From: Joel Granados <[email protected]>
What?
These commits remove the sentinel element (last empty element) from the
sysctl arrays of all the files under the "net/" directory that register
a sysctl array. The merging of the preparation patches [4] to mainline
allows us to just remove sentinel elements without changing behavior.
This is safe because the sysctl registration code (register_sysctl() and
friends) use the array size in addition to checking for a sentinel [1].
Why?
By removing the sysctl sentinel elements we avoid kernel bloat as
ctl_table arrays get moved out of kernel/sysctl.c into their own
respective subsystems. This move was started long ago to avoid merge
conflicts; the sentinel removal bit came after Mathew Wilcox suggested
it to avoid bloating the kernel by one element as arrays moved out. This
patchset will reduce the overall build time size of the kernel and run
time memory bloat by about ~64 bytes per declared ctl_table array (more
info here [5]).
When are we done?
There are 4 patchest (25 commits [2]) that are still outstanding to
completely remove the sentinels: files under "net/" (this patchset),
files under "kernel/" dir, misc dirs (files under mm/ security/ and
others) and the final set that removes the unneeded check for ->procname
== NULL.
Testing:
* Ran sysctl selftests (./tools/testing/selftests/sysctl/sysctl.sh)
* Ran this through 0-day with no errors or warnings
Savings in vmlinux:
A total of 64 bytes per sentinel is saved after removal; I measured in
x86_64 to give an idea of the aggregated savings. The actual savings
will depend on individual kernel configuration.
* bloat-o-meter
- The "yesall" config saves 3976 bytes (bloat-o-meter output [6])
- A reduced config [3] saves 1263 bytes (bloat-o-meter output [7])
Savings in allocated memory:
None in this set but will occur when the superfluous allocations are
removed from proc_sysctl.c. I include it here for context. The
estimated savings during boot for config [3] are 6272 bytes. See [8]
for how to measure it.
Comments/feedback greatly appreciated
Changes in v2:
- Rebased to v6.9-rc1
- Removed unneeded comment from sysctl_net_ax25.c
- Link to v1: https://lore.kernel.org/r/[email protected]
Best
Joel
[1] https://lore.kernel.org/all/[email protected]/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/joel.granados/linux.git/tag/?h=sysctl_remove_empty_elem_v5
[3] https://gist.github.com/Joelgranados/feaca7af5537156ca9b73aeaec093171
[4] https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/
[5]
Links Related to the ctl_table sentinel removal:
* Good summaries from Luis:
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/
https://lore.kernel.org/all/[email protected]/
* Patches adjusting sysctl register calls:
https://lore.kernel.org/all/[email protected]/
https://lore.kernel.org/all/[email protected]/
* Discussions about expectations and approach
https://lore.kernel.org/all/[email protected]
https://lore.kernel.org/all/[email protected]
[6]
add/remove: 0/1 grow/shrink: 2/67 up/down: 76/-4052 (-3976)
Function old new delta
llc_sysctl_init 306 377 +71
