linux.git/fs/proc/proc_sysctl.c, branch for-next Linux kernel source tree sysctl: Reduce dput(child) calls in proc_sys_fill_cache() 2024-10-31T10:39:55+00:00 Markus Elfring elfring@users.sourceforge.net 2024-10-23T14:54:59+00:00 9c738dae9534fbdf77c250132cba04e0822983b3 Replace two dput(child) calls with one that occurs immediately before the IS_ERR evaluation. This transformation can be performed because dput() gets called regardless of the value returned by IS_ERR(res). This issue was transformed by using a script for the semantic patch language like the following. <SmPL> @extended_adjustment@ expression e, f != { mutex_unlock }, x, y; @@ +f(e); if (...) { <+... when != \( e = x \| y(..., &e, ...) \) - f(e); ...+> } -f(e); </SmPL> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Reviewed-by: Joel Granados <joel.granados@kernel.org> Signed-off-by: Joel Granados <joel.granados@kernel.org> 
Replace two dput(child) calls with one that occurs immediately before
the IS_ERR evaluation. This transformation can be performed because
dput() gets called regardless of the value returned by IS_ERR(res).

This issue was transformed by using a script for the
semantic patch language like the following.
<SmPL>
@extended_adjustment@
expression e, f != { mutex_unlock }, x, y;
@@
+f(e);
 if (...)
 {
 <+... when != \( e = x \| y(..., &e, ...) \)
-   f(e);
 ...+>
 }
-f(e);
</SmPL>

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Reviewed-by: Joel Granados <joel.granados@kernel.org>
Signed-off-by: Joel Granados <joel.granados@kernel.org>
sysctl: Convert locking comments to lockdep assertions 2024-10-10T19:01:17+00:00 Thomas Weißschuh linux@weissschuh.net 2024-06-29T17:24:31+00:00 8e666244c98a246f25172cd25aa91ee44d0e6230 The assertions work as well as the comment to inform developers about locking expectations. Additionally they are validated by lockdep at runtime, making sure the expectations are met. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Signed-off-by: Joel Granados <joel.granados@kernel.org> 
The assertions work as well as the comment to inform developers about
locking expectations.
Additionally they are validated by lockdep at runtime, making sure the
expectations are met.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Joel Granados <joel.granados@kernel.org>
sysctl: make internal ctl_tables const 2024-10-09T11:39:11+00:00 Thomas Weißschuh linux@weissschuh.net 2024-08-05T09:39:39+00:00 fbc26ee771cbea8591899ee4cbd97131568df75a Now that the sysctl core can handle registration of "const struct ctl_table" constify the sysctl internal tables. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Signed-off-by: Joel Granados <joel.granados@kernel.org> 
Now that the sysctl core can handle registration of
"const struct ctl_table" constify the sysctl internal tables.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Joel Granados <joel.granados@kernel.org>
sysctl: allow registration of const struct ctl_table 2024-10-09T11:39:11+00:00 Thomas Weißschuh linux@weissschuh.net 2024-08-05T09:39:38+00:00 7abc9b53bd515d7953d1f4e069b062ec4b5ba9e7 Putting structure, especially those containing function pointers, into read-only memory makes the safer and easier to reason about. Change the sysctl registration APIs to allow registration of "const struct ctl_table". Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> # security/* Signed-off-by: Joel Granados <joel.granados@kernel.org> 
Putting structure, especially those containing function pointers,
into read-only memory makes the safer and easier to reason about.
Change the sysctl registration APIs to allow registration of
"const struct ctl_table".

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org> # security/*
Signed-off-by: Joel Granados <joel.granados@kernel.org>
sysctl: move internal interfaces to const struct ctl_table 2024-10-09T11:39:11+00:00 Thomas Weißschuh linux@weissschuh.net 2024-08-05T09:39:37+00:00 29e1095bb1ad149b5c417719338d9c81d58bf12b As a preparation to make all the core sysctl code work with const struct ctl_table switch over the internal function to use the const variant. Some pointers to "struct ctl_table" need to stay non-const as they are newly allocated and modified before registration. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Signed-off-by: Joel Granados <joel.granados@kernel.org> 
As a preparation to make all the core sysctl code work with const struct
ctl_table switch over the internal function to use the const variant.

