cdrom: Make device operations read-only
Since function tables are a common target for attackers, it's best to keep them in read-only memory. As such, this makes the CDROM device ops tables const. This drops additionally n_minors, since it isn't used meaningfully, and sets the only user of cdrom_dummy_generic_packet explicitly so the variables can all be const. Inspired by similar changes in grsecurity/PaX. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jens Axboe <axboe@fb.com>
Dieser Commit ist enthalten in:
Kees Cook
@@ -1166,7 +1166,7 @@ void ide_cdrom_update_speed(ide_drive_t *drive, u8 *buf)
|
||||
CDC_CD_RW | CDC_DVD | CDC_DVD_R | CDC_DVD_RAM | CDC_GENERIC_PACKET | \
|
||||
CDC_MO_DRIVE | CDC_MRW | CDC_MRW_W | CDC_RAM)
|
||||
|
||||
static struct cdrom_device_ops ide_cdrom_dops = {
|
||||
static const struct cdrom_device_ops ide_cdrom_dops = {
|
||||
.open = ide_cdrom_open_real,
|
||||
.release = ide_cdrom_release_real,
|
||||
.drive_status = ide_cdrom_drive_status,
|
||||
|
||||
In neuem Issue referenzieren
Einen Benutzer sperren