From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B8CF2C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:52:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234718AbjLDHw2 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:28 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48142 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234688AbjLDHw1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:27 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 28D46FF;
        Sun,  3 Dec 2023 23:52:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676351;
        bh=jiUoP9EILBqjXJdhjCd6wCOIBwbA+1GPrmYgkgR4m/M=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=YZPlhHxEX6oI7g8G2LKXf/0qWZsZyCVOccYQzag5Ib0JfOmdslPSqC02Lm5IVfa3V
         NfYWDXaB1wpUtcwFKNl/iui8AG1y0biZQzCEo/kstXkAPmgY865s0R0m17Uq6kJPoA
         5Hhw+R4gLkxRIE/ks80cNBL7k4qMXjau4nE8joP4=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:14 +0100
Subject: [PATCH v2 01/18] watchdog/core: remove sysctl handlers from public
 header
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-1-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=3077;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=jiUoP9EILBqjXJdhjCd6wCOIBwbA+1GPrmYgkgR4m/M=;
 b=N668jhYnDq/m98yRu3KJUDGYvbbTXjPausZ1wtJee7HDZsf73TfhAf+uRsaSar7Bl1MjM4b1f
 y4xDB12U1prASWAMR2lxo2BG40azT17eSnNK1xvNxwTk7wvRe1prpvc
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The functions are only used in the file where they are defined.
Remove them from the header and make them static.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 include/linux/nmi.h |  7 -------
 kernel/watchdog.c   | 10 +++++-----
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index e92e378df000..f53438eae815 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -216,13 +216,6 @@ void watchdog_update_hrtimer_threshold(u64 period);
 static inline void watchdog_update_hrtimer_threshold(u64 period) { }
 #endif
=20
-struct ctl_table;
-int proc_watchdog(struct ctl_table *, int, void *, size_t *, loff_t *);
-int proc_nmi_watchdog(struct ctl_table *, int , void *, size_t *, loff_t *=
);
-int proc_soft_watchdog(struct ctl_table *, int , void *, size_t *, loff_t =
*);
-int proc_watchdog_thresh(struct ctl_table *, int , void *, size_t *, loff_=
t *);
-int proc_watchdog_cpumask(struct ctl_table *, int, void *, size_t *, loff_=
t *);
-
 #ifdef CONFIG_HAVE_ACPI_APEI_NMI
 #include <asm/nmi.h>
 #endif
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index 5cd6d4e26915..0fe72e89627d 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -772,7 +772,7 @@ static int proc_watchdog_common(int which, struct ctl_t=
able *table, int write,
 /*
  * /proc/sys/kernel/watchdog
  */
-int proc_watchdog(struct ctl_table *table, int write,
+static int proc_watchdog(struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return proc_watchdog_common(WATCHDOG_HARDLOCKUP_ENABLED |
@@ -783,7 +783,7 @@ int proc_watchdog(struct ctl_table *table, int write,
 /*
  * /proc/sys/kernel/nmi_watchdog
  */
-int proc_nmi_watchdog(struct ctl_table *table, int write,
+static int proc_nmi_watchdog(struct ctl_table *table, int write,
 		      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!watchdog_hardlockup_available && write)
@@ -795,7 +795,7 @@ int proc_nmi_watchdog(struct ctl_table *table, int writ=
e,
 /*
  * /proc/sys/kernel/soft_watchdog
  */
-int proc_soft_watchdog(struct ctl_table *table, int write,
+static int proc_soft_watchdog(struct ctl_table *table, int write,
 			void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return proc_watchdog_common(WATCHDOG_SOFTOCKUP_ENABLED,
@@ -805,7 +805,7 @@ int proc_soft_watchdog(struct ctl_table *table, int wri=
te,
 /*
  * /proc/sys/kernel/watchdog_thresh
  */
-int proc_watchdog_thresh(struct ctl_table *table, int write,
+static int proc_watchdog_thresh(struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err, old;
@@ -828,7 +828,7 @@ int proc_watchdog_thresh(struct ctl_table *table, int w=
rite,
  * user to specify a mask that will include cpus that have not yet
  * been brought online, if desired.
  */
-int proc_watchdog_cpumask(struct ctl_table *table, int write,
+static int proc_watchdog_cpumask(struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B91CCC4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:52:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343521AbjLDHwc (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48174 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234714AbjLDHw2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:28 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D583710E;
        Sun,  3 Dec 2023 23:52:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676351;
        bh=q4VE2o2FyvyFNG1LqUdQPdjkzoeYyweyQ8tzt1Zr98M=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=YvZQVv7h5D8dBbZC2USl0/LGJ0NYUJBbWTU6gw9zrE5BzBgs6GREiFYl+645cIPQY
         hbCfQvLOj0lKhEoVRdO1IkXwIAXAzSMwM3JY4WPe0PpDtiIJ7iNlEETgrMwtpB+lZs
         GNcyUZ4jYSKzKv+EoU/hmUX4GwERfFyKXIZx5FhU=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:15 +0100
Subject: [PATCH v2 02/18] sysctl: delete unused define
 SYSCTL_PERM_EMPTY_DIR
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-2-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=622;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=q4VE2o2FyvyFNG1LqUdQPdjkzoeYyweyQ8tzt1Zr98M=;
 b=w9UTx2HponGUKe8TWC0etLx9EWRzxuN1D/Eju+YpMZkSFCuCRce0znWXJDyiwUfDfeENARdb8
 gNbmedabRpLB4Cu3/U/T/SDS4VwIA3XWLFu2VK3XeTU44B3TFShYaa0
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

It seems it was never used.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 include/linux/sysctl.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 61b40ea81f4d..26a38161c28f 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -255,8 +255,6 @@ extern int unaligned_enabled;
 extern int unaligned_dump_stack;
 extern int no_unaligned_warning;
=20
-#define SYSCTL_PERM_EMPTY_DIR	(1 << 0)
-
 #else /* CONFIG_SYSCTL */
=20
 static inline void register_sysctl_init(const char *path, struct ctl_table=
 *table)

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C1156C10DC3
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:52:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343495AbjLDHw3 (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:29 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48144 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234690AbjLDHw1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:27 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73167F3;
        Sun,  3 Dec 2023 23:52:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676351;
        bh=IyP3fTXp1SAs7UkxiJUA9xlgTpZMUTTPQdr1Z8WPbb0=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=SQ4c4OJgJJCnisETb9hXUF5YYUf7C0UKd6c5Mww/aO3s77s0vnJ0BYmhq9jI56SXo
         ZOeCfh0d6Oci9O5gxeD87hctfl1w06lqiP3cEdVC5pjMtWexivDvWbYfte4WFes+8e
         nV0fUg21Ob0hYeGT65jveRMunFejdMDZjaDXK1Ak=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:16 +0100
Subject: [PATCH v2 03/18] sysctl: drop sysctl_is_perm_empty_ctl_table
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-3-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1435;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=IyP3fTXp1SAs7UkxiJUA9xlgTpZMUTTPQdr1Z8WPbb0=;
 b=+ngBpUV2SiwicZA4ds9XMOzk5Pbxi+vGaZjien+LXgMroK7KKieP5OaWIcOCF+WqNuE4vgwZP
 xT40W0mgomqCFiuD3TvBSNW81r50LHid1h8Ji7pYWOHqATHnrdOYQdq
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

It is used only once and that caller would be simpler with
sysctl_is_perm_empty_ctl_header().
So use this sibling function.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 fs/proc/proc_sysctl.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 8064ea76f80b..689a30196d0c 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -48,10 +48,8 @@ struct ctl_table_header *register_sysctl_mount_point(con=
st char *path)
 }
 EXPORT_SYMBOL(register_sysctl_mount_point);
=20
-#define sysctl_is_perm_empty_ctl_table(tptr)		\
-	(tptr[0].type =3D=3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
 #define sysctl_is_perm_empty_ctl_header(hptr)		\
-	(sysctl_is_perm_empty_ctl_table(hptr->ctl_table))
+	(hptr->ctl_table[0].type =3D=3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
 #define sysctl_set_perm_empty_ctl_header(hptr)		\
 	(hptr->ctl_table[0].type =3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
 #define sysctl_clear_perm_empty_ctl_header(hptr)	\
@@ -233,7 +231,7 @@ static int insert_header(struct ctl_dir *dir, struct ct=
l_table_header *header)
 		return -EROFS;
=20
 	/* Am I creating a permanently empty directory? */
-	if (sysctl_is_perm_empty_ctl_table(header->ctl_table)) {
+	if (sysctl_is_perm_empty_ctl_header(header)) {
 		if (!RB_EMPTY_ROOT(&dir->root))
 			return -EINVAL;
 		sysctl_set_perm_empty_ctl_header(dir_h);

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8A234C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:52:48 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343505AbjLDHwj (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48226 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343502AbjLDHw3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:29 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8626D135;
        Sun,  3 Dec 2023 23:52:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676351;
        bh=T3jII5zUnYlnbPPOk4OeB1e7CrcIRU8AQwdXqX+t2X0=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=ZBXFhIz94gSg8Kt7v4w19SdE5yTe/j5v18vyl9a3isW/pKheYAYWCJ55ZQhgDSVA/
         VVK2ulqv4htTjx9Gvb3dCYsL2nmaejGLVJvR8Fev13rdYXI3H7RuqdTH3r99MH26RL
         3yay1rFxRe0DseFdG/F9jH9gklQnbzsfpENugf0o=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:17 +0100
Subject: [PATCH v2 04/18] cgroup: bpf: constify ctl_table arguments and
 fields
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-4-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1943;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=T3jII5zUnYlnbPPOk4OeB1e7CrcIRU8AQwdXqX+t2X0=;
 b=empLB4oJMwGiCFdfTNXuKBYx88Wx32Olsk3PXjNKGw04ybJ6PSzYfGsjskQjHYM/x/F1Q2mHD
 B8qDNrFLuhSDfKF7RqS74q2ZdbS3z89noN6eESpUZOp3EUXpVM/QYbb
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt the cgroup-bpf
code.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 include/linux/bpf-cgroup.h | 2 +-
 include/linux/filter.h     | 2 +-
 kernel/bpf/cgroup.c        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
index a789266feac3..504fe9f8a3e7 100644
--- a/include/linux/bpf-cgroup.h
+++ b/include/linux/bpf-cgroup.h
@@ -138,7 +138,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u=
32 major, u32 minor,
 				      short access, enum cgroup_bpf_attach_type atype);
=20
 int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
-				   struct ctl_table *table, int write,
+				   const struct ctl_table *table, int write,
 				   char **buf, size_t *pcount, loff_t *ppos,
 				   enum cgroup_bpf_attach_type atype);
=20
diff --git a/include/linux/filter.h b/include/linux/filter.h
index a4953fafc8cb..4d035fbd8558 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1358,7 +1358,7 @@ struct bpf_sock_ops_kern {
=20
 struct bpf_sysctl_kern {
 	struct ctl_table_header *head;
-	struct ctl_table *table;
+	const struct ctl_table *table;
 	void *cur_val;
 	size_t cur_len;
 	void *new_val;
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 491d20038cbe..85476970b487 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1694,7 +1694,7 @@ const struct bpf_verifier_ops cg_dev_verifier_ops =3D=
 {
  * returned value !=3D 1 during execution. In all other cases 0 is returne=
d.
  */
 int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
-				   struct ctl_table *table, int write,
+				   const struct ctl_table *table, int write,
 				   char **buf, size_t *pcount, loff_t *ppos,
 				   enum cgroup_bpf_attach_type atype)
 {

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EACFBC4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343557AbjLDHxA (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:00 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55886 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234769AbjLDHwq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:46 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79B79136;
        Sun,  3 Dec 2023 23:52:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=TZdNqn1SiSNc5YcuC4mCIk7Ynn2gUU/Or228atMtaJs=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=Az7F8rfSpThZ1n25BdEvJp2p9E/AzY0X3wozV/MY1/PAa1/Qj0RAhj7z6fiRqI7kK
         7HDAJXx5XOu/S6imHwuojXsRcbfmd6OiQSZzb0GGBpHVT+IA2v6TKvAaAa/d2HWf+4
         /NehtYiQxYEIopU8YBWhQpz/RtDsgc+T9zG7k1jA=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:18 +0100
Subject: [PATCH v2 05/18] seccomp: constify ctl_table arguments of utility
 functions
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-5-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1238;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=TZdNqn1SiSNc5YcuC4mCIk7Ynn2gUU/Or228atMtaJs=;
 b=+bb7R1dzvflk2V91q1B3apYuSZNzsswX5hsEfkK3Q7Bi6c2nVr2JfTll1pVlMP5bZS2K4J5GB
 XaPAF3lxcvpDah0XCW1ntvvsW9fI5ifFd/kDIevoOjVDZbSHl4zCMEZ
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
Acked-by: Kees Cook <keescook@chromium.org>
---
 kernel/seccomp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 255999ba9190..a23672674ff6 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -2334,7 +2334,7 @@ static bool seccomp_actions_logged_from_names(u32 *ac=
tions_logged, char *names)
 	return true;
 }
=20
-static int read_actions_logged(struct ctl_table *ro_table, void *buffer,
+static int read_actions_logged(const struct ctl_table *ro_table, void *buf=
fer,
 			       size_t *lenp, loff_t *ppos)
 {
 	char names[sizeof(seccomp_actions_avail)];
@@ -2352,7 +2352,7 @@ static int read_actions_logged(struct ctl_table *ro_t=
able, void *buffer,
 	return proc_dostring(&table, 0, buffer, lenp, ppos);
 }
=20
-static int write_actions_logged(struct ctl_table *ro_table, void *buffer,
+static int write_actions_logged(const struct ctl_table *ro_table, void *bu=
ffer,
 				size_t *lenp, loff_t *ppos, u32 *actions_logged)
 {
 	char names[sizeof(seccomp_actions_avail)];

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 36B77C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343531AbjLDHw6 (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:58 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55962 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234725AbjLDHwq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:46 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DC7F191;
        Sun,  3 Dec 2023 23:52:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=5+HgEomGEcSfal8KEHbNRv5xkdMmu5uXZxrXCkIqu/g=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=nz3O4RpuvWkpltHlM3RYR9Jf3NvPF4MsnW3PyS389PBHs7UcASGhvDwUxa3ZFViyw
         SO0u+5I4bzKzYUIEqvVCZftRUMx6dQVMYYTdwPSyzAPN/xYB1m/vA6+4/+qnJy+csx
         UZK2VBQBwUMeh7KlXYFHy6bMh96GzxGmUhbGU/co=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:19 +0100
Subject: [PATCH v2 06/18] hugetlb: constify ctl_table arguments of utility
 functions
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-6-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1138;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=5+HgEomGEcSfal8KEHbNRv5xkdMmu5uXZxrXCkIqu/g=;
 b=zd4HWDIvql9ethCYqcpULcNo0aOGOKcNIZoT6kq593C2oMwlIWM/2afb9K5I09ugAwV7Xi7Yb
 FGDJ8iOEM8EDN5I7kHXRLNOjXCxYDRa8gF/KebTpU/Di8j9dEg7L9e7
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helpers.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 mm/hugetlb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 1169ef2f2176..2df21a295359 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4835,7 +4835,7 @@ static unsigned int allowed_mems_nr(struct hstate *h)
 }
=20
 #ifdef CONFIG_SYSCTL
-static int proc_hugetlb_doulongvec_minmax(struct ctl_table *table, int wri=
te,
+static int proc_hugetlb_doulongvec_minmax(const struct ctl_table *table, i=
nt write,
 					  void *buffer, size_t *length,
 					  loff_t *ppos, unsigned long *out)
 {
@@ -4852,7 +4852,7 @@ static int proc_hugetlb_doulongvec_minmax(struct ctl_=
table *table, int write,
 }
=20
 static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
-			 struct ctl_table *table, int write,
+			 const struct ctl_table *table, int write,
 			 void *buffer, size_t *length, loff_t *ppos)
 {
 	struct hstate *h =3D &default_hstate;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6CD89C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234821AbjLDHwu (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55872 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234758AbjLDHwp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:45 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3444018E;
        Sun,  3 Dec 2023 23:52:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=XX/0Dgv+i6b2iH4R1etXfooZRb2dy5KXDGiPQVphnWA=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=ebZp+DVYTEEAfjfaE0tgQxKbgsqYJFjNAFwcUYjBzNwvnbfhz3uNMC236Sa1fPfTw
         NyY5igxxS9b4fxVKkbyqn/gh+YLiw9R55X5EIHr6YQgzV7wOrcR9JY8Vf91oNlaGDV
         YtvSFjz8UWu4u5MQAanh2PNkPYJH1h1eebMkon+0=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:20 +0100
Subject: [PATCH v2 07/18] utsname: constify ctl_table arguments of utility
 function
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-7-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=696;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=XX/0Dgv+i6b2iH4R1etXfooZRb2dy5KXDGiPQVphnWA=;
 b=zWbb03OQ8wfovwcUfOlCCPX491ahk1eH62Nq+pjCquKuyWlS5cMqfrOW//ibS7ErluyLMRkWU
 8/+YmIhOrdlDhhbBdhUvQ1jGzJTdwvIKPQmgi1Kr/jqFOIqsESa0dt6
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the proc_handlers themselves will change to
"const struct ctl_table". As a preparation for that adapt the internal
helper.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 kernel/utsname_sysctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
index 019e3a1566cf..46590d4addc8 100644
--- a/kernel/utsname_sysctl.c
+++ b/kernel/utsname_sysctl.c
@@ -15,7 +15,7 @@
=20
 #ifdef CONFIG_PROC_SYSCTL
=20
-static void *get_uts(struct ctl_table *table)
+static void *get_uts(const struct ctl_table *table)
 {
 	char *which =3D table->data;
 	struct uts_namespace *uts_ns;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34FA5C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343589AbjLDHxH (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55982 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234772AbjLDHwq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:46 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A430FF;
        Sun,  3 Dec 2023 23:52:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=IxovWkSQa7nkG31gg70HY4PZ86eNzdXLGZdnYvGdlOk=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=ci3b+tBlQJ2I4Tnz6Uq8xCRvClO69u71LCh7Jwtj+5JsnWUJoaWhvTg3js+PuZNVW
         tirBQ8o0jdqrYvHi8MAckWJ8O/mudw3ffSFWracoTmFkEf2CtxM9hp7OXWuLsgmKJf
         8DARgLvu9Mjh2qEXOkDlubwYy0CivYcuPoJ8UMQo=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:21 +0100
Subject: [PATCH v2 08/18] stackleak: don't modify ctl_table argument
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-8-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1076;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=IxovWkSQa7nkG31gg70HY4PZ86eNzdXLGZdnYvGdlOk=;
 b=qMyrGJ0w/4+XhOWDiE66KEjMCj0gweurC/6oQwk/Krqtt1DIpUqZeI5jGJHKrmVOFeGke54pt
 YQi71Ea3sghBwYXo0q8Kz3ZhIgB+zOH6G6jdpErT6vSnyCISy0KxjSU
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the proc_handlers will change to
"const struct ctl_table".
As a preparation for that adapt the logic to work with a temporary
variable, similar to how it is done in other parts of the kernel.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
Acked-by: Kees Cook <keescook@chromium.org>
---
 kernel/stackleak.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/kernel/stackleak.c b/kernel/stackleak.c
index 34c9d81eea94..b292e5ca0b7d 100644
--- a/kernel/stackleak.c
+++ b/kernel/stackleak.c
@@ -27,10 +27,11 @@ static int stack_erasing_sysctl(struct ctl_table *table=
, int write,
 	int ret =3D 0;
 	int state =3D !static_branch_unlikely(&stack_erasing_bypass);
 	int prev_state =3D state;
+	struct ctl_table tmp =3D *table;
=20
-	table->data =3D &state;
-	table->maxlen =3D sizeof(int);
-	ret =3D proc_dointvec_minmax(table, write, buffer, lenp, ppos);
+	tmp.data =3D &state;
+	tmp.maxlen =3D sizeof(int);
+	ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
 	state =3D !!state;
 	if (ret || !write || state =3D=3D prev_state)
 		return ret;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E2FD7C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343580AbjLDHxD (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55904 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234730AbjLDHwq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:46 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F0A7198;
        Sun,  3 Dec 2023 23:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=v0MXLGIsisRjyz+2q8S4lNJCjp7Kc1OsT9OWJgMTDC0=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=NpAknuE+SwTyR4zjPUm2h6dHi5u3Il/bBsvGZ3mlpPxjGYT2t7M7Y6Un/IYoB0iMK
         ReELEAwm3nZ5LEAMS3pGHH6hUh0PA0DFKWC8yDLs/wr4zGuRlSqCiFv1jPLY3p3kgC
         VDAFEp/kkHjLix6w3AIf0+hmrAH5OnqMB4G+JvZQ=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:22 +0100
Subject: [PATCH v2 09/18] sysctl: treewide: constify
 ctl_table_root::set_ownership
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-9-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=1372;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=v0MXLGIsisRjyz+2q8S4lNJCjp7Kc1OsT9OWJgMTDC0=;
 b=36piJllEmuNADES2V+irUyjSXbQwWiVHfuHvaVtX4ZUFuaW3bGFv0NxakonPgvNZa1veydxZy
 r6beTa7NJ3SCdG+Ab8rKNLOvH7rjBf1WSb68bEFxJ4QKHESQJbBmCiq
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt the
set_ownership callbacks.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 include/linux/sysctl.h | 2 +-
 net/sysctl_net.c       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 26a38161c28f..800154e1ff88 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -205,7 +205,7 @@ struct ctl_table_root {
 	struct ctl_table_set default_set;
 	struct ctl_table_set *(*lookup)(struct ctl_table_root *root);
 	void (*set_ownership)(struct ctl_table_header *head,
-			      struct ctl_table *table,
+			      const struct ctl_table *table,
 			      kuid_t *uid, kgid_t *gid);
 	int (*permissions)(struct ctl_table_header *head, struct ctl_table *table=
);
 };
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 051ed5f6fc93..1310ef8f0958 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -54,7 +54,7 @@ static int net_ctl_permissions(struct ctl_table_header *h=
ead,
 }
=20
 static void net_ctl_set_ownership(struct ctl_table_header *head,
-				  struct ctl_table *table,
+				  const struct ctl_table *table,
 				  kuid_t *uid, kgid_t *gid)
 {
 	struct net *net =3D container_of(head->set, struct net, sysctls);

