| Message ID | 20240826150957.3500237-1-huangxiaojia2@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 7509c23770054fdaffd966926462248d44a323c1 |
| Headers | show |
| Series | [-next,1/3] powerpc: Constify struct kobj_type | expand |
On Mon, 26 Aug 2024 23:09:55 +0800, Huang Xiaojia wrote: > 'struct kobj_type' is not modified. It is only used in > kobject_init_and_add()/kobject_init() which takes > a 'const struct kobj_type *ktype' parameter. > > Constifying this structure moves some data to a read-only section, > so increase over all security. > > [...] Applied to powerpc/next. [1/3] powerpc: Constify struct kobj_type https://git.kernel.org/powerpc/c/7509c23770054fdaffd966926462248d44a323c1 [2/3] powerpc: powernv: Constify struct kobj_type https://git.kernel.org/powerpc/c/7492ca369e98a45b55592456dc1b24d58b3392f5 [3/3] powerpc: pseries: Constify struct kobj_type https://git.kernel.org/powerpc/c/6f2683274d0d0b51a986f73c2afb9058156f1641 cheers
diff --git a/arch/powerpc/kernel/cacheinfo.c b/arch/powerpc/kernel/cacheinfo.c index f502337dd37d..0fcc463b02e2 100644 --- a/arch/powerpc/kernel/cacheinfo.c +++ b/arch/powerpc/kernel/cacheinfo.c @@ -735,7 +735,7 @@ static const struct sysfs_ops cache_index_ops = { .show = cache_index_show, }; -static struct kobj_type cache_index_type = { +static const struct kobj_type cache_index_type = { .release = cache_index_release, .sysfs_ops = &cache_index_ops, .default_groups = cache_index_default_groups, diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index eb3c053f323f..fbeb1cbac01b 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -125,7 +125,7 @@ static const struct attribute_group secvar_attr_group = { }; __ATTRIBUTE_GROUPS(secvar_attr); -static struct kobj_type secvar_ktype = { +static const struct kobj_type secvar_ktype = { .sysfs_ops = &kobj_sysfs_ops, .default_groups = secvar_attr_groups, };
'struct kobj_type' is not modified. It is only used in kobject_init_and_add()/kobject_init() which takes a 'const struct kobj_type *ktype' parameter. Constifying this structure moves some data to a read-only section, so increase over all security. On a x86_64, compiled with ppc64 defconfig: Before: ====== text data bss dec hex filename 7145 606 0 7751 1e47 arch/powerpc/kernel/cacheinfo.o 3663 384 16 4063 fdf arch/powerpc/kernel/secvar-sysfs.o After: ====== text data bss dec hex filename 7193 558 0 7751 1e47 arch/powerpc/kernel/cacheinfo.o 3663 384 16 4063 fdf arch/powerpc/kernel/secvar-sysfs.o Signed-off-by: Huang Xiaojia <huangxiaojia2@huawei.com> --- arch/powerpc/kernel/cacheinfo.c | 2 +- arch/powerpc/kernel/secvar-sysfs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)