diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-01-21 13:34:05 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-01-24 16:40:27 -0800 |
commit | 7c60c48f58a78195acc1f71c9a9d01958c02ab89 (patch) | |
tree | 7d1a66abc2510aa474105a747fdcd08b033f2b36 /lib | |
parent | f728019bb72e655680c02ad1829323054a8e875f (diff) | |
download | linux-stable-7c60c48f58a78195acc1f71c9a9d01958c02ab89.tar.gz linux-stable-7c60c48f58a78195acc1f71c9a9d01958c02ab89.tar.bz2 linux-stable-7c60c48f58a78195acc1f71c9a9d01958c02ab89.zip |
sysctl: Improve the sysctl sanity checks
- Stop validating subdirectories now that we only register leaf tables
- Cleanup and improve the duplicate filename check.
* Run the duplicate filename check under the sysctl_lock to guarantee
we never add duplicate names.
* Reduce the duplicate filename check to nearly O(M*N) where M is the
number of entries in tthe table we are registering and N is the
number of entries in the directory before we got there.
- Move the duplicate filename check into it's own function and call
it directtly from __register_sysctl_table
- Kill the config option as the sanity checks are now cheap enough
the config option is unnecessary. The original reason for the config
option was because we had a huge table used to verify the proc filename
to binary sysctl mapping. That table has now evolved into the binary_sysctl
translation layer and is no longer part of the sysctl_check code.
- Tighten up the permission checks. Guarnateeing that files only have read
or write permissions.
- Removed redudant check for parents having a procname as now everything has
a procname.
- Generalize the backtrace logic so that we print a backtrace from
any failure of __register_sysctl_table that was not caused by
a memmory allocation failure. The backtrace allows us to track
down who erroneously registered a sysctl table.
Bechmark before (CONFIG_SYSCTL_CHECK=y):
make-dummies 0 999 -> 12s
rmmod dummy -> 0.08s
Bechmark before (CONFIG_SYSCTL_CHECK=n):
make-dummies 0 999 -> 0.7s
rmmod dummy -> 0.06s
make-dummies 0 99999 -> 1m13s
rmmod dummy -> 0.38s
Benchmark after:
make-dummies 0 999 -> 0.65s
rmmod dummy -> 0.055s
make-dummies 0 9999 -> 1m10s
rmmod dummy -> 0.39s
The sysctl sanity checks now impose no measurable cost.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Kconfig.debug | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 8745ac7d1f75..943a6182cdf2 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1113,14 +1113,6 @@ config LATENCYTOP Enable this option if you want to use the LatencyTOP tool to find out which userspace is blocking on what kernel operations. -config SYSCTL_SYSCALL_CHECK - bool "Sysctl checks" - depends on SYSCTL - ---help--- - sys_sysctl uses binary paths that have been found challenging - to properly maintain and use. This enables checks that help - you to keep things correct. - source mm/Kconfig.debug source kernel/trace/Kconfig |