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8EE81C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343496AbjLDHwz (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:52:55 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55854 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234719AbjLDHwp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:45 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA9A5102;
        Sun,  3 Dec 2023 23:52:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=S9V/IJQi2EMf1kRNVARgwVZ9ApUdndNydZjX5OKBihc=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=KDc8hCKfDhh524oHnRJPJz0iNBKtq1KksoAS8/EBsl7Ak4JWrGsbbXOdVe6MMDUM4
         XfikUAI0N5MybtF9Lh//LM50eJilELIxaInUuWDBKyMvDd6gqAKsGpibPTN8X+imTO
         HMTwJbVN8BiCRjVmszIFT37OeQ88hi/Ykllu/AzY=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:23 +0100
Subject: [PATCH v2 10/18] sysctl: treewide: constify
 ctl_table_root::permissions
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-10-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=2382;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=S9V/IJQi2EMf1kRNVARgwVZ9ApUdndNydZjX5OKBihc=;
 b=HnfoCDmJBovIxiovoyRKYbwFwzbbCaj+R/sL4531aUB8MM1AzeDUZRnRsHT+2K69vhtsTyNUm
 2Sv5i/tkSuQCcDN+8GyyuUL1c56UbP9k3xL8fjP8ojnT386O28+fLCs
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt the
permission callbacks.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 include/linux/sysctl.h | 2 +-
 ipc/ipc_sysctl.c       | 2 +-
 kernel/ucount.c        | 2 +-
 net/sysctl_net.c       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 800154e1ff88..92c1d0114cdc 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -207,7 +207,7 @@ struct ctl_table_root {
 	void (*set_ownership)(struct ctl_table_header *head,
 			      const struct ctl_table *table,
 			      kuid_t *uid, kgid_t *gid);
-	int (*permissions)(struct ctl_table_header *head, struct ctl_table *table=
);
+	int (*permissions)(struct ctl_table_header *head, const struct ctl_table =
*table);
 };
=20
 /* struct ctl_path describes where in the hierarchy a table is added */
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 8c62e443f78b..b087787f608f 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -190,7 +190,7 @@ static int set_is_seen(struct ctl_table_set *set)
 	return &current->nsproxy->ipc_ns->ipc_set =3D=3D set;
 }
=20
-static int ipc_permissions(struct ctl_table_header *head, struct ctl_table=
 *table)
+static int ipc_permissions(struct ctl_table_header *head, const struct ctl=
_table *table)
 {
 	int mode =3D table->mode;
=20
diff --git a/kernel/ucount.c b/kernel/ucount.c
index 4aa6166cb856..90300840256b 100644
--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -38,7 +38,7 @@ static int set_is_seen(struct ctl_table_set *set)
 }
=20
 static int set_permissions(struct ctl_table_header *head,
-				  struct ctl_table *table)
+			   const struct ctl_table *table)
 {
 	struct user_namespace *user_ns =3D
 		container_of(head->set, struct user_namespace, set);
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 1310ef8f0958..2873a4fed47d 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -40,7 +40,7 @@ static int is_seen(struct ctl_table_set *set)
=20
 /* Return standard mode bits for table entry. */
 static int net_ctl_permissions(struct ctl_table_header *head,
-			       struct ctl_table *table)
+			       const struct ctl_table *table)
 {
 	struct net *net =3D container_of(head->set, struct net, sysctls);
=20

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 36E80C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234813AbjLDHxQ (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:16 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55936 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234752AbjLDHwr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:47 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AF7E199;
        Sun,  3 Dec 2023 23:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=vXMcA8YQYm2FUpqjpEn4cJ52/C+SgDpaLPB9ntMBbJY=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=Ha4O5LQvgzb+eIcnyIaDw+qV2TmGRQfeldo6D+8PQCbxylpCyKRi7bl9TnXt0x+B6
         h584DcuV/On+vuIJIB1UIpEVJMVWtUUhR7FS3P0VdbKvQMFaxkSCbryMmHbYZtn6NH
         OQoBluUF8YZ8E4iEHIF8kAuNVmaeB6fI5pqsUiM8=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:24 +0100
Subject: [PATCH v2 11/18] sysctl: treewide: constify
 ctl_table_header::ctl_table_arg
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-11-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=15050;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=vXMcA8YQYm2FUpqjpEn4cJ52/C+SgDpaLPB9ntMBbJY=;
 b=OwWuV9Xs9QPUA5m9POZBh/zXdAYHhnGV3tTqhswOKBt802HUj9KzAenQaV/+S2FOhExEd3WIg
 Aib7mqxY2enDKE4mo5rGY/BkeiwPPKCwZF51KBkfugeWa2nQveS7hyM
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt the
ctl_table_arg member.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 drivers/net/vrf.c                       | 2 +-
 include/linux/sysctl.h                  | 2 +-
 ipc/ipc_sysctl.c                        | 2 +-
 ipc/mq_sysctl.c                         | 2 +-
 kernel/ucount.c                         | 2 +-
 net/ax25/sysctl_net_ax25.c              | 2 +-
 net/bridge/br_netfilter_hooks.c         | 4 +++-
 net/core/sysctl_net_core.c              | 2 +-
 net/ieee802154/6lowpan/reassembly.c     | 2 +-
 net/ipv4/devinet.c                      | 2 +-
 net/ipv4/ip_fragment.c                  | 2 +-
 net/ipv4/route.c                        | 2 +-
 net/ipv4/sysctl_net_ipv4.c              | 2 +-
 net/ipv4/xfrm4_policy.c                 | 2 +-
 net/ipv6/addrconf.c                     | 2 +-
 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +-
 net/ipv6/reassembly.c                   | 2 +-
 net/ipv6/sysctl_net_ipv6.c              | 6 +++---
 net/ipv6/xfrm6_policy.c                 | 2 +-
 net/mpls/af_mpls.c                      | 4 ++--
 net/mptcp/ctrl.c                        | 2 +-
 net/netfilter/nf_conntrack_standalone.c | 2 +-
 net/netfilter/nf_log.c                  | 2 +-
 net/sctp/sysctl.c                       | 2 +-
 net/smc/smc_sysctl.c                    | 2 +-
 net/unix/sysctl_net_unix.c              | 2 +-
 net/xfrm/xfrm_sysctl.c                  | 2 +-
 27 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index bb95ce43cd97..66f8542f3b18 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1971,7 +1971,7 @@ static int vrf_netns_init_sysctl(struct net *net, str=
uct netns_vrf *nn_vrf)
 static void vrf_netns_exit_sysctl(struct net *net)
 {
 	struct netns_vrf *nn_vrf =3D net_generic(net, vrf_net_id);
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D nn_vrf->ctl_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(nn_vrf->ctl_hdr);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 92c1d0114cdc..56b89e5294e9 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -182,7 +182,7 @@ struct ctl_table_header {
 		struct rcu_head rcu;
 	};
 	struct completion *unregistering;
-	struct ctl_table *ctl_table_arg;
+	const struct ctl_table *ctl_table_arg;
 	struct ctl_table_root *root;
 	struct ctl_table_set *set;
 	struct ctl_dir *parent;
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index b087787f608f..55d6b9f1e508 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -274,7 +274,7 @@ bool setup_ipc_sysctls(struct ipc_namespace *ns)
=20
 void retire_ipc_sysctls(struct ipc_namespace *ns)
 {
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D ns->ipc_sysctls->ctl_table_arg;
 	unregister_sysctl_table(ns->ipc_sysctls);
diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
index ebb5ed81c151..2a2ba6ded037 100644
--- a/ipc/mq_sysctl.c
+++ b/ipc/mq_sysctl.c
@@ -124,7 +124,7 @@ bool setup_mq_sysctls(struct ipc_namespace *ns)
=20
 void retire_mq_sysctls(struct ipc_namespace *ns)
 {
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D ns->mq_sysctls->ctl_table_arg;
 	unregister_sysctl_table(ns->mq_sysctls);
diff --git a/kernel/ucount.c b/kernel/ucount.c
index 90300840256b..366a2c1971f5 100644
--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -119,7 +119,7 @@ bool setup_userns_sysctls(struct user_namespace *ns)
 void retire_userns_sysctls(struct user_namespace *ns)
 {
 #ifdef CONFIG_SYSCTL
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D ns->sysctls->ctl_table_arg;
 	unregister_sysctl_table(ns->sysctls);
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index db66e11e7fe8..e0128dc9def3 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -171,7 +171,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
 void ax25_unregister_dev_sysctl(ax25_dev *ax25_dev)
 {
 	struct ctl_table_header *header =3D ax25_dev->sysheader;
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	if (header) {
 		ax25_dev->sysheader =3D NULL;
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hook=
s.c
index 6adcb45bca75..74056b563b95 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -1146,7 +1146,9 @@ static int br_netfilter_sysctl_init_net(struct net *n=
et)
 static void br_netfilter_sysctl_exit_net(struct net *net,
 					 struct brnf_net *brnet)
 {
-	struct ctl_table *table =3D brnet->ctl_hdr->ctl_table_arg;
+	const struct ctl_table *table;
+
+	table =3D brnet->ctl_hdr->ctl_table_arg;
=20
 	unregister_net_sysctl_table(brnet->ctl_hdr);
 	if (!net_eq(net, &init_net))
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 03f1edb948d7..08a01b31be99 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -728,7 +728,7 @@ static __net_init int sysctl_core_net_init(struct net *=
net)
=20
 static __net_exit void sysctl_core_net_exit(struct net *net)
 {
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D net->core.sysctl_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->core.sysctl_hdr);
diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/r=
eassembly.c
index 6dd960ec558c..2a983cf450da 100644
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -399,7 +399,7 @@ static int __net_init lowpan_frags_ns_sysctl_register(s=
truct net *net)
=20
 static void __net_exit lowpan_frags_ns_sysctl_unregister(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
 	struct netns_ieee802154_lowpan *ieee802154_lowpan =3D
 		net_ieee802154_lowpan(net);
=20
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index ca0ff15dc8fa..f8a56fe95801 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2767,7 +2767,7 @@ static __net_init int devinet_init_net(struct net *ne=
t)
 static __net_exit void devinet_exit_net(struct net *net)
 {
 #ifdef CONFIG_SYSCTL
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D net->ipv4.forw_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->ipv4.forw_hdr);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index a4941f53b523..6b9285fd6f06 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -632,7 +632,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct =
net *net)
=20
 static void __net_exit ip4_frags_ns_ctl_unregister(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->ipv4.frags_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->ipv4.frags_hdr);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 16615d107cf0..7c7884110a58 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3590,7 +3590,7 @@ static __net_init int sysctl_route_net_init(struct ne=
t *net)
=20
 static __net_exit void sysctl_route_net_exit(struct net *net)
 {
-	struct ctl_table *tbl;
+	const struct ctl_table *tbl;
=20
 	tbl =3D net->ipv4.route_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->ipv4.route_hdr);
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index f63a545a7374..599244f9ad65 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -1558,7 +1558,7 @@ static __net_init int ipv4_sysctl_init_net(struct net=
 *net)
=20
 static __net_exit void ipv4_sysctl_exit_net(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	kfree(net->ipv4.sysctl_local_reserved_ports);
 	table =3D net->ipv4.ipv4_hdr->ctl_table_arg;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index c33bca2c3841..1dda59e0aeab 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -186,7 +186,7 @@ static __net_init int xfrm4_net_sysctl_init(struct net =
*net)
=20
 static __net_exit void xfrm4_net_sysctl_exit(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	if (!net->ipv4.xfrm4_hdr)
 		return;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 3aaea56b5166..aa5654d29334 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -7180,7 +7180,7 @@ static int __addrconf_sysctl_register(struct net *net=
, char *dev_name,
 static void __addrconf_sysctl_unregister(struct net *net,
 					 struct ipv6_devconf *p, int ifindex)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	if (!p->sysctl_header)
 		return;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/n=
f_conntrack_reasm.c
index b2dd48911c8d..1d6f6deb2562 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -105,7 +105,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
 static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net)
 {
 	struct nft_ct_frag6_pernet *nf_frag =3D nf_frag_pernet(net);
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D nf_frag->nf_frag_frags_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 5ebc47da1000..0746dc1f1e61 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -487,7 +487,7 @@ static int __net_init ip6_frags_ns_sysctl_register(stru=
ct net *net)
=20
 static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->ipv6.sysctl.frags_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr);
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 888676163e90..75de55f907b0 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -313,9 +313,9 @@ static int __net_init ipv6_sysctl_net_init(struct net *=
net)
=20
 static void __net_exit ipv6_sysctl_net_exit(struct net *net)
 {
-	struct ctl_table *ipv6_table;
-	struct ctl_table *ipv6_route_table;
-	struct ctl_table *ipv6_icmp_table;
+	const struct ctl_table *ipv6_table;
+	const struct ctl_table *ipv6_route_table;
+	const struct ctl_table *ipv6_icmp_table;
=20
 	ipv6_table =3D net->ipv6.sysctl.hdr->ctl_table_arg;
 	ipv6_route_table =3D net->ipv6.sysctl.route_hdr->ctl_table_arg;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 42fb6996b077..4891012b692f 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -218,7 +218,7 @@ static int __net_init xfrm6_net_sysctl_init(struct net =
*net)
=20
 static void __net_exit xfrm6_net_sysctl_exit(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	if (!net->ipv6.sysctl.xfrm6_hdr)
 		return;
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 1af29af65388..832b63bb5646 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1438,7 +1438,7 @@ static void mpls_dev_sysctl_unregister(struct net_dev=
ice *dev,
 				       struct mpls_dev *mdev)
 {
 	struct net *net =3D dev_net(dev);
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	if (!mdev->sysctl)
 		return;
@@ -2704,7 +2704,7 @@ static void mpls_net_exit(struct net *net)
 {
 	struct mpls_route __rcu **platform_label;
 	size_t platform_labels;
-	struct ctl_table *table;
+	const struct ctl_table *table;
 	unsigned int index;
=20
 	table =3D net->mpls.ctl->ctl_table_arg;
diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c
index 13fe0748dde8..8d661156ab8c 100644
--- a/net/mptcp/ctrl.c
+++ b/net/mptcp/ctrl.c
@@ -198,7 +198,7 @@ static int mptcp_pernet_new_table(struct net *net, stru=
ct mptcp_pernet *pernet)
=20
 static void mptcp_pernet_del_table(struct mptcp_pernet *pernet)
 {
-	struct ctl_table *table =3D pernet->ctl_table_hdr->ctl_table_arg;
+	const struct ctl_table *table =3D pernet->ctl_table_hdr->ctl_table_arg;
=20
 	unregister_net_sysctl_table(pernet->ctl_table_hdr);
=20
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_con=
ntrack_standalone.c
index 0ee98ce5b816..bb9dea676ec1 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -1122,7 +1122,7 @@ static int nf_conntrack_standalone_init_sysctl(struct=
 net *net)
 static void nf_conntrack_standalone_fini_sysctl(struct net *net)
 {
 	struct nf_conntrack_net *cnet =3D nf_ct_pernet(net);
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D cnet->sysctl_header->ctl_table_arg;
 	unregister_net_sysctl_table(cnet->sysctl_header);
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 8cc52d2bd31b..2e897a9f0689 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -508,7 +508,7 @@ static int netfilter_log_sysctl_init(struct net *net)
=20
 static void netfilter_log_sysctl_exit(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->nf.nf_log_dir_header->ctl_table_arg;
 	unregister_net_sysctl_table(net->nf.nf_log_dir_header);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index f65d6f92afcb..25bdf17c7262 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -624,7 +624,7 @@ int sctp_sysctl_net_register(struct net *net)
=20
 void sctp_sysctl_net_unregister(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->sctp.sysctl_header->ctl_table_arg;
 	unregister_net_sysctl_table(net->sctp.sysctl_header);
diff --git a/net/smc/smc_sysctl.c b/net/smc/smc_sysctl.c
index 5cbc18c6e62b..c632df62ff90 100644
--- a/net/smc/smc_sysctl.c
+++ b/net/smc/smc_sysctl.c
@@ -109,7 +109,7 @@ int __net_init smc_sysctl_net_init(struct net *net)
=20
 void __net_exit smc_sysctl_net_exit(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->smc.smc_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->smc.smc_hdr);
diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
index 3e84b31c355a..44996af61999 100644
--- a/net/unix/sysctl_net_unix.c
+++ b/net/unix/sysctl_net_unix.c
@@ -52,7 +52,7 @@ int __net_init unix_sysctl_register(struct net *net)
=20
 void unix_sysctl_unregister(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->unx.ctl->ctl_table_arg;
 	unregister_net_sysctl_table(net->unx.ctl);
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
index 7fdeafc838a7..e972930c292b 100644
--- a/net/xfrm/xfrm_sysctl.c
+++ b/net/xfrm/xfrm_sysctl.c
@@ -76,7 +76,7 @@ int __net_init xfrm_sysctl_init(struct net *net)
=20
 void __net_exit xfrm_sysctl_fini(struct net *net)
 {
-	struct ctl_table *table;
+	const struct ctl_table *table;
=20
 	table =3D net->xfrm.sysctl_hdr->ctl_table_arg;
 	unregister_net_sysctl_table(net->xfrm.sysctl_hdr);

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4EA45C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343535AbjLDHxn (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55838 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234824AbjLDHwu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:50 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 985931A6;
        Sun,  3 Dec 2023 23:52:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=OvGfsmYmDAUZa6ocEzDc9Q0JwNuefDI0e0GVlm7Gr0M=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=kx/nqCFMsMCL6699FSDK+mRcHNyYAVlRU3oC2+8qyqMN9L26SojjIxxdZ+bZRVx9a
         27voqrV2g1o2Ks7cJ3Es/9Y1+GBAlf1JoKvLDaWiFDQJTUjQcphQe/mNvxfG48X+Va
         N6GzC/8jdzO955Vne/pm9tP+9K0k2QQc9jX2xEhc=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:25 +0100
Subject: [PATCH v2 12/18] sysctl: treewide: constify the ctl_table argument
 of handlers
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-12-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=111769;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=OvGfsmYmDAUZa6ocEzDc9Q0JwNuefDI0e0GVlm7Gr0M=;
 b=jq2zmmtAXBECFe4vLj3r1vjkTWXmPNrw5AV8CuDReYJ7wAHpn5WneJChogTrGmobgnvanHT6D
 8MKI3nivq1yDjfwDQ4CHIWhW2wVjVVSf0qzYOBVoULpAGOU8wx2aKBP
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that adapt all the proc
handlers.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
Reviewed-by: Kees Cook <keescook@chromium.org> # security/*
---
 arch/arm64/kernel/armv8_deprecated.c      |  2 +-
 arch/arm64/kernel/fpsimd.c                |  2 +-
 arch/s390/appldata/appldata_base.c        |  8 +--
 arch/s390/kernel/debug.c                  |  2 +-
 arch/s390/kernel/topology.c               |  2 +-
 arch/s390/mm/cmm.c                        |  6 +--
 arch/x86/kernel/itmt.c                    |  2 +-
 drivers/cdrom/cdrom.c                     |  4 +-
 drivers/char/random.c                     |  4 +-
 drivers/macintosh/mac_hid.c               |  2 +-
 drivers/net/vrf.c                         |  2 +-
 drivers/parport/procfs.c                  | 12 ++---
 fs/coredump.c                             |  2 +-
 fs/dcache.c                               |  4 +-
 fs/drop_caches.c                          |  2 +-
 fs/exec.c                                 |  4 +-
 fs/file_table.c                           |  2 +-
 fs/fs-writeback.c                         |  2 +-
 fs/inode.c                                |  4 +-
 fs/pipe.c                                 |  2 +-
 fs/quota/dquot.c                          |  2 +-
 fs/xfs/xfs_sysctl.c                       |  6 +--
 include/linux/ftrace.h                    |  4 +-
 include/linux/mm.h                        |  8 +--
 include/linux/perf_event.h                |  6 +--
 include/linux/security.h                  |  2 +-
 include/linux/sysctl.h                    | 36 +++++++-------
 include/linux/vmstat.h                    |  6 +--
 include/linux/writeback.h                 |  2 +-
 include/net/ndisc.h                       |  2 +-
 include/net/neighbour.h                   |  6 +--
 include/net/netfilter/nf_hooks_lwtunnel.h |  2 +-
 ipc/ipc_sysctl.c                          |  8 +--
 kernel/bpf/syscall.c                      |  4 +-
 kernel/delayacct.c                        |  4 +-
 kernel/events/callchain.c                 |  2 +-
 kernel/events/core.c                      |  4 +-
 kernel/fork.c                             |  2 +-
 kernel/hung_task.c                        |  4 +-
 kernel/kexec_core.c                       |  2 +-
 kernel/kprobes.c                          |  2 +-
 kernel/latencytop.c                       |  4 +-
 kernel/pid_namespace.c                    |  2 +-
 kernel/pid_sysctl.h                       |  2 +-
 kernel/printk/internal.h                  |  2 +-
 kernel/printk/printk.c                    |  2 +-
 kernel/printk/sysctl.c                    |  5 +-
 kernel/sched/core.c                       |  8 +--
 kernel/sched/rt.c                         | 12 ++---
 kernel/sched/topology.c                   |  2 +-
 kernel/seccomp.c                          |  4 +-
 kernel/stackleak.c                        |  2 +-
 kernel/sysctl.c                           | 82 +++++++++++++++------------=
----
 kernel/time/timer.c                       |  2 +-
 kernel/trace/ftrace.c                     |  2 +-
 kernel/trace/trace.c                      |  2 +-
 kernel/trace/trace_events_user.c          |  2 +-
 kernel/trace/trace_stack.c                |  2 +-
 kernel/umh.c                              |  2 +-
 kernel/utsname_sysctl.c                   |  2 +-
 kernel/watchdog.c                         | 15 +++---
 mm/compaction.c                           |  8 +--
 mm/hugetlb.c                              |  6 +--
 mm/page-writeback.c                       | 18 +++----
 mm/page_alloc.c                           | 22 ++++-----
 mm/util.c                                 | 12 ++---
 mm/vmstat.c                               |  4 +-
 net/bridge/br_netfilter_hooks.c           |  2 +-
 net/core/neighbour.c                      | 24 ++++-----
 net/core/sysctl_net_core.c                | 20 ++++----
 net/ipv4/devinet.c                        |  6 +--
 net/ipv4/route.c                          |  2 +-
 net/ipv4/sysctl_net_ipv4.c                | 33 +++++++------
 net/ipv6/addrconf.c                       | 27 +++++-----
 net/ipv6/ndisc.c                          |  4 +-
 net/ipv6/route.c                          |  2 +-
 net/ipv6/sysctl_net_ipv6.c                |  4 +-
 net/mpls/af_mpls.c                        |  4 +-
 net/netfilter/ipvs/ip_vs_ctl.c            | 16 +++---
 net/netfilter/nf_conntrack_standalone.c   |  2 +-
 net/netfilter/nf_hooks_lwtunnel.c         |  2 +-
 net/netfilter/nf_log.c                    |  2 +-
 net/phonet/sysctl.c                       |  2 +-
 net/rds/tcp.c                             |  4 +-
 net/sctp/sysctl.c                         | 28 +++++------
 net/sunrpc/sysctl.c                       |  6 +--
 net/sunrpc/xprtrdma/svc_rdma.c            |  2 +-
 security/apparmor/lsm.c                   |  2 +-
 security/min_addr.c                       |  2 +-
 security/yama/yama_lsm.c                  |  2 +-
 90 files changed, 306 insertions(+), 302 deletions(-)

diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8=
_deprecated.c
index dd6ce86d4332..a3085cb68852 100644
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -504,7 +504,7 @@ static int update_insn_emulation_mode(struct insn_emula=
tion *insn,
 	return ret;
 }
=20
-static int emulation_proc_handler(struct ctl_table *table, int write,
+static int emulation_proc_handler(const struct ctl_table *table, int write,
 				  void *buffer, size_t *lenp,
 				  loff_t *ppos)
 {
diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index 1559c706d32d..2b947031cd0e 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -555,7 +555,7 @@ static unsigned int find_supported_vector_length(enum v=
ec_type type,
=20
 #if defined(CONFIG_ARM64_SVE) && defined(CONFIG_SYSCTL)
=20
-static int vec_proc_do_default_vl(struct ctl_table *table, int write,
+static int vec_proc_do_default_vl(const struct ctl_table *table, int write,
 				  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct vl_info *info =3D table->extra1;
diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/applda=
ta_base.c
index c2978cb03b36..2bd253623be1 100644
--- a/arch/s390/appldata/appldata_base.c
+++ b/arch/s390/appldata/appldata_base.c
@@ -46,9 +46,9 @@
  * /proc entries (sysctl)
  */
 static const char appldata_proc_name[APPLDATA_PROC_NAME_LENGTH] =3D "appld=
ata";
-static int appldata_timer_handler(struct ctl_table *ctl, int write,
+static int appldata_timer_handler(const struct ctl_table *ctl, int write,
 				  void *buffer, size_t *lenp, loff_t *ppos);
-static int appldata_interval_handler(struct ctl_table *ctl, int write,
+static int appldata_interval_handler(const struct ctl_table *ctl, int writ=
e,
 				     void *buffer, size_t *lenp, loff_t *ppos);
=20
 static struct ctl_table_header *appldata_sysctl_header;
@@ -199,7 +199,7 @@ static void __appldata_vtimer_setup(int cmd)
  * Start/Stop timer, show status of timer (0 =3D not active, 1 =3D active)
  */
 static int
-appldata_timer_handler(struct ctl_table *ctl, int write,
+appldata_timer_handler(const struct ctl_table *ctl, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int timer_active =3D appldata_timer_active;
@@ -232,7 +232,7 @@ appldata_timer_handler(struct ctl_table *ctl, int write,
  * current timer interval.
  */
 static int
-appldata_interval_handler(struct ctl_table *ctl, int write,
+appldata_interval_handler(const struct ctl_table *ctl, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int interval =3D appldata_interval;
diff --git a/arch/s390/kernel/debug.c b/arch/s390/kernel/debug.c
index 85328a0ef3b6..bce50ca75ea7 100644
--- a/arch/s390/kernel/debug.c
+++ b/arch/s390/kernel/debug.c
@@ -954,7 +954,7 @@ static int debug_active =3D 1;
  * always allow read, allow write only if debug_stoppable is set or
  * if debug_active is already off
  */
-static int s390dbf_procactive(struct ctl_table *table, int write,
+static int s390dbf_procactive(const struct ctl_table *table, int write,
 			      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!write || debug_stoppable || !debug_active)
diff --git a/arch/s390/kernel/topology.c b/arch/s390/kernel/topology.c
index 89e91b8ce842..1df3dc118696 100644
--- a/arch/s390/kernel/topology.c
+++ b/arch/s390/kernel/topology.c
@@ -600,7 +600,7 @@ static int __init topology_setup(char *str)
 }
 early_param("topology", topology_setup);
=20
-static int topology_ctl_handler(struct ctl_table *ctl, int write,
+static int topology_ctl_handler(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int enabled =3D topology_is_enabled();
diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c
index f8b13f247646..1d6749e095f7 100644
--- a/arch/s390/mm/cmm.c
+++ b/arch/s390/mm/cmm.c
@@ -243,7 +243,7 @@ static int cmm_skip_blanks(char *cp, char **endp)
 	return str !=3D cp;
 }
=20
-static int cmm_pages_handler(struct ctl_table *ctl, int write,
+static int cmm_pages_handler(const struct ctl_table *ctl, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	long nr =3D cmm_get_pages();
@@ -262,7 +262,7 @@ static int cmm_pages_handler(struct ctl_table *ctl, int=
 write,
 	return 0;
 }
=20
-static int cmm_timed_pages_handler(struct ctl_table *ctl, int write,
+static int cmm_timed_pages_handler(const struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp,
 				   loff_t *ppos)
 {
@@ -282,7 +282,7 @@ static int cmm_timed_pages_handler(struct ctl_table *ct=
l, int write,
 	return 0;
 }
=20
-static int cmm_timeout_handler(struct ctl_table *ctl, int write,
+static int cmm_timeout_handler(const struct ctl_table *ctl, int write,
 			       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	char buf[64], *p;
diff --git a/arch/x86/kernel/itmt.c b/arch/x86/kernel/itmt.c
index 9a7c03d47861..51b805c727fc 100644
--- a/arch/x86/kernel/itmt.c
+++ b/arch/x86/kernel/itmt.c
@@ -38,7 +38,7 @@ static bool __read_mostly sched_itmt_capable;
  */
 unsigned int __read_mostly sysctl_sched_itmt_enabled;
=20
-static int sched_itmt_update_handler(struct ctl_table *table, int write,
+static int sched_itmt_update_handler(const struct ctl_table *table, int wr=
ite,
 				     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	unsigned int old_sysctl;
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index a5e07270e0d4..d0bd64129d43 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -3473,7 +3473,7 @@ static int cdrom_print_info(const char *header, int v=
al, char *info,
 	return 0;
 }
=20
-static int cdrom_sysctl_info(struct ctl_table *ctl, int write,
+static int cdrom_sysctl_info(const struct ctl_table *ctl, int write,
                            void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int pos;
@@ -3586,7 +3586,7 @@ static void cdrom_update_settings(void)
 	mutex_unlock(&cdrom_mutex);
 }
=20
-static int cdrom_sysctl_handler(struct ctl_table *ctl, int write,
+static int cdrom_sysctl_handler(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 4a9c79391dee..04b224bffbdd 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1606,7 +1606,7 @@ static u8 sysctl_bootid[UUID_SIZE];
  * UUID. The difference is in whether table->data is NULL; if it is,
  * then a new UUID is generated and returned to the user.
  */
-static int proc_do_uuid(struct ctl_table *table, int write, void *buf,
+static int proc_do_uuid(const struct ctl_table *table, int write, void *bu=
f,
 			size_t *lenp, loff_t *ppos)
 {
 	u8 tmp_uuid[UUID_SIZE], *uuid;
@@ -1637,7 +1637,7 @@ static int proc_do_uuid(struct ctl_table *table, int =
write, void *buf,
 }
=20
 /* The same as proc_dointvec, but writes don't change anything. */
-static int proc_do_rointvec(struct ctl_table *table, int write, void *buf,
+static int proc_do_rointvec(const struct ctl_table *table, int write, void=
 *buf,
 			    size_t *lenp, loff_t *ppos)
 {
 	return write ? 0 : proc_dointvec(table, 0, buf, lenp, ppos);
diff --git a/drivers/macintosh/mac_hid.c b/drivers/macintosh/mac_hid.c
index 1ae3539beff5..891047c8a110 100644
--- a/drivers/macintosh/mac_hid.c
+++ b/drivers/macintosh/mac_hid.c
@@ -182,7 +182,7 @@ static void mac_hid_stop_emulation(void)
 	mac_hid_destroy_emumouse();
 }
=20
-static int mac_hid_toggle_emumouse(struct ctl_table *table, int write,
+static int mac_hid_toggle_emumouse(const struct ctl_table *table, int writ=
e,
 				   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D table->data;
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 66f8542f3b18..14c5efd234ad 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1908,7 +1908,7 @@ static int vrf_strict_mode_change(struct vrf_map *vma=
p, bool new_mode)
 	return res;
 }
=20
-static int vrf_shared_table_handler(struct ctl_table *table, int write,
+static int vrf_shared_table_handler(const struct ctl_table *table, int wri=
te,
 				    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D (struct net *)table->extra1;
diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
index bd388560ed59..efa7c90e4234 100644
--- a/drivers/parport/procfs.c
+++ b/drivers/parport/procfs.c
@@ -33,7 +33,7 @@
 #define PARPORT_MIN_SPINTIME_VALUE 1
 #define PARPORT_MAX_SPINTIME_VALUE 1000
=20
-static int do_active_device(struct ctl_table *table, int write,
+static int do_active_device(const struct ctl_table *table, int write,
 		      void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port =3D (struct parport *)table->extra1;
@@ -70,7 +70,7 @@ static int do_active_device(struct ctl_table *table, int =
write,
 }
=20
 #ifdef CONFIG_PARPORT_1284
-static int do_autoprobe(struct ctl_table *table, int write,
+static int do_autoprobe(const struct ctl_table *table, int write,
 			void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport_device_info *info =3D table->extra2;
@@ -113,7 +113,7 @@ static int do_autoprobe(struct ctl_table *table, int wr=
ite,
 }
 #endif /* IEEE1284.3 support. */
=20
-static int do_hardware_base_addr(struct ctl_table *table, int write,
+static int do_hardware_base_addr(const struct ctl_table *table, int write,
 				 void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port =3D (struct parport *)table->extra1;
@@ -140,7 +140,7 @@ static int do_hardware_base_addr(struct ctl_table *tabl=
e, int write,
 	return 0;
 }
=20
-static int do_hardware_irq(struct ctl_table *table, int write,
+static int do_hardware_irq(const struct ctl_table *table, int write,
 			   void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port =3D (struct parport *)table->extra1;
@@ -167,7 +167,7 @@ static int do_hardware_irq(struct ctl_table *table, int=
 write,
 	return 0;
 }
=20
-static int do_hardware_dma(struct ctl_table *table, int write,
+static int do_hardware_dma(const struct ctl_table *table, int write,
 			   void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port =3D (struct parport *)table->extra1;
@@ -194,7 +194,7 @@ static int do_hardware_dma(struct ctl_table *table, int=
 write,
 	return 0;
 }
=20
-static int do_hardware_modes(struct ctl_table *table, int write,
+static int do_hardware_modes(const struct ctl_table *table, int write,
 			     void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port =3D (struct parport *)table->extra1;
diff --git a/fs/coredump.c b/fs/coredump.c
index 9d235fa14ab9..51283a671921 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -949,7 +949,7 @@ void validate_coredump_safety(void)
 	}
 }
=20
-static int proc_dostring_coredump(struct ctl_table *table, int write,
+static int proc_dostring_coredump(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int error =3D proc_dostring(table, write, buffer, lenp, ppos);
diff --git a/fs/dcache.c b/fs/dcache.c
index c82ae731df9a..0ea86ad6cedf 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -174,8 +174,8 @@ static long get_nr_dentry_negative(void)
 	return sum < 0 ? 0 : sum;
 }
=20
-static int proc_nr_dentry(struct ctl_table *table, int write, void *buffer,
-			  size_t *lenp, loff_t *ppos)
+static int proc_nr_dentry(const struct ctl_table *table, int write,
+			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	dentry_stat.nr_dentry =3D get_nr_dentry();
 	dentry_stat.nr_unused =3D get_nr_dentry_unused();
diff --git a/fs/drop_caches.c b/fs/drop_caches.c
index b9575957a7c2..d45ef541d848 100644
--- a/fs/drop_caches.c
+++ b/fs/drop_caches.c
@@ -48,7 +48,7 @@ static void drop_pagecache_sb(struct super_block *sb, voi=
d *unused)
 	iput(toput_inode);
 }
=20
-int drop_caches_sysctl_handler(struct ctl_table *table, int write,
+int drop_caches_sysctl_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *length, loff_t *ppos)
 {
 	int ret;
diff --git a/fs/exec.c b/fs/exec.c
index 4aa19b24f281..e3d124206020 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -2145,8 +2145,8 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
=20
 #ifdef CONFIG_SYSCTL
=20
-static int proc_dointvec_minmax_coredump(struct ctl_table *table, int writ=
e,
-		void *buffer, size_t *lenp, loff_t *ppos)
+static int proc_dointvec_minmax_coredump(const struct ctl_table *table,
+		int write, void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int error =3D proc_dointvec_minmax(table, write, buffer, lenp, ppos);
=20
diff --git a/fs/file_table.c b/fs/file_table.c
index de4a2915bfd4..bab68d672e33 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -109,7 +109,7 @@ EXPORT_SYMBOL_GPL(get_max_files);
 /*
  * Handle nr_files sysctl
  */
-static int proc_nr_files(struct ctl_table *table, int write, void *buffer,
+static int proc_nr_files(const struct ctl_table *table, int write, void *b=
uffer,
 			 size_t *lenp, loff_t *ppos)
 {
 	files_stat.nr_files =3D get_nr_files();
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 1767493dffda..a66c9d0556dc 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -2379,7 +2379,7 @@ static int __init start_dirtytime_writeback(void)
 }
 __initcall(start_dirtytime_writeback);
=20
-int dirtytime_interval_handler(struct ctl_table *table, int write,
+int dirtytime_interval_handler(const struct ctl_table *table, int write,
 			       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/fs/inode.c b/fs/inode.c
index f238d987dec9..76cf31ef25c8 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -106,8 +106,8 @@ long get_nr_dirty_inodes(void)
  */
 static struct inodes_stat_t inodes_stat;
=20
-static int proc_nr_inodes(struct ctl_table *table, int write, void *buffer,
-			  size_t *lenp, loff_t *ppos)
+static int proc_nr_inodes(const struct ctl_table *table, int write,
+			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	inodes_stat.nr_inodes =3D get_nr_inodes();
 	inodes_stat.nr_unused =3D get_nr_inodes_unused();
diff --git a/fs/pipe.c b/fs/pipe.c
index 804a7d789452..1dc57b4a283a 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1468,7 +1468,7 @@ static int do_proc_dopipe_max_size_conv(unsigned long=
 *lvalp,
 	return 0;
 }
=20
-static int proc_dopipe_max_size(struct ctl_table *table, int write,
+static int proc_dopipe_max_size(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return do_proc_douintvec(table, write, buffer, lenp, ppos,
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 58b5de081b57..d1a6511e48dc 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2887,7 +2887,7 @@ const struct quotactl_ops dquot_quotactl_sysfile_ops =
=3D {
 };
 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
=20
-static int do_proc_dqstats(struct ctl_table *table, int write,
+static int do_proc_dqstats(const struct ctl_table *table, int write,
 		     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	unsigned int type =3D (unsigned long *)table->data - dqstats.stat;
diff --git a/fs/xfs/xfs_sysctl.c b/fs/xfs/xfs_sysctl.c
index fade33735393..2c5adc88a830 100644
--- a/fs/xfs/xfs_sysctl.c
+++ b/fs/xfs/xfs_sysctl.c
@@ -11,7 +11,7 @@ static struct ctl_table_header *xfs_table_header;
 #ifdef CONFIG_PROC_FS
 STATIC int
 xfs_stats_clear_proc_handler(
-	struct ctl_table	*ctl,
+	const struct ctl_table	*ctl,
 	int			write,
 	void			*buffer,
 	size_t			*lenp,
@@ -31,7 +31,7 @@ xfs_stats_clear_proc_handler(
=20
 STATIC int
 xfs_panic_mask_proc_handler(
-	struct ctl_table	*ctl,
+	const struct ctl_table	*ctl,
 	int			write,
 	void			*buffer,
 	size_t			*lenp,
@@ -52,7 +52,7 @@ xfs_panic_mask_proc_handler(
=20
 STATIC int
 xfs_deprecated_dointvec_minmax(
-	struct ctl_table	*ctl,
+	const struct ctl_table	*ctl,
 	int			write,
 	void			*buffer,
 	size_t			*lenp,
diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
index e8921871ef9a..3e10fe61c2bf 100644
--- a/include/linux/ftrace.h
+++ b/include/linux/ftrace.h
@@ -470,7 +470,7 @@ static inline void arch_ftrace_set_direct_caller(struct=
 ftrace_regs *fregs,
=20
 extern int stack_tracer_enabled;
=20
-int stack_trace_sysctl(struct ctl_table *table, int write, void *buffer,
+int stack_trace_sysctl(const struct ctl_table *table, int write, void *buf=
fer,
 		       size_t *lenp, loff_t *ppos);
=20
 /* DO NOT MODIFY THIS VARIABLE DIRECTLY! */
@@ -1157,7 +1157,7 @@ extern int tracepoint_printk;
 extern void disable_trace_on_warning(void);
 extern int __disable_trace_on_warning;
=20
-int tracepoint_printk_sysctl(struct ctl_table *table, int write,
+int tracepoint_printk_sysctl(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos);
=20
 #else /* CONFIG_TRACING */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 418d26608ece..e95efc7bdc85 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -202,11 +202,11 @@ extern int sysctl_overcommit_memory;
 extern int sysctl_overcommit_ratio;
 extern unsigned long sysctl_overcommit_kbytes;
=20
-int overcommit_ratio_handler(struct ctl_table *, int, void *, size_t *,
+int overcommit_ratio_handler(const struct ctl_table *, int, void *, size_t=
 *,
 		loff_t *);
-int overcommit_kbytes_handler(struct ctl_table *, int, void *, size_t *,
+int overcommit_kbytes_handler(const struct ctl_table *, int, void *, size_=
t *,
 		loff_t *);
-int overcommit_policy_handler(struct ctl_table *, int, void *, size_t *,
+int overcommit_policy_handler(const struct ctl_table *, int, void *, size_=
t *,
 		loff_t *);
=20
 #if defined(CONFIG_SPARSEMEM) && !defined(CONFIG_SPARSEMEM_VMEMMAP)
@@ -3805,7 +3805,7 @@ extern bool process_shares_mm(struct task_struct *p, =
struct mm_struct *mm);
=20
 #ifdef CONFIG_SYSCTL
 extern int sysctl_drop_caches;
-int drop_caches_sysctl_handler(struct ctl_table *, int, void *, size_t *,
+int drop_caches_sysctl_handler(const struct ctl_table *, int, void *, size=
_t *,
 		loff_t *);
 #endif
=20
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index 5547ba68e6e4..a48c183cfbe0 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -1578,11 +1578,11 @@ extern int sysctl_perf_cpu_time_max_percent;
=20
 extern void perf_sample_event_took(u64 sample_len_ns);
=20
-int perf_event_max_sample_rate_handler(struct ctl_table *table, int write,
+int perf_event_max_sample_rate_handler(const struct ctl_table *table, int =
write,
 		void *buffer, size_t *lenp, loff_t *ppos);
-int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
+int perf_cpu_time_max_percent_handler(const struct ctl_table *table, int w=
rite,
 		void *buffer, size_t *lenp, loff_t *ppos);
-int perf_event_max_stack_handler(struct ctl_table *table, int write,
+int perf_event_max_stack_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos);
=20
 /* Access to perf_event_open(2) syscall. */
diff --git a/include/linux/security.h b/include/linux/security.h
index 1d1df326c881..d5aca07d5e1d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -223,7 +223,7 @@ struct request_sock;
 #define LSM_UNSAFE_NO_NEW_PRIVS	4
=20
 #ifdef CONFIG_MMU
-extern int mmap_min_addr_handler(struct ctl_table *table, int write,
+extern int mmap_min_addr_handler(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos);
 #endif
=20
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 56b89e5294e9..ada36ef8cecb 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -61,31 +61,31 @@ extern const int sysctl_vals[];
=20
 extern const unsigned long sysctl_long_vals[];
=20
-typedef int proc_handler(struct ctl_table *ctl, int write, void *buffer,
+typedef int proc_handler(const struct ctl_table *ctl, int write, void *buf=
fer,
 		size_t *lenp, loff_t *ppos);
=20
-int proc_dostring(struct ctl_table *, int, void *, size_t *, loff_t *);
-int proc_dobool(struct ctl_table *table, int write, void *buffer,
+int proc_dostring(const struct ctl_table *, int, void *, size_t *, loff_t =
*);
+int proc_dobool(const struct ctl_table *table, int write, void *buffer,
 		size_t *lenp, loff_t *ppos);
-int proc_dointvec(struct ctl_table *, int, void *, size_t *, loff_t *);
-int proc_douintvec(struct ctl_table *, int, void *, size_t *, loff_t *);
-int proc_dointvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t=
 *);
-int proc_douintvec_minmax(struct ctl_table *table, int write, void *buffer,
+int proc_dointvec(const struct ctl_table *, int, void *, size_t *, loff_t =
*);
+int proc_douintvec(const struct ctl_table *, int, void *, size_t *, loff_t=
 *);
+int proc_dointvec_minmax(const struct ctl_table *, int, void *, size_t *, =
loff_t *);
+int proc_douintvec_minmax(const struct ctl_table *table, int write, void *=
buffer,
 		size_t *lenp, loff_t *ppos);
-int proc_dou8vec_minmax(struct ctl_table *table, int write, void *buffer,
+int proc_dou8vec_minmax(const struct ctl_table *table, int write, void *bu=
ffer,
 			size_t *lenp, loff_t *ppos);
-int proc_dointvec_jiffies(struct ctl_table *, int, void *, size_t *, loff_=
t *);
-int proc_dointvec_ms_jiffies_minmax(struct ctl_table *table, int write,
+int proc_dointvec_jiffies(const struct ctl_table *, int, void *, size_t *,=
 loff_t *);
+int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int wri=
te,
 		void *buffer, size_t *lenp, loff_t *ppos);
-int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *,
+int proc_dointvec_userhz_jiffies(const struct ctl_table *, int, void *, si=
ze_t *,
 		loff_t *);
-int proc_dointvec_ms_jiffies(struct ctl_table *, int, void *, size_t *,
+int proc_dointvec_ms_jiffies(const struct ctl_table *, int, void *, size_t=
 *,
 		loff_t *);
-int proc_doulongvec_minmax(struct ctl_table *, int, void *, size_t *, loff=
_t *);
-int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int, void *,
+int proc_doulongvec_minmax(const struct ctl_table *, int, void *, size_t *=
, loff_t *);
+int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int, =
void *,
 		size_t *, loff_t *);
-int proc_do_large_bitmap(struct ctl_table *, int, void *, size_t *, loff_t=
 *);
-int proc_do_static_key(struct ctl_table *table, int write, void *buffer,
+int proc_do_large_bitmap(const struct ctl_table *, int, void *, size_t *, =
loff_t *);
+int proc_do_static_key(const struct ctl_table *table, int write, void *buf=
fer,
 		size_t *lenp, loff_t *ppos);
=20
 /*
@@ -243,7 +243,7 @@ extern struct ctl_table_header *register_sysctl_mount_p=
oint(const char *path);
=20
 void do_sysctl_args(void);
 bool sysctl_is_alias(char *param);
-int do_proc_douintvec(struct ctl_table *table, int write,
+int do_proc_douintvec(const struct ctl_table *table, int write,
 		      void *buffer, size_t *lenp, loff_t *ppos,
 		      int (*conv)(unsigned long *lvalp,
 				  unsigned int *valp,
@@ -293,7 +293,7 @@ static inline bool sysctl_is_alias(char *param)
 }
 #endif /* CONFIG_SYSCTL */
=20
-int sysctl_max_threads(struct ctl_table *table, int write, void *buffer,
+int sysctl_max_threads(const struct ctl_table *table, int write, void *buf=
fer,
 		size_t *lenp, loff_t *ppos);
=20
 #endif /* _LINUX_SYSCTL_H */
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
index fed855bae6d8..267b56b7c56a 100644
--- a/include/linux/vmstat.h
+++ b/include/linux/vmstat.h
@@ -17,7 +17,7 @@ extern int sysctl_stat_interval;
 #define DISABLE_NUMA_STAT   0
 extern int sysctl_vm_numa_stat;
 DECLARE_STATIC_KEY_TRUE(vm_numa_stat_key);
-int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write,
+int sysctl_vm_numa_stat_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *length, loff_t *ppos);
 #endif
=20
@@ -301,8 +301,8 @@ void cpu_vm_stats_fold(int cpu);
 void refresh_zone_stat_thresholds(void);
=20
 struct ctl_table;
-int vmstat_refresh(struct ctl_table *, int write, void *buffer, size_t *le=
np,
-		loff_t *ppos);
+int vmstat_refresh(const struct ctl_table *, int write, void *buffer,
+		size_t *lenp, loff_t *ppos);
=20
 void drain_zonestat(struct zone *zone, struct per_cpu_zonestat *);
=20
diff --git a/include/linux/writeback.h b/include/linux/writeback.h
index 083387c00f0c..8dc4d16bb7c3 100644
--- a/include/linux/writeback.h
+++ b/include/linux/writeback.h
@@ -344,7 +344,7 @@ extern unsigned int dirty_expire_interval;
 extern unsigned int dirtytime_expire_interval;
 extern int laptop_mode;
=20
-int dirtytime_interval_handler(struct ctl_table *table, int write,
+int dirtytime_interval_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos);
=20
 void global_dirty_limits(unsigned long *pbackground, unsigned long *pdirty=
);
diff --git a/include/net/ndisc.h b/include/net/ndisc.h
index 9bbdf6eaa942..7a533d5b1d59 100644
--- a/include/net/ndisc.h
+++ b/include/net/ndisc.h
@@ -486,7 +486,7 @@ void igmp6_event_report(struct sk_buff *skb);
=20
=20
 #ifdef CONFIG_SYSCTL
-int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write,
+int ndisc_ifinfo_sysctl_change(const struct ctl_table *ctl, int write,
 			       void *buffer, size_t *lenp, loff_t *ppos);
 #endif
=20
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 0d28172193fa..a44f262a7384 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -412,12 +412,12 @@ void *neigh_seq_start(struct seq_file *, loff_t *, st=
ruct neigh_table *,
 void *neigh_seq_next(struct seq_file *, void *, loff_t *);
 void neigh_seq_stop(struct seq_file *, void *);
=20
-int neigh_proc_dointvec(struct ctl_table *ctl, int write,
+int neigh_proc_dointvec(const struct ctl_table *ctl, int write,
 			void *buffer, size_t *lenp, loff_t *ppos);
-int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
+int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write,
 				void *buffer,
 				size_t *lenp, loff_t *ppos);
-int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
+int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp, loff_t *ppos);
=20
 int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
diff --git a/include/net/netfilter/nf_hooks_lwtunnel.h b/include/net/netfil=
ter/nf_hooks_lwtunnel.h
index 52e27920f829..cef7a4eb8f97 100644
--- a/include/net/netfilter/nf_hooks_lwtunnel.h
+++ b/include/net/netfilter/nf_hooks_lwtunnel.h
@@ -2,6 +2,6 @@
 #include <linux/types.h>
=20
 #ifdef CONFIG_SYSCTL
-int nf_hooks_lwtunnel_sysctl_handler(struct ctl_table *table, int write,
+int nf_hooks_lwtunnel_sysctl_handler(const struct ctl_table *table, int wr=
ite,
 				     void *buffer, size_t *lenp, loff_t *ppos);
 #endif
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 55d6b9f1e508..d876f96f5992 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -16,8 +16,8 @@
 #include <linux/slab.h>
 #include "util.h"
=20
-static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int w=
rite,
-		void *buffer, size_t *lenp, loff_t *ppos)
+static int proc_ipc_dointvec_minmax_orphans(const struct ctl_table *table,
+		int write, void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ipc_namespace *ns =3D
 		container_of(table->data, struct ipc_namespace, shm_rmid_forced);
@@ -32,7 +32,7 @@ static int proc_ipc_dointvec_minmax_orphans(struct ctl_ta=
ble *table, int write,
 	return err;
 }
=20
-static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
+static int proc_ipc_auto_msgmni(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table ipc_table;
@@ -47,7 +47,7 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, =
int write,
 	return proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
 }
=20
-static int proc_ipc_sem_dointvec(struct ctl_table *table, int write,
+static int proc_ipc_sem_dointvec(const struct ctl_table *table, int write,
 	void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ipc_namespace *ns =3D
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0ed286b8a0f0..f13daa0916bf 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -5652,7 +5652,7 @@ const struct bpf_prog_ops bpf_syscall_prog_ops =3D {
 };
=20
 #ifdef CONFIG_SYSCTL
-static int bpf_stats_handler(struct ctl_table *table, int write,
+static int bpf_stats_handler(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct static_key *key =3D (struct static_key *)table->data;
@@ -5687,7 +5687,7 @@ void __weak unpriv_ebpf_notify(int new_state)
 {
 }
=20
-static int bpf_unpriv_handler(struct ctl_table *table, int write,
+static int bpf_unpriv_handler(const struct ctl_table *table, int write,
 			      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret, unpriv_enable =3D *(int *)table->data;
diff --git a/kernel/delayacct.c b/kernel/delayacct.c
index 6f0c358e73d8..939c57c30a79 100644
--- a/kernel/delayacct.c
+++ b/kernel/delayacct.c
@@ -44,8 +44,8 @@ void delayacct_init(void)
 }
=20
 #ifdef CONFIG_PROC_SYSCTL
-static int sysctl_delayacct(struct ctl_table *table, int write, void *buff=
er,
-		     size_t *lenp, loff_t *ppos)
+static int sysctl_delayacct(const struct ctl_table *table, int write,
+		     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int state =3D delayacct_on;
 	struct ctl_table t;
diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c
index 1273be84392c..bd5699f869c3 100644
--- a/kernel/events/callchain.c
+++ b/kernel/events/callchain.c
@@ -229,7 +229,7 @@ get_perf_callchain(struct pt_regs *regs, u32 init_nr, b=
ool kernel, bool user,
  * Used for sysctl_perf_event_max_stack and
  * sysctl_perf_event_max_contexts_per_stack.
  */
-int perf_event_max_stack_handler(struct ctl_table *table, int write,
+int perf_event_max_stack_handler(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *value =3D table->data;
diff --git a/kernel/events/core.c b/kernel/events/core.c
index b704d83a28b2..cbf0f4dfa4af 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -450,7 +450,7 @@ static void update_perf_cpu_limits(void)
=20
 static bool perf_rotate_context(struct perf_cpu_pmu_context *cpc);
=20
-int perf_event_max_sample_rate_handler(struct ctl_table *table, int write,
+int perf_event_max_sample_rate_handler(const struct ctl_table *table, int =
write,
 				       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
@@ -474,7 +474,7 @@ int perf_event_max_sample_rate_handler(struct ctl_table=
 *table, int write,
=20
 int sysctl_perf_cpu_time_max_percent __read_mostly =3D DEFAULT_CPU_TIME_MA=
X_PERCENT;
=20
-int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
+int perf_cpu_time_max_percent_handler(const struct ctl_table *table, int w=
rite,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret =3D proc_dointvec_minmax(table, write, buffer, lenp, ppos);
diff --git a/kernel/fork.c b/kernel/fork.c
index 10917c3e1f03..ce4b220e6ae2 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -3528,7 +3528,7 @@ int unshare_files(void)
 	return 0;
 }
=20
-int sysctl_max_threads(struct ctl_table *table, int write,
+int sysctl_max_threads(const struct ctl_table *table, int write,
 		       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
diff --git a/kernel/hung_task.c b/kernel/hung_task.c
index 9a24574988d2..b310a500b7b2 100644
--- a/kernel/hung_task.c
+++ b/kernel/hung_task.c
@@ -238,8 +238,8 @@ static long hung_timeout_jiffies(unsigned long last_che=
cked,
 /*
  * Process updating of timeout sysctl
  */
-static int proc_dohung_task_timeout_secs(struct ctl_table *table, int writ=
e,
-				  void *buffer,
+static int proc_dohung_task_timeout_secs(const struct ctl_table *table,
+				  int write, void *buffer,
 				  size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index be5642a4ec49..7bb9bf85f058 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -928,7 +928,7 @@ struct kimage *kexec_crash_image;
 static int kexec_load_disabled;
=20
 #ifdef CONFIG_SYSCTL
-static int kexec_limit_handler(struct ctl_table *table, int write,
+static int kexec_limit_handler(const struct ctl_table *table, int write,
 			       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct kexec_load_limit *limit =3D table->data;
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index d5a0ee40bf66..9e160dd23e61 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -939,7 +939,7 @@ static void unoptimize_all_kprobes(void)
=20
 static DEFINE_MUTEX(kprobe_sysctl_mutex);
 static int sysctl_kprobes_optimization;
-static int proc_kprobes_optimization_handler(struct ctl_table *table,
+static int proc_kprobes_optimization_handler(const struct ctl_table *table,
 					     int write, void *buffer,
 					     size_t *length, loff_t *ppos)
 {
diff --git a/kernel/latencytop.c b/kernel/latencytop.c
index 781249098cb6..e09b935b822c 100644
--- a/kernel/latencytop.c
+++ b/kernel/latencytop.c
@@ -65,8 +65,8 @@ static struct latency_record latency_record[MAXLR];
 int latencytop_enabled;
=20
 #ifdef CONFIG_SYSCTL
-static int sysctl_latencytop(struct ctl_table *table, int write, void *buf=
fer,
-		size_t *lenp, loff_t *ppos)
+static int sysctl_latencytop(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err;
=20
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 3028b2218aa4..a1926cf01cfb 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -276,7 +276,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
 }
=20
 #ifdef CONFIG_CHECKPOINT_RESTORE
-static int pid_ns_ctl_handler(struct ctl_table *table, int write,
+static int pid_ns_ctl_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct pid_namespace *pid_ns =3D task_active_pid_ns(current);
diff --git a/kernel/pid_sysctl.h b/kernel/pid_sysctl.h
index 2ee41a3a1dfd..a1b47ad10ebc 100644
--- a/kernel/pid_sysctl.h
+++ b/kernel/pid_sysctl.h
@@ -5,7 +5,7 @@
 #include <linux/pid_namespace.h>
=20
 #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
-static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table,
+static int pid_mfd_noexec_dointvec_minmax(const struct ctl_table *table,
 	int write, void *buf, size_t *lenp, loff_t *ppos)
 {
 	struct pid_namespace *ns =3D task_active_pid_ns(current);
diff --git a/kernel/printk/internal.h b/kernel/printk/internal.h
index 6c2afee5ef62..19dcc5832651 100644
--- a/kernel/printk/internal.h
+++ b/kernel/printk/internal.h
@@ -8,7 +8,7 @@
=20
 #if defined(CONFIG_PRINTK) && defined(CONFIG_SYSCTL)
 void __init printk_sysctl_init(void);
-int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write,
+int devkmsg_sysctl_set_loglvl(const struct ctl_table *table, int write,
 			      void *buffer, size_t *lenp, loff_t *ppos);
 #else
 #define printk_sysctl_init() do { } while (0)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index f2444b581e16..964f0614767b 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -197,7 +197,7 @@ __setup("printk.devkmsg=3D", control_devkmsg);
=20
 char devkmsg_log_str[DEVKMSG_STR_MAX_SIZE] =3D "ratelimit";
 #if defined(CONFIG_PRINTK) && defined(CONFIG_SYSCTL)
-int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write,
+int devkmsg_sysctl_set_loglvl(const struct ctl_table *table, int write,
 			      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	char old_str[DEVKMSG_STR_MAX_SIZE];
diff --git a/kernel/printk/sysctl.c b/kernel/printk/sysctl.c
index c228343eeb97..187b27981111 100644
--- a/kernel/printk/sysctl.c
+++ b/kernel/printk/sysctl.c
@@ -11,8 +11,9 @@
=20
 static const int ten_thousand =3D 10000;
=20
-static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int writ=
e,
-				void *buffer, size_t *lenp, loff_t *ppos)
+static int proc_dointvec_minmax_sysadmin(const struct ctl_table *table,
+				int write, void *buffer, size_t *lenp,
+				loff_t *ppos)
 {
 	if (write && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index a708d225c28e..a36419645a62 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1813,7 +1813,7 @@ static void uclamp_sync_util_min_rt_default(void)
 		uclamp_update_util_min_rt_default(p);
 }
=20
-static int sysctl_sched_uclamp_handler(struct ctl_table *table, int write,
+static int sysctl_sched_uclamp_handler(const struct ctl_table *table, int =
write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	bool update_root_tg =3D false;
@@ -4570,7 +4570,7 @@ static void reset_memory_tiering(void)
 	}
 }
=20
-static int sysctl_numa_balancing(struct ctl_table *table, int write,
+static int sysctl_numa_balancing(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
@@ -4639,8 +4639,8 @@ static int __init setup_schedstats(char *str)
 __setup("schedstats=3D", setup_schedstats);
=20
 #ifdef CONFIG_PROC_SYSCTL
-static int sysctl_schedstats(struct ctl_table *table, int write, void *buf=
fer,
-		size_t *lenp, loff_t *ppos)
+static int sysctl_schedstats(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
 	int err;
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 6aaf0a3d6081..a972c9601a39 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -26,9 +26,9 @@ int sysctl_sched_rt_runtime =3D 950000;
=20
 #ifdef CONFIG_SYSCTL
 static int sysctl_sched_rr_timeslice =3D (MSEC_PER_SEC * RR_TIMESLICE) / H=
Z;
-static int sched_rt_handler(struct ctl_table *table, int write, void *buff=
er,
+static int sched_rt_handler(const struct ctl_table *table, int write, void=
 *buffer,
 		size_t *lenp, loff_t *ppos);
-static int sched_rr_handler(struct ctl_table *table, int write, void *buff=
er,
+static int sched_rr_handler(const struct ctl_table *table, int write, void=
 *buffer,
 		size_t *lenp, loff_t *ppos);
 static struct ctl_table sched_rt_sysctls[] =3D {
 	{
@@ -2962,8 +2962,8 @@ static void sched_rt_do_global(void)
 	raw_spin_unlock_irqrestore(&def_rt_bandwidth.rt_runtime_lock, flags);
 }
=20
-static int sched_rt_handler(struct ctl_table *table, int write, void *buff=
er,
-		size_t *lenp, loff_t *ppos)
+static int sched_rt_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int old_period, old_runtime;
 	static DEFINE_MUTEX(mutex);
@@ -3001,8 +3001,8 @@ static int sched_rt_handler(struct ctl_table *table, =
int write, void *buffer,
 	return ret;
 }
=20
-static int sched_rr_handler(struct ctl_table *table, int write, void *buff=
er,
-		size_t *lenp, loff_t *ppos)
+static int sched_rr_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
 	static DEFINE_MUTEX(mutex);
diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c
index 10d1391e7416..3e3b69314e30 100644
--- a/kernel/sched/topology.c
+++ b/kernel/sched/topology.c
@@ -285,7 +285,7 @@ void rebuild_sched_domains_energy(void)
 }
=20
 #ifdef CONFIG_PROC_SYSCTL
-static int sched_energy_aware_handler(struct ctl_table *table, int write,
+static int sched_energy_aware_handler(const struct ctl_table *table, int w=
rite,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret, state;
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index a23672674ff6..95aba3cf6b84 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -2413,8 +2413,8 @@ static void audit_actions_logged(u32 actions_logged, =
u32 old_actions_logged,
 	return audit_seccomp_actions_logged(new, old, !ret);
 }
=20
-static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int =
write,
-					  void *buffer, size_t *lenp,
+static int seccomp_actions_logged_handler(const struct ctl_table *ro_table,
+					  int write, void *buffer, size_t *lenp,
 					  loff_t *ppos)
 {
 	int ret;
diff --git a/kernel/stackleak.c b/kernel/stackleak.c
index b292e5ca0b7d..95e4a9332599 100644
--- a/kernel/stackleak.c
+++ b/kernel/stackleak.c
@@ -21,7 +21,7 @@
 static DEFINE_STATIC_KEY_FALSE(stack_erasing_bypass);
=20
 #ifdef CONFIG_SYSCTL
-static int stack_erasing_sysctl(struct ctl_table *table, int write,
+static int stack_erasing_sysctl(const struct ctl_table *table, int write,
 			void __user *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret =3D 0;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 157f7ce2942d..d60daa4e36fc 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -205,7 +205,7 @@ static int _proc_do_string(char *data, int maxlen, int =
write,
 	return 0;
 }
=20
-static void warn_sysctl_write(struct ctl_table *table)
+static void warn_sysctl_write(const struct ctl_table *table)
 {
 	pr_warn_once("%s wrote to %s when file position was not 0!\n"
 		"This will not be supported in the future. To silence this\n"
@@ -223,7 +223,7 @@ static void warn_sysctl_write(struct ctl_table *table)
  * handlers can ignore the return value.
  */
 static bool proc_first_pos_non_zero_ignore(loff_t *ppos,
-					   struct ctl_table *table)
+					   const struct ctl_table *table)
 {
 	if (!*ppos)
 		return false;
@@ -256,7 +256,7 @@ static bool proc_first_pos_non_zero_ignore(loff_t *ppos,
  *
  * Returns 0 on success.
  */
-int proc_dostring(struct ctl_table *table, int write,
+int proc_dostring(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (write)
@@ -468,7 +468,7 @@ static int do_proc_douintvec_conv(unsigned long *lvalp,
=20
 static const char proc_wspace_sep[] =3D { ' ', '\t', '\n' };
=20
-static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
+static int __do_proc_dointvec(void *tbl_data, const struct ctl_table *tabl=
e,
 		  int write, void *buffer,
 		  size_t *lenp, loff_t *ppos,
 		  int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
@@ -541,7 +541,7 @@ static int __do_proc_dointvec(void *tbl_data, struct ct=
l_table *table,
 	return err;
 }
=20
-static int do_proc_dointvec(struct ctl_table *table, int write,
+static int do_proc_dointvec(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos,
 		  int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
 			      int write, void *data),
@@ -552,7 +552,7 @@ static int do_proc_dointvec(struct ctl_table *table, in=
t write,
 }
=20
 static int do_proc_douintvec_w(unsigned int *tbl_data,
-			       struct ctl_table *table,
+			       const struct ctl_table *table,
 			       void *buffer,
 			       size_t *lenp, loff_t *ppos,
 			       int (*conv)(unsigned long *lvalp,
@@ -639,7 +639,7 @@ static int do_proc_douintvec_r(unsigned int *tbl_data, =
void *buffer,
 	return err;
 }
=20
-static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table,
+static int __do_proc_douintvec(void *tbl_data, const struct ctl_table *tab=
le,
 			       int write, void *buffer,
 			       size_t *lenp, loff_t *ppos,
 			       int (*conv)(unsigned long *lvalp,
@@ -675,7 +675,7 @@ static int __do_proc_douintvec(void *tbl_data, struct c=
tl_table *table,
 	return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data);
 }
=20
-int do_proc_douintvec(struct ctl_table *table, int write,
+int do_proc_douintvec(const struct ctl_table *table, int write,
 		      void *buffer, size_t *lenp, loff_t *ppos,
 		      int (*conv)(unsigned long *lvalp,
 				  unsigned int *valp,
@@ -702,7 +702,7 @@ int do_proc_douintvec(struct ctl_table *table, int writ=
e,
  *
  * Returns 0 on success.
  */
-int proc_dobool(struct ctl_table *table, int write, void *buffer,
+int proc_dobool(const struct ctl_table *table, int write, void *buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table tmp;
@@ -739,7 +739,7 @@ int proc_dobool(struct ctl_table *table, int write, voi=
d *buffer,
  *
  * Returns 0 on success.
  */
-int proc_dointvec(struct ctl_table *table, int write, void *buffer,
+int proc_dointvec(const struct ctl_table *table, int write, void *buffer,
 		  size_t *lenp, loff_t *ppos)
 {
 	return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL);
@@ -758,7 +758,7 @@ int proc_dointvec(struct ctl_table *table, int write, v=
oid *buffer,
  *
  * Returns 0 on success.
  */
-int proc_douintvec(struct ctl_table *table, int write, void *buffer,
+int proc_douintvec(const struct ctl_table *table, int write, void *buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	return do_proc_douintvec(table, write, buffer, lenp, ppos,
@@ -769,7 +769,7 @@ int proc_douintvec(struct ctl_table *table, int write, =
void *buffer,
  * Taint values can only be increased
  * This means we can safely use a temporary.
  */
-static int proc_taint(struct ctl_table *table, int write,
+static int proc_taint(const struct ctl_table *table, int write,
 			       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
@@ -864,7 +864,7 @@ static int do_proc_dointvec_minmax_conv(bool *negp, uns=
igned long *lvalp,
  *
  * Returns 0 on success or -EINVAL on write when the range check fails.
  */
-int proc_dointvec_minmax(struct ctl_table *table, int write,
+int proc_dointvec_minmax(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct do_proc_dointvec_minmax_conv_param param =3D {
@@ -933,7 +933,7 @@ static int do_proc_douintvec_minmax_conv(unsigned long =
*lvalp,
  *
  * Returns 0 on success or -ERANGE on write when the range check fails.
  */
-int proc_douintvec_minmax(struct ctl_table *table, int write,
+int proc_douintvec_minmax(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct do_proc_douintvec_minmax_conv_param param =3D {
@@ -961,7 +961,7 @@ int proc_douintvec_minmax(struct ctl_table *table, int =
write,
  *
  * Returns 0 on success or an error on write when the range check fails.
  */
-int proc_dou8vec_minmax(struct ctl_table *table, int write,
+int proc_dou8vec_minmax(const struct ctl_table *table, int write,
 			void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table tmp;
@@ -1004,7 +1004,7 @@ int proc_dou8vec_minmax(struct ctl_table *table, int =
write,
 EXPORT_SYMBOL_GPL(proc_dou8vec_minmax);
=20
 #ifdef CONFIG_MAGIC_SYSRQ
-static int sysrq_sysctl_handler(struct ctl_table *table, int write,
+static int sysrq_sysctl_handler(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int tmp, ret;
@@ -1023,7 +1023,7 @@ static int sysrq_sysctl_handler(struct ctl_table *tab=
le, int write,
 }
 #endif
=20
-static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table,
+static int __do_proc_doulongvec_minmax(void *data, const struct ctl_table =
*table,
 		int write, void *buffer, size_t *lenp, loff_t *ppos,
 		unsigned long convmul, unsigned long convdiv)
 {
@@ -1096,7 +1096,7 @@ static int __do_proc_doulongvec_minmax(void *data, st=
ruct ctl_table *table,
 	return err;
 }
=20
-static int do_proc_doulongvec_minmax(struct ctl_table *table, int write,
+static int do_proc_doulongvec_minmax(const struct ctl_table *table, int wr=
ite,
 		void *buffer, size_t *lenp, loff_t *ppos, unsigned long convmul,
 		unsigned long convdiv)
 {
@@ -1120,7 +1120,7 @@ static int do_proc_doulongvec_minmax(struct ctl_table=
 *table, int write,
  *
  * Returns 0 on success.
  */
-int proc_doulongvec_minmax(struct ctl_table *table, int write,
+int proc_doulongvec_minmax(const struct ctl_table *table, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
     return do_proc_doulongvec_minmax(table, write, buffer, lenp, ppos, 1l,=
 1l);
@@ -1143,7 +1143,7 @@ int proc_doulongvec_minmax(struct ctl_table *table, i=
nt write,
  *
  * Returns 0 on success.
  */
-int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write,
+int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int w=
rite,
 				      void *buffer, size_t *lenp, loff_t *ppos)
 {
     return do_proc_doulongvec_minmax(table, write, buffer,
@@ -1264,14 +1264,14 @@ static int do_proc_dointvec_ms_jiffies_minmax_conv(=
bool *negp, unsigned long *lv
  *
  * Returns 0 on success.
  */
-int proc_dointvec_jiffies(struct ctl_table *table, int write,
+int proc_dointvec_jiffies(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
     return do_proc_dointvec(table,write,buffer,lenp,ppos,
 		    	    do_proc_dointvec_jiffies_conv,NULL);
 }
=20
-int proc_dointvec_ms_jiffies_minmax(struct ctl_table *table, int write,
+int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int wri=
te,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct do_proc_dointvec_minmax_conv_param param =3D {
@@ -1297,7 +1297,7 @@ int proc_dointvec_ms_jiffies_minmax(struct ctl_table =
*table, int write,
  *
  * Returns 0 on success.
  */
-int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write,
+int proc_dointvec_userhz_jiffies(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return do_proc_dointvec(table, write, buffer, lenp, ppos,
@@ -1320,14 +1320,14 @@ int proc_dointvec_userhz_jiffies(struct ctl_table *=
table, int write,
  *
  * Returns 0 on success.
  */
-int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, void *buf=
fer,
+int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write, voi=
d *buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	return do_proc_dointvec(table, write, buffer, lenp, ppos,
 				do_proc_dointvec_ms_jiffies_conv, NULL);
 }
=20
-static int proc_do_cad_pid(struct ctl_table *table, int write, void *buffe=
r,
+static int proc_do_cad_pid(const struct ctl_table *table, int write, void =
*buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	struct pid *new_pid;
@@ -1366,7 +1366,7 @@ static int proc_do_cad_pid(struct ctl_table *table, i=
nt write, void *buffer,
  *
  * Returns 0 on success.
  */
-int proc_do_large_bitmap(struct ctl_table *table, int write,
+int proc_do_large_bitmap(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err =3D 0;
@@ -1498,85 +1498,85 @@ int proc_do_large_bitmap(struct ctl_table *table, i=
nt write,
=20
 #else /* CONFIG_PROC_SYSCTL */
=20
-int proc_dostring(struct ctl_table *table, int write,
+int proc_dostring(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dobool(struct ctl_table *table, int write,
+int proc_dobool(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec(struct ctl_table *table, int write,
+int proc_dointvec(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_douintvec(struct ctl_table *table, int write,
+int proc_douintvec(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec_minmax(struct ctl_table *table, int write,
+int proc_dointvec_minmax(const struct ctl_table *table, int write,
 		    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_douintvec_minmax(struct ctl_table *table, int write,
+int proc_douintvec_minmax(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dou8vec_minmax(struct ctl_table *table, int write,
+int proc_dou8vec_minmax(const struct ctl_table *table, int write,
 			void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec_jiffies(struct ctl_table *table, int write,
+int proc_dointvec_jiffies(const struct ctl_table *table, int write,
 		    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec_ms_jiffies_minmax(struct ctl_table *table, int write,
+int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int wri=
te,
 				    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write,
+int proc_dointvec_userhz_jiffies(const struct ctl_table *table, int write,
 		    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_dointvec_ms_jiffies(struct ctl_table *table, int write,
+int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_doulongvec_minmax(struct ctl_table *table, int write,
+int proc_doulongvec_minmax(const struct ctl_table *table, int write,
 		    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write,
+int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int w=
rite,
 				      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
 }
=20
-int proc_do_large_bitmap(struct ctl_table *table, int write,
+int proc_do_large_bitmap(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return -ENOSYS;
@@ -1585,7 +1585,7 @@ int proc_do_large_bitmap(struct ctl_table *table, int=
 write,
 #endif /* CONFIG_PROC_SYSCTL */
=20
 #if defined(CONFIG_SYSCTL)
