diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-04-27 16:52:33 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-04-27 16:52:33 -0700 |
commit | 888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0 (patch) | |
tree | 833fa91e015ea12e4eb4e0aa1111bcc08832fa91 /security | |
parent | b6a7828502dc769e1a5329027bc5048222fa210a (diff) | |
parent | e3184de9d46c2eebdb776face2e2662c6733331d (diff) | |
download | linux-888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0.tar.gz linux-888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0.tar.bz2 linux-888d3c9f7f3ae44101a3fd76528d3dd6f96e9fd0.zip |
Merge tag 'sysctl-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
Pull sysctl updates from Luis Chamberlain:
"This only does a few sysctl moves from the kernel/sysctl.c file, the
rest of the work has been put towards deprecating two API calls which
incur recursion and prevent us from simplifying the registration
process / saving memory per move. Most of the changes have been
soaking on linux-next since v6.3-rc3.
I've slowed down the kernel/sysctl.c moves due to Matthew Wilcox's
feedback that we should see if we could *save* memory with these moves
instead of incurring more memory. We currently incur more memory since
when we move a syctl from kernel/sysclt.c out to its own file we end
up having to add a new empty sysctl used to register it. To achieve
saving memory we want to allow syctls to be passed without requiring
the end element being empty, and just have our registration process
rely on ARRAY_SIZE(). Without this, supporting both styles of sysctls
would make the sysctl registration pretty brittle, hard to read and
maintain as can be seen from Meng Tang's efforts to do just this [0].
Fortunately, in order to use ARRAY_SIZE() for all sysctl registrations
also implies doing the work to deprecate two API calls which use
recursion in order to support sysctl declarations with subdirectories.
And so during this development cycle quite a bit of effort went into
this deprecation effort. I've annotated the following two APIs are
deprecated and in few kernel releases we should be good to remove
them:
- register_sysctl_table()
- register_sysctl_paths()
During this merge window we should be able to deprecate and unexport
register_sysctl_paths(), we can probably do that towards the end of
this merge window.
Deprecating register_sysctl_table() will take a bit more time but this
pull request goes with a few example of how to do this.
As it turns out each of the conversions to move away from either of
these two API calls *also* saves memory. And so long term, all these
changes *will* prove to have saved a bit of memory on boot.
The way I see it then is if remove a user of one deprecated call, it
gives us enough savings to move one kernel/sysctl.c out from the
generic arrays as we end up with about the same amount of bytes.
Since deprecating register_sysctl_table() and register_sysctl_paths()
does not require maintainer coordination except the final unexport
you'll see quite a bit of these changes from other pull requests, I've
just kept the stragglers after rc3"
Link: https://lkml.kernel.org/r/ZAD+cpbrqlc5vmry@bombadil.infradead.org [0]
* tag 'sysctl-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux: (29 commits)
fs: fix sysctls.c built
mm: compaction: remove incorrect #ifdef checks
mm: compaction: move compaction sysctl to its own file
mm: memory-failure: Move memory failure sysctls to its own file
arm: simplify two-level sysctl registration for ctl_isa_vars
ia64: simplify one-level sysctl registration for kdump_ctl_table
utsname: simplify one-level sysctl registration for uts_kern_table
ntfs: simplfy one-level sysctl registration for ntfs_sysctls
coda: simplify one-level sysctl registration for coda_table
fs/cachefiles: simplify one-level sysctl registration for cachefiles_sysctls
xfs: simplify two-level sysctl registration for xfs_table
nfs: simplify two-level sysctl registration for nfs_cb_sysctls
nfs: simplify two-level sysctl registration for nfs4_cb_sysctls
lockd: simplify two-level sysctl registration for nlm_sysctls
proc_sysctl: enhance documentation
xen: simplify sysctl registration for balloon
md: simplify sysctl registration
hv: simplify sysctl registration
scsi: simplify sysctl registration with register_sysctl()
csky: simplify alignment sysctl registration
...
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/lsm.c | 8 | ||||
-rw-r--r-- | security/loadpin/loadpin.c | 8 | ||||
-rw-r--r-- | security/yama/yama_lsm.c | 8 |
3 files changed, 3 insertions, 21 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index cebba4824e60..f431251ffb91 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1764,11 +1764,6 @@ static int apparmor_dointvec(struct ctl_table *table, int write, return proc_dointvec(table, write, buffer, lenp, ppos); } -static struct ctl_path apparmor_sysctl_path[] = { - { .procname = "kernel", }, - { } -}; - static struct ctl_table apparmor_sysctl_table[] = { { .procname = "unprivileged_userns_apparmor_policy", @@ -1790,8 +1785,7 @@ static struct ctl_table apparmor_sysctl_table[] = { static int __init apparmor_init_sysctl(void) { - return register_sysctl_paths(apparmor_sysctl_path, - apparmor_sysctl_table) ? 0 : -ENOMEM; + return register_sysctl("kernel", apparmor_sysctl_table) ? 0 : -ENOMEM; } #else static inline int apparmor_init_sysctl(void) diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b9d773f11232..ebae964f7cc9 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -52,12 +52,6 @@ static bool deny_reading_verity_digests; #endif #ifdef CONFIG_SYSCTL -static struct ctl_path loadpin_sysctl_path[] = { - { .procname = "kernel", }, - { .procname = "loadpin", }, - { } -}; - static struct ctl_table loadpin_sysctl_table[] = { { .procname = "enforce", @@ -262,7 +256,7 @@ static int __init loadpin_init(void) enforce ? "" : "not "); parse_exclude(); #ifdef CONFIG_SYSCTL - if (!register_sysctl_paths(loadpin_sysctl_path, loadpin_sysctl_table)) + if (!register_sysctl("kernel/loadpin", loadpin_sysctl_table)) pr_notice("sysctl registration failed!\n"); #endif security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 478be269571a..2503cf153d4a 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -447,12 +447,6 @@ static int yama_dointvec_minmax(struct ctl_table *table, int write, static int max_scope = YAMA_SCOPE_NO_ATTACH; -static struct ctl_path yama_sysctl_path[] = { - { .procname = "kernel", }, - { .procname = "yama", }, - { } -}; - static struct ctl_table yama_sysctl_table[] = { { .procname = "ptrace_scope", @@ -467,7 +461,7 @@ static struct ctl_table yama_sysctl_table[] = { }; static void __init yama_init_sysctl(void) { - if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table)) + if (!register_sysctl("kernel/yama", yama_sysctl_table)) panic("Yama: sysctl registration failed.\n"); } #else |