| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2024 15:09:45 +0300 (EEST)
From: Julian Anastasov <ja@....bg>
To: Joel Granados <j.granados@...sung.com>
cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Alexander Aring <alex.aring@...il.com>,
Stefan Schmidt <stefan@...enfreihafen.org>,
Miquel Raynal <miquel.raynal@...tlin.com>,
David Ahern <dsahern@...nel.org>,
Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Matthieu Baerts <matttbe@...nel.org>,
Mat Martineau <martineau@...nel.org>,
Geliang Tang <geliang@...nel.org>, Ralf Baechle <ralf@...ux-mips.org>,
Remi Denis-Courmont <courmisch@...il.com>,
Allison Henderson <allison.henderson@...cle.com>,
David Howells <dhowells@...hat.com>,
Marc Dionne <marc.dionne@...istor.com>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
Xin Long <lucien.xin@...il.com>, Wenjia Zhang <wenjia@...ux.ibm.com>,
Jan Karcher <jaka@...ux.ibm.com>,
"D. Wythe" <alibuda@...ux.alibaba.com>,
Tony Lu <tonylu@...ux.alibaba.com>, Wen Gu <guwen@...ux.alibaba.com>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Anna Schumaker <anna@...nel.org>, Chuck Lever <chuck.lever@...cle.com>,
Jeff Layton <jlayton@...nel.org>, Neil Brown <neilb@...e.de>,
Olga Kornievskaia <kolga@...app.com>, Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>, Jon Maloy <jmaloy@...hat.com>,
Ying Xue <ying.xue@...driver.com>, Martin Schiller <ms@....tdt.de>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>, Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Simon Horman <horms@...ge.net.au>, Joerg Reuter <jreuter@...na.de>,
Luis Chamberlain <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, dccp@...r.kernel.org,
linux-wpan@...r.kernel.org, mptcp@...ts.linux.dev,
linux-hams@...r.kernel.org, linux-rdma@...r.kernel.org,
rds-devel@....oracle.com, linux-afs@...ts.infradead.org,
linux-sctp@...r.kernel.org, linux-s390@...r.kernel.org,
linux-nfs@...r.kernel.org, tipc-discussion@...ts.sourceforge.net,
linux-x25@...r.kernel.org, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, bridge@...ts.linux.dev,
lvs-devel@...r.kernel.org
Subject: Re: [PATCH v5 6/8] netfilter: Remove the now superfluous sentinel
elements from ctl_table array
Hello,
On Fri, 26 Apr 2024, Joel Granados via B4 Relay wrote:
> From: Joel Granados <j.granados@...sung.com>
>
> This commit comes at the tail end of a greater effort to remove the
> empty elements at the end of the ctl_table arrays (sentinels) which will
> reduce the overall build time size of the kernel and run time memory
> bloat by ~64 bytes per sentinel (further information Link :
> https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/)
>
> * Remove sentinel elements from ctl_table structs
> * Remove instances where an array element is zeroed out to make it look
> like a sentinel. This is not longer needed and is safe after commit
> c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
> the array size to the ctl_table registration
> * Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
> sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
> * Remove extra element in ctl_table arrays declarations
>
> Acked-by: Kees Cook <keescook@...omium.org> # loadpin & yama
> Signed-off-by: Joel Granados <j.granados@...sung.com>
> ---
> net/bridge/br_netfilter_hooks.c | 1 -
> net/ipv6/netfilter/nf_conntrack_reasm.c | 1 -
> net/netfilter/ipvs/ip_vs_ctl.c | 5 +----
> net/netfilter/ipvs/ip_vs_lblc.c | 5 +----
> net/netfilter/ipvs/ip_vs_lblcr.c | 5 +----
> net/netfilter/nf_conntrack_standalone.c | 6 +-----
> net/netfilter/nf_log.c | 3 +--
> 7 files changed, 5 insertions(+), 21 deletions(-)
...
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 143a341bbc0a..50b5dbe40eb8 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
...
> @@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
> return -ENOMEM;
>
> /* Don't export sysctls to unprivileged users */
> - if (net->user_ns != &init_user_ns) {
> - tbl[0].procname = NULL;
> + if (net->user_ns != &init_user_ns)
> ctl_table_size = 0;
> - }
> } else
> tbl = vs_vars;
> /* Initialize sysctl defaults */
We are in process of changing this code (not in trees yet):
https://marc.info/?t=171345219600002&r=1&w=2
As I'm not sure which patch will win, the end result should
be this single if-block/hunk to be removed.
Regards
--
Julian Anastasov <ja@....bg>
Powered by blists - more mailing lists