nf_log_net_init 866 871 +5
sysctl_core_net_init 375 366 -9
lowpan_frags_init_net 618 598 -20
ip_vs_control_net_init_sysctl 2446 2422 -24
sysctl_route_net_init 521 493 -28
__addrconf_sysctl_register 678 650 -28
xfrm_sysctl_init 405 374 -31
mpls_net_init 367 334 -33
sctp_sysctl_net_register 386 346 -40
__ip_vs_lblcr_init 546 501 -45
__ip_vs_lblc_init 546 501 -45
neigh_sysctl_register 1011 958 -53
mpls_dev_sysctl_register 475 419 -56
ipv6_route_sysctl_init 450 394 -56
xs_tunables_table 448 384 -64
xr_tunables_table 448 384 -64
xfrm_table 320 256 -64
xfrm6_policy_table 128 64 -64
xfrm4_policy_table 128 64 -64
x25_table 448 384 -64
vs_vars 1984 1920 -64
unix_table 128 64 -64
tipc_table 448 384 -64
svcrdma_parm_table 832 768 -64
smc_table 512 448 -64
sctp_table 256 192 -64
sctp_net_table 2304 2240 -64
rxrpc_sysctl_table 704 640 -64
rose_table 704 640 -64
rds_tcp_sysctl_table 192 128 -64
rds_sysctl_rds_table 384 320 -64
rds_ib_sysctl_table 384 320 -64
phonet_table 128 64 -64
nr_table 832 768 -64
nf_log_sysctl_table 768 704 -64
nf_log_sysctl_ftable 128 64 -64
nf_ct_sysctl_table 3200 3136 -64
nf_ct_netfilter_table 128 64 -64
nf_ct_frag6_sysctl_table 256 192 -64
netns_core_table 320 256 -64
net_core_table 2176 2112 -64
neigh_sysctl_template 1416 1352 -64
mptcp_sysctl_table 576 512 -64
mpls_dev_table 128 64 -64
lowpan_frags_ns_ctl_table 256 192 -64
lowpan_frags_ctl_table 128 64 -64
llc_station_table 64 - -64
llc2_timeout_table 320 256 -64
ipv6_table_template 1344 1280 -64
ipv6_route_table_template 768 704 -64
ipv6_rotable 320 256 -64
ipv6_icmp_table_template 448 384 -64
ipv4_table 1024 960 -64
ipv4_route_table 832 768 -64
ipv4_route_netns_table 320 256 -64
ipv4_net_table 7552 7488 -64
ip6_frags_ns_ctl_table 256 192 -64
ip6_frags_ctl_table 128 64 -64
ip4_frags_ns_ctl_table 320 256 -64
ip4_frags_ctl_table 128 64 -64
devinet_sysctl 2184 2120 -64
debug_table 384 320 -64
dccp_default_table 576 512 -64
ctl_forward_entry 128 64 -64
brnf_table 448 384 -64
ax25_param_table 960 896 -64
atalk_table 320 256 -64
addrconf_sysctl 3904 3840 -64
vs_vars_table 256 128 -128
Total: Before=440631035, After=440627059, chg -0.00%
[7]
add/remove: 0/0 grow/shrink: 1/22 up/down: 8/-1263 (-1255)
Function old new delta
sysctl_route_net_init 189 197 +8
__addrconf_sysctl_register 306 294 -12
ipv6_route_sysctl_init 201 185 -16
neigh_sysctl_register 385 366 -19
unix_table 128 64 -64
netns_core_table 256 192 -64
net_core_table 1664 1600 -64
neigh_sysctl_template 1416 1352 -64
ipv6_table_template 1344 1280 -64
ipv6_route_table_template 768 704 -64
ipv6_rotable 192 128 -64
ipv6_icmp_table_template 448 384 -64
ipv4_table 768 704 -64
ipv4_route_table 832 768 -64
ipv4_route_netns_table 320 256 -64
ipv4_net_table 7040 6976 -64
ip6_frags_ns_ctl_table 256 192 -64
ip6_frags_ctl_table 128 64 -64
ip4_frags_ns_ctl_table 320 256 -64
ip4_frags_ctl_table 128 64 -64
devinet_sysctl 2184 2120 -64
ctl_forward_entry 128 64 -64
addrconf_sysctl 3392 3328 -64
Total: Before=8523801, After=8522546, chg -0.01%
[8]
To measure the in memory savings apply this on top of this patchset.
"
diff --git i/fs/proc/proc_sysctl.c w/fs/proc/proc_sysctl.c
index 37cde0efee57..896c498600e8 100644
--- i/fs/proc/proc_sysctl.c
+++ w/fs/proc/proc_sysctl.c
@@ -966,6 +966,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
table[0].procname = new_name;
table[0].mode = S_IFDIR|S_IRUGO|S_IXUGO;
init_header(&new->header, set->dir.header.root, set, node, table, 1);
+ printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));
return new;
}
@@ -1189,6 +1190,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, s>
link_name += len;
link++;
}
+ printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));
init_header(links, dir->header.root, dir->header.set, node, link_table,
head->ctl_table_size);
links->nreg = nr_entries;
"
and then run the following bash script in the kernel:
accum=0
for n in $(dmesg | grep kzalloc | awk '{print $3}') ; do
accum=$(calc "$accum + $n")
done
echo $accum
Signed-off-by: Joel Granados <[email protected]>
--
---
---
Joel Granados (4):
networking: Remove the now superfluous sentinel elements from ctl_table array
netfilter: Remove the now superfluous sentinel elements from ctl_table array
appletalk: Remove the now superfluous sentinel elements from ctl_table array
ax.25: Remove the now superfluous sentinel elements from ctl_table array
net/appletalk/sysctl_net_atalk.c | 1 -
net/ax25/sysctl_net_ax25.c | 4 +---
net/bridge/br_netfilter_hooks.c | 1 -
net/core/neighbour.c | 5 +----
net/core/sysctl_net_core.c | 9 ++++-----
net/dccp/sysctl.c | 2 --
net/ieee802154/6lowpan/reassembly.c | 6 +-----
net/ipv4/devinet.c | 5 ++---
net/ipv4/ip_fragment.c | 2 --
net/ipv4/route.c | 8 ++------
net/ipv4/sysctl_net_ipv4.c | 7 +++----
net/ipv4/xfrm4_policy.c | 1 -
net/ipv6/addrconf.c | 5 +----
net/ipv6/icmp.c | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
net/ipv6/reassembly.c | 2 --
net/ipv6/route.c | 5 -----
net/ipv6/sysctl_net_ipv6.c | 4 +---
net/ipv6/xfrm6_policy.c | 1 -
net/llc/sysctl_net_llc.c | 8 ++------
net/mpls/af_mpls.c | 3 +--
net/mptcp/ctrl.c | 1 -
net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
net/netfilter/nf_conntrack_standalone.c | 6 +-----
net/netfilter/nf_log.c | 3 +--
net/netrom/sysctl_net_netrom.c | 1 -
net/phonet/sysctl.c | 1 -
net/rds/ib_sysctl.c | 1 -
net/rds/sysctl.c | 1 -
net/rds/tcp.c | 1 -
net/rose/sysctl_net_rose.c | 1 -
net/rxrpc/sysctl.c | 1 -
net/sctp/sysctl.c | 6 +-----
net/smc/smc_sysctl.c | 1 -
net/sunrpc/sysctl.c | 1 -
net/sunrpc/xprtrdma/svc_rdma.c | 1 -
net/sunrpc/xprtrdma/transport.c | 1 -
net/sunrpc/xprtsock.c | 1 -
net/tipc/sysctl.c | 1 -
net/unix/sysctl_net_unix.c | 1 -
net/x25/sysctl_net_x25.c | 1 -
net/xfrm/xfrm_sysctl.c | 5 +----
44 files changed, 26 insertions(+), 106 deletions(-)
---
base-commit: 4cece764965020c22cff7665b18a012006359095
change-id: 20240311-jag-sysctl_remset_net-d403a1a93d6b
Best regards,
--
Joel Granados <[email protected]>
From: Joel Granados <[email protected]>
This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
* Remove sentinel elements from ctl_table structs
* Remove instances where an array element is zeroed out to make it look
like a sentinel. This is not longer needed and is safe after commit
c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
the array size to the ctl_table registration
* Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
* Remove extra element in ctl_table arrays declarations
Signed-off-by: Joel Granados <[email protected]>
---
net/bridge/br_netfilter_hooks.c | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
net/netfilter/nf_conntrack_standalone.c | 6 +-----
net/netfilter/nf_log.c | 3 +--
7 files changed, 5 insertions(+), 21 deletions(-)
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 35e10c5a766d..d31f57ffe985 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -1219,7 +1219,6 @@ static struct ctl_table brnf_table[] = {
.mode = 0644,
.proc_handler = brnf_sysctl_call_tables,
},
- { }
};
static inline void br_netfilter_sysctl_default(struct brnf_net *brnf)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 1a51a44571c3..8531750ec081 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -62,7 +62,6 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
},
- { }
};
static int nf_ct_frag6_sysctl_register(struct net *net)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 143a341bbc0a..50b5dbe40eb8 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2263,7 +2263,6 @@ static struct ctl_table vs_vars[] = {
.proc_handler = proc_dointvec,
},
#endif
- { }
};
#endif
@@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
return -ENOMEM;
/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- tbl[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
ctl_table_size = 0;
- }
} else
tbl = vs_vars;
/* Initialize sysctl defaults */
diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
index 8ceec7a2fa8f..2423513d701d 100644
--- a/net/netfilter/ipvs/ip_vs_lblc.c
+++ b/net/netfilter/ipvs/ip_vs_lblc.c
@@ -123,7 +123,6 @@ static struct ctl_table vs_vars_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};