-int proc_do_static_key(struct ctl_table *table, int write,
+int proc_do_static_key(const struct ctl_table *table, int write,
 		       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct static_key *key =3D (struct static_key *)table->data;
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 63a8ce7177dd..cb8b93fec895 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -237,7 +237,7 @@ static void timers_update_migration(void)
 }
=20
 #ifdef CONFIG_SYSCTL
-static int timer_migration_handler(struct ctl_table *table, int write,
+static int timer_migration_handler(const struct ctl_table *table, int writ=
e,
 			    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 8de8bec5f366..6334a2268acf 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -8213,7 +8213,7 @@ static bool is_permanent_ops_registered(void)
 }
=20
 static int
-ftrace_enable_sysctl(struct ctl_table *table, int write,
+ftrace_enable_sysctl(const struct ctl_table *table, int write,
 		     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret =3D -ENODEV;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 9aebf904ff97..380b9cb7210a 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2972,7 +2972,7 @@ static void output_printk(struct trace_event_buffer *=
fbuffer)
 	raw_spin_unlock_irqrestore(&tracepoint_iter_lock, flags);
 }
=20
-int tracepoint_printk_sysctl(struct ctl_table *table, int write,
+int tracepoint_printk_sysctl(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp,
 			     loff_t *ppos)
 {
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_u=
ser.c
index 9365ce407426..4331d3bcae61 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -2724,7 +2724,7 @@ static int create_user_tracefs(void)
 	return -ENODEV;
 }
=20
-static int set_max_user_events_sysctl(struct ctl_table *table, int write,
+static int set_max_user_events_sysctl(const struct ctl_table *table, int w=
rite,
 				      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
index 5a48dba912ea..7f9572a37333 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
@@ -514,7 +514,7 @@ static const struct file_operations stack_trace_filter_=
fops =3D {
 #endif /* CONFIG_DYNAMIC_FTRACE */
=20
 int
-stack_trace_sysctl(struct ctl_table *table, int write, void *buffer,
+stack_trace_sysctl(const struct ctl_table *table, int write, void *buffer,
 		   size_t *lenp, loff_t *ppos)
 {
 	int was_enabled;
diff --git a/kernel/umh.c b/kernel/umh.c
index 1b13c5d34624..112d3fea3869 100644
--- a/kernel/umh.c
+++ b/kernel/umh.c
@@ -495,7 +495,7 @@ int call_usermodehelper(const char *path, char **argv, =
char **envp, int wait)
 EXPORT_SYMBOL(call_usermodehelper);
=20
 #if defined(CONFIG_SYSCTL)
-static int proc_cap_handler(struct ctl_table *table, int write,
+static int proc_cap_handler(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
index 46590d4addc8..f074a92eae78 100644
--- a/kernel/utsname_sysctl.c
+++ b/kernel/utsname_sysctl.c
@@ -30,7 +30,7 @@ static void *get_uts(const struct ctl_table *table)
  *	Special case of dostring for the UTS structure. This has locks
  *	to observe. Should this be in kernel/sys.c ????
  */
-static int proc_do_uts_string(struct ctl_table *table, int write,
+static int proc_do_uts_string(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table uts_table;
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index 0fe72e89627d..4c48f543bcd2 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -745,8 +745,9 @@ static void proc_watchdog_update(void)
  * -------------------|----------------------------------|----------------=
---------------
  * proc_soft_watchdog | watchdog_softlockup_user_enabled | WATCHDOG_SOFTOC=
KUP_ENABLED
  */
-static int proc_watchdog_common(int which, struct ctl_table *table, int wr=
ite,
-				void *buffer, size_t *lenp, loff_t *ppos)
+static int proc_watchdog_common(int which, const struct ctl_table *table,
+				int write, void *buffer, size_t *lenp,
+				loff_t *ppos)
 {
 	int err, old, *param =3D table->data;
=20
@@ -772,7 +773,7 @@ static int proc_watchdog_common(int which, struct ctl_t=
able *table, int write,
 /*
  * /proc/sys/kernel/watchdog
  */
-static int proc_watchdog(struct ctl_table *table, int write,
+static int proc_watchdog(const struct ctl_table *table, int write,
 		  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return proc_watchdog_common(WATCHDOG_HARDLOCKUP_ENABLED |
@@ -783,7 +784,7 @@ static int proc_watchdog(struct ctl_table *table, int w=
rite,
 /*
  * /proc/sys/kernel/nmi_watchdog
  */
-static int proc_nmi_watchdog(struct ctl_table *table, int write,
+static int proc_nmi_watchdog(const struct ctl_table *table, int write,
 		      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!watchdog_hardlockup_available && write)
@@ -795,7 +796,7 @@ static int proc_nmi_watchdog(struct ctl_table *table, i=
nt write,
 /*
  * /proc/sys/kernel/soft_watchdog
  */
-static int proc_soft_watchdog(struct ctl_table *table, int write,
+static int proc_soft_watchdog(const struct ctl_table *table, int write,
 			void *buffer, size_t *lenp, loff_t *ppos)
 {
 	return proc_watchdog_common(WATCHDOG_SOFTOCKUP_ENABLED,
@@ -805,7 +806,7 @@ static int proc_soft_watchdog(struct ctl_table *table, =
int write,
 /*
  * /proc/sys/kernel/watchdog_thresh
  */
-static int proc_watchdog_thresh(struct ctl_table *table, int write,
+static int proc_watchdog_thresh(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err, old;
@@ -828,7 +829,7 @@ static int proc_watchdog_thresh(struct ctl_table *table=
, int write,
  * user to specify a mask that will include cpus that have not yet
  * been brought online, if desired.
  */
-static int proc_watchdog_cpumask(struct ctl_table *table, int write,
+static int proc_watchdog_cpumask(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int err;
diff --git a/mm/compaction.c b/mm/compaction.c
index 01ba298739dd..87fe40cc76a8 100644
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -2842,8 +2842,8 @@ static void compact_nodes(void)
 		compact_node(nid);
 }
=20
-static int compaction_proactiveness_sysctl_handler(struct ctl_table *table=
, int write,
-		void *buffer, size_t *length, loff_t *ppos)
+static int compaction_proactiveness_sysctl_handler(const struct ctl_table =
*table,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int rc, nid;
=20
@@ -2872,7 +2872,7 @@ static int compaction_proactiveness_sysctl_handler(st=
ruct ctl_table *table, int
  * This is the entry point for compacting all nodes via
  * /proc/sys/vm/compact_memory
  */
-static int sysctl_compaction_handler(struct ctl_table *table, int write,
+static int sysctl_compaction_handler(const struct ctl_table *table, int wr=
ite,
 			void *buffer, size_t *length, loff_t *ppos)
 {
 	int ret;
@@ -3183,7 +3183,7 @@ static int kcompactd_cpu_online(unsigned int cpu)
 	return 0;
 }
=20
-static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table,
+static int proc_dointvec_minmax_warn_RT_change(const struct ctl_table *tab=
le,
 		int write, void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret, old;
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 2df21a295359..babb70d990aa 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4874,7 +4874,7 @@ static int hugetlb_sysctl_handler_common(bool obey_me=
mpolicy,
 	return ret;
 }
=20
-static int hugetlb_sysctl_handler(struct ctl_table *table, int write,
+static int hugetlb_sysctl_handler(const struct ctl_table *table, int write,
 			  void *buffer, size_t *length, loff_t *ppos)
 {
=20
@@ -4883,7 +4883,7 @@ static int hugetlb_sysctl_handler(struct ctl_table *t=
able, int write,
 }
=20
 #ifdef CONFIG_NUMA
-static int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int w=
rite,
+static int hugetlb_mempolicy_sysctl_handler(const struct ctl_table *table,=
 int write,
 			  void *buffer, size_t *length, loff_t *ppos)
 {
 	return hugetlb_sysctl_handler_common(true, table, write,
@@ -4891,7 +4891,7 @@ static int hugetlb_mempolicy_sysctl_handler(struct ct=
l_table *table, int write,
 }
 #endif /* CONFIG_NUMA */
=20
-static int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+static int hugetlb_overcommit_handler(const struct ctl_table *table, int w=
rite,
 		void *buffer, size_t *length, loff_t *ppos)
 {
 	struct hstate *h =3D &default_hstate;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
index ee2fd6a6af40..52f28e6f7a33 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -493,8 +493,8 @@ bool node_dirty_ok(struct pglist_data *pgdat)
 }
=20
 #ifdef CONFIG_SYSCTL
-static int dirty_background_ratio_handler(struct ctl_table *table, int wri=
te,
-		void *buffer, size_t *lenp, loff_t *ppos)
+static int dirty_background_ratio_handler(const struct ctl_table *table,
+		int write, void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
=20
@@ -504,8 +504,8 @@ static int dirty_background_ratio_handler(struct ctl_ta=
ble *table, int write,
 	return ret;
 }
=20
-static int dirty_background_bytes_handler(struct ctl_table *table, int wri=
te,
-		void *buffer, size_t *lenp, loff_t *ppos)
+static int dirty_background_bytes_handler(const struct ctl_table *table,
+		int write, void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
=20
@@ -515,8 +515,8 @@ static int dirty_background_bytes_handler(struct ctl_ta=
ble *table, int write,
 	return ret;
 }
=20
-static int dirty_ratio_handler(struct ctl_table *table, int write, void *b=
uffer,
-		size_t *lenp, loff_t *ppos)
+static int dirty_ratio_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int old_ratio =3D vm_dirty_ratio;
 	int ret;
@@ -529,7 +529,7 @@ static int dirty_ratio_handler(struct ctl_table *table,=
 int write, void *buffer,
 	return ret;
 }
=20
-static int dirty_bytes_handler(struct ctl_table *table, int write,
+static int dirty_bytes_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	unsigned long old_bytes =3D vm_dirty_bytes;
@@ -2132,8 +2132,8 @@ bool wb_over_bg_thresh(struct bdi_writeback *wb)
 /*
  * sysctl handler for /proc/sys/vm/dirty_writeback_centisecs
  */
-static int dirty_writeback_centisecs_handler(struct ctl_table *table, int =
write,
-		void *buffer, size_t *length, loff_t *ppos)
+static int dirty_writeback_centisecs_handler(const struct ctl_table *table,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	unsigned int old_interval =3D dirty_writeback_interval;
 	int ret;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 733732e7e0ba..5eb29269d39e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -4985,7 +4985,7 @@ static char numa_zonelist_order[] =3D "Node";
 /*
  * sysctl handler for numa_zonelist_order
  */
-static int numa_zonelist_order_handler(struct ctl_table *table, int write,
+static int numa_zonelist_order_handler(const struct ctl_table *table, int =
write,
 		void *buffer, size_t *length, loff_t *ppos)
 {
 	if (write)
@@ -5978,8 +5978,8 @@ postcore_initcall(init_per_zone_wmark_min)
  *	that we can call two helper functions whenever min_free_kbytes
  *	changes.
  */
-static int min_free_kbytes_sysctl_handler(struct ctl_table *table, int wri=
te,
-		void *buffer, size_t *length, loff_t *ppos)
+static int min_free_kbytes_sysctl_handler(const struct ctl_table *table,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int rc;
=20
@@ -5994,8 +5994,8 @@ static int min_free_kbytes_sysctl_handler(struct ctl_=
table *table, int write,
 	return 0;
 }
=20
-static int watermark_scale_factor_sysctl_handler(struct ctl_table *table, =
int write,
-		void *buffer, size_t *length, loff_t *ppos)
+static int watermark_scale_factor_sysctl_handler(const struct ctl_table *t=
able,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int rc;
=20
@@ -6024,8 +6024,8 @@ static void setup_min_unmapped_ratio(void)
 }
=20
=20
-static int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *tabl=
e, int write,
-		void *buffer, size_t *length, loff_t *ppos)
+static int sysctl_min_unmapped_ratio_sysctl_handler(const struct ctl_table=
 *table,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int rc;
=20
@@ -6051,8 +6051,8 @@ static void setup_min_slab_ratio(void)
 						     sysctl_min_slab_ratio) / 100;
 }
=20
-static int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *table, i=
nt write,
-		void *buffer, size_t *length, loff_t *ppos)
+static int sysctl_min_slab_ratio_sysctl_handler(const struct ctl_table *ta=
ble,
+		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int rc;
=20
@@ -6075,7 +6075,7 @@ static int sysctl_min_slab_ratio_sysctl_handler(struc=
t ctl_table *table, int wri
  * minimum watermarks. The lowmem reserve ratio can only make sense
  * if in function of the boot time zone sizes.
  */
-static int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *table,
+static int lowmem_reserve_ratio_sysctl_handler(const struct ctl_table *tab=
le,
 		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	int i;
@@ -6096,7 +6096,7 @@ static int lowmem_reserve_ratio_sysctl_handler(struct=
 ctl_table *table,
  * cpu. It is the fraction of total pages in each zone that a hot per cpu
  * pagelist can have before it gets flushed back to buddy allocator.
  */
-static int percpu_pagelist_high_fraction_sysctl_handler(struct ctl_table *=
table,
+static int percpu_pagelist_high_fraction_sysctl_handler(const struct ctl_t=
able *table,
 		int write, void *buffer, size_t *length, loff_t *ppos)
 {
 	struct zone *zone;
diff --git a/mm/util.c b/mm/util.c
index 744b4d7e3fae..98338ab35b68 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -818,8 +818,8 @@ int sysctl_max_map_count __read_mostly =3D DEFAULT_MAX_=
MAP_COUNT;
 unsigned long sysctl_user_reserve_kbytes __read_mostly =3D 1UL << 17; /* 1=
28MB */
 unsigned long sysctl_admin_reserve_kbytes __read_mostly =3D 1UL << 13; /* =
8MB */
=20
-int overcommit_ratio_handler(struct ctl_table *table, int write, void *buf=
fer,
-		size_t *lenp, loff_t *ppos)
+int overcommit_ratio_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
=20
@@ -834,8 +834,8 @@ static void sync_overcommit_as(struct work_struct *dumm=
y)
 	percpu_counter_sync(&vm_committed_as);
 }
=20
-int overcommit_policy_handler(struct ctl_table *table, int write, void *bu=
ffer,
-		size_t *lenp, loff_t *ppos)
+int overcommit_policy_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
 	int new_policy =3D -1;
@@ -870,8 +870,8 @@ int overcommit_policy_handler(struct ctl_table *table, =
int write, void *buffer,
 	return ret;
 }
=20
-int overcommit_kbytes_handler(struct ctl_table *table, int write, void *bu=
ffer,
-		size_t *lenp, loff_t *ppos)
+int overcommit_kbytes_handler(const struct ctl_table *table, int write,
+		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
=20
diff --git a/mm/vmstat.c b/mm/vmstat.c
index 359460deb377..a65316426012 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -74,7 +74,7 @@ static void invalid_numa_statistics(void)
=20
 static DEFINE_MUTEX(vm_numa_stat_lock);
=20
-int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write,
+int sysctl_vm_numa_stat_handler(const struct ctl_table *table, int write,
 		void *buffer, size_t *length, loff_t *ppos)
 {
 	int ret, oldval;
@@ -1883,7 +1883,7 @@ static void refresh_vm_stats(struct work_struct *work)
 	refresh_cpu_vm_stats(true);
 }
=20
-int vmstat_refresh(struct ctl_table *table, int write,
+int vmstat_refresh(const struct ctl_table *table, int write,
 		   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	long val;
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hook=
s.c
index 74056b563b95..c284bd9c2d7a 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -1048,7 +1048,7 @@ int br_nf_hook_thresh(unsigned int hook, struct net *=
net,
=20
 #ifdef CONFIG_SYSCTL
 static
-int brnf_sysctl_call_tables(struct ctl_table *ctl, int write,
+int brnf_sysctl_call_tables(const struct ctl_table *ctl, int write,
 			    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index df81c1f0a570..8d13979c0c38 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3531,7 +3531,7 @@ EXPORT_SYMBOL(neigh_app_ns);
 #ifdef CONFIG_SYSCTL
 static int unres_qlen_max =3D INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
=20
-static int proc_unres_qlen(struct ctl_table *ctl, int write,
+static int proc_unres_qlen(const struct ctl_table *ctl, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int size, ret;
@@ -3566,7 +3566,7 @@ static void neigh_copy_dflt_parms(struct net *net, st=
ruct neigh_parms *p,
 	rcu_read_unlock();
 }
=20
-static void neigh_proc_update(struct ctl_table *ctl, int write)
+static void neigh_proc_update(const struct ctl_table *ctl, int write)
 {
 	struct net_device *dev =3D ctl->extra1;
 	struct neigh_parms *p =3D ctl->extra2;
@@ -3583,9 +3583,9 @@ static void neigh_proc_update(struct ctl_table *ctl, =
int write)
 		neigh_copy_dflt_parms(net, p, index);
 }
=20
-static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int writ=
e,
-					   void *buffer, size_t *lenp,
-					   loff_t *ppos)
+static int neigh_proc_dointvec_zero_intmax(const struct ctl_table *ctl,
+					   int write, void *buffer,
+					   size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table tmp =3D *ctl;
 	int ret;
@@ -3598,7 +3598,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl=
_table *ctl, int write,
 	return ret;
 }
=20
-static int neigh_proc_dointvec_ms_jiffies_positive(struct ctl_table *ctl, =
int write,
+static int neigh_proc_dointvec_ms_jiffies_positive(const struct ctl_table =
*ctl, int write,
 						   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table tmp =3D *ctl;
@@ -3614,7 +3614,7 @@ static int neigh_proc_dointvec_ms_jiffies_positive(st=
ruct ctl_table *ctl, int wr
 	return ret;
 }
=20
-int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
+int neigh_proc_dointvec(const struct ctl_table *ctl, int write, void *buff=
er,
 			size_t *lenp, loff_t *ppos)
 {
 	int ret =3D proc_dointvec(ctl, write, buffer, lenp, ppos);
@@ -3624,7 +3624,7 @@ int neigh_proc_dointvec(struct ctl_table *ctl, int wr=
ite, void *buffer,
 }
 EXPORT_SYMBOL(neigh_proc_dointvec);
=20
-int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *bu=
ffer,
+int neigh_proc_dointvec_jiffies(const struct ctl_table *ctl, int write, vo=
id *buffer,
 				size_t *lenp, loff_t *ppos)
 {
 	int ret =3D proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
@@ -3634,7 +3634,7 @@ int neigh_proc_dointvec_jiffies(struct ctl_table *ctl=
, int write, void *buffer,
 }
 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
=20
-static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int w=
rite,
+static int neigh_proc_dointvec_userhz_jiffies(const struct ctl_table *ctl,=
 int write,
 					      void *buffer, size_t *lenp,
 					      loff_t *ppos)
 {
@@ -3644,7 +3644,7 @@ static int neigh_proc_dointvec_userhz_jiffies(struct =
ctl_table *ctl, int write,
 	return ret;
 }
=20
-int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
+int neigh_proc_dointvec_ms_jiffies(const struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret =3D proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
@@ -3654,7 +3654,7 @@ int neigh_proc_dointvec_ms_jiffies(struct ctl_table *=
ctl, int write,
 }
 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
=20
-static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
+static int neigh_proc_dointvec_unres_qlen(const struct ctl_table *ctl, int=
 write,
 					  void *buffer, size_t *lenp,
 					  loff_t *ppos)
 {
@@ -3664,7 +3664,7 @@ static int neigh_proc_dointvec_unres_qlen(struct ctl_=
table *ctl, int write,
 	return ret;
 }
=20
-static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
+static int neigh_proc_base_reachable_time(const struct ctl_table *ctl, int=
 write,
 					  void *buffer, size_t *lenp,
 					  loff_t *ppos)
 {
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 08a01b31be99..b5093796f196 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -91,7 +91,7 @@ static struct cpumask *rps_default_mask_cow_alloc(struct =
net *net)
 	return rps_default_mask;
 }
=20
-static int rps_default_mask_sysctl(struct ctl_table *table, int write,
+static int rps_default_mask_sysctl(const struct ctl_table *table, int writ=
e,
 				   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D (struct net *)table->data;
@@ -122,7 +122,7 @@ static int rps_default_mask_sysctl(struct ctl_table *ta=
ble, int write,
 	return err;
 }
=20
-static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
+static int rps_sock_flow_sysctl(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	unsigned int orig_size, size;
@@ -191,7 +191,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table=
, int write,
 #ifdef CONFIG_NET_FLOW_LIMIT
 static DEFINE_MUTEX(flow_limit_update_mutex);
=20
-static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
+static int flow_limit_cpu_sysctl(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct sd_flow_limit *cur;
@@ -248,7 +248,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *tabl=
e, int write,
 	return ret;
 }
=20
-static int flow_limit_table_len_sysctl(struct ctl_table *table, int write,
+static int flow_limit_table_len_sysctl(const struct ctl_table *table, int =
write,
 				       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	unsigned int old, *ptr;
@@ -270,7 +270,7 @@ static int flow_limit_table_len_sysctl(struct ctl_table=
 *table, int write,
 #endif /* CONFIG_NET_FLOW_LIMIT */
=20
 #ifdef CONFIG_NET_SCHED
-static int set_default_qdisc(struct ctl_table *table, int write,
+static int set_default_qdisc(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	char id[IFNAMSIZ];
@@ -289,7 +289,7 @@ static int set_default_qdisc(struct ctl_table *table, i=
nt write,
 }
 #endif
=20
-static int proc_do_dev_weight(struct ctl_table *table, int write,
+static int proc_do_dev_weight(const struct ctl_table *table, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	static DEFINE_MUTEX(dev_weight_mutex);
@@ -307,7 +307,7 @@ static int proc_do_dev_weight(struct ctl_table *table, =
int write,
 	return ret;
 }
=20
-static int proc_do_rss_key(struct ctl_table *table, int write,
+static int proc_do_rss_key(const struct ctl_table *table, int write,
 			   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table fake_table;
@@ -320,7 +320,7 @@ static int proc_do_rss_key(struct ctl_table *table, int=
 write,
 }
=20
 #ifdef CONFIG_BPF_JIT
-static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int wr=
ite,
+static int proc_dointvec_minmax_bpf_enable(const struct ctl_table *table, =
int write,
 					   void *buffer, size_t *lenp,
 					   loff_t *ppos)
 {
@@ -353,7 +353,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_t=
able *table, int write,
=20
 # ifdef CONFIG_HAVE_EBPF_JIT
 static int
-proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
+proc_dointvec_minmax_bpf_restricted(const struct ctl_table *table, int wri=
te,
 				    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!capable(CAP_SYS_ADMIN))
@@ -364,7 +364,7 @@ proc_dointvec_minmax_bpf_restricted(struct ctl_table *t=
able, int write,
 # endif /* CONFIG_HAVE_EBPF_JIT */
=20
 static int
-proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
+proc_dolongvec_minmax_bpf_restricted(const struct ctl_table *table, int wr=
ite,
 				     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!capable(CAP_SYS_ADMIN))
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index f8a56fe95801..bf53518cfef8 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2395,7 +2395,7 @@ static int devinet_conf_ifindex(struct net *net, stru=
ct ipv4_devconf *cnf)
 	}
 }
=20
-static int devinet_conf_proc(struct ctl_table *ctl, int write,
+static int devinet_conf_proc(const struct ctl_table *ctl, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int old_value =3D *(int *)ctl->data;
@@ -2447,7 +2447,7 @@ static int devinet_conf_proc(struct ctl_table *ctl, i=
nt write,
 	return ret;
 }
=20
-static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
+static int devinet_sysctl_forward(const struct ctl_table *ctl, int write,
 				  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D ctl->data;
@@ -2494,7 +2494,7 @@ static int devinet_sysctl_forward(struct ctl_table *c=
tl, int write,
 	return ret;
 }
=20
-static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
+static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D ctl->data;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 7c7884110a58..adabe2aa3d8b 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3408,7 +3408,7 @@ static int ip_rt_gc_min_interval __read_mostly	=3D HZ=
 / 2;
 static int ip_rt_gc_elasticity __read_mostly	=3D 8;
 static int ip_min_valid_pmtu __read_mostly	=3D IPV4_MIN_MTU;
=20
-static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
+static int ipv4_sysctl_rtcache_flush(const struct ctl_table *__ctl, int wr=
ite,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D (struct net *)__ctl->extra1;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 599244f9ad65..eef0082233e1 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -65,7 +65,7 @@ static void set_local_port_range(struct net *net, int ran=
ge[2])
 }
=20
 /* Validate changes from /proc interface. */
-static int ipv4_local_port_range(struct ctl_table *table, int write,
+static int ipv4_local_port_range(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D
@@ -100,7 +100,7 @@ static int ipv4_local_port_range(struct ctl_table *tabl=
e, int write,
 }
=20
 /* Validate changes from /proc interface. */
-static int ipv4_privileged_ports(struct ctl_table *table, int write,
+static int ipv4_privileged_ports(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D container_of(table->data, struct net,
@@ -134,7 +134,8 @@ static int ipv4_privileged_ports(struct ctl_table *tabl=
e, int write,
 	return ret;
 }
=20
-static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_=
t *low, kgid_t *high)
+static void inet_get_ping_group_range_table(const struct ctl_table *table,=
 kgid_t *low,
+					    kgid_t *high)
 {
 	kgid_t *data =3D table->data;
 	struct net *net =3D
@@ -149,7 +150,7 @@ static void inet_get_ping_group_range_table(struct ctl_=
table *table, kgid_t *low
 }
=20
 /* Update system visible IP port range */
-static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid=
_t high)
+static void set_ping_group_range(const struct ctl_table *table, kgid_t low=
, kgid_t high)
 {
 	kgid_t *data =3D table->data;
 	struct net *net =3D
@@ -161,7 +162,7 @@ static void set_ping_group_range(struct ctl_table *tabl=
e, kgid_t low, kgid_t hig
 }
=20
 /* Validate changes from /proc interface. */
-static int ipv4_ping_group_range(struct ctl_table *table, int write,
+static int ipv4_ping_group_range(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct user_namespace *user_ns =3D current_user_ns();
@@ -196,7 +197,7 @@ static int ipv4_ping_group_range(struct ctl_table *tabl=
e, int write,
 	return ret;
 }
=20
-static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
+static int ipv4_fwd_update_priority(const struct ctl_table *table, int wri=
te,
 				    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net;
@@ -212,7 +213,7 @@ static int ipv4_fwd_update_priority(struct ctl_table *t=
able, int write,
 	return ret;
 }
=20
-static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
+static int proc_tcp_congestion_control(const struct ctl_table *ctl, int wr=
ite,
 				       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D container_of(ctl->data, struct net,
@@ -232,7 +233,7 @@ static int proc_tcp_congestion_control(struct ctl_table=
 *ctl, int write,
 	return ret;
 }
=20
-static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
+static int proc_tcp_available_congestion_control(const struct ctl_table *c=
tl,
 						 int write, void *buffer,
 						 size_t *lenp, loff_t *ppos)
 {
@@ -248,7 +249,7 @@ static int proc_tcp_available_congestion_control(struct=
 ctl_table *ctl,
 	return ret;
 }
=20
-static int proc_allowed_congestion_control(struct ctl_table *ctl,
+static int proc_allowed_congestion_control(const struct ctl_table *ctl,
 					   int write, void *buffer,
 					   size_t *lenp, loff_t *ppos)
 {
@@ -285,7 +286,7 @@ static int sscanf_key(char *buf, __le32 *key)
 	return ret;
 }
=20
-static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
+static int proc_tcp_fastopen_key(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D container_of(table->data, struct net,
@@ -356,7 +357,7 @@ static int proc_tcp_fastopen_key(struct ctl_table *tabl=
e, int write,
 	return ret;
 }
=20
-static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
+static int proc_tfo_blackhole_detect_timeout(const struct ctl_table *table,
 					     int write, void *buffer,
 					     size_t *lenp, loff_t *ppos)
 {
@@ -371,7 +372,7 @@ static int proc_tfo_blackhole_detect_timeout(struct ctl=
_table *table,
 	return ret;
 }
=20
-static int proc_tcp_available_ulp(struct ctl_table *ctl,
+static int proc_tcp_available_ulp(const struct ctl_table *ctl,
 				  int write, void *buffer, size_t *lenp,
 				  loff_t *ppos)
 {
@@ -388,7 +389,7 @@ static int proc_tcp_available_ulp(struct ctl_table *ctl,
 	return ret;
 }
=20
-static int proc_tcp_ehash_entries(struct ctl_table *table, int write,
+static int proc_tcp_ehash_entries(const struct ctl_table *table, int write,
 				  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D container_of(table->data, struct net,
@@ -412,7 +413,7 @@ static int proc_tcp_ehash_entries(struct ctl_table *tab=
le, int write,
 	return proc_dointvec(&tbl, write, buffer, lenp, ppos);
 }
=20
-static int proc_udp_hash_entries(struct ctl_table *table, int write,
+static int proc_udp_hash_entries(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D container_of(table->data, struct net,
@@ -436,7 +437,7 @@ static int proc_udp_hash_entries(struct ctl_table *tabl=
e, int write,
 }
=20
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
-static int proc_fib_multipath_hash_policy(struct ctl_table *table, int wri=
te,
+static int proc_fib_multipath_hash_policy(const struct ctl_table *table, i=
nt write,
 					  void *buffer, size_t *lenp,
 					  loff_t *ppos)
 {
@@ -451,7 +452,7 @@ static int proc_fib_multipath_hash_policy(struct ctl_ta=
ble *table, int write,
 	return ret;
 }
=20
-static int proc_fib_multipath_hash_fields(struct ctl_table *table, int wri=
te,
+static int proc_fib_multipath_hash_fields(const struct ctl_table *table, i=
nt write,
 					  void *buffer, size_t *lenp,
 					  loff_t *ppos)
 {
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index aa5654d29334..6732ee1bb901 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -859,7 +859,7 @@ static void addrconf_forward_change(struct net *net, __=
s32 newf)
 	}
 }
=20
-static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int =
newf)
+static int addrconf_fixup_forwarding(const struct ctl_table *table, int *p=
, int newf)
 {
 	struct net *net;
 	int old;
@@ -927,7 +927,7 @@ static void addrconf_linkdown_change(struct net *net, _=
_s32 newf)
 	}
 }
=20
-static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int ne=
wf)
+static int addrconf_fixup_linkdown(const struct ctl_table *table, int *p, =
int newf)
 {
 	struct net *net;
 	int old;
@@ -6258,7 +6258,7 @@ static void ipv6_ifa_notify(int event, struct inet6_i=
faddr *ifp)
=20
 #ifdef CONFIG_SYSCTL
=20
-static int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_forward(const struct ctl_table *ctl, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D ctl->data;
@@ -6283,7 +6283,7 @@ static int addrconf_sysctl_forward(struct ctl_table *=
ctl, int write,
 	return ret;
 }
=20
-static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_mtu(const struct ctl_table *ctl, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct inet6_dev *idev =3D ctl->extra1;
@@ -6327,7 +6327,7 @@ static void addrconf_disable_change(struct net *net, =
__s32 newf)
 	}
 }
=20
-static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
+static int addrconf_disable_ipv6(const struct ctl_table *table, int *p, in=
t newf)
 {
 	struct net *net;
 	int old;
@@ -6354,7 +6354,7 @@ static int addrconf_disable_ipv6(struct ctl_table *ta=
ble, int *p, int newf)
 	return 0;
 }
=20
-static int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_disable(const struct ctl_table *ctl, int write,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D ctl->data;
@@ -6379,7 +6379,7 @@ static int addrconf_sysctl_disable(struct ctl_table *=
ctl, int write,
 	return ret;
 }
=20
-static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_proxy_ndp(const struct ctl_table *ctl, int writ=
e,
 		void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D ctl->data;
@@ -6420,7 +6420,7 @@ static int addrconf_sysctl_proxy_ndp(struct ctl_table=
 *ctl, int write,
 	return ret;
 }
=20
-static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_addr_gen_mode(const struct ctl_table *ctl, int =
write,
 					 void *buffer, size_t *lenp,
 					 loff_t *ppos)
 {
@@ -6482,7 +6482,7 @@ static int addrconf_sysctl_addr_gen_mode(struct ctl_t=
able *ctl, int write,
 	return ret;
 }
=20
-static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
+static int addrconf_sysctl_stable_secret(const struct ctl_table *ctl, int =
write,
 					 void *buffer, size_t *lenp,
 					 loff_t *ppos)
 {
@@ -6549,7 +6549,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_t=
able *ctl, int write,
 }
=20
 static
-int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
+int addrconf_sysctl_ignore_routes_with_linkdown(const struct ctl_table *ct=
l,
 						int write, void *buffer,
 						size_t *lenp,
 						loff_t *ppos)
@@ -6617,7 +6617,7 @@ void addrconf_disable_policy_idev(struct inet6_dev *i=
dev, int val)
 }
=20
 static
-int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val)
+int addrconf_disable_policy(const struct ctl_table *ctl, int *valp, int va=
l)
 {
 	struct inet6_dev *idev;
 	struct net *net;
@@ -6650,8 +6650,9 @@ int addrconf_disable_policy(struct ctl_table *ctl, in=
t *valp, int val)
 	return 0;
 }
=20
-static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
-				   void *buffer, size_t *lenp, loff_t *ppos)
+static int addrconf_sysctl_disable_policy(const struct ctl_table *ctl,
+					  int write, void *buffer, size_t *lenp,
+					  loff_t *ppos)
 {
 	int *valp =3D ctl->data;
 	int val =3D *valp;
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index a19999b30bc0..e423b4fe0836 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1922,7 +1922,7 @@ static struct notifier_block ndisc_netdev_notifier =
=3D {
 };
=20
 #ifdef CONFIG_SYSCTL
-static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
+static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
 					 const char *func, const char *dev_name)
 {
 	static char warncomm[TASK_COMM_LEN];
@@ -1937,7 +1937,7 @@ static void ndisc_warn_deprecated_sysctl(struct ctl_t=
able *ctl,
 	}
 }
=20
-int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buf=
fer,
+int ndisc_ifinfo_sysctl_change(const struct ctl_table *ctl, int write, voi=
d *buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	struct net_device *dev =3D ctl->extra1;
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b132feae3393..a318fba122b3 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -6325,7 +6325,7 @@ static int rt6_stats_seq_show(struct seq_file *seq, v=
oid *v)
=20
 #ifdef CONFIG_SYSCTL
=20
-static int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
+static int ipv6_sysctl_rtcache_flush(const struct ctl_table *ctl, int writ=
e,
 			      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net;
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 75de55f907b0..e5a4cbc3e8c3 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -30,7 +30,7 @@ static u32 rt6_multipath_hash_fields_all_mask =3D
 static u32 ioam6_id_max =3D IOAM6_DEFAULT_ID;
 static u64 ioam6_id_wide_max =3D IOAM6_DEFAULT_ID_WIDE;
=20
-static int proc_rt6_multipath_hash_policy(struct ctl_table *table, int wri=
te,
+static int proc_rt6_multipath_hash_policy(const struct ctl_table *table, i=
nt write,
 					  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net;
@@ -46,7 +46,7 @@ static int proc_rt6_multipath_hash_policy(struct ctl_tabl=
e *table, int write,
 }
=20
 static int
-proc_rt6_multipath_hash_fields(struct ctl_table *table, int write, void *b=
uffer,
+proc_rt6_multipath_hash_fields(const struct ctl_table *table, int write, v=
oid *buffer,
 			       size_t *lenp, loff_t *ppos)
 {
 	struct net *net;
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 832b63bb5646..c107de0b4e49 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1363,7 +1363,7 @@ static int mpls_netconf_dump_devconf(struct sk_buff *=
skb,
 #define MPLS_PERDEV_SYSCTL_OFFSET(field)	\
 	(&((struct mpls_dev *)0)->field)
=20
-static int mpls_conf_proc(struct ctl_table *ctl, int write,
+static int mpls_conf_proc(const struct ctl_table *ctl, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int oval =3D *(int *)ctl->data;
@@ -2615,7 +2615,7 @@ static int resize_platform_label_table(struct net *ne=
t, size_t limit)
 	return -ENOMEM;
 }
=20
-static int mpls_platform_labels(struct ctl_table *table, int write,
+static int mpls_platform_labels(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D table->data;
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 143a341bbc0a..8b7720925699 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1846,7 +1846,7 @@ static int ip_vs_zero_all(struct netns_ipvs *ipvs)
 #ifdef CONFIG_SYSCTL
=20
 static int
-proc_do_defense_mode(struct ctl_table *table, int write,
+proc_do_defense_mode(const struct ctl_table *table, int write,
 		     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
@@ -1873,7 +1873,7 @@ proc_do_defense_mode(struct ctl_table *table, int wri=
te,
 }
=20
 static int
-proc_do_sync_threshold(struct ctl_table *table, int write,
+proc_do_sync_threshold(const struct ctl_table *table, int write,
 		       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
@@ -1901,7 +1901,7 @@ proc_do_sync_threshold(struct ctl_table *table, int w=
rite,
 }
=20
 static int
-proc_do_sync_ports(struct ctl_table *table, int write,
+proc_do_sync_ports(const struct ctl_table *table, int write,
 		   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int *valp =3D table->data;
@@ -1924,7 +1924,7 @@ proc_do_sync_ports(struct ctl_table *table, int write,
 	return rc;
 }
=20
-static int ipvs_proc_est_cpumask_set(struct ctl_table *table, void *buffer)
+static int ipvs_proc_est_cpumask_set(const struct ctl_table *table, void *=
buffer)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
 	cpumask_var_t *valp =3D table->data;
@@ -1962,7 +1962,7 @@ static int ipvs_proc_est_cpumask_set(struct ctl_table=
 *table, void *buffer)
 	return ret;
 }
=20
-static int ipvs_proc_est_cpumask_get(struct ctl_table *table, void *buffer,
+static int ipvs_proc_est_cpumask_get(const struct ctl_table *table, void *=
buffer,
 				     size_t size)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
@@ -1983,7 +1983,7 @@ static int ipvs_proc_est_cpumask_get(struct ctl_table=
 *table, void *buffer,
 	return ret;
 }
=20
-static int ipvs_proc_est_cpulist(struct ctl_table *table, int write,
+static int ipvs_proc_est_cpulist(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
@@ -2010,7 +2010,7 @@ static int ipvs_proc_est_cpulist(struct ctl_table *ta=
ble, int write,
 	return ret;
 }
=20
-static int ipvs_proc_est_nice(struct ctl_table *table, int write,
+static int ipvs_proc_est_nice(const struct ctl_table *table, int write,
 			      void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
@@ -2040,7 +2040,7 @@ static int ipvs_proc_est_nice(struct ctl_table *table=
, int write,
 	return ret;
 }
=20
-static int ipvs_proc_run_estimation(struct ctl_table *table, int write,
+static int ipvs_proc_run_estimation(const struct ctl_table *table, int wri=
te,
 				    void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct netns_ipvs *ipvs =3D table->extra2;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_con=
ntrack_standalone.c
index bb9dea676ec1..3d5284639ca8 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -527,7 +527,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_count);
 static unsigned int nf_conntrack_htable_size_user __read_mostly;
=20
 static int
-nf_conntrack_hash_sysctl(struct ctl_table *table, int write,
+nf_conntrack_hash_sysctl(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/net/netfilter/nf_hooks_lwtunnel.c b/net/netfilter/nf_hooks_lwt=
unnel.c
index 00e89ffd78f6..3d237f9cc8ee 100644
--- a/net/netfilter/nf_hooks_lwtunnel.c
+++ b/net/netfilter/nf_hooks_lwtunnel.c
@@ -25,7 +25,7 @@ static inline int nf_hooks_lwtunnel_set(int enable)
 }
=20
 #ifdef CONFIG_SYSCTL
-int nf_hooks_lwtunnel_sysctl_handler(struct ctl_table *table, int write,
+int nf_hooks_lwtunnel_sysctl_handler(const struct ctl_table *table, int wr=
ite,
 				     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int proc_nf_hooks_lwtunnel_enabled =3D 0;
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 2e897a9f0689..9432a6c6c140 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -403,7 +403,7 @@ static struct ctl_table nf_log_sysctl_ftable[] =3D {
 	{ }
 };
=20
-static int nf_log_proc_dostring(struct ctl_table *table, int write,
+static int nf_log_proc_dostring(const struct ctl_table *table, int write,
 			 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	const struct nf_logger *logger;
diff --git a/net/phonet/sysctl.c b/net/phonet/sysctl.c
index 0d0bf41381c2..e59d16e67376 100644
--- a/net/phonet/sysctl.c
+++ b/net/phonet/sysctl.c
@@ -48,7 +48,7 @@ void phonet_get_local_port_range(int *min, int *max)
 	} while (read_seqretry(&local_port_range_lock, seq));
 }
=20
-static int proc_local_port_range(struct ctl_table *table, int write,
+static int proc_local_port_range(const struct ctl_table *table, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 2dba7505b414..d23ea8c11902 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -61,7 +61,7 @@ static atomic_t rds_tcp_unloading =3D ATOMIC_INIT(0);
=20
 static struct kmem_cache *rds_tcp_conn_slab;
=20
-static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write,
+static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write,
 				 void *buffer, size_t *lenp, loff_t *fpos);
=20
 static int rds_tcp_min_sndbuf =3D SOCK_MIN_SNDBUF;
@@ -683,7 +683,7 @@ static void rds_tcp_sysctl_reset(struct net *net)
 	spin_unlock_irq(&rds_tcp_conn_lock);
 }
=20
-static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write,
+static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write,
 				 void *buffer, size_t *lenp, loff_t *fpos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 25bdf17c7262..8317421d1b83 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -43,19 +43,19 @@ static unsigned long max_autoclose_max =3D
 	(MAX_SCHEDULE_TIMEOUT / HZ > UINT_MAX)
 	? UINT_MAX : MAX_SCHEDULE_TIMEOUT / HZ;
=20
-static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
+static int proc_sctp_do_hmac_alg(const struct ctl_table *ctl, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
+static int proc_sctp_do_rto_min(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, void *bu=
ffer,
+static int proc_sctp_do_rto_max(const struct ctl_table *ctl, int write, vo=
id *buffer,
 				size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, void *b=
uffer,
+static int proc_sctp_do_udp_port(const struct ctl_table *ctl, int write, v=
oid *buffer,
 				 size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
+static int proc_sctp_do_alpha_beta(const struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
+static int proc_sctp_do_auth(const struct ctl_table *ctl, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos);
-static int proc_sctp_do_probe_interval(struct ctl_table *ctl, int write,
+static int proc_sctp_do_probe_interval(const struct ctl_table *ctl, int wr=
ite,
 				       void *buffer, size_t *lenp, loff_t *ppos);
=20
 static struct ctl_table sctp_table[] =3D {
@@ -388,7 +388,7 @@ static struct ctl_table sctp_net_table[] =3D {
 	{ /* sentinel */ }
 };
=20
-static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
+static int proc_sctp_do_hmac_alg(const struct ctl_table *ctl, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
@@ -433,7 +433,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl,=
 int write,
 	return ret;
 }
=20
-static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
+static int proc_sctp_do_rto_min(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
@@ -461,7 +461,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, =
int write,
 	return ret;
 }
=20
-static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
+static int proc_sctp_do_rto_max(const struct ctl_table *ctl, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
@@ -489,7 +489,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, =
int write,
 	return ret;
 }
=20
-static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
+static int proc_sctp_do_alpha_beta(const struct ctl_table *ctl, int write,
 				   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (write)
@@ -499,7 +499,7 @@ static int proc_sctp_do_alpha_beta(struct ctl_table *ct=
l, int write,
 	return proc_dointvec_minmax(ctl, write, buffer, lenp, ppos);
 }
=20
-static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
+static int proc_sctp_do_auth(const struct ctl_table *ctl, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
@@ -528,7 +528,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int=
 write,
 	return ret;
 }
=20
-static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write,
+static int proc_sctp_do_udp_port(const struct ctl_table *ctl, int write,
 				 void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
@@ -569,7 +569,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl,=
 int write,
 	return ret;
 }
=20
-static int proc_sctp_do_probe_interval(struct ctl_table *ctl, int write,
+static int proc_sctp_do_probe_interval(const struct ctl_table *ctl, int wr=
ite,
 				       void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct net *net =3D current->nsproxy->net_ns;
diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index 93941ab12549..672067efacef 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -40,7 +40,7 @@ EXPORT_SYMBOL_GPL(nlm_debug);
=20
 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
=20
-static int proc_do_xprt(struct ctl_table *table, int write,
+static int proc_do_xprt(const struct ctl_table *table, int write,
 			void *buffer, size_t *lenp, loff_t *ppos)
 {
 	char tmpbuf[256];
@@ -62,8 +62,8 @@ static int proc_do_xprt(struct ctl_table *table, int writ=
e,
 }
=20
 static int
-proc_dodebug(struct ctl_table *table, int write, void *buffer, size_t *len=
p,
-	     loff_t *ppos)
+proc_dodebug(const struct ctl_table *table, int write, void *buffer,
+	     size_t *lenp, loff_t *ppos)
 {
 	char		tmpbuf[20], *s =3D NULL;
 	char *p;
diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
index f0d5eeed4c88..fb1d5432080e 100644
--- a/net/sunrpc/xprtrdma/svc_rdma.c
+++ b/net/sunrpc/xprtrdma/svc_rdma.c
@@ -74,7 +74,7 @@ enum {
 	SVCRDMA_COUNTER_BUFSIZ	=3D sizeof(unsigned long long),
 };
=20
-static int svcrdma_counter_handler(struct ctl_table *table, int write,
+static int svcrdma_counter_handler(const struct ctl_table *table, int writ=
e,
 				   void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct percpu_counter *stat =3D (struct percpu_counter *)table->data;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 4981bdf02993..2828aadcd732 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1980,7 +1980,7 @@ static int __init alloc_buffers(void)
 }
=20
 #ifdef CONFIG_SYSCTL
-static int apparmor_dointvec(struct ctl_table *table, int write,
+static int apparmor_dointvec(const struct ctl_table *table, int write,
 			     void *buffer, size_t *lenp, loff_t *ppos)
 {
 	if (!aa_current_policy_admin_capable(NULL))
diff --git a/security/min_addr.c b/security/min_addr.c
index 88c9a6a21f47..0ce267c041ab 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -29,7 +29,7 @@ static void update_mmap_min_addr(void)
  * sysctl handler which just sets dac_mmap_min_addr =3D the new value and =
then
  * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
  */
-int mmap_min_addr_handler(struct ctl_table *table, int write,
+int mmap_min_addr_handler(const struct ctl_table *table, int write,
 			  void *buffer, size_t *lenp, loff_t *ppos)
 {
 	int ret;
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 2503cf153d4a..9cb8e7cded56 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -429,7 +429,7 @@ static struct security_hook_list yama_hooks[] __ro_afte=
r_init =3D {
 };
=20
 #ifdef CONFIG_SYSCTL
-static int yama_dointvec_minmax(struct ctl_table *table, int write,
+static int yama_dointvec_minmax(const struct ctl_table *table, int write,
 				void *buffer, size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table table_copy;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 136B1C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343701AbjLDHxV (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:21 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55882 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234773AbjLDHwr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:47 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B27771B1;
        Sun,  3 Dec 2023 23:52:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=qsEBHDax+s7znxB3EesnA+Cx/J6JWc+CwYaqV7C/mz4=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=hfVmBXDqoE2YJJldVofqpz/WfcE44RA5hrjOLjKrsSgg8+Vqz84+o+k8l9htgRRuh
         GNgCzJ2F8uqa8XxJuyz10kUjmac79RpTKqgK2TP3AAPjAx7N0rDGu3MpOebqHilblI
         e96AYqMrxRiH3i0WeQj0kc2hdK4B6hopDMqYiW6c=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:26 +0100
Subject: [PATCH v2 13/18] sysctl: move sysctl type to ctl_table_header
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-13-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=3565;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=qsEBHDax+s7znxB3EesnA+Cx/J6JWc+CwYaqV7C/mz4=;
 b=tMIii9ffAADr2UzePskIfAqvkha4rSZzcbOgaBFMjvqiqSSnOcNxY/LJgEC+njVgyCMiCAdq9
 SW3QXP7NxdDA0aQiXdPhxD49iCJoOupbeLO1zlHRwAauVfNse8Y++Ct
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In a future commit the sysctl core will only use
"const struct ctl_table". As a preparation for that move this mutable
field from "struct ctl_table" to "struct ctl_table_header".

