1. Patchew
  2. linux
  3. View series

[PATCH] fs/proc/namespaces: make ns_entries const

Max Kellermann posted 1 patch 3 weeks, 2 days ago 
fs/proc/namespaces.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
[PATCH] fs/proc/namespaces: make ns_entries const
Posted by Max Kellermann 3 weeks, 2 days ago 
Global variables that are never modified should be "const" so so that
they live in the .rodata section instead of the .data section of the
kernel, gaining the protection of the kernel's strict memory
permissions as described in Documentation/security/self-protection.rst

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
---
 fs/proc/namespaces.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
index 4403a2e20c16..56e81f0273fc 100644
--- a/fs/proc/namespaces.c
+++ b/fs/proc/namespaces.c
@@ -12,7 +12,7 @@
 #include "internal.h"
 
 
-static const struct proc_ns_operations *ns_entries[] = {
+static const struct proc_ns_operations *const ns_entries[] = {
 #ifdef CONFIG_NET_NS
 	&netns_operations,
 #endif
@@ -117,7 +117,7 @@ static struct dentry *proc_ns_instantiate(struct dentry *dentry,
 static int proc_ns_dir_readdir(struct file *file, struct dir_context *ctx)
 {
 	struct task_struct *task = get_proc_task(file_inode(file));
-	const struct proc_ns_operations **entry, **last;
+	const struct proc_ns_operations *const*entry, *const*last;
 
 	if (!task)
 		return -ENOENT;
@@ -151,7 +151,7 @@ static struct dentry *proc_ns_dir_lookup(struct inode *dir,
 				struct dentry *dentry, unsigned int flags)
 {
 	struct task_struct *task = get_proc_task(dir);
-	const struct proc_ns_operations **entry, **last;
+	const struct proc_ns_operations *const*entry, *const*last;
 	unsigned int len = dentry->d_name.len;
 	struct dentry *res = ERR_PTR(-ENOENT);
 
-- 
2.47.3
Re: [PATCH] fs/proc/namespaces: make ns_entries const
Posted by Christian Brauner 2 weeks, 3 days ago 
On Tue, 09 Sep 2025 09:55:06 +0200, Max Kellermann wrote:
> Global variables that are never modified should be "const" so so that
> they live in the .rodata section instead of the .data section of the
> kernel, gaining the protection of the kernel's strict memory
> permissions as described in Documentation/security/self-protection.rst
> 
> 

Applied to the vfs-6.18.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.18.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.18.misc

[1/1] fs/proc/namespaces: make ns_entries const
      https://git.kernel.org/vfs/vfs/c/91beadc05329

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.