diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2025-07-20 15:32:31 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2025-09-27 20:18:41 -0400 |
| commit | 2f7d98f10b8f64525b2c74cae7d70ae5278eb654 (patch) | |
| tree | 56e197fa70b8357d9ac1a41d0e457b7867ca438d /include/linux/overflow.h | |
| parent | ae8425014ddc0e9a852f28ce8fcb952644a8520f (diff) | |
Have cc(1) catch attempts to modify ->f_path
There are very few places that have cause to do that - all in core
VFS now, and all done to files that are not yet opened (or visible
to anybody else, for that matter).
Let's turn f_path into a union of struct path __f_path and const
struct path f_path. It's C, not C++ - 6.5.2.3[4] in C99 and
later explicitly allows that kind of type-punning.
That way any attempts to bypass these checks will be either very
easy to catch, or (if the bastards get sufficiently creative to
make it hard to spot with grep alone) very clearly malicious -
and still catchable with a bit of instrumentation for sparse.
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/overflow.h')
0 files changed, 0 insertions, 0 deletions