This is also more correct in general as this is in fact a property of
the header and not the table itself.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 fs/proc/proc_sysctl.c  | 11 ++++++-----
 include/linux/sysctl.h | 22 +++++++++++-----------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 689a30196d0c..a398cc77637f 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -31,7 +31,7 @@ static const struct inode_operations proc_sys_dir_operati=
ons;
=20
 /* Support for permanently empty directories */
 static struct ctl_table sysctl_mount_point[] =3D {
-	{.type =3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY }
+	{ }
 };
=20
 /**
@@ -49,11 +49,11 @@ struct ctl_table_header *register_sysctl_mount_point(co=
nst char *path)
 EXPORT_SYMBOL(register_sysctl_mount_point);
=20
 #define sysctl_is_perm_empty_ctl_header(hptr)		\
-	(hptr->ctl_table[0].type =3D=3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
+	(hptr->type =3D=3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
 #define sysctl_set_perm_empty_ctl_header(hptr)		\
-	(hptr->ctl_table[0].type =3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
+	(hptr->type =3D SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
 #define sysctl_clear_perm_empty_ctl_header(hptr)	\
-	(hptr->ctl_table[0].type =3D SYSCTL_TABLE_TYPE_DEFAULT)
+	(hptr->type =3D SYSCTL_TABLE_TYPE_DEFAULT)
=20
 void proc_sys_poll_notify(struct ctl_table_poll *poll)
 {
@@ -231,7 +231,8 @@ static int insert_header(struct ctl_dir *dir, struct ct=
l_table_header *header)
 		return -EROFS;
=20
 	/* Am I creating a permanently empty directory? */
-	if (sysctl_is_perm_empty_ctl_header(header)) {
+	if (header->ctl_table =3D=3D sysctl_mount_point ||
+	    sysctl_is_perm_empty_ctl_header(header)) {
 		if (!RB_EMPTY_ROOT(&dir->root))
 			return -EINVAL;
 		sysctl_set_perm_empty_ctl_header(dir_h);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index ada36ef8cecb..061ea65104be 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -137,17 +137,6 @@ struct ctl_table {
 	void *data;
 	int maxlen;
 	umode_t mode;
-	/**
-	 * enum type - Enumeration to differentiate between ctl target types
-	 * @SYSCTL_TABLE_TYPE_DEFAULT: ctl target with no special considerations
-	 * @SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY: Used to identify a permanently
-	 *                                       empty directory target to serve
-	 *                                       as mount point.
-	 */
-	enum {
-		SYSCTL_TABLE_TYPE_DEFAULT,
-		SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY
-	} type;
 	proc_handler *proc_handler;	/* Callback for text formatting */
 	struct ctl_table_poll *poll;
 	void *extra1;
@@ -188,6 +177,17 @@ struct ctl_table_header {
 	struct ctl_dir *parent;
 	struct ctl_node *node;
 	struct hlist_head inodes; /* head for proc_inode->sysctl_inodes */
+	/**
+	 * enum type - Enumeration to differentiate between ctl target types
+	 * @SYSCTL_TABLE_TYPE_DEFAULT: ctl target with no special considerations
+	 * @SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY: Used to identify a permanently
+	 *                                       empty directory target to serve
+	 *                                       as mount point.
+	 */
+	enum {
+		SYSCTL_TABLE_TYPE_DEFAULT,
+		SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY
+	} type;
 };
=20
 struct ctl_dir {

