Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp3898080rdb; Mon, 11 Dec 2023 03:26:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IF1JxiIJKU4AV3ifOmoMW+YXHGOUhB8ZAFy8hytKTHUTZxn4ppV+t0i/RcHPKIVIupn+04+ X-Received: by 2002:a17:902:8e86:b0:1cc:5671:8d9 with SMTP id bg6-20020a1709028e8600b001cc567108d9mr5387448plb.27.1702293985701; Mon, 11 Dec 2023 03:26:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702293985; cv=none; d=google.com; s=arc-20160816; b=Q4hYItEL1NwuOO57QW1zW4yFX4/+jC/giZ7kAP38d7sAfYbvkzs5VpGmlQXh+Ew9Y2 iVvyEqSMHsaGo94ifHwl10B6Pyexx6i6Xu/6z90FBIt963PAeKSuHtxze8DREeY+O0Oe WOqOcp+gvQSLAXFRFvM2j6V3Vqzp2lfyazM1Fxb8Fx7Wo3CdaMLP0dQPVhiFEe2/mGlf NQ9/Wp/XvfuwUkyb5OOVjzSGqiQXXpKvugf1Jz7GUNIMnD4U//8onjz8eyizAMLI0iA5 oZhN/So1u4TfvrIEX1NflEIV40uMbPn7DF3xPTlDqu2Wl0psHijg0iKn/Qq33L0uwMb9 vK4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=u/PCvIO9JUXwpRx0urhWLJFqa5iIg7y5DAlxAKPGsh8=; fh=OdhmpsWDQsjlyU1lesDxzPSAQG2y81xEh5+BX1VSlxw=; b=1DQRDtyXvOSFYp0njbKz1HewLzhMiPORWhRnvSoAroAarzzCkEPqnYofDFSvGolpFT dZ4RAfNBgeq8+yZfL1UOcLaxmmq01lBFEq6Eolce7hfbMn5Mr+Iwg5bpS/0T+R7Pwrkd +eQ+yb3P97edBwp9rV4QpAvvlbzw6lFrLDbBRqtpObl6nLPuyi7Y2X0qHnr+VhIshh// z6/P2jIkR3/FhNYdWMhrd/7G+oRoGa64S1zTDuwe1L6mejVH5z6WIdgQl8Vu6Urg/07D 0VkCz1qopDz98zYF5AWK2LnFWe+h704eVTHHuyGybVGCJXSWsrIyrEiPby2vDwReM6Ku SyEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=l4jO1Vpa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id o1-20020a634101000000b005c5e2118e11si5687919pga.70.2023.12.11.03.26.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 03:26:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@weissschuh.net header.s=mail header.b=l4jO1Vpa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id E368480787F8; Mon, 11 Dec 2023 03:25:27 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234333AbjLKLZL (ORCPT + 99 others); Mon, 11 Dec 2023 06:25:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234311AbjLKLZJ (ORCPT ); Mon, 11 Dec 2023 06:25:09 -0500 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F030ABD; Mon, 11 Dec 2023 03:25:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1702293910; bh=ZvgW0aYfCLWt5NV86Ke4c9thN3uF82opqg4tLuJpvEE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=l4jO1Vpanp/cdwKq2g8dOspBwuK27Q/lgFXI6toegd2+2VnyAiEg1vmUmr50Gr+o5 grrFW4AhaKda6/tUEKNuM2+PcIMob95h1Gbkxcnc2/pzDbdni9rFVaYgRexltawlwP L3XAVnY1iIbqZmc1HRsY4oijnWokkSyib0B5t904= Date: Mon, 11 Dec 2023 12:25:10 +0100 From: Thomas =?utf-8?Q?Wei=C3=9Fschuh?= To: Joel Granados Cc: Kees Cook , "Gustavo A. R. Silva" , Luis Chamberlain , Iurii Zaikin , Greg Kroah-Hartman , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2 00/18] sysctl: constify sysctl ctl_tables Message-ID: <8509a36b-ac23-4fcd-b797-f8915662d5e1@t-8ch.de> References: <20231204-const-sysctl-v2-0-7a5060b11447@weissschuh.net> <20231207104357.kndqvzkhxqkwkkjo@localhost> <20231208095926.aavsjrtqbb5rygmb@localhost> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="igpenhi52ez4jwxm" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20231208095926.aavsjrtqbb5rygmb@localhost> X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 11 Dec 2023 03:25:28 -0800 (PST) --igpenhi52ez4jwxm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit On 2023-12-08 10:59:26+0100, Joel Granados wrote: > On Thu, Dec 07, 2023 at 08:19:43PM +0100, Thomas Weißschuh wrote: > > On 2023-12-07 11:43:57+0100, Joel Granados wrote: > [..] > > > I suggest you chunk it up with directories in mind. Something similar to > > > what I did for [4] where I divided stuff that when for fs/*, kernel/*, > > > net/*, arch/* and