#endif
@@ -563,10 +562,8 @@ static int __net_init __ip_vs_lblc_init(struct net *net)
return -ENOMEM;
/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- ipvs->lblc_ctl_table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
vars_table_size = 0;
- }
} else
ipvs->lblc_ctl_table = vs_vars_table;
diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c
index 0fb64707213f..cdb1d4bf6761 100644
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
@@ -294,7 +294,6 @@ static struct ctl_table vs_vars_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};
#endif
@@ -749,10 +748,8 @@ static int __net_init __ip_vs_lblcr_init(struct net *net)
return -ENOMEM;
/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- ipvs->lblcr_ctl_table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
vars_table_size = 0;
- }
} else
ipvs->lblcr_ctl_table = vs_vars_table;
ipvs->sysctl_lblcr_expiration = DEFAULT_EXPIRATION;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 0ee98ce5b816..2f226cfb32d0 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -616,11 +616,9 @@ enum nf_ct_sysctl_index {
NF_SYSCTL_CT_LWTUNNEL,
#endif
- __NF_SYSCTL_CT_LAST_SYSCTL,
+ NF_SYSCTL_CT_LAST_SYSCTL,
};
-#define NF_SYSCTL_CT_LAST_SYSCTL (__NF_SYSCTL_CT_LAST_SYSCTL + 1)
-
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_MAX] = {
.procname = "nf_conntrack_max",
@@ -957,7 +955,6 @@ static struct ctl_table nf_ct_sysctl_table[] = {
.proc_handler = nf_hooks_lwtunnel_sysctl_handler,
},
#endif
- {}
};
static struct ctl_table nf_ct_netfilter_table[] = {
@@ -968,7 +965,6 @@ static struct ctl_table nf_ct_netfilter_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};
static void nf_conntrack_standalone_init_tcp_sysctl(struct net *net,
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 370f8231385c..d42ba733496b 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -395,7 +395,7 @@ static const struct seq_operations nflog_seq_ops = {
#ifdef CONFIG_SYSCTL
static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
-static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
+static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO];
static struct ctl_table_header *nf_log_sysctl_fhdr;
static struct ctl_table nf_log_sysctl_ftable[] = {
@@ -406,7 +406,6 @@ static struct ctl_table nf_log_sysctl_ftable[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};
static int nf_log_proc_dostring(struct ctl_table *table, int write,
--
2.43.0
From: Joel Granados <[email protected]>
This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
Remove sentinel from atalk_table ctl_table array.
Signed-off-by: Joel Granados <[email protected]>
---
net/appletalk/sysctl_net_atalk.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/appletalk/sysctl_net_atalk.c b/net/appletalk/sysctl_net_atalk.c
index d945b7c0176d..7aebfe903242 100644
--- a/net/appletalk/sysctl_net_atalk.c
+++ b/net/appletalk/sysctl_net_atalk.c
@@ -40,7 +40,6 @@ static struct ctl_table atalk_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { },
};
static struct ctl_table_header *atalk_table_header;
--
2.43.0
From: Joel Granados <[email protected]>
This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
When we remove the sentinel from ax25_param_table a buffer overflow
shows its ugly head. The sentinel's data element used to be changed when
CONFIG_AX25_DAMA_SLAVE was not defined. This did not have any adverse
effects as we still stopped on the sentinel because of its null
procname. But now that we do not have the sentinel element, we are
careful to check ax25_param_table's size.
Signed-off-by: Joel Granados <[email protected]>
---
net/ax25/sysctl_net_ax25.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index db66e11e7fe8..e55be8817a1e 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -141,8 +141,6 @@ static const struct ctl_table ax25_param_table[] = {
.extra2 = &max_ds_timeout
},
#endif
-
- { } /* that's all, folks! */
};
int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
@@ -155,7 +153,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
if (!table)
return -ENOMEM;
- for (k = 0; k < AX25_MAX_VALUES; k++)
+ for (k = 0; k < AX25_MAX_VALUES && k < ARRAY_SIZE(ax25_param_table); k++)
table[k].data = &ax25_dev->values[k];
snprintf(path, sizeof(path), "net/ax25/%s", ax25_dev->dev->name);
--
2.43.0
On Thu, Mar 28, 2024 at 12:49:34PM -0700, Kuniyuki Iwashima wrote:
> From: Joel Granados via B4 Relay <[email protected]>
> Date: Thu, 28 Mar 2024 16:40:05 +0100
> > This commit comes at the tail end of a greater effort to remove the
> > empty elements at the end of the ctl_table arrays (sentinels) which will
> > reduce the overall build time size of the kernel and run time memory
> > bloat by ~64 bytes per sentinel (further information Link :
> > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> >
> > When we remove the sentinel from ax25_param_table a buffer overflow
> > shows its ugly head. The sentinel's data element used to be changed when
> > CONFIG_AX25_DAMA_SLAVE was not defined.
>
> I think it's better to define the relation explicitly between the
> enum and sysctl table by BUILD_BUG_ON() in ax25_register_dev_sysctl()
>
> BUILD_BUG_ON(AX25_MAX_VALUES != ARRAY_SIZE(ax25_param_table));
>
> and guard AX25_VALUES_DS_TIMEOUT with #ifdef CONFIG_AX25_DAMA_SLAVE
> as done for other enum.
This is a great idea. I'll also try to look and see where else I can add
the explicit relation check.
Thx for the review
>
>
> > This did not have any adverse
> > effects as we still stopped on the sentinel because of its null
> > procname. But now that we do not have the sentinel element, we are
> > careful to check ax25_param_table's size.
> >
> > Signed-off-by: Joel Granados <[email protected]>
> > ---
> > net/ax25/sysctl_net_ax25.c | 4 +---
> > 1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
> > index db66e11e7fe8..e55be8817a1e 100644
> > --- a/net/ax25/sysctl_net_ax25.c
> > +++ b/net/ax25/sysctl_net_ax25.c
> > @@ -141,8 +141,6 @@ static const struct ctl_table ax25_param_table[] = {
> > .extra2 = &max_ds_timeout
> > },
> > #endif
> > -
> > - { } /* that's all, folks! */
> > };
> >
> > int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
> > @@ -155,7 +153,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
> > if (!table)
> > return -ENOMEM;
> >
> > - for (k = 0; k < AX25_MAX_VALUES; k++)
> > + for (k = 0; k < AX25_MAX_VALUES && k < ARRAY_SIZE(ax25_param_table); k++)
> > table[k].data = &ax25_dev->values[k];
> >
> > snprintf(path, sizeof(path), "net/ax25/%s", ax25_dev->dev->name);
> >
> > --
> > 2.43.0
--
Joel Granados
On Wed, Apr 03, 2024 at 11:16:25AM +0200, Joel Granados wrote:
> On Thu, Mar 28, 2024 at 12:49:34PM -0700, Kuniyuki Iwashima wrote:
> > From: Joel Granados via B4 Relay <[email protected]>
> > Date: Thu, 28 Mar 2024 16:40:05 +0100
> > > This commit comes at the tail end of a greater effort to remove the
> > > empty elements at the end of the ctl_table arrays (sentinels) which will
> > > reduce the overall build time size of the kernel and run time memory
> > > bloat by ~64 bytes per sentinel (further information Link :
> > > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> > >
> > > When we remove the sentinel from ax25_param_table a buffer overflow
> > > shows its ugly head. The sentinel's data element used to be changed when
> > > CONFIG_AX25_DAMA_SLAVE was not defined.
> >
> > I think it's better to define the relation explicitly between the
> > enum and sysctl table by BUILD_BUG_ON() in ax25_register_dev_sysctl()
> >
> > BUILD_BUG_ON(AX25_MAX_VALUES != ARRAY_SIZE(ax25_param_table));
> >
> > and guard AX25_VALUES_DS_TIMEOUT with #ifdef CONFIG_AX25_DAMA_SLAVE
> > as done for other enum.
> This is a great idea. I'll also try to look and see where else I can add
> the explicit relation check.
>
> Thx for the review
>
> >
> >
> > > This did not have any adverse
> > > effects as we still stopped on the sentinel because of its null
> > > procname. But now that we do not have the sentinel element, we are
> > > careful to check ax25_param_table's size.