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8FACC4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343598AbjLDHxi (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:38 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55910 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234793AbjLDHwt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:49 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35CC7D40;
        Sun,  3 Dec 2023 23:52:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=9nBMacsanlhzZJASTxZhPJi991jsWkTabtKO81fhipo=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=jvhWRH89Ic9vDUHTzSt8Uh+iGp7YizRcPKiVw81WlZX1yZnc/R2JZUORrhSjYpzeo
         DRxt93ZsBTvHlu/kMmI4oH4Yh317qatN1y4rxBg696Q5SkxftQrOMSY3ez1kgHUF4T
         Boi8nAL7vzG5r+kw9udhZbdDALc2GjNei+vbt+bU=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:27 +0100
Subject: [PATCH v2 14/18] sysctl: move internal interfaces to const struct
 ctl_table
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-14-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=13639;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=9nBMacsanlhzZJASTxZhPJi991jsWkTabtKO81fhipo=;
 b=d9aQrvd48wyO+t/Vy/qlJHL1hqbyG3yItKw5Tjbj44p8a6JshvGWXkVDo+4pPt8ZadWp4E9TJ
 8AIbS1RDcJ1ADppPe9iRU6AOt5P7CSzSZEz0Tu8nAC3q4oJ5YZ0Hb5Q
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