drivers/*. That will complicate your patch a tad > > > because you have to ensure that the tree can be compiled/run for every > > > commit. But it will pay off once you push it to the broader public. > > > > This will break bisections. All function signatures need to be switched > I was suggesting a solution without breaking bisections of course. I can > think of a couple of ways to do this in chunks but it might be > premature. You can send it and if you get push back because of this then > we can deal with chunking it down. I'm curious about those ways. I don't see how to split the big commit. > I'm still concerned about the header size for those mails. How does the > mail look like when you run the get maintainers script on it? The full series has 142 recipients in total, the biggest patch itself has 124. Before sending it I'd like to get feedback on the internal rework of the is_empty detection from you and/or Luis. https://git.sr.ht/~t-8ch/linux/commit/ea27507070f3c47be6febebe451bbb88f6ea707e or the attached patch. > [..] --igpenhi52ez4jwxm Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="ea27507070f3c47be6febebe451bbb88f6ea707e.patch" Content-Transfer-Encoding: 8bit From ea27507070f3c47be6febebe451bbb88f6ea707e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= Date: Sun, 3 Dec 2023 21:56:46 +0100 Subject: [PATCH] sysctl: move permanently empty flag to ctl_dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify the logic by always keeping the permanently_empty flag on the ctl_dir. The previous logic kept the flag in the leaf ctl_table and from there transferred it to the ctl_table from the directory. This also removes the need to have a mutable ctl_table and will allow the constification of those structs. Signed-off-by: Thomas Weißschuh --- fs/proc/proc_sysctl.c | 74 +++++++++++++++++++----------------------- include/linux/sysctl.h | 13 ++------ 2 files changed, 36 insertions(+), 51 deletions(-) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 35c97ad54f34..33f41af58e9b 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "internal.h" #define list_for_each_table_entry(entry, header) \ @@ -29,32 +30,6 @@ static const struct inode_operations proc_sys_inode_operations; static const struct file_operations proc_sys_dir_file_operations; static const struct inode_operations proc_sys_dir_operations; -/* Support for permanently empty directories */ -static struct ctl_table sysctl_mount_point[] = { - {.type = SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY } -}; - -/** - * register_sysctl_mount_point() - registers a sysctl mount point - * @path: path for the mount point - * - * Used to create a permanently empty directory to serve as mount point. - * There are some subtle but important permission checks this allows in the - * case of unprivileged mounts. - */ -struct ctl_table_header *register_sysctl_mount_point(const char *path) -{ - return register_sysctl(path, sysctl_mount_point); -} -EXPORT_SYMBOL(register_sysctl_mount_point); - -#define sysctl_is_perm_empty_ctl_header(hptr) \ - (hptr->ctl_table[0].type == SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY) -#define sysctl_set_perm_empty_ctl_header(hptr) \ - (hptr->ctl_table[0].type = SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY) -#define sysctl_clear_perm_empty_ctl_header(hptr) \ - (hptr->ctl_table[0].type = SYSCTL_TABLE_TYPE_DEFAULT) - void proc_sys_poll_notify(struct ctl_table_poll *poll) { if (!poll) @@ -226,17 +201,9 @@ static int insert_header(struct ctl_dir *dir, struct ctl_table_header *header) /* Is this a permanently empty directory? */ - if (sysctl_is_perm_empty_ctl_header(dir_h)) + if (dir->permanently_empty) return -EROFS; - /* Am I creating a permanently empty directory? */ - if (header->ctl_table_size > 0 && - sysctl_is_perm_empty_ctl_header(header)) { - if (!RB_EMPTY_ROOT(&dir->root)) - return -EINVAL; - sysctl_set_perm_empty_ctl_header(dir_h); - } - dir_h->nreg++; header->parent = dir; err = insert_links(header); @@ -252,8 +219,6 @@ fail: erase_header(header); put_links(header); fail_links: - if (header->ctl_table == sysctl_mount_point) - sysctl_clear_perm_empty_ctl_header(dir_h); header->parent = NULL; drop_sysctl_table(dir_h); return err; @@ -440,6 +405,7 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, struct ctl_table_header *head, struct ctl_table *table) { struct ctl_table_root *root = head->root; + struct ctl_dir *ctl_dir; struct inode *inode; struct proc_inode *ei; @@ -473,7 +439,9 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, inode->i_mode |= S_IFDIR; inode->i_op = &proc_sys_dir_operations; inode->i_fop = &proc_sys_dir_file_operations; - if (sysctl_is_perm_empty_ctl_header(head)) + + ctl_dir = container_of(head, struct ctl_dir, header); + if (ctl_dir->permanently_empty) make_empty_dir_inode(inode); } @@ -1211,8 +1179,7 @@ static bool get_links(struct ctl_dir *dir, struct ctl_table_header *tmp_head; struct ctl_table *entry, *link; - if (header->ctl_table_size == 0 || - sysctl_is_perm_empty_ctl_header(header)) + if (header->ctl_table_size == 0 || dir->permanently_empty) return true; /* Are there links available for every entry in table? */ @@ -1533,6 +1500,33 @@ void unregister_sysctl_table(struct ctl_table_header * header) } EXPORT_SYMBOL(unregister_sysctl_table); +/** + * register_sysctl_mount_point() - registers a sysctl mount point + * @path: path for the mount point + * + * Used to create a permanently empty directory to serve as mount point. + * There are some subtle but important permission checks this allows in the + * case of unprivileged mounts. + */ +struct ctl_table_header *register_sysctl_mount_point(const char *path) +{ + struct ctl_dir *dir = sysctl_mkdir_p(&sysctl_table_root.default_set.dir, path); + + if (IS_ERR(dir)) + return NULL; + + guard(spinlock)(&sysctl_lock); + + if (!RB_EMPTY_ROOT(&dir->root)) { + drop_sysctl_table(&dir->header); + return NULL; + } + + dir->permanently_empty = true; + return &dir->header; +} +EXPORT_SYMBOL(register_sysctl_mount_point); + void setup_sysctl_set(struct ctl_table_set *set, struct ctl_table_root *root, int (*is_seen)(struct ctl_table_set *)) diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index ada36ef8cecb..57cb0060d7d7 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -137,17 +137,6 @@ struct ctl_table { void *data; int maxlen; umode_t mode; - /** - * enum type - Enumeration to differentiate between ctl target types - * @SYSCTL_TABLE_TYPE_DEFAULT: ctl target with no special considerations - * @SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY: Used to identify a permanently - * empty directory target to serve - * as mount point. - */ - enum { - SYSCTL_TABLE_TYPE_DEFAULT, - SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY - } type; proc_handler *proc_handler; /* Callback for text formatting */ struct ctl_table_poll *poll; void *extra1; @@ -194,6 +183,8 @@ struct ctl_dir { /* Header must be at the start of ctl_dir */ struct ctl_table_header header; struct rb_root root; + /* Permanently empty directory target to serve as mount point. */ + bool permanently_empty; }; struct ctl_table_set { -- 2.38.5 --igpenhi52ez4jwxm--