[v1] sysfs: constify struct bin_attribute (Part 1)

[PATCH RFC 00/10] sysfs: constify struct bin_attribute (Part 1)

Posted by Thomas Weißschuh 3 weeks, 3 days ago

struct bin_attribute contains a bunch of pointer members, which when
overwritten by accident or malice can lead to system instability and
security problems.
Moving the definitions of struct bin_attribute to read-only memory
makes these modifications impossible.
The same change has been performed for many other structures in the
past. (struct class, struct ctl_table...)

For the structure definitions throughout the core to be moved to
read-only memory the following steps are necessary.

1) Change all callbacks invoked from the sysfs core to only pass const
   pointers
2) Adapt the sysfs core to only work in terms of const pointers
3) Adapt the sysfs core APIs to allow const pointers
4) Change all structure definitions through the core to const

This series provides the foundation for step 1) above.
It converts some callbacks in a single step to const and provides a
foundation for those callbacks where a single step is not possible.

This series is marked as RFC and only sent to the sysfs maintainers to
get some feedback on the general aproach.
The same techniques employed by this series can later be reused for the
same change for 'struct attribute'.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
---
Thomas Weißschuh (10):
      sysfs: explicitly pass size to sysfs_add_bin_file_mode_ns()
      sysfs: introduce callback attribute_group::bin_size
      PCI/sysfs: Calculate bin_attribute size through bin_size()
      nvmem: core: calculate bin_attribute size through bin_size()
      sysfs: treewide: constify attribute callback of bin_is_visible()
      sysfs: treewide: constify attribute callback of bin_attribute::mmap()
      sysfs: drop callback bin_attribute::llseek
      sysfs: implement all BIN_ATTR_* macros in terms of __BIN_ATTR()
      sysfs: bin_attribute: add const read/write callback variants
      driver core: Constify attribute arguments of binary attributes

 drivers/base/node.c                     |   4 +-
 drivers/base/topology.c                 |   4 +-
 drivers/cxl/port.c                      |   2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c |   2 +-
 drivers/infiniband/hw/qib/qib_sysfs.c   |   2 +-
 drivers/misc/ocxl/sysfs.c               |   2 +-
 drivers/mtd/spi-nor/sysfs.c             |   2 +-
 drivers/nvmem/core.c                    |  16 ++++-
 drivers/pci/p2pdma.c                    |   2 +-
 drivers/pci/pci-sysfs.c                 |  36 +++++++-----
 drivers/pci/vpd.c                       |   2 +-
 drivers/platform/x86/amd/hsmp.c         |   2 +-
 drivers/platform/x86/intel/pmt/class.c  |   2 +-
 drivers/platform/x86/intel/sdsi.c       |   2 +-
 drivers/scsi/scsi_sysfs.c               |   2 +-
 drivers/uio/uio_hv_generic.c            |   2 +-
 drivers/usb/core/sysfs.c                |   2 +-
 fs/sysfs/file.c                         |  32 +++++-----
 fs/sysfs/group.c                        |   5 +-
 fs/sysfs/sysfs.h                        |   2 +-
 include/linux/sysfs.h                   | 100 +++++++++++++++++++-------------
 21 files changed, 132 insertions(+), 93 deletions(-)
---
base-commit: e42b1a9a2557aa94fee47f078633677198386a52
change-id: 20241028-sysfs-const-bin_attr-a00896481d0b

Best regards,
-- 
Thomas Weißschuh <linux@weissschuh.net>

Re: [PATCH RFC 00/10] sysfs: constify struct bin_attribute (Part 1)

Posted by Greg Kroah-Hartman 3 weeks, 2 days ago

On Thu, Oct 31, 2024 at 02:43:49AM +0000, Thomas Weißschuh wrote:
> struct bin_attribute contains a bunch of pointer members, which when
> overwritten by accident or malice can lead to system instability and
> security problems.
> Moving the definitions of struct bin_attribute to read-only memory
> makes these modifications impossible.
> The same change has been performed for many other structures in the
> past. (struct class, struct ctl_table...)
> 
> For the structure definitions throughout the core to be moved to
> read-only memory the following steps are necessary.
> 
> 1) Change all callbacks invoked from the sysfs core to only pass const
>    pointers
> 2) Adapt the sysfs core to only work in terms of const pointers
> 3) Adapt the sysfs core APIs to allow const pointers
> 4) Change all structure definitions through the core to const
> 
> This series provides the foundation for step 1) above.
> It converts some callbacks in a single step to const and provides a
> foundation for those callbacks where a single step is not possible.
> 
> This series is marked as RFC and only sent to the sysfs maintainers to
> get some feedback on the general aproach.
> The same techniques employed by this series can later be reused for the
> same change for 'struct attribute'.
> 
> Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>

At a quick glance, this is great!  I'll review it "better" next week
when my travel calms down, so if you want to resend this as a non-rfc
patch, and it looks sane, I'll be glad to queue it up.

thanks!

greg k-h