As a preparation to make all the sysctl code work with
const struct ctl_table switch over the internal function to use the
const variant.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 fs/proc/internal.h     |  2 +-
 fs/proc/proc_sysctl.c  | 81 +++++++++++++++++++++++++---------------------=
----
 include/linux/sysctl.h |  2 +-
 3 files changed, 43 insertions(+), 42 deletions(-)

diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 9a8f32f21ff5..36d6bf581688 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -101,7 +101,7 @@ struct proc_inode {
 	union proc_op op;
 	struct proc_dir_entry *pde;
 	struct ctl_table_header *sysctl;
-	struct ctl_table *sysctl_entry;
+	const struct ctl_table *sysctl_entry;
 	struct hlist_node sibling_inodes;
 	const struct proc_ns_operations *ns_ops;
 	struct inode vfs_inode;
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index a398cc77637f..e7fd1680d479 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -86,7 +86,7 @@ static DEFINE_SPINLOCK(sysctl_lock);
=20
 static void drop_sysctl_table(struct ctl_table_header *header);
 static int sysctl_follow_link(struct ctl_table_header **phead,
-	struct ctl_table **pentry);
+	const struct ctl_table **pentry);
 static int insert_links(struct ctl_table_header *head);
 static void put_links(struct ctl_table_header *header);
=20
@@ -108,11 +108,11 @@ static int namecmp(const char *name1, int len1, const=
 char *name2, int len2)
 }
=20
 /* Called under sysctl_lock */
-static struct ctl_table *find_entry(struct ctl_table_header **phead,
+static const struct ctl_table *find_entry(struct ctl_table_header **phead,
 	struct ctl_dir *dir, const char *name, int namelen)
 {
 	struct ctl_table_header *head;
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
 	struct rb_node *node =3D dir->root.rb_node;
=20
 	while (node)
@@ -139,7 +139,7 @@ static struct ctl_table *find_entry(struct ctl_table_he=
ader **phead,
 	return NULL;
 }
=20
-static int insert_entry(struct ctl_table_header *head, struct ctl_table *e=
ntry)
+static int insert_entry(struct ctl_table_header *head, const struct ctl_ta=
ble *entry)
 {
 	struct rb_node *node =3D &head->node[entry - head->ctl_table].node;
 	struct rb_node **p =3D &head->parent->root.rb_node;
@@ -149,7 +149,7 @@ static int insert_entry(struct ctl_table_header *head, =
struct ctl_table *entry)
=20
 	while (*p) {
 		struct ctl_table_header *parent_head;
-		struct ctl_table *parent_entry;
+		const struct ctl_table *parent_entry;
 		struct ctl_node *parent_node;
 		const char *parent_name;
 		int cmp;
@@ -178,7 +178,7 @@ static int insert_entry(struct ctl_table_header *head, =
struct ctl_table *entry)
 	return 0;
 }
=20
-static void erase_entry(struct ctl_table_header *head, struct ctl_table *e=
ntry)
+static void erase_entry(struct ctl_table_header *head, const struct ctl_ta=
ble *entry)
 {
 	struct rb_node *node =3D &head->node[entry - head->ctl_table].node;
=20
@@ -187,7 +187,7 @@ static void erase_entry(struct ctl_table_header *head, =
struct ctl_table *entry)
=20
 static void init_header(struct ctl_table_header *head,
 	struct ctl_table_root *root, struct ctl_table_set *set,
-	struct ctl_node *node, struct ctl_table *table, size_t table_size)
+	struct ctl_node *node, const struct ctl_table *table, size_t table_size)
 {
 	head->ctl_table =3D table;
 	head->ctl_table_size =3D table_size;
@@ -202,7 +202,7 @@ static void init_header(struct ctl_table_header *head,
 	head->node =3D node;
 	INIT_HLIST_HEAD(&head->inodes);
 	if (node) {
-		struct ctl_table *entry;
+		const struct ctl_table *entry;
=20
 		list_for_each_table_entry(entry, head) {
 			node->header =3D head;
@@ -213,7 +213,7 @@ static void init_header(struct ctl_table_header *head,
=20
 static void erase_header(struct ctl_table_header *head)
 {
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
=20
 	list_for_each_table_entry(entry, head)
 		erase_entry(head, entry);
@@ -221,7 +221,7 @@ static void erase_header(struct ctl_table_header *head)
=20
 static int insert_header(struct ctl_dir *dir, struct ctl_table_header *hea=
der)
 {
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
 	struct ctl_table_header *dir_h =3D &dir->header;
 	int err;
=20
@@ -341,12 +341,12 @@ lookup_header_set(struct ctl_table_root *root)
 	return set;
 }
=20
-static struct ctl_table *lookup_entry(struct ctl_table_header **phead,
-				      struct ctl_dir *dir,
-				      const char *name, int namelen)
+static const struct ctl_table *lookup_entry(struct ctl_table_header **phea=
d,
+					    struct ctl_dir *dir,
+					    const char *name, int namelen)
 {
 	struct ctl_table_header *head;
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
=20
 	spin_lock(&sysctl_lock);
 	entry =3D find_entry(&head, dir, name, namelen);
@@ -371,10 +371,10 @@ static struct ctl_node *first_usable_entry(struct rb_=
node *node)
 }
=20
 static void first_entry(struct ctl_dir *dir,
-	struct ctl_table_header **phead, struct ctl_table **pentry)
+	struct ctl_table_header **phead, const struct ctl_table **pentry)
 {
 	struct ctl_table_header *head =3D NULL;
-	struct ctl_table *entry =3D NULL;
+	const struct ctl_table *entry =3D NULL;
 	struct ctl_node *ctl_node;
=20
 	spin_lock(&sysctl_lock);
@@ -388,10 +388,10 @@ static void first_entry(struct ctl_dir *dir,
 	*pentry =3D entry;
 }
=20
-static void next_entry(struct ctl_table_header **phead, struct ctl_table *=
*pentry)
+static void next_entry(struct ctl_table_header **phead, const struct ctl_t=
able **pentry)
 {
 	struct ctl_table_header *head =3D *phead;
-	struct ctl_table *entry =3D *pentry;
+	const struct ctl_table *entry =3D *pentry;
 	struct ctl_node *ctl_node =3D &head->node[entry - head->ctl_table];
=20
 	spin_lock(&sysctl_lock);
@@ -424,7 +424,7 @@ static int test_perm(int mode, int op)
 	return -EACCES;
 }
=20
-static int sysctl_perm(struct ctl_table_header *head, struct ctl_table *ta=
ble, int op)
+static int sysctl_perm(struct ctl_table_header *head, const struct ctl_tab=
le *table, int op)
 {
 	struct ctl_table_root *root =3D head->root;
 	int mode;
@@ -438,7 +438,7 @@ static int sysctl_perm(struct ctl_table_header *head, s=
truct ctl_table *table, i
 }
=20
 static struct inode *proc_sys_make_inode(struct super_block *sb,
-		struct ctl_table_header *head, struct ctl_table *table)
+		struct ctl_table_header *head, const struct ctl_table *table)
 {
 	struct ctl_table_root *root =3D head->root;
 	struct inode *inode;
@@ -511,7 +511,7 @@ static struct dentry *proc_sys_lookup(struct inode *dir=
, struct dentry *dentry,
 	struct ctl_table_header *head =3D grab_header(dir);
 	struct ctl_table_header *h =3D NULL;
 	const struct qstr *name =3D &dentry->d_name;
-	struct ctl_table *p;
+	const struct ctl_table *p;
 	struct inode *inode;
 	struct dentry *err =3D ERR_PTR(-ENOENT);
 	struct ctl_dir *ctl_dir;
@@ -554,7 +554,7 @@ static ssize_t proc_sys_call_handler(struct kiocb *iocb=
, struct iov_iter *iter,
 {
 	struct inode *inode =3D file_inode(iocb->ki_filp);
 	struct ctl_table_header *head =3D grab_header(inode);
-	struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
+	const struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
 	size_t count =3D iov_iter_count(iter);
 	char *kbuf;
 	ssize_t error;
@@ -628,7 +628,7 @@ static ssize_t proc_sys_write(struct kiocb *iocb, struc=
t iov_iter *iter)
 static int proc_sys_open(struct inode *inode, struct file *filp)
 {
 	struct ctl_table_header *head =3D grab_header(inode);
-	struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
+	const struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
=20
 	/* sysctl was unregistered */
 	if (IS_ERR(head))
@@ -646,7 +646,7 @@ static __poll_t proc_sys_poll(struct file *filp, poll_t=
able *wait)
 {
 	struct inode *inode =3D file_inode(filp);
 	struct ctl_table_header *head =3D grab_header(inode);
-	struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
+	const struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
 	__poll_t ret =3D DEFAULT_POLLMASK;
 	unsigned long event;
=20
@@ -677,7 +677,7 @@ static __poll_t proc_sys_poll(struct file *filp, poll_t=
able *wait)
 static bool proc_sys_fill_cache(struct file *file,
 				struct dir_context *ctx,
 				struct ctl_table_header *head,
-				struct ctl_table *table)
+				const struct ctl_table *table)
 {
 	struct dentry *child, *dir =3D file->f_path.dentry;
 	struct inode *inode;
@@ -726,7 +726,7 @@ static bool proc_sys_fill_cache(struct file *file,
 static bool proc_sys_link_fill_cache(struct file *file,
 				    struct dir_context *ctx,
 				    struct ctl_table_header *head,
-				    struct ctl_table *table)
+				    const struct ctl_table *table)
 {
 	bool ret =3D true;
=20
@@ -744,7 +744,7 @@ static bool proc_sys_link_fill_cache(struct file *file,
 	return ret;
 }
=20
-static int scan(struct ctl_table_header *head, struct ctl_table *table,
+static int scan(struct ctl_table_header *head, const struct ctl_table *tab=
le,
 		unsigned long *pos, struct file *file,
 		struct dir_context *ctx)
 {
@@ -768,7 +768,7 @@ static int proc_sys_readdir(struct file *file, struct d=
ir_context *ctx)
 {
 	struct ctl_table_header *head =3D grab_header(file_inode(file));
 	struct ctl_table_header *h =3D NULL;
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
 	struct ctl_dir *ctl_dir;
 	unsigned long pos;
=20
@@ -801,7 +801,7 @@ static int proc_sys_permission(struct mnt_idmap *idmap,
 	 * are _NOT_ writeable, capabilities or not.
 	 */
 	struct ctl_table_header *head;
-	struct ctl_table *table;
+	const struct ctl_table *table;
 	int error;
=20
 	/* Executable files are not allowed under /proc/sys/ */
@@ -845,7 +845,7 @@ static int proc_sys_getattr(struct mnt_idmap *idmap,
 {
 	struct inode *inode =3D d_inode(path->dentry);
 	struct ctl_table_header *head =3D grab_header(inode);
-	struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
+	const struct ctl_table *table =3D PROC_I(inode)->sysctl_entry;
=20
 	if (IS_ERR(head))
 		return PTR_ERR(head);
@@ -944,7 +944,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir,
 				   const char *name, int namelen)
 {
 	struct ctl_table_header *head;
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
=20
 	entry =3D find_entry(&head, dir, name, namelen);
 	if (!entry)
@@ -1055,12 +1055,12 @@ static struct ctl_dir *xlate_dir(struct ctl_table_s=
et *set, struct ctl_dir *dir)
 }
=20
 static int sysctl_follow_link(struct ctl_table_header **phead,
-	struct ctl_table **pentry)
+	const struct ctl_table **pentry)
 {
 	struct ctl_table_header *head;
+	const struct ctl_table *entry;
 	struct ctl_table_root *root;
 	struct ctl_table_set *set;
-	struct ctl_table *entry;
 	struct ctl_dir *dir;
 	int ret;
=20
@@ -1087,7 +1087,7 @@ static int sysctl_follow_link(struct ctl_table_header=
 **phead,
 	return ret;
 }
=20
-static int sysctl_err(const char *path, struct ctl_table *table, char *fmt=
, ...)
+static int sysctl_err(const char *path, const struct ctl_table *table, cha=
r *fmt, ...)
 {
 	struct va_format vaf;
 	va_list args;
@@ -1103,7 +1103,7 @@ static int sysctl_err(const char *path, struct ctl_ta=
ble *table, char *fmt, ...)
 	return -EINVAL;
 }
=20
-static int sysctl_check_table_array(const char *path, struct ctl_table *ta=
ble)
+static int sysctl_check_table_array(const char *path, const struct ctl_tab=
le *table)
 {
 	int err =3D 0;
=20
@@ -1128,7 +1128,7 @@ static int sysctl_check_table_array(const char *path,=
 struct ctl_table *table)
=20
 static int sysctl_check_table(const char *path, struct ctl_table_header *h=
eader)
 {
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
 	int err =3D 0;
 	list_for_each_table_entry(entry, header) {
 		if ((entry->proc_handler =3D=3D proc_dostring) ||
@@ -1162,8 +1162,9 @@ static int sysctl_check_table(const char *path, struc=
t ctl_table_header *header)
=20
 static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_=
table_header *head)
 {
-	struct ctl_table *link_table, *entry, *link;
+	struct ctl_table *link_table, *link;
 	struct ctl_table_header *links;
+	const struct ctl_table *entry;
 	struct ctl_node *node;
 	char *link_name;
 	int nr_entries, name_bytes;
@@ -1210,7 +1211,7 @@ static bool get_links(struct ctl_dir *dir,
 		      struct ctl_table_root *link_root)
 {
 	struct ctl_table_header *tmp_head;
-	struct ctl_table *entry, *link;
+	const struct ctl_table *entry, *link;
=20
 	/* Are there links available for every entry in table? */
 	list_for_each_table_entry(entry, header) {
@@ -1463,7 +1464,7 @@ static void put_links(struct ctl_table_header *header)
 	struct ctl_table_root *root =3D header->root;
 	struct ctl_dir *parent =3D header->parent;
 	struct ctl_dir *core_parent;
-	struct ctl_table *entry;
+	const struct ctl_table *entry;
=20
 	if (header->set =3D=3D root_set)
 		return;
@@ -1474,7 +1475,7 @@ static void put_links(struct ctl_table_header *header)
=20
 	list_for_each_table_entry(entry, header) {
 		struct ctl_table_header *link_head;
-		struct ctl_table *link;
+		const struct ctl_table *link;
 		const char *name =3D entry->procname;
=20
 		link =3D find_entry(&link_head, core_parent, name, strlen(name));
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 061ea65104be..2f4d577f2e93 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -162,7 +162,7 @@ struct ctl_node {
 struct ctl_table_header {
 	union {
 		struct {
-			struct ctl_table *ctl_table;
+			const struct ctl_table *ctl_table;
 			int ctl_table_size;
 			int used;
 			int count;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5F71EC4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343737AbjLDHx0 (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56072 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234699AbjLDHws (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:48 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B8471BE;
        Sun,  3 Dec 2023 23:52:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=Bgwfb+pVaZrTgWleM6LMFvhfRSLvAMWx6yDuVgjieRE=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=hS+KtsOGw+GkISuRELYWbCR6vRk45wcNHZKHpo4XsB5+XM3eXIrVJpfiK0t8zlEQI
         mIt3XWEubn3fTpXUeuFj8Yo1pDmok1buwCVfburMkLyYAOmG3cjdeIJ7NzYK4hRJY6
         UDnZrzYSCHhBMv1pgPXBF30Vu3at8PTzvtgbHQkc=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:28 +0100
Subject: [PATCH v2 15/18] sysctl: allow registration of const struct
 ctl_table
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-15-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=3419;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=Bgwfb+pVaZrTgWleM6LMFvhfRSLvAMWx6yDuVgjieRE=;
 b=hS2QmFvAg4VXxquXbstpDfzCkvr3rvB9crvRKmffiTA7i23BVWn4ObMCxEzeZPYrUhn2F4IbL
 N8KOruqBeCPCRkK62ZIkp4Hmw1w2oAsG+SM7NulyfuKFMlSyp2QJtZl
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This allows sysctl table to be put into read-only data.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 fs/proc/proc_sysctl.c  |  6 +++---
 include/linux/sysctl.h | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index e7fd1680d479..d09107a5b43f 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -1356,7 +1356,7 @@ static struct ctl_dir *sysctl_mkdir_p(struct ctl_dir =
*dir, const char *path)
  */
 struct ctl_table_header *__register_sysctl_table(
 	struct ctl_table_set *set,
-	const char *path, struct ctl_table *table, size_t table_size)
+	const char *path, const struct ctl_table *table, size_t table_size)
 {
 	struct ctl_table_root *root =3D set->dir.header.root;
 	struct ctl_table_header *header;
@@ -1417,7 +1417,7 @@ struct ctl_table_header *__register_sysctl_table(
  *
  * See __register_sysctl_table for more details.
  */
-struct ctl_table_header *register_sysctl_sz(const char *path, struct ctl_t=
able *table,
+struct ctl_table_header *register_sysctl_sz(const char *path, const struct=
 ctl_table *table,
 					    size_t table_size)
 {
 	return __register_sysctl_table(&sysctl_table_root.default_set,
@@ -1446,7 +1446,7 @@ EXPORT_SYMBOL(register_sysctl_sz);
  *
  * Context: if your base directory does not exist it will be created for y=
ou.
  */
-void __init __register_sysctl_init(const char *path, struct ctl_table *tab=
le,
+void __init __register_sysctl_init(const char *path, const struct ctl_tabl=
e *table,
 				 const char *table_name, size_t table_size)
 {
 	struct ctl_table_header *hdr =3D register_sysctl_sz(path, table, table_si=
ze);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 2f4d577f2e93..7c96d5abafc7 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -229,13 +229,13 @@ extern void retire_sysctl_set(struct ctl_table_set *s=
et);
=20
 struct ctl_table_header *__register_sysctl_table(
 	struct ctl_table_set *set,
-	const char *path, struct ctl_table *table, size_t table_size);
-struct ctl_table_header *register_sysctl_sz(const char *path, struct ctl_t=
able *table,
+	const char *path, const struct ctl_table *table, size_t table_size);
+struct ctl_table_header *register_sysctl_sz(const char *path, const struct=
 ctl_table *table,
 					    size_t table_size);
 void unregister_sysctl_table(struct ctl_table_header * table);
=20
 extern int sysctl_init_bases(void);
-extern void __register_sysctl_init(const char *path, struct ctl_table *tab=
le,
+extern void __register_sysctl_init(const char *path, const struct ctl_tabl=
e *table,
 				 const char *table_name, size_t table_size);
 #define register_sysctl_init(path, table)	\
 	__register_sysctl_init(path, table, #table, ARRAY_SIZE(table))
@@ -257,7 +257,7 @@ extern int no_unaligned_warning;
=20
 #else /* CONFIG_SYSCTL */
=20
-static inline void register_sysctl_init(const char *path, struct ctl_table=
 *table)
+static inline void register_sysctl_init(const char *path, const struct ctl=
_table *table)
 {
 }
=20
@@ -267,7 +267,7 @@ static inline struct ctl_table_header *register_sysctl_=
mount_point(const char *p
 }
=20
 static inline struct ctl_table_header *register_sysctl_sz(const char *path,
-							  struct ctl_table *table,
+							  const struct ctl_table *table,
 							  size_t table_size)
 {
 	return NULL;

