;
} }
static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) static void inet_get_ping_group_range_table(const struct ctl_table *table,
kgid_t *low, kgid_t *high)
{ {
kgid_t *data = table->data; kgid_t *data = table->data;
struct net *net = struct net *net =
...@@ -145,7 +146,8 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low ...@@ -145,7 +146,8 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low
} }
/* Update system visible IP port range */ /* Update system visible IP port range */
static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) static void set_ping_group_range(const struct ctl_table *table,
kgid_t low, kgid_t high)
{ {
kgid_t *data = table->data; kgid_t *data = table->data;
struct net *net = struct net *net =
......
...@@ -863,7 +863,7 @@ static void addrconf_forward_change(struct net *net, __s32 newf) ...@@ -863,7 +863,7 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
} }
} }
static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf) static int addrconf_fixup_forwarding(const struct ctl_table *table, int *p, int newf)
{ {
struct net *net; struct net *net;
int old; int old;
...@@ -931,7 +931,7 @@ static void addrconf_linkdown_change(struct net *net, __s32 newf) ...@@ -931,7 +931,7 @@ static void addrconf_linkdown_change(struct net *net, __s32 newf)
} }
} }
static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int newf) static int addrconf_fixup_linkdown(const struct ctl_table *table, int *p, int newf)
{ {
struct net *net; struct net *net;
int old; int old;
...@@ -6378,7 +6378,7 @@ static void addrconf_disable_change(struct net *net, __s32 newf) ...@@ -6378,7 +6378,7 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
} }
} }
static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf) static int addrconf_disable_ipv6(const struct ctl_table *table, int *p, int newf)
{ {
struct net *net = (struct net *)table->extra2; struct net *net = (struct net *)table->extra2;
int old; int old;
...@@ -6669,7 +6669,7 @@ void addrconf_disable_policy_idev(struct inet6_dev *idev, int val) ...@@ -6669,7 +6669,7 @@ void addrconf_disable_policy_idev(struct inet6_dev *idev, int val)
} }
static static
int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val) int addrconf_disable_policy(const struct ctl_table *ctl, int *valp, int val)
{ {
struct net *net = (struct net *)ctl->extra2; struct net *net = (struct net *)ctl->extra2;
struct inet6_dev *idev; struct inet6_dev *idev;
......
...@@ -1936,7 +1936,7 @@ static struct notifier_block ndisc_netdev_notifier = { ...@@ -1936,7 +1936,7 @@ static struct notifier_block ndisc_netdev_notifier = {
}; };
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
const char *func, const char *dev_name) const char *func, const char *dev_name)
{ {
static char warncomm[TASK_COMM_LEN]; static char warncomm[TASK_COMM_LEN];
......
...@@ -1924,7 +1924,8 @@ proc_do_sync_ports(struct ctl_table *table, int write, ...@@ -1924,7 +1924,8 @@ proc_do_sync_ports(struct ctl_table *table, int write,
return rc; return rc;
} }
static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer) static int ipvs_proc_est_cpumask_set(const struct ctl_table *table,
void *buffer)
{ {
struct netns_ipvs *ipvs = table->extra2; struct netns_ipvs *ipvs = table->extra2;
cpumask_var_t *valp = table->data; cpumask_var_t *valp = table->data;
...@@ -1962,8 +1963,8 @@ static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer) ...@@ -1962,8 +1963,8 @@ static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer)
return ret; return ret;
} }
static int ipvs_proc_est_cpumask_get(struct ctl_table *table, void *buffer, static int ipvs_proc_est_cpumask_get(const struct ctl_table *table,
size_t size) void *buffer, size_t size)
{ {
struct netns_ipvs *ipvs = table->extra2; struct netns_ipvs *ipvs = table->extra2;
cpumask_var_t *valp = table->data; cpumask_var_t *valp = table->data;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment