Subject: [PATCH v5 0/8] sysctl: Remove sentinel elements from networking

From: Joel Granados <[email protected]>

What?
These commits remove the sentinel element (last empty element) from the
sysctl arrays of all the files under the "net/" directory that register
a sysctl array. The merging of the preparation patches [4] to mainline
allows us to just remove sentinel elements without changing behavior.
This is safe because the sysctl registration code (register_sysctl() and
friends) use the array size in addition to checking for a sentinel [1].

Why?
By removing the sysctl sentinel elements we avoid kernel bloat as
ctl_table arrays get moved out of kernel/sysctl.c into their own
respective subsystems. This move was started long ago to avoid merge
conflicts; the sentinel removal bit came after Mathew Wilcox suggested
it to avoid bloating the kernel by one element as arrays moved out. This
patchset will reduce the overall build time size of the kernel and run
time memory bloat by about ~64 bytes per declared ctl_table array (more
info here [5]).

When are we done?
There are 4 patchest (25 commits [2]) that are still outstanding to
completely remove the sentinels: files under "net/" (this patchset),
files under "kernel/" dir, misc dirs (files under mm/ security/ and
others) and the final set that removes the unneeded check for ->procname
== NULL.

Testing:
* Ran sysctl selftests (./tools/testing/selftests/sysctl/sysctl.sh)
* Ran this through 0-day with no errors or warnings

Savings in vmlinux:
A total of 64 bytes per sentinel is saved after removal; I measured in
x86_64 to give an idea of the aggregated savings. The actual savings
will depend on individual kernel configuration.
* bloat-o-meter
- The "yesall" config saves 3976 bytes (bloat-o-meter output [6])
- A reduced config [3] saves 1263 bytes (bloat-o-meter output [7])

Savings in allocated memory:
None in this set but will occur when the superfluous allocations are
removed from proc_sysctl.c. I include it here for context. The
estimated savings during boot for config [3] are 6272 bytes. See [8]
for how to measure it.

Comments/feedback greatly appreciated

Changes in v5:
- Added net files with additional variable to my test .config so the
typo can be caught next time.
- Fixed typo tabel_size -> table_size
- Link to v4: https://lore.kernel.org/r/[email protected]

Changes in v4:
- Keep reverse xmas tree order when introducing new variables
- Use a table_size variable to keep the value of ARRAY_SIZE
- Separated the original "networking: Remove the now superfluous
sentinel elements from ctl_table arra" into smaller commits to ease
review
- Merged x.25 and ax.25 commits together.
- Removed any SOB from the commits that were changed
- Link to v3: https://lore.kernel.org/r/[email protected]

Changes in v3:
- Reworkded ax.25
- Added a BUILD_BUG_ON for the ax.25 commit
- Added a CONFIG_AX25_DAMA_SLAVE guard where needed
- Link to v2: https://lore.kernel.org/r/[email protected]

Changes in v2:
- Rebased to v6.9-rc1
- Removed unneeded comment from sysctl_net_ax25.c
- Link to v1: https://lore.kernel.org/r/[email protected]

Best
Joel

[1] https://lore.kernel.org/all/[email protected]/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/joel.granados/linux.git/tag/?h=sysctl_remove_empty_elem_v5
[3] https://gist.github.com/Joelgranados/feaca7af5537156ca9b73aeaec093171
[4] https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/

[5]
Links Related to the ctl_table sentinel removal:
* Good summaries from Luis:
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/
https://lore.kernel.org/all/[email protected]/
* Patches adjusting sysctl register calls:
https://lore.kernel.org/all/[email protected]/
https://lore.kernel.org/all/[email protected]/
* Discussions about expectations and approach
https://lore.kernel.org/all/[email protected]
https://lore.kernel.org/all/[email protected]

[6]
add/remove: 0/1 grow/shrink: 2/67 up/down: 76/-4052 (-3976)
Function old new delta
llc_sysctl_init 306 377 +71
nf_log_net_init 866 871 +5
sysctl_core_net_init 375 366 -9
lowpan_frags_init_net 618 598 -20
ip_vs_control_net_init_sysctl 2446 2422 -24
sysctl_route_net_init 521 493 -28
__addrconf_sysctl_register 678 650 -28
xfrm_sysctl_init 405 374 -31
mpls_net_init 367 334 -33
sctp_sysctl_net_register 386 346 -40
__ip_vs_lblcr_init 546 501 -45
__ip_vs_lblc_init 546 501 -45
neigh_sysctl_register 1011 958 -53
mpls_dev_sysctl_register 475 419 -56
ipv6_route_sysctl_init 450 394 -56
xs_tunables_table 448 384 -64
xr_tunables_table 448 384 -64
xfrm_table 320 256 -64
xfrm6_policy_table 128 64 -64
xfrm4_policy_table 128 64 -64
x25_table 448 384 -64
vs_vars 1984 1920 -64
unix_table 128 64 -64
tipc_table 448 384 -64
svcrdma_parm_table 832 768 -64
smc_table 512 448 -64
sctp_table 256 192 -64
sctp_net_table 2304 2240 -64
rxrpc_sysctl_table 704 640 -64
rose_table 704 640 -64
rds_tcp_sysctl_table 192 128 -64
rds_sysctl_rds_table 384 320 -64
rds_ib_sysctl_table 384 320 -64
phonet_table 128 64 -64
nr_table 832 768 -64
nf_log_sysctl_table 768 704 -64
nf_log_sysctl_ftable 128 64 -64
nf_ct_sysctl_table 3200 3136 -64
nf_ct_netfilter_table 128 64 -64
nf_ct_frag6_sysctl_table 256 192 -64
netns_core_table 320 256 -64
net_core_table 2176 2112 -64
neigh_sysctl_template 1416 1352 -64
mptcp_sysctl_table 576 512 -64
mpls_dev_table 128 64 -64
lowpan_frags_ns_ctl_table 256 192 -64
lowpan_frags_ctl_table 128 64 -64
llc_station_table 64 - -64
llc2_timeout_table 320 256 -64
ipv6_table_template 1344 1280 -64
ipv6_route_table_template 768 704 -64
ipv6_rotable 320 256 -64
ipv6_icmp_table_template 448 384 -64
ipv4_table 1024 960 -64
ipv4_route_table 832 768 -64
ipv4_route_netns_table 320 256 -64
ipv4_net_table 7552 7488 -64
ip6_frags_ns_ctl_table 256 192 -64
ip6_frags_ctl_table 128 64 -64
ip4_frags_ns_ctl_table 320 256 -64
ip4_frags_ctl_table 128 64 -64
devinet_sysctl 2184 2120 -64
debug_table 384 320 -64
dccp_default_table 576 512 -64
ctl_forward_entry 128 64 -64
brnf_table 448 384 -64
ax25_param_table 960 896 -64
atalk_table 320 256 -64
addrconf_sysctl 3904 3840 -64
vs_vars_table 256 128 -128
Total: Before=440631035, After=440627059, chg -0.00%

[7]
add/remove: 0/0 grow/shrink: 1/22 up/down: 8/-1263 (-1255)
Function old new delta
sysctl_route_net_init 189 197 +8
__addrconf_sysctl_register 306 294 -12
ipv6_route_sysctl_init 201 185 -16
neigh_sysctl_register 385 366 -19
unix_table 128 64 -64
netns_core_table 256 192 -64
net_core_table 1664 1600 -64
neigh_sysctl_template 1416 1352 -64
ipv6_table_template 1344 1280 -64
ipv6_route_table_template 768 704 -64
ipv6_rotable 192 128 -64
ipv6_icmp_table_template 448 384 -64
ipv4_table 768 704 -64
ipv4_route_table 832 768 -64
ipv4_route_netns_table 320 256 -64
ipv4_net_table 7040 6976 -64
ip6_frags_ns_ctl_table 256 192 -64
ip6_frags_ctl_table 128 64 -64
ip4_frags_ns_ctl_table 320 256 -64
ip4_frags_ctl_table 128 64 -64
devinet_sysctl 2184 2120 -64
ctl_forward_entry 128 64 -64
addrconf_sysctl 3392 3328 -64
Total: Before=8523801, After=8522546, chg -0.01%

[8]
To measure the in memory savings apply this on top of this patchset.

"
diff --git i/fs/proc/proc_sysctl.c w/fs/proc/proc_sysctl.c
index 37cde0efee57..896c498600e8 100644
--- i/fs/proc/proc_sysctl.c
+++ w/fs/proc/proc_sysctl.c
@@ -966,6 +966,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
table[0].procname = new_name;
table[0].mode = S_IFDIR|S_IRUGO|S_IXUGO;
init_header(&new->header, set->dir.header.root, set, node, table, 1);
+ printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));

return new;
}
@@ -1189,6 +1190,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, s>
link_name += len;
link++;
}
+ printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));
init_header(links, dir->header.root, dir->header.set, node, link_table,
head->ctl_table_size);
links->nreg = nr_entries;
"
and then run the following bash script in the kernel:

accum=0
for n in $(dmesg | grep kzalloc | awk '{print $3}') ; do
accum=$(calc "$accum + $n")
done
echo $accum

Signed-off-by: Joel Granados <[email protected]>

--

---
---
Joel Granados (8):
net: Remove the now superfluous sentinel elements from ctl_table array
net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array
net: rds: Remove the now superfluous sentinel elements from ctl_table array
net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array
net: Remove ctl_table sentinel elements from several networking subsystems
netfilter: Remove the now superfluous sentinel elements from ctl_table array
appletalk: Remove the now superfluous sentinel elements from ctl_table array
ax.25: x.25: Remove the now superfluous sentinel elements from ctl_table array

include/net/ax25.h | 2 ++
net/appletalk/sysctl_net_atalk.c | 1 -
net/ax25/ax25_dev.c | 3 +++
net/ax25/ax25_ds_timer.c | 4 ++++
net/ax25/sysctl_net_ax25.c | 3 +--
net/bridge/br_netfilter_hooks.c | 1 -
net/core/neighbour.c | 5 +----
net/core/sysctl_net_core.c | 12 +++++-------
net/dccp/sysctl.c | 2 --
net/ieee802154/6lowpan/reassembly.c | 6 +-----
net/ipv4/devinet.c | 5 ++---
net/ipv4/ip_fragment.c | 2 --
net/ipv4/route.c | 8 ++------
net/ipv4/sysctl_net_ipv4.c | 7 +++----
net/ipv4/xfrm4_policy.c | 1 -
net/ipv6/addrconf.c | 8 +++-----
net/ipv6/icmp.c | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
net/ipv6/reassembly.c | 2 --
net/ipv6/route.c | 5 -----
net/ipv6/sysctl_net_ipv6.c | 8 +++-----
net/ipv6/xfrm6_policy.c | 1 -
net/llc/sysctl_net_llc.c | 8 ++------
net/mpls/af_mpls.c | 12 ++++++------
net/mptcp/ctrl.c | 1 -
net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
net/netfilter/nf_conntrack_standalone.c | 6 +-----
net/netfilter/nf_log.c | 3 +--
net/netrom/sysctl_net_netrom.c | 1 -
net/phonet/sysctl.c | 1 -
net/rds/ib_sysctl.c | 1 -
net/rds/sysctl.c | 1 -
net/rds/tcp.c | 1 -
net/rose/sysctl_net_rose.c | 1 -
net/rxrpc/sysctl.c | 1 -
net/sctp/sysctl.c | 10 +++-------
net/smc/smc_sysctl.c | 1 -
net/sunrpc/sysctl.c | 1 -
net/sunrpc/xprtrdma/svc_rdma.c | 1 -
net/sunrpc/xprtrdma/transport.c | 1 -
net/sunrpc/xprtsock.c | 1 -
net/tipc/sysctl.c | 1 -
net/unix/sysctl_net_unix.c | 1 -
net/x25/sysctl_net_x25.c | 1 -
net/xfrm/xfrm_sysctl.c | 5 +----
47 files changed, 47 insertions(+), 116 deletions(-)
---
base-commit: 4cece764965020c22cff7665b18a012006359095
change-id: 20240311-jag-sysctl_remset_net-d403a1a93d6b

Best regards,
--
Joel Granados <[email protected]>




Subject: [PATCH v5 1/8] net: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which
will reduce the overall build time size of the kernel and run time
memory bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

* Remove sentinel element from ctl_table structs.
* Remove the zeroing out of an array element (to make it look like a
sentinel) in neigh_sysctl_register and lowpan_frags_ns_sysctl_register
This is not longer needed and is safe after commit c899710fe7f9
("networking: Update to register_net_sysctl_sz") added the array size
to the ctl_table registration.
* Replace the for loop stop condition in sysctl_core_net_init that tests
for procname == NULL with one that depends on array size
* Removed the "-1" in mpls_net_init that adjusted for having an extra
empty element when looping over ctl_table arrays
* Use a table_size variable to keep the value of ARRAY_SIZE

Signed-off-by: Joel Granados <[email protected]>
---
net/core/neighbour.c | 5 +----
net/core/sysctl_net_core.c | 12 +++++-------
net/dccp/sysctl.c | 2 --
net/ieee802154/6lowpan/reassembly.c | 6 +-----
net/mpls/af_mpls.c | 12 ++++++------
net/unix/sysctl_net_unix.c | 1 -
6 files changed, 13 insertions(+), 25 deletions(-)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 552719c3bbc3..b0327402b3e6 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3728,7 +3728,7 @@ static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,

static struct neigh_sysctl_table {
struct ctl_table_header *sysctl_header;
- struct ctl_table neigh_vars[NEIGH_VAR_MAX + 1];
+ struct ctl_table neigh_vars[NEIGH_VAR_MAX];
} neigh_sysctl_template __read_mostly = {
.neigh_vars = {
NEIGH_SYSCTL_ZERO_INTMAX_ENTRY(MCAST_PROBES, "mcast_solicit"),
@@ -3779,7 +3779,6 @@ static struct neigh_sysctl_table {
.extra2 = SYSCTL_INT_MAX,
.proc_handler = proc_dointvec_minmax,
},
- {},
},
};

@@ -3807,8 +3806,6 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
if (dev) {
dev_name_source = dev->name;
/* Terminate the table early */
- memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
- sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
neigh_vars_size = NEIGH_VAR_BASE_REACHABLE_TIME_MS + 1;
} else {
struct neigh_table *tbl = p->tbl;
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 6973dda3abda..a84690b13bb9 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -660,7 +660,6 @@ static struct ctl_table net_core_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
},
- { }
};

static struct ctl_table netns_core_table[] = {
@@ -697,7 +696,6 @@ static struct ctl_table netns_core_table[] = {
.extra2 = SYSCTL_ONE,
.proc_handler = proc_dou8vec_minmax,
},
- { }
};

static int __init fb_tunnels_only_for_init_net_sysctl_setup(char *str)
@@ -715,7 +713,8 @@ __setup("fb_tunnels=", fb_tunnels_only_for_init_net_sysctl_setup);

static __net_init int sysctl_core_net_init(struct net *net)
{
- struct ctl_table *tbl, *tmp;
+ size_t table_size = ARRAY_SIZE(netns_core_table);
+ struct ctl_table *tbl;

tbl = netns_core_table;
if (!net_eq(net, &init_net)) {
@@ -723,12 +722,11 @@ static __net_init int sysctl_core_net_init(struct net *net)
if (tbl == NULL)
goto err_dup;

- for (tmp = tbl; tmp->procname; tmp++)
- tmp->data += (char *)net - (char *)&init_net;
+ for (int i = 0; i < table_size; ++i)
+ (tbl + i)->data += (char *)net - (char *)&init_net;
}

- net->core.sysctl_hdr = register_net_sysctl_sz(net, "net/core", tbl,
- ARRAY_SIZE(netns_core_table));
+ net->core.sysctl_hdr = register_net_sysctl_sz(net, "net/core", tbl, table_size);
if (net->core.sysctl_hdr == NULL)
goto err_reg;

diff --git a/net/dccp/sysctl.c b/net/dccp/sysctl.c
index ee8d4f5afa72..3fc474d6e57d 100644
--- a/net/dccp/sysctl.c
+++ b/net/dccp/sysctl.c
@@ -90,8 +90,6 @@ static struct ctl_table dccp_default_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_ms_jiffies,
},
-
- { }
};

static struct ctl_table_header *dccp_table_header;
diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c
index 6dd960ec558c..09b18ee6df00 100644
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -338,7 +338,6 @@ static struct ctl_table lowpan_frags_ns_ctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};

/* secret interval has been deprecated */
@@ -351,7 +350,6 @@ static struct ctl_table lowpan_frags_ctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};

static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
@@ -370,10 +368,8 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
goto err_alloc;

/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
table_size = 0;
- }
}

table[0].data = &ieee802154_lowpan->fqdir->high_thresh;
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 6dab883a08dd..ecc849678e7b 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1393,13 +1393,13 @@ static const struct ctl_table mpls_dev_table[] = {
.proc_handler = mpls_conf_proc,
.data = MPLS_PERDEV_SYSCTL_OFFSET(input_enabled),
},
- { }
};

static int mpls_dev_sysctl_register(struct net_device *dev,
struct mpls_dev *mdev)
{
char path[sizeof("net/mpls/conf/") + IFNAMSIZ];
+ size_t table_size = ARRAY_SIZE(mpls_dev_table);
struct net *net = dev_net(dev);
struct ctl_table *table;
int i;
@@ -1411,7 +1411,7 @@ static int mpls_dev_sysctl_register(struct net_device *dev,
/* Table data contains only offsets relative to the base of
* the mdev at this point, so make them absolute.
*/
- for (i = 0; i < ARRAY_SIZE(mpls_dev_table); i++) {
+ for (i = 0; i < table_size; i++) {
table[i].data = (char *)mdev + (uintptr_t)table[i].data;
table[i].extra1 = mdev;
table[i].extra2 = net;
@@ -1419,8 +1419,7 @@ static int mpls_dev_sysctl_register(struct net_device *dev,

snprintf(path, sizeof(path), "net/mpls/conf/%s", dev->name);

- mdev->sysctl = register_net_sysctl_sz(net, path, table,
- ARRAY_SIZE(mpls_dev_table));
+ mdev->sysctl = register_net_sysctl_sz(net, path, table, table_size);
if (!mdev->sysctl)
goto free;

@@ -2674,6 +2673,7 @@ static const struct ctl_table mpls_table[] = {

static int mpls_net_init(struct net *net)
{
+ size_t table_size = ARRAY_SIZE(mpls_table);
struct ctl_table *table;
int i;

@@ -2689,11 +2689,11 @@ static int mpls_net_init(struct net *net)
/* Table data contains only offsets relative to the base of
* the mdev at this point, so make them absolute.
*/
- for (i = 0; i < ARRAY_SIZE(mpls_table) - 1; i++)
+ for (i = 0; i < table_size; i++)
table[i].data = (char *)net + (uintptr_t)table[i].data;

net->mpls.ctl = register_net_sysctl_sz(net, "net/mpls", table,
- ARRAY_SIZE(mpls_table));
+ table_size);
if (net->mpls.ctl == NULL) {
kfree(table);
return -ENOMEM;
diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
index 3e84b31c355a..ae45d4cfac39 100644
--- a/net/unix/sysctl_net_unix.c
+++ b/net/unix/sysctl_net_unix.c
@@ -19,7 +19,6 @@ static struct ctl_table unix_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
- { }
};

int __net_init unix_sysctl_register(struct net *net)

--
2.43.0



Subject: [PATCH v5 3/8] net: rds: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which
will reduce the overall build time size of the kernel and run time
memory bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

* Remove sentinel element from ctl_table structs.

Signed-off-by: Joel Granados <[email protected]>
---
net/rds/ib_sysctl.c | 1 -
net/rds/sysctl.c | 1 -
net/rds/tcp.c | 1 -
3 files changed, 3 deletions(-)

diff --git a/net/rds/ib_sysctl.c b/net/rds/ib_sysctl.c
index e4e41b3afce7..2af678e71e3c 100644
--- a/net/rds/ib_sysctl.c
+++ b/net/rds/ib_sysctl.c
@@ -103,7 +103,6 @@ static struct ctl_table rds_ib_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};

void rds_ib_sysctl_exit(void)
diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
index e381bbcd9cc1..025f518a4349 100644
--- a/net/rds/sysctl.c
+++ b/net/rds/sysctl.c
@@ -89,7 +89,6 @@ static struct ctl_table rds_sysctl_rds_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};

void rds_sysctl_exit(void)
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 2dba7505b414..d8111ac83bb6 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -86,7 +86,6 @@ static struct ctl_table rds_tcp_sysctl_table[] = {
.proc_handler = rds_tcp_skbuf_handler,
.extra1 = &rds_tcp_min_rcvbuf,
},
- { }
};

u32 rds_tcp_write_seq(struct rds_tcp_connection *tc)

--
2.43.0



Subject: [PATCH v5 4/8] net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which
will reduce the overall build time size of the kernel and run time
memory bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

* Remove sentinel element from ctl_table structs.

Signed-off-by: Joel Granados <[email protected]>
---
net/sunrpc/sysctl.c | 1 -
net/sunrpc/xprtrdma/svc_rdma.c | 1 -
net/sunrpc/xprtrdma/transport.c | 1 -
net/sunrpc/xprtsock.c | 1 -
4 files changed, 4 deletions(-)

diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index 93941ab12549..5f3170a1c9bb 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -160,7 +160,6 @@ static struct ctl_table debug_table[] = {
.mode = 0444,
.proc_handler = proc_do_xprt,
},
- { }
};

void
diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
index f86970733eb0..474f7a98fe9e 100644
--- a/net/sunrpc/xprtrdma/svc_rdma.c
+++ b/net/sunrpc/xprtrdma/svc_rdma.c
@@ -209,7 +209,6 @@ static struct ctl_table svcrdma_parm_table[] = {
.extra1 = &zero,
.extra2 = &zero,
},
- { },
};

static void svc_rdma_proc_cleanup(void)
diff --git a/net/sunrpc/xprtrdma/transport.c b/net/sunrpc/xprtrdma/transport.c
index 29b0562d62e7..9a8ce5df83ca 100644
--- a/net/sunrpc/xprtrdma/transport.c
+++ b/net/sunrpc/xprtrdma/transport.c
@@ -137,7 +137,6 @@ static struct ctl_table xr_tunables_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { },
};

#endif
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index bb9b747d58a1..f62f7b65455b 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -160,7 +160,6 @@ static struct ctl_table xs_tunables_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { },
};

/*

--
2.43.0



Subject: [PATCH v5 6/8] netfilter: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

* Remove sentinel elements from ctl_table structs
* Remove instances where an array element is zeroed out to make it look
like a sentinel. This is not longer needed and is safe after commit
c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
the array size to the ctl_table registration
* Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
* Remove extra element in ctl_table arrays declarations

Acked-by: Kees Cook <[email protected]> # loadpin & yama
Signed-off-by: Joel Granados <[email protected]>
---
net/bridge/br_netfilter_hooks.c | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
net/netfilter/nf_conntrack_standalone.c | 6 +-----
net/netfilter/nf_log.c | 3 +--
7 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 35e10c5a766d..d31f57ffe985 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -1219,7 +1219,6 @@ static struct ctl_table brnf_table[] = {
.mode = 0644,
.proc_handler = brnf_sysctl_call_tables,
},
- { }
};

static inline void br_netfilter_sysctl_default(struct brnf_net *brnf)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 1a51a44571c3..8531750ec081 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -62,7 +62,6 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
},
- { }
};

static int nf_ct_frag6_sysctl_register(struct net *net)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 143a341bbc0a..50b5dbe40eb8 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2263,7 +2263,6 @@ static struct ctl_table vs_vars[] = {
.proc_handler = proc_dointvec,
},
#endif
- { }
};

#endif
@@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
return -ENOMEM;

/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- tbl[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
ctl_table_size = 0;
- }
} else
tbl = vs_vars;
/* Initialize sysctl defaults */
diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
index 8ceec7a2fa8f..2423513d701d 100644
--- a/net/netfilter/ipvs/ip_vs_lblc.c
+++ b/net/netfilter/ipvs/ip_vs_lblc.c
@@ -123,7 +123,6 @@ static struct ctl_table vs_vars_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};
#endif

@@ -563,10 +562,8 @@ static int __net_init __ip_vs_lblc_init(struct net *net)
return -ENOMEM;

/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- ipvs->lblc_ctl_table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
vars_table_size = 0;
- }

} else
ipvs->lblc_ctl_table = vs_vars_table;
diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c
index 0fb64707213f..cdb1d4bf6761 100644
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
@@ -294,7 +294,6 @@ static struct ctl_table vs_vars_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { }
};
#endif

@@ -749,10 +748,8 @@ static int __net_init __ip_vs_lblcr_init(struct net *net)
return -ENOMEM;

/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- ipvs->lblcr_ctl_table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
vars_table_size = 0;
- }
} else
ipvs->lblcr_ctl_table = vs_vars_table;
ipvs->sysctl_lblcr_expiration = DEFAULT_EXPIRATION;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 0ee98ce5b816..2f226cfb32d0 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -616,11 +616,9 @@ enum nf_ct_sysctl_index {
NF_SYSCTL_CT_LWTUNNEL,
#endif

- __NF_SYSCTL_CT_LAST_SYSCTL,
+ NF_SYSCTL_CT_LAST_SYSCTL,
};

-#define NF_SYSCTL_CT_LAST_SYSCTL (__NF_SYSCTL_CT_LAST_SYSCTL + 1)
-
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_MAX] = {
.procname = "nf_conntrack_max",
@@ -957,7 +955,6 @@ static struct ctl_table nf_ct_sysctl_table[] = {
.proc_handler = nf_hooks_lwtunnel_sysctl_handler,
},
#endif
- {}
};

static struct ctl_table nf_ct_netfilter_table[] = {
@@ -968,7 +965,6 @@ static struct ctl_table nf_ct_netfilter_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};

static void nf_conntrack_standalone_init_tcp_sysctl(struct net *net,
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 370f8231385c..d42ba733496b 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -395,7 +395,7 @@ static const struct seq_operations nflog_seq_ops = {

#ifdef CONFIG_SYSCTL
static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
-static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
+static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO];
static struct ctl_table_header *nf_log_sysctl_fhdr;

static struct ctl_table nf_log_sysctl_ftable[] = {
@@ -406,7 +406,6 @@ static struct ctl_table nf_log_sysctl_ftable[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { }
};

static int nf_log_proc_dostring(struct ctl_table *table, int write,

--
2.43.0



Subject: [PATCH v5 7/8] appletalk: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

Remove sentinel from atalk_table ctl_table array.

Acked-by: Kees Cook <[email protected]> # loadpin & yama
Signed-off-by: Joel Granados <[email protected]>
---
net/appletalk/sysctl_net_atalk.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/net/appletalk/sysctl_net_atalk.c b/net/appletalk/sysctl_net_atalk.c
index d945b7c0176d..7aebfe903242 100644
--- a/net/appletalk/sysctl_net_atalk.c
+++ b/net/appletalk/sysctl_net_atalk.c
@@ -40,7 +40,6 @@ static struct ctl_table atalk_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { },
};

static struct ctl_table_header *atalk_table_header;

--
2.43.0



Subject: [PATCH v5 8/8] ax.25: x.25: Remove the now superfluous sentinel elements from ctl_table array

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

Avoid a buffer overflow when traversing the ctl_table by ensuring that
AX25_MAX_VALUES is the same as the size of ax25_param_table. This is
done with a BUILD_BUG_ON where ax25_param_table is defined and a
CONFIG_AX25_DAMA_SLAVE guard in the unnamed enum definition as well as
in the ax25_dev_device_up and ax25_ds_set_timer functions.

The overflow happened when the sentinel was removed from
ax25_param_table. The sentinel's data element was changed when
CONFIG_AX25_DAMA_SLAVE was undefined. This had no adverse effects as it
still stopped on the sentinel's null procname but needed to be addressed
once the sentinel was removed.

Signed-off-by: Joel Granados <[email protected]>
---
include/net/ax25.h | 2 ++
net/ax25/ax25_dev.c | 3 +++
net/ax25/ax25_ds_timer.c | 4 ++++
net/ax25/sysctl_net_ax25.c | 3 +--
net/x25/sysctl_net_x25.c | 1 -
5 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/include/net/ax25.h b/include/net/ax25.h
index 0d939e5aee4e..eb9cee8252c8 100644
--- a/include/net/ax25.h
+++ b/include/net/ax25.h
@@ -139,7 +139,9 @@ enum {
AX25_VALUES_N2, /* Default N2 value */
AX25_VALUES_PACLEN, /* AX.25 MTU */
AX25_VALUES_PROTOCOL, /* Std AX.25, DAMA Slave, DAMA Master */
+#ifdef CONFIG_AX25_DAMA_SLAVE
AX25_VALUES_DS_TIMEOUT, /* DAMA Slave timeout */
+#endif
AX25_MAX_VALUES /* THIS MUST REMAIN THE LAST ENTRY OF THIS LIST */
};

diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c
index c5462486dbca..af547e185a94 100644
--- a/net/ax25/ax25_dev.c
+++ b/net/ax25/ax25_dev.c
@@ -78,7 +78,10 @@ void ax25_dev_device_up(struct net_device *dev)
ax25_dev->values[AX25_VALUES_N2] = AX25_DEF_N2;
ax25_dev->values[AX25_VALUES_PACLEN] = AX25_DEF_PACLEN;
ax25_dev->values[AX25_VALUES_PROTOCOL] = AX25_DEF_PROTOCOL;
+
+#ifdef CONFIG_AX25_DAMA_SLAVE
ax25_dev->values[AX25_VALUES_DS_TIMEOUT]= AX25_DEF_DS_TIMEOUT;
+#endif

#if defined(CONFIG_AX25_DAMA_SLAVE) || defined(CONFIG_AX25_DAMA_MASTER)
ax25_ds_setup_timer(ax25_dev);
diff --git a/net/ax25/ax25_ds_timer.c b/net/ax25/ax25_ds_timer.c
index c4f8adbf8144..8f385d2a7628 100644
--- a/net/ax25/ax25_ds_timer.c
+++ b/net/ax25/ax25_ds_timer.c
@@ -49,12 +49,16 @@ void ax25_ds_del_timer(ax25_dev *ax25_dev)

void ax25_ds_set_timer(ax25_dev *ax25_dev)
{
+#ifdef CONFIG_AX25_DAMA_SLAVE
if (ax25_dev == NULL) /* paranoia */
return;

ax25_dev->dama.slave_timeout =
msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
mod_timer(&ax25_dev->dama.slave_timer, jiffies + HZ);
+#else
+ return;
+#endif
}

/*
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index db66e11e7fe8..4e593d36d311 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -141,8 +141,6 @@ static const struct ctl_table ax25_param_table[] = {
.extra2 = &max_ds_timeout
},
#endif
-
- { } /* that's all, folks! */
};

int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
@@ -155,6 +153,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
if (!table)
return -ENOMEM;

+ BUILD_BUG_ON(ARRAY_SIZE(ax25_param_table) != AX25_MAX_VALUES);
for (k = 0; k < AX25_MAX_VALUES; k++)
table[k].data = &ax25_dev->values[k];

diff --git a/net/x25/sysctl_net_x25.c b/net/x25/sysctl_net_x25.c
index e9802afa43d0..643f50874dfe 100644
--- a/net/x25/sysctl_net_x25.c
+++ b/net/x25/sysctl_net_x25.c
@@ -71,7 +71,6 @@ static struct ctl_table x25_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
- { },
};

int __init x25_register_sysctl(void)

--
2.43.0



Subject: [PATCH v5 5/8] net: Remove ctl_table sentinel elements from several networking subsystems

From: Joel Granados <[email protected]>

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which
will reduce the overall build time size of the kernel and run time
memory bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)

To avoid lots of small commits, this commit brings together network
changes from (as they appear in MAINTAINERS) LLC, MPTCP, NETROM NETWORK
LAYER, PHONET PROTOCOL, ROSE NETWORK LAYER, RXRPC SOCKETS, SCTP
PROTOCOL, SHARED MEMORY COMMUNICATIONS (SMC), TIPC NETWORK LAYER and
NETWORKING [IPSEC]

* Remove sentinel element from ctl_table structs.
* Replace empty array registration with the register_net_sysctl_sz call
in llc_sysctl_init
* Replace the for loop stop condition that tests for procname == NULL
with one that depends on array size in sctp_sysctl_net_register
* Remove instances where an array element is zeroed out to make it look
like a sentinel in xfrm_sysctl_init. This is not longer needed and is
safe after commit c899710fe7f9 ("networking: Update to
register_net_sysctl_sz") added the array size to the ctl_table
registration
* Use a table_size variable to keep the value of ARRAY_SIZE

Signed-off-by: Joel Granados <[email protected]>
---
net/llc/sysctl_net_llc.c | 8 ++------
net/mptcp/ctrl.c | 1 -
net/netrom/sysctl_net_netrom.c | 1 -
net/phonet/sysctl.c | 1 -
net/rose/sysctl_net_rose.c | 1 -
net/rxrpc/sysctl.c | 1 -
net/sctp/sysctl.c | 10 +++-------
net/smc/smc_sysctl.c | 1 -
net/tipc/sysctl.c | 1 -
net/xfrm/xfrm_sysctl.c | 5 +----
10 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
index 8443a6d841b0..72e101135f8c 100644
--- a/net/llc/sysctl_net_llc.c
+++ b/net/llc/sysctl_net_llc.c
@@ -44,11 +44,6 @@ static struct ctl_table llc2_timeout_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- { },
-};
-
-static struct ctl_table llc_station_table[] = {
- { },
};

static struct ctl_table_header *llc2_timeout_header;
@@ -56,8 +51,9 @@ static struct ctl_table_header *llc_station_header;

int __init llc_sysctl_init(void)
{
+ struct ctl_table empty[1] = {};
llc2_timeout_header = register_net_sysctl(&init_net, "net/llc/llc2/timeout", llc2_timeout_table);
- llc_station_header = register_net_sysctl(&init_net, "net/llc/station", llc_station_table);
+ llc_station_header = register_net_sysctl_sz(&init_net, "net/llc/station", empty, 0);

if (!llc2_timeout_header || !llc_station_header) {
llc_sysctl_exit();
diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c
index 13fe0748dde8..8bf7c26a0878 100644
--- a/net/mptcp/ctrl.c
+++ b/net/mptcp/ctrl.c
@@ -156,7 +156,6 @@ static struct ctl_table mptcp_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
- {}
};

static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet)
diff --git a/net/netrom/sysctl_net_netrom.c b/net/netrom/sysctl_net_netrom.c
index 79fb2d3f477b..7dc0fa628f2e 100644
--- a/net/netrom/sysctl_net_netrom.c
+++ b/net/netrom/sysctl_net_netrom.c
@@ -140,7 +140,6 @@ static struct ctl_table nr_table[] = {
.extra1 = &min_reset,
.extra2 = &max_reset
},
- { }
};

int __init nr_register_sysctl(void)
diff --git a/net/phonet/sysctl.c b/net/phonet/sysctl.c
index 0d0bf41381c2..82fc22467a09 100644
--- a/net/phonet/sysctl.c
+++ b/net/phonet/sysctl.c
@@ -81,7 +81,6 @@ static struct ctl_table phonet_table[] = {
.mode = 0644,
.proc_handler = proc_local_port_range,
},
- { }
};

int __init phonet_sysctl_init(void)
diff --git a/net/rose/sysctl_net_rose.c b/net/rose/sysctl_net_rose.c
index d391d7758f52..d801315b7083 100644
--- a/net/rose/sysctl_net_rose.c
+++ b/net/rose/sysctl_net_rose.c
@@ -112,7 +112,6 @@ static struct ctl_table rose_table[] = {
.extra1 = &min_window,
.extra2 = &max_window
},
- { }
};

void __init rose_register_sysctl(void)
diff --git a/net/rxrpc/sysctl.c b/net/rxrpc/sysctl.c
index c9bedd0e2d86..9bf9a1f6e4cb 100644
--- a/net/rxrpc/sysctl.c
+++ b/net/rxrpc/sysctl.c
@@ -127,7 +127,6 @@ static struct ctl_table rxrpc_sysctl_table[] = {
.extra1 = (void *)SYSCTL_ONE,
.extra2 = (void *)&four,
},
- { }
};

int __init rxrpc_sysctl_init(void)
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index f65d6f92afcb..c00087e01351 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -80,8 +80,6 @@ static struct ctl_table sctp_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
-
- { /* sentinel */ }
};

/* The following index defines are used in sctp_sysctl_net_register().
@@ -384,8 +382,6 @@ static struct ctl_table sctp_net_table[] = {
.extra1 = SYSCTL_ZERO,
.extra2 = &pf_expose_max,
},
-
- { /* sentinel */ }
};

static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
@@ -597,6 +593,7 @@ static int proc_sctp_do_probe_interval(struct ctl_table *ctl, int write,

int sctp_sysctl_net_register(struct net *net)
{
+ size_t table_size = ARRAY_SIZE(sctp_net_table);
struct ctl_table *table;
int i;

@@ -604,7 +601,7 @@ int sctp_sysctl_net_register(struct net *net)
if (!table)
return -ENOMEM;

- for (i = 0; table[i].data; i++)
+ for (i = 0; i < table_size; i++)
table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;

table[SCTP_RTO_MIN_IDX].extra2 = &net->sctp.rto_max;
@@ -613,8 +610,7 @@ int sctp_sysctl_net_register(struct net *net)
table[SCTP_PS_RETRANS_IDX].extra1 = &net->sctp.pf_retrans;

net->sctp.sysctl_header = register_net_sysctl_sz(net, "net/sctp",
- table,
- ARRAY_SIZE(sctp_net_table));
+ table, table_size);
if (net->sctp.sysctl_header == NULL) {
kfree(table);
return -ENOMEM;
diff --git a/net/smc/smc_sysctl.c b/net/smc/smc_sysctl.c
index a5946d1b9d60..bd0b7e2f8824 100644
--- a/net/smc/smc_sysctl.c
+++ b/net/smc/smc_sysctl.c
@@ -90,7 +90,6 @@ static struct ctl_table smc_table[] = {
.extra1 = &conns_per_lgr_min,
.extra2 = &conns_per_lgr_max,
},
- { }
};

int __net_init smc_sysctl_net_init(struct net *net)
diff --git a/net/tipc/sysctl.c b/net/tipc/sysctl.c
index 9fb65c988f7f..30d2e06e3d8c 100644
--- a/net/tipc/sysctl.c
+++ b/net/tipc/sysctl.c
@@ -91,7 +91,6 @@ static struct ctl_table tipc_table[] = {
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
},
- {}
};

int tipc_register_sysctl(void)
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
index 7fdeafc838a7..b0f542805e6e 100644
--- a/net/xfrm/xfrm_sysctl.c
+++ b/net/xfrm/xfrm_sysctl.c
@@ -38,7 +38,6 @@ static struct ctl_table xfrm_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
- {}
};

int __net_init xfrm_sysctl_init(struct net *net)
@@ -57,10 +56,8 @@ int __net_init xfrm_sysctl_init(struct net *net)
table[3].data = &net->xfrm.sysctl_acq_expires;

/* Don't export sysctls to unprivileged users */
- if (net->user_ns != &init_user_ns) {
- table[0].procname = NULL;
+ if (net->user_ns != &init_user_ns)
table_size = 0;
- }

net->xfrm.sysctl_hdr = register_net_sysctl_sz(net, "net/core", table,
table_size);

--
2.43.0



2024-04-26 12:10:43

by Julian Anastasov

[permalink] [raw]
Subject: Re: [PATCH v5 6/8] netfilter: Remove the now superfluous sentinel elements from ctl_table array


Hello,

On Fri, 26 Apr 2024, Joel Granados via B4 Relay wrote:

> From: Joel Granados <[email protected]>
>
> This commit comes at the tail end of a greater effort to remove the
> empty elements at the end of the ctl_table arrays (sentinels) which will
> reduce the overall build time size of the kernel and run time memory
> bloat by ~64 bytes per sentinel (further information Link :
> https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
>
> * Remove sentinel elements from ctl_table structs
> * Remove instances where an array element is zeroed out to make it look
> like a sentinel. This is not longer needed and is safe after commit
> c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
> the array size to the ctl_table registration
> * Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
> sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
> * Remove extra element in ctl_table arrays declarations
>
> Acked-by: Kees Cook <[email protected]> # loadpin & yama
> Signed-off-by: Joel Granados <[email protected]>
> ---
> net/bridge/br_netfilter_hooks.c | 1 -
> net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
> net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
> net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
> net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
> net/netfilter/nf_conntrack_standalone.c | 6 +-----
> net/netfilter/nf_log.c | 3 +--
> 7 files changed, 5 insertions(+), 21 deletions(-)

...

> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 143a341bbc0a..50b5dbe40eb8 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c

...

> @@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
> return -ENOMEM;
>
> /* Don't export sysctls to unprivileged users */
> - if (net->user_ns != &init_user_ns) {
> - tbl[0].procname = NULL;
> + if (net->user_ns != &init_user_ns)
> ctl_table_size = 0;
> - }
> } else
> tbl = vs_vars;
> /* Initialize sysctl defaults */

We are in process of changing this code (not in trees yet):

https://marc.info/?t=171345219600002&r=1&w=2

As I'm not sure which patch will win, the end result should
be this single if-block/hunk to be removed.

Regards

--
Julian Anastasov <[email protected]>


2024-04-26 12:26:41

by Jeff Layton

[permalink] [raw]
Subject: Re: [PATCH v5 4/8] net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array

On Fri, 2024-04-26 at 12:46 +0200, Joel Granados via B4 Relay wrote:
> From: Joel Granados <[email protected]>
>
> This commit comes at the tail end of a greater effort to remove the
> empty elements at the end of the ctl_table arrays (sentinels) which
> will reduce the overall build time size of the kernel and run time
> memory bloat by ~64 bytes per sentinel (further information Link :
> https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
>
> * Remove sentinel element from ctl_table structs.
>
> Signed-off-by: Joel Granados <[email protected]>
> ---
> net/sunrpc/sysctl.c | 1 -
> net/sunrpc/xprtrdma/svc_rdma.c | 1 -
> net/sunrpc/xprtrdma/transport.c | 1 -
> net/sunrpc/xprtsock.c | 1 -
> 4 files changed, 4 deletions(-)
>
> diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
> index 93941ab12549..5f3170a1c9bb 100644
> --- a/net/sunrpc/sysctl.c
> +++ b/net/sunrpc/sysctl.c
> @@ -160,7 +160,6 @@ static struct ctl_table debug_table[] = {
> .mode = 0444,
> .proc_handler = proc_do_xprt,
> },
> - { }
> };
>
> void
> diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
> index f86970733eb0..474f7a98fe9e 100644
> --- a/net/sunrpc/xprtrdma/svc_rdma.c
> +++ b/net/sunrpc/xprtrdma/svc_rdma.c
> @@ -209,7 +209,6 @@ static struct ctl_table svcrdma_parm_table[] = {
> .extra1 = &zero,
> .extra2 = &zero,
> },
> - { },
> };
>
> static void svc_rdma_proc_cleanup(void)
> diff --git a/net/sunrpc/xprtrdma/transport.c b/net/sunrpc/xprtrdma/transport.c
> index 29b0562d62e7..9a8ce5df83ca 100644
> --- a/net/sunrpc/xprtrdma/transport.c
> +++ b/net/sunrpc/xprtrdma/transport.c
> @@ -137,7 +137,6 @@ static struct ctl_table xr_tunables_table[] = {
> .mode = 0644,
> .proc_handler = proc_dointvec,
> },
> - { },
> };
>
> #endif
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index bb9b747d58a1..f62f7b65455b 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -160,7 +160,6 @@ static struct ctl_table xs_tunables_table[] = {
> .mode = 0644,
> .proc_handler = proc_dointvec_jiffies,
> },
> - { },
> };
>
> /*
>

Reviewed-by: Jeffrey Layton <[email protected]>

2024-04-26 13:03:15

by Chuck Lever III

[permalink] [raw]
Subject: Re: [PATCH v5 4/8] net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array

On Fri, Apr 26, 2024 at 12:46:56PM +0200, Joel Granados via B4 Relay wrote:
> From: Joel Granados <[email protected]>
>
> This commit comes at the tail end of a greater effort to remove the
> empty elements at the end of the ctl_table arrays (sentinels) which
> will reduce the overall build time size of the kernel and run time
> memory bloat by ~64 bytes per sentinel (further information Link :
> https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
>
> * Remove sentinel element from ctl_table structs.
>
> Signed-off-by: Joel Granados <[email protected]>
> ---
> net/sunrpc/sysctl.c | 1 -
> net/sunrpc/xprtrdma/svc_rdma.c | 1 -
> net/sunrpc/xprtrdma/transport.c | 1 -
> net/sunrpc/xprtsock.c | 1 -
> 4 files changed, 4 deletions(-)
>
> diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
> index 93941ab12549..5f3170a1c9bb 100644
> --- a/net/sunrpc/sysctl.c
> +++ b/net/sunrpc/sysctl.c
> @@ -160,7 +160,6 @@ static struct ctl_table debug_table[] = {
> .mode = 0444,
> .proc_handler = proc_do_xprt,
> },
> - { }
> };
>
> void
> diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
> index f86970733eb0..474f7a98fe9e 100644
> --- a/net/sunrpc/xprtrdma/svc_rdma.c
> +++ b/net/sunrpc/xprtrdma/svc_rdma.c
> @@ -209,7 +209,6 @@ static struct ctl_table svcrdma_parm_table[] = {
> .extra1 = &zero,
> .extra2 = &zero,
> },
> - { },
> };
>
> static void svc_rdma_proc_cleanup(void)
> diff --git a/net/sunrpc/xprtrdma/transport.c b/net/sunrpc/xprtrdma/transport.c
> index 29b0562d62e7..9a8ce5df83ca 100644
> --- a/net/sunrpc/xprtrdma/transport.c
> +++ b/net/sunrpc/xprtrdma/transport.c
> @@ -137,7 +137,6 @@ static struct ctl_table xr_tunables_table[] = {
> .mode = 0644,
> .proc_handler = proc_dointvec,
> },
> - { },
> };
>
> #endif
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index bb9b747d58a1..f62f7b65455b 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -160,7 +160,6 @@ static struct ctl_table xs_tunables_table[] = {
> .mode = 0644,
> .proc_handler = proc_dointvec_jiffies,
> },
> - { },
> };
>
> /*
>
> --
> 2.43.0
>

Acked-by: Chuck Lever <[email protected]>


--
Chuck Lever

2024-04-26 15:20:09

by Sabrina Dubroca

[permalink] [raw]
Subject: Re: [PATCH v5 5/8] net: Remove ctl_table sentinel elements from several networking subsystems

2024-04-26, 12:46:57 +0200, Joel Granados via B4 Relay wrote:
> diff --git a/net/smc/smc_sysctl.c b/net/smc/smc_sysctl.c
> index a5946d1b9d60..bd0b7e2f8824 100644
> --- a/net/smc/smc_sysctl.c
> +++ b/net/smc/smc_sysctl.c
> @@ -90,7 +90,6 @@ static struct ctl_table smc_table[] = {
> .extra1 = &conns_per_lgr_min,
> .extra2 = &conns_per_lgr_max,
> },
> - { }
> };

There's an ARRAY_SIZE(smc_table) - 1 in smc_sysctl_net_init, shouldn't
the -1 be removed like you did in other patches?


int __net_init smc_sysctl_net_init(struct net *net)
{
struct ctl_table *table;

table = smc_table;
if (!net_eq(net, &init_net)) {
int i;

table = kmemdup(table, sizeof(smc_table), GFP_KERNEL);
if (!table)
goto err_alloc;

for (i = 0; i < ARRAY_SIZE(smc_table) - 1; i++)
table[i].data += (void *)net - (void *)&init_net;
}

net->smc.smc_hdr = register_net_sysctl_sz(net, "net/smc", table,
ARRAY_SIZE(smc_table));
[...]

--
Sabrina


2024-04-27 08:15:06

by Sabrina Dubroca

[permalink] [raw]
Subject: Re: [PATCH v5 8/8] ax.25: x.25: Remove the now superfluous sentinel elements from ctl_table array

2024-04-26, 12:47:00 +0200, Joel Granados via B4 Relay wrote:
> diff --git a/net/ax25/ax25_ds_timer.c b/net/ax25/ax25_ds_timer.c
> index c4f8adbf8144..8f385d2a7628 100644
> --- a/net/ax25/ax25_ds_timer.c
> +++ b/net/ax25/ax25_ds_timer.c
> @@ -49,12 +49,16 @@ void ax25_ds_del_timer(ax25_dev *ax25_dev)
>
> void ax25_ds_set_timer(ax25_dev *ax25_dev)
> {
> +#ifdef CONFIG_AX25_DAMA_SLAVE

Is this really needed? Looks like this file is only compiled when this
config is set:

grep ax25_ds_timer net/ax25/Makefile
ax25-$(CONFIG_AX25_DAMA_SLAVE) += ax25_ds_in.o ax25_ds_subr.o ax25_ds_timer.o


> if (ax25_dev == NULL) /* paranoia */
> return;
>
> ax25_dev->dama.slave_timeout =
> msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
> mod_timer(&ax25_dev->dama.slave_timer, jiffies + HZ);
> +#else
> + return;
> +#endif
> }

--
Sabrina


2024-04-29 08:54:21

by Sabrina Dubroca

[permalink] [raw]
Subject: Re: [PATCH v5 1/8] net: Remove the now superfluous sentinel elements from ctl_table array

2024-04-26, 12:46:53 +0200, Joel Granados via B4 Relay wrote:
> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> index 6973dda3abda..a84690b13bb9 100644
> --- a/net/core/sysctl_net_core.c
> +++ b/net/core/sysctl_net_core.c
[...]
> @@ -723,12 +722,11 @@ static __net_init int sysctl_core_net_init(struct net *net)
> if (tbl == NULL)
> goto err_dup;
>
> - for (tmp = tbl; tmp->procname; tmp++)
> - tmp->data += (char *)net - (char *)&init_net;

Some coding style nits in case you re-post:

> + for (int i = 0; i < table_size; ++i)

move the declaration of int i out of the for (), it's almost never
written this way (at least in networking)

> + (tbl + i)->data += (char *)net - (char *)&init_net;

tbl[i].data = ...

is more in line with other similar functions in the rest of net/


[...]
> diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
> index 6dab883a08dd..ecc849678e7b 100644
> --- a/net/mpls/af_mpls.c
> +++ b/net/mpls/af_mpls.c
[...]
> @@ -2674,6 +2673,7 @@ static const struct ctl_table mpls_table[] = {
>
> static int mpls_net_init(struct net *net)
> {
> + size_t table_size = ARRAY_SIZE(mpls_table);

This table still has a {} as its final element. It should be gone too?

--
Sabrina


2024-04-29 09:10:23

by Joel Granados

[permalink] [raw]
Subject: Re: [PATCH v5 5/8] net: Remove ctl_table sentinel elements from several networking subsystems

On Fri, Apr 26, 2024 at 05:13:37PM +0200, Sabrina Dubroca wrote:
> 2024-04-26, 12:46:57 +0200, Joel Granados via B4 Relay wrote:
> > diff --git a/net/smc/smc_sysctl.c b/net/smc/smc_sysctl.c
> > index a5946d1b9d60..bd0b7e2f8824 100644
> > --- a/net/smc/smc_sysctl.c
> > +++ b/net/smc/smc_sysctl.c
> > @@ -90,7 +90,6 @@ static struct ctl_table smc_table[] = {
> > .extra1 = &conns_per_lgr_min,
> > .extra2 = &conns_per_lgr_max,
> > },
> > - { }
> > };
>
> There's an ARRAY_SIZE(smc_table) - 1 in smc_sysctl_net_init, shouldn't
> the -1 be removed like you did in other patches?
>
>
> int __net_init smc_sysctl_net_init(struct net *net)
> {
> struct ctl_table *table;
>
> table = smc_table;
> if (!net_eq(net, &init_net)) {
> int i;
>
> table = kmemdup(table, sizeof(smc_table), GFP_KERNEL);
> if (!table)
> goto err_alloc;
>
> for (i = 0; i < ARRAY_SIZE(smc_table) - 1; i++)
This is a very good catch !!!! Thx a lot!! I'll put this into my V6.

> table[i].data += (void *)net - (void *)&init_net;
> }
>
> net->smc.smc_hdr = register_net_sysctl_sz(net, "net/smc", table,
> ARRAY_SIZE(smc_table));
> [...]
>
> --
> Sabrina
>

--

Joel Granados


Attachments:
(No filename) (1.21 kB)
signature.asc (673.00 B)
Download all attachments

2024-04-29 10:20:12

by Joel Granados

[permalink] [raw]
Subject: Re: [PATCH v5 6/8] netfilter: Remove the now superfluous sentinel elements from ctl_table array

On Fri, Apr 26, 2024 at 03:09:45PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Fri, 26 Apr 2024, Joel Granados via B4 Relay wrote:
>
> > From: Joel Granados <[email protected]>
> >
> > This commit comes at the tail end of a greater effort to remove the
> > empty elements at the end of the ctl_table arrays (sentinels) which will
> > reduce the overall build time size of the kernel and run time memory
> > bloat by ~64 bytes per sentinel (further information Link :
> > https://lore.kernel.org/all/ZO5Yx5JFogGi%[email protected]/)
> >
> > * Remove sentinel elements from ctl_table structs
> > * Remove instances where an array element is zeroed out to make it look
> > like a sentinel. This is not longer needed and is safe after commit
> > c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
> > the array size to the ctl_table registration
> > * Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
> > sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
> > * Remove extra element in ctl_table arrays declarations
> >
> > Acked-by: Kees Cook <[email protected]> # loadpin & yama
> > Signed-off-by: Joel Granados <[email protected]>
> > ---
> > net/bridge/br_netfilter_hooks.c | 1 -
> > net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
> > net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
> > net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
> > net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
> > net/netfilter/nf_conntrack_standalone.c | 6 +-----
> > net/netfilter/nf_log.c | 3 +--
> > 7 files changed, 5 insertions(+), 21 deletions(-)
>
> ...
>
> > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> > index 143a341bbc0a..50b5dbe40eb8 100644
> > --- a/net/netfilter/ipvs/ip_vs_ctl.c
> > +++ b/net/netfilter/ipvs/ip_vs_ctl.c
>
> ...
>
> > @@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
> > return -ENOMEM;
> >
> > /* Don't export sysctls to unprivileged users */
> > - if (net->user_ns != &init_user_ns) {
> > - tbl[0].procname = NULL;
> > + if (net->user_ns != &init_user_ns)
> > ctl_table_size = 0;
> > - }
> > } else
> > tbl = vs_vars;
> > /* Initialize sysctl defaults */
>
> We are in process of changing this code (not in trees yet):
>
> https://marc.info/?t=171345219600002&r=1&w=2
>
> As I'm not sure which patch will win, the end result should
> be this single if-block/hunk to be removed.
Thx for the heads up. I have made a note of it in case this set ends up
being after yours.


>
> Regards
>
> --
> Julian Anastasov <[email protected]>
>

--

Joel Granados


Attachments:
(No filename) (2.70 kB)
signature.asc (673.00 B)
Download all attachments

2024-04-29 10:20:23

by Joel Granados

[permalink] [raw]
Subject: Re: [PATCH v5 8/8] ax.25: x.25: Remove the now superfluous sentinel elements from ctl_table array

On Sat, Apr 27, 2024 at 10:14:36AM +0200, Sabrina Dubroca wrote:
> 2024-04-26, 12:47:00 +0200, Joel Granados via B4 Relay wrote:
> > diff --git a/net/ax25/ax25_ds_timer.c b/net/ax25/ax25_ds_timer.c
> > index c4f8adbf8144..8f385d2a7628 100644
> > --- a/net/ax25/ax25_ds_timer.c
> > +++ b/net/ax25/ax25_ds_timer.c
> > @@ -49,12 +49,16 @@ void ax25_ds_del_timer(ax25_dev *ax25_dev)
> >
> > void ax25_ds_set_timer(ax25_dev *ax25_dev)
> > {
> > +#ifdef CONFIG_AX25_DAMA_SLAVE
>
> Is this really needed? Looks like this file is only compiled when this
> config is set:
>
> grep ax25_ds_timer net/ax25/Makefile
> ax25-$(CONFIG_AX25_DAMA_SLAVE) += ax25_ds_in.o ax25_ds_subr.o ax25_ds_timer.o
Good point. I had missed this detail when addressing
https://lore.kernel.org/oe-kbuild-all/[email protected]/.
Thx for pointing it out. I'll remove the guards for V6.

Best

>
>
> > if (ax25_dev == NULL) /* paranoia */
> > return;
> >
> > ax25_dev->dama.slave_timeout =
> > msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
> > mod_timer(&ax25_dev->dama.slave_timer, jiffies + HZ);
> > +#else
> > + return;
> > +#endif
> > }
>
> --
> Sabrina
>

--

Joel Granados


Attachments:
(No filename) (1.22 kB)
signature.asc (673.00 B)
Download all attachments

2024-04-29 14:49:54

by Sabrina Dubroca

[permalink] [raw]
Subject: Re: [PATCH v5 1/8] net: Remove the now superfluous sentinel elements from ctl_table array

2024-04-29, 14:33:15 +0200, Joel Granados wrote:
> On Mon, Apr 29, 2024 at 10:53:47AM +0200, Sabrina Dubroca wrote:
> > 2024-04-26, 12:46:53 +0200, Joel Granados via B4 Relay wrote:
> > > diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> > > index 6973dda3abda..a84690b13bb9 100644
> > > --- a/net/core/sysctl_net_core.c
> > > +++ b/net/core/sysctl_net_core.c
> > [...]
> > > @@ -723,12 +722,11 @@ static __net_init int sysctl_core_net_init(struct net *net)
> > > if (tbl == NULL)
> > > goto err_dup;
> > >
> > > - for (tmp = tbl; tmp->procname; tmp++)
> > > - tmp->data += (char *)net - (char *)&init_net;
> >
> > Some coding style nits in case you re-post:
> Thx. I will, so please scream if you see more issues.

I've gone through the whole series and didn't see anything more.

> > > + for (int i = 0; i < table_size; ++i)
> >
> > move the declaration of int i out of the for (), it's almost never
> > written this way (at least in networking)
> done
>
> >
> > > + (tbl + i)->data += (char *)net - (char *)&init_net;
> >
> > tbl[i].data = ...
> >
> > is more in line with other similar functions in the rest of net/
> done
>
> >
> >
> > [...]
> > > diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
> > > index 6dab883a08dd..ecc849678e7b 100644
> > > --- a/net/mpls/af_mpls.c
> > > +++ b/net/mpls/af_mpls.c
> > [...]
> > > @@ -2674,6 +2673,7 @@ static const struct ctl_table mpls_table[] = {
> > >
> > > static int mpls_net_init(struct net *net)
> > > {
> > > + size_t table_size = ARRAY_SIZE(mpls_table);
> >
> > This table still has a {} as its final element. It should be gone too?
> Now, how did that get away? I'll run my coccinelle scripts once more to
> make sure that I don't have more of these hiding in the shadows.

I didn't spot any other with a dumb

sed -n '<line>,^};/p' <file>

(with file/line produced by git grep 'struct ctl_table' -- net)


Thanks.

--
Sabrina