xattr: make the xattr array itself const

As it is currently declared, the xattr_handler structs are const but the
array containing their pointers is not. This patch makes it so that fs
modules can place them in .rodata, which makes it harder for
accidental/malicious modifications at runtime.

Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
Link: https://lore.kernel.org/r/20230930050033.41174-2-wedsonaf@gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
Wedson Almeida Filho 2023-09-30 02:00:05 -03:00 committed by Christian Brauner
parent ce9ecca023
commit e346fb6d77
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
2 changed files with 4 additions and 4 deletions

View File

@ -56,7 +56,7 @@ strcmp_prefix(const char *a, const char *a_prefix)
static const struct xattr_handler * static const struct xattr_handler *
xattr_resolve_name(struct inode *inode, const char **name) xattr_resolve_name(struct inode *inode, const char **name)
{ {
const struct xattr_handler **handlers = inode->i_sb->s_xattr; const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
const struct xattr_handler *handler; const struct xattr_handler *handler;
if (!(inode->i_opflags & IOP_XATTR)) { if (!(inode->i_opflags & IOP_XATTR)) {
@ -162,7 +162,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
int int
xattr_supports_user_prefix(struct inode *inode) xattr_supports_user_prefix(struct inode *inode)
{ {
const struct xattr_handler **handlers = inode->i_sb->s_xattr; const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
const struct xattr_handler *handler; const struct xattr_handler *handler;
if (!(inode->i_opflags & IOP_XATTR)) { if (!(inode->i_opflags & IOP_XATTR)) {
@ -999,7 +999,7 @@ int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name)
ssize_t ssize_t
generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
{ {
const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr;
ssize_t remaining_size = buffer_size; ssize_t remaining_size = buffer_size;
int err = 0; int err = 0;

View File

@ -1206,7 +1206,7 @@ struct super_block {
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
void *s_security; void *s_security;
#endif #endif
const struct xattr_handler **s_xattr; const struct xattr_handler * const *s_xattr;
#ifdef CONFIG_FS_ENCRYPTION #ifdef CONFIG_FS_ENCRYPTION
const struct fscrypt_operations *s_cop; const struct fscrypt_operations *s_cop;
struct fscrypt_keyring *s_master_keys; /* master crypto keys in use */ struct fscrypt_keyring *s_master_keys; /* master crypto keys in use */