> > >
> > > Signed-off-by: Joel Granados <[email protected]>
> > > ---
> > > net/ax25/sysctl_net_ax25.c | 4 +---
> > > 1 file changed, 1 insertion(+), 3 deletions(-)
> > >
> > > diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
> > > index db66e11e7fe8..e55be8817a1e 100644
> > > --- a/net/ax25/sysctl_net_ax25.c
> > > +++ b/net/ax25/sysctl_net_ax25.c
> > > @@ -141,8 +141,6 @@ static const struct ctl_table ax25_param_table[] = {
> > > .extra2 = &max_ds_timeout
> > > },
> > > #endif
> > > -
> > > - { } /* that's all, folks! */
> > > };
> > >
> > > int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
> > > @@ -155,7 +153,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
> > > if (!table)
> > > return -ENOMEM;
> > >
> > > - for (k = 0; k < AX25_MAX_VALUES; k++)
> > > + for (k = 0; k < AX25_MAX_VALUES && k < ARRAY_SIZE(ax25_param_table); k++)
And with the BUILD_BUG_ON we don't need to do the `k <
ARRAY_SIZE(ax25_param_table)` any longer. Win/win :)
> > > table[k].data = &ax25_dev->values[k];
> > >
> > > snprintf(path, sizeof(path), "net/ax25/%s", ax25_dev->dev->name);
> > >
> > > --
> > > 2.43.0
>
> --
>
> Joel Granados
--
Joel Granados
From: Joel Granados <[email protected]>
Date: Fri, 5 Apr 2024 09:15:31 +0200
> On Thu, Mar 28, 2024 at 12:49:34PM -0700, Kuniyuki Iwashima wrote:
> > From: Joel Granados via B4 Relay <[email protected]>
> > Date: Thu, 28 Mar 2024 16:40:05 +0100
> > > This commit comes at the tail end of a greater effort to remove the
> > > empty elements at the end of the ctl_table arrays (sentinels) which will
> > > reduce the overall build time size of the kernel and run time memory
> > > bloat by ~64 bytes per sentinel (further information Link :
> > > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> > >
> > > When we remove the sentinel from ax25_param_table a buffer overflow
> > > shows its ugly head. The sentinel's data element used to be changed when
> > > CONFIG_AX25_DAMA_SLAVE was not defined.
> >
> > I think it's better to define the relation explicitly between the
> > enum and sysctl table by BUILD_BUG_ON() in ax25_register_dev_sysctl()
> >
> > BUILD_BUG_ON(AX25_MAX_VALUES != ARRAY_SIZE(ax25_param_table));
> >
> > and guard AX25_VALUES_DS_TIMEOUT with #ifdef CONFIG_AX25_DAMA_SLAVE
> > as done for other enum.
>
> When I remove AX25_VALUES_DS_TIMEOUT from the un-guarded build it
> complains in net/ax25/ax25_ds_timer.c (ax25_ds_set_timer). Here is the
> report https://lore.kernel.org/oe-kbuild-all/[email protected]/.
>
> How best to address this? Should we just guard the whole function and do
> nothing when not set? like this:
It seems fine to me.
ax25_ds_timeout() checks !ax25_dev->dama.slave_timeout, but it's
initialised by kzalloc() during dev setup, so it will be a noop.
>
> ```
> void ax25_ds_set_timer(ax25_dev *ax25_dev)
> {
> #ifdef COFNIG_AX25_DAMA_SLAVE
> if (ax25_dev == NULL) ยทยทยท/* paranoia */
> return;
>
> ax25_dev->dama.slave_timeout =
> msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
> mod_timer(&ax25_dev->dama.slave_timer, jiffies + HZ);
> #else
> return;
> #endif
> }
>
> ```
>
> I'm not too familiar with this, so pointing me to the "correct" way to
> handle this would be helpfull.
Also, you will need to guard another use of AX25_VALUES_DS_TIMEOUT in
ax25_dev_device_up().
Thanks!
On Fri, Apr 05, 2024 at 03:26:58PM -0700, Kuniyuki Iwashima wrote:
> From: Joel Granados <[email protected]>
> Date: Fri, 5 Apr 2024 09:15:31 +0200
> > On Thu, Mar 28, 2024 at 12:49:34PM -0700, Kuniyuki Iwashima wrote:
> > > From: Joel Granados via B4 Relay <[email protected]>
> > > Date: Thu, 28 Mar 2024 16:40:05 +0100
> > > > This commit comes at the tail end of a greater effort to remove the
> > > > empty elements at the end of the ctl_table arrays (sentinels) which will
> > > > reduce the overall build time size of the kernel and run time memory
> > > > bloat by ~64 bytes per sentinel (further information Link :
> > > > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> > > >
> > > > When we remove the sentinel from ax25_param_table a buffer overflow
> > > > shows its ugly head. The sentinel's data element used to be changed when
> > > > CONFIG_AX25_DAMA_SLAVE was not defined.
> > >
> > > I think it's better to define the relation explicitly between the
> > > enum and sysctl table by BUILD_BUG_ON() in ax25_register_dev_sysctl()
> > >
> > > BUILD_BUG_ON(AX25_MAX_VALUES != ARRAY_SIZE(ax25_param_table));
> > >
> > > and guard AX25_VALUES_DS_TIMEOUT with #ifdef CONFIG_AX25_DAMA_SLAVE
> > > as done for other enum.
> >
> > When I remove AX25_VALUES_DS_TIMEOUT from the un-guarded build it
> > complains in net/ax25/ax25_ds_timer.c (ax25_ds_set_timer). Here is the
> > report https://lore.kernel.org/oe-kbuild-all/[email protected]/.
> >
> > How best to address this? Should we just guard the whole function and do
> > nothing when not set? like this:
>
> It seems fine to me.
>
> ax25_ds_timeout() checks !ax25_dev->dama.slave_timeout, but it's
> initialised by kzalloc() during dev setup, so it will be a noop.
thx. I'll solve it like this then
>
>
> >
> > ```
> > void ax25_ds_set_timer(ax25_dev *ax25_dev)
> > {
> > #ifdef COFNIG_AX25_DAMA_SLAVE
> > if (ax25_dev == NULL) ???/* paranoia */
> > return;
> >
> > ax25_dev->dama.slave_timeout =
> > msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
> > mod_timer(&ax25_dev->dama.slave_timer, jiffies + HZ);
> > #else
> > return;
> > #endif
> > }
> >
> > ```
> >
> > I'm not too familiar with this, so pointing me to the "correct" way to
> > handle this would be helpfull.
>
> Also, you will need to guard another use of AX25_VALUES_DS_TIMEOUT in
> ax25_dev_device_up().
Yes. I had noticed this already. This was a trivial one though, so I did
not ask about it.
Thx.
Best
--
Joel Granados
On Fri, Apr 05, 2024 at 03:26:58PM -0700, Kuniyuki Iwashima wrote:
> From: Joel Granados <[email protected]>
> Date: Fri, 5 Apr 2024 09:15:31 +0200
> > On Thu, Mar 28, 2024 at 12:49:34PM -0700, Kuniyuki Iwashima wrote:
> > > From: Joel Granados via B4 Relay <[email protected]>
> > > Date: Thu, 28 Mar 2024 16:40:05 +0100
> > > > This commit comes at the tail end of a greater effort to remove the
> > > > empty elements at the end of the ctl_table arrays (sentinels) which will
> > > > reduce the overall build time size of the kernel and run time memory
> > > > bloat by ~64 bytes per sentinel (further information Link :
> > > > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> > > >
> > > > When we remove the sentinel from ax25_param_table a buffer overflow
> > > > shows its ugly head. The sentinel's data element used to be changed when
> > > > CONFIG_AX25_DAMA_SLAVE was not defined.
> > >
> > > I think it's better to define the relation explicitly between the
> > > enum and sysctl table by BUILD_BUG_ON() in ax25_register_dev_sysctl()
> > >
> > > BUILD_BUG_ON(AX25_MAX_VALUES != ARRAY_SIZE(ax25_param_table));
> > >
> > > and guard AX25_VALUES_DS_TIMEOUT with #ifdef CONFIG_AX25_DAMA_SLAVE
> > > as done for other enum.
> >
> > When I remove AX25_VALUES_DS_TIMEOUT from the un-guarded build it
> > complains in net/ax25/ax25_ds_timer.c (ax25_ds_set_timer). Here is the
> > report https://lore.kernel.org/oe-kbuild-all/[email protected]/.
> >
> > How best to address this? Should we just guard the whole function and do
> > nothing when not set? like this:
>
> It seems fine to me.
>
> ax25_ds_timeout() checks !ax25_dev->dama.slave_timeout, but it's
> initialised by kzalloc() during dev setup, so it will be a noop.
Just sent v3 with this change.
--
Joel Granados