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D5ADEC10DC3
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 08:08:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343784AbjLDHxc (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55946 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343498AbjLDHws (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:48 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2653D42;
        Sun,  3 Dec 2023 23:52:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=YBK5uUUq4Kh+mKXkGIMtbxBTs5GdJO+UnTKPHI6RDtU=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=HwF1ZmCkK3/cZsLZOJv8oo4VnkXsmy+e83QTxGR6OAMWy6034AS1J05Qn6iJDUsRa
         NARdauvNtYkyLtyyJLRFVL7ZgNTceZ1GxnYNFemiMoGsmcTpJCCoAvGGCwuh/bqW8H
         7eXQnHLp1awlSAlZluXVC2x32y7csTxkaF56ZgfA=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:29 +0100
Subject: [PATCH v2 16/18] const_structs.checkpatch: add ctl_table
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-16-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=637;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=YBK5uUUq4Kh+mKXkGIMtbxBTs5GdJO+UnTKPHI6RDtU=;
 b=nnAQEMVMy+ZyEC0A8HsNGfIvnZ+oZD9y9hLvLr/X2z+gUtVWX0NEtzyKPo6I2oGRHVEgqgT2b
 3WDkqH05KtyB4unVcVSlwDpFO055j+V5E2NTovlZVL9t8mub1r/wjSp
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Now that the sysctl core can handle "const struct ctl_table", make
sure that new usages of the struct already enter the tree as const.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 scripts/const_structs.checkpatch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/const_structs.checkpatch b/scripts/const_structs.check=
patch
index 188412aa2757..0621c2d652bb 100644
--- a/scripts/const_structs.checkpatch
+++ b/scripts/const_structs.checkpatch
@@ -5,6 +5,7 @@ block_device_operations
 clk_ops
 comedi_lrange
 component_ops
+ctl_table
 dentry_operations
 dev_pm_ops
 dma_map_ops

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CA45BC4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343754AbjLDHx2 (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:28 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55858 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343502AbjLDHws (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:48 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACF72D45;
        Sun,  3 Dec 2023 23:52:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=zByUx3Gq6P8LcvcqSjdgxm/5wuG+rVoanucvNQrnBwQ=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=rRkFq96C53W4Qa03A41B32MvmVyDQRkTNCbQcM+Xuz/1K/4p2IVfE2RJFXISV9AT8
         +m2cFw8KOv+tWlhuOzE6u2hMX6VCaCZMEltICxc898tMWOwUHR0wapekUgvvel1l/P
         8jLMdDolwt2ssl4Gs0CMz+V1cUJtzZejX/mM8hrk=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:30 +0100
Subject: [PATCH v2 17/18] sysctl: make ctl_table sysctl_mount_point const
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-17-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=707;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=zByUx3Gq6P8LcvcqSjdgxm/5wuG+rVoanucvNQrnBwQ=;
 b=T4fe4Y4H+z9NMgxNToLMvDIdzWzUsQ1ROmqM+wleaFzcaGQIwqyaLjcqz7LoArGFd6dKvGI3b
 rnc8VQL+TsKC8bU/mHopWYEMAy89LdgzfJW/9Gr5m8N/9iOqPxqaHiW
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is a first example on how to use const struct ctl_table.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 fs/proc/proc_sysctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index d09107a5b43f..f2b663e0be33 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -30,7 +30,7 @@ static const struct file_operations proc_sys_dir_file_ope=
rations;
 static const struct inode_operations proc_sys_dir_operations;
=20
 /* Support for permanently empty directories */
-static struct ctl_table sysctl_mount_point[] =3D {
+static const struct ctl_table sysctl_mount_point[] =3D {
 	{ }
 };
=20

--=20
2.43.0

From nobody Wed Dec 17 13:56:56 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 24E47C4167B
	for <linux-kernel@archiver.kernel.org>; Mon,  4 Dec 2023 07:53:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343623AbjLDHxM (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 4 Dec 2023 02:53:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55924 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234745AbjLDHwr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 02:52:47 -0500
Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 989AA1A7;
        Sun,  3 Dec 2023 23:52:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net;
        s=mail; t=1701676352;
        bh=iOBuDxNgWayHfZg8ll4jl4+gQO+POEL5ZSXO0IYskQo=;
        h=From:Date:Subject:References:In-Reply-To:To:Cc:From;
        b=STO8kui6mbh1g6598MiaxLRX5mQc341d0YjLWS7Nqws1kfRzH1lwxwoSt5ziD1VFK
         aSwpZnNYfLd9cTApCGEXs0XYNCcDuD8ICVixi2JcvAH+kMfhWhB0uQW14hHfUy14Br
         1s7Tge5tpoCyCqnF10AtWRGzNJCAb5+Q0gLsx8Ms=
From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
Date: Mon, 04 Dec 2023 08:52:31 +0100
Subject: [PATCH v2 18/18] sysctl: constify standard sysctl tables
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20231204-const-sysctl-v2-18-7a5060b11447@weissschuh.net>
References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
In-Reply-To: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net>
To: Kees Cook <keescook@chromium.org>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Iurii Zaikin <yzaikin@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Joel Granados <j.granados@samsung.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1701676350; l=624;
 i=linux@weissschuh.net; s=20221212; h=from:subject:message-id;
 bh=iOBuDxNgWayHfZg8ll4jl4+gQO+POEL5ZSXO0IYskQo=;
 b=bcxZcbAl3IUbAiyq3MmFXuykvVpQnzM+YWbExIJXohNBpBz3JEWJo7sT7X/oXLjwCNCq/Uf7w
 /af+RETE8JFBNjQumlPQ165901a6AM1OKKo8JHVeUGKYxVfkiX6XZfN
X-Developer-Key: i=linux@weissschuh.net; a=ed25519;
 pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw=
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Recent changes in the sysctl allow sysctl tables to be put into .rodata.

Signed-off-by: Thomas Wei=C3=9Fschuh <linux@weissschuh.net>
---
 kernel/sysctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d60daa4e36fc..e48a60887c7e 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1615,7 +1615,7 @@ int proc_do_static_key(const struct ctl_table *table,=
 int write,
 	return ret;
 }
=20
-static struct ctl_table kern_table[] =3D {
+static const struct ctl_table kern_table[] =3D {
 	{
 		.procname	=3D "panic",
 		.data		=3D &panic_timeout,

--=20
2.43.0