diff options
| author | Wedson Almeida Filho <walmeida@microsoft.com> | 2023-09-30 02:00:05 -0300 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2023-10-09 16:24:16 +0200 |
| commit | e346fb6d774abf1d9a87d39b1e3eef0b7397d154 (patch) | |
| tree | eb5cb0fc0e3f5ad59f501ba0ae7982439721921e | |
| parent | ce9ecca0238b140b88f43859b211c9fdfd8e5b70 (diff) | |
| download | linux-e346fb6d774abf1d9a87d39b1e3eef0b7397d154.tar.gz linux-e346fb6d774abf1d9a87d39b1e3eef0b7397d154.tar.bz2 linux-e346fb6d774abf1d9a87d39b1e3eef0b7397d154.zip | |
xattr: make the xattr array itself const
As it is currently declared, the xattr_handler structs are const but the
array containing their pointers is not. This patch makes it so that fs
modules can place them in .rodata, which makes it harder for
accidental/malicious modifications at runtime.
Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
Link: https://lore.kernel.org/r/20230930050033.41174-2-wedsonaf@gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
| -rw-r--r-- | fs/xattr.c | 6 | ||||
| -rw-r--r-- | include/linux/fs.h | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/fs/xattr.c b/fs/xattr.c index efd4736bc94b..09d927603433 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -56,7 +56,7 @@ strcmp_prefix(const char *a, const char *a_prefix) static const struct xattr_handler * xattr_resolve_name(struct inode *inode, const char **name) { - const struct xattr_handler **handlers = inode->i_sb->s_xattr; + const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; const struct xattr_handler *handler; if (!(inode->i_opflags & IOP_XATTR)) { @@ -162,7 +162,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode, int xattr_supports_user_prefix(struct inode *inode) { - const struct xattr_handler **handlers = inode->i_sb->s_xattr; + const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; const struct xattr_handler *handler; if (!(inode->i_opflags & IOP_XATTR)) { @@ -999,7 +999,7 @@ int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name) ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) { - const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; + const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr; ssize_t remaining_size = buffer_size; int err = 0; diff --git a/include/linux/fs.h b/include/linux/fs.h index 4aeb3fa11927..bba22e25664d 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1206,7 +1206,7 @@ struct super_block { #ifdef CONFIG_SECURITY void *s_security; #endif - const struct xattr_handler **s_xattr; + const struct xattr_handler * const *s_xattr; #ifdef CONFIG_FS_ENCRYPTION const struct fscrypt_operations *s_cop; struct fscrypt_keyring *s_master_keys; /* master crypto keys in use */ |