Some pointers to "struct ctl_table" need to stay non-const as they are
newly allocated and modified before registration.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Joel Granados <joel.granados@kernel.org>
sysctl: avoid spurious permanent empty tables 2024-09-02T08:37:37+00:00 Thomas Weißschuh linux@weissschuh.net 2024-08-05T09:39:35+00:00 559d4c6a9d3b60f239493239070eb304edaea594 The test if a table is a permanently empty one, inspects the address of the registered ctl_table argument. However as sysctl_mount_point is an empty array and does not occupy and space it can end up sharing an address with another object in memory. If that other object itself is a "struct ctl_table" then registering that table will fail as it's incorrectly recognized as permanently empty. Avoid this issue by adding a dummy element to the array so that is not empty anymore. Explicitly register the table with zero elements as otherwise the dummy element would be recognized as a sentinel element which would lead to a runtime warning from the sysctl core. While the issue seems not being encountered at this time, this seems mostly to be due to luck. Also a future change, constifying sysctl_mount_point and root_table, can reliably trigger this issue on clang 18. Given that empty arrays are non-standard in the first place it seems prudent to avoid them if possible. Fixes: 4a7b29f65094 ("sysctl: move sysctl type to ctl_table_header") Fixes: a35dd3a786f5 ("sysctl: drop now unnecessary out-of-bounds check") Cc: stable@vger.kernel.org Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Closes: https://lore.kernel.org/oe-lkp/202408051453.f638857e-lkp@intel.com Signed-off-by: Joel Granados <j.granados@samsung.com> 
The test if a table is a permanently empty one, inspects the address of
the registered ctl_table argument.
However as sysctl_mount_point is an empty array and does not occupy and
space it can end up sharing an address with another object in memory.
If that other object itself is a "struct ctl_table" then registering
that table will fail as it's incorrectly recognized as permanently empty.

Avoid this issue by adding a dummy element to the array so that is not
empty anymore.
Explicitly register the table with zero elements as otherwise the dummy
element would be recognized as a sentinel element which would lead to a
runtime warning from the sysctl core.

While the issue seems not being encountered at this time, this seems
mostly to be due to luck.
Also a future change, constifying sysctl_mount_point and root_table, can
reliably trigger this issue on clang 18.

Given that empty arrays are non-standard in the first place it seems
prudent to avoid them if possible.

Fixes: 4a7b29f65094 ("sysctl: move sysctl type to ctl_table_header")
Fixes: a35dd3a786f5 ("sysctl: drop now unnecessary out-of-bounds check")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Closes: https://lore.kernel.org/oe-lkp/202408051453.f638857e-lkp@intel.com
Signed-off-by: Joel Granados <j.granados@samsung.com>
sysctl: Warn on an empty procname element 2024-06-13T08:50:52+00:00 Joel Granados j.granados@samsung.com 2024-06-04T06:29:26+00:00 acc154691fc75e1a178fc36624bdeee1420585a4 Add a pr_err warning in case a ctl_table is registered with a sentinel element containing a NULL procname. Signed-off-by: Joel Granados <j.granados@samsung.com> 
Add a pr_err warning in case a ctl_table is registered with a sentinel
element containing a NULL procname.

Signed-off-by: Joel Granados <j.granados@samsung.com>
sysctl: Remove ctl_table sentinel code comments 2024-06-13T08:50:52+00:00 Joel Granados j.granados@samsung.com 2024-06-04T06:29:25+00:00 3717540377c500e28f4304b17a46dd5b025a61ac Remove the mention of a "zero terminated entry" from the __register_sysctl_table function doc. Signed-off-by: Joel Granados <j.granados@samsung.com> 
Remove the mention of a "zero terminated entry" from the
__register_sysctl_table function doc.

Signed-off-by: Joel Granados <j.granados@samsung.com>
sysctl: Remove "child" sysctl code comments 2024-06-13T08:50:52+00:00 Joel Granados j.granados@samsung.com 2024-06-04T06:29:24+00:00 a02fe70de4c2a7fbd971b49c5fa69f867fac16ff Erase the code comments mentioning "child" that were forgotten when the child element was removed in commit 2f2665c13af48 ("sysctl: replace child with an enumeration"). Signed-off-by: Joel Granados <j.granados@samsung.com> 
Erase the code comments mentioning "child" that were forgotten when the
child element was removed in commit 2f2665c13af48 ("sysctl: replace
child with an enumeration").

Signed-off-by: Joel Granados <j.granados@samsung.com>
sysctl: Remove superfluous empty allocations from sysctl internals 2024-06-13T08:50:52+00:00 Joel Granados j.granados@samsung.com 2024-06-04T06:29:23+00:00 aef9d25e7f5631543a0276d0532151f2c61174d6 Now that the sentinels have been removed from ctl_table arrays, there is no need to artificially append empty ctl_table elements at ctl_table registration. Remove superfluous empty allocation from new_dir and new_links. Signed-off-by: Joel Granados <j.granados@samsung.com> 
Now that the sentinels have been removed from ctl_table arrays, there is
no need to artificially append empty ctl_table elements at ctl_table
registration. Remove superfluous empty allocation from new_dir and
new_links.

Signed-off-by: Joel Granados <j.granados@samsung.com>