Hello, On Fri, 26 Apr 2024, Joel Granados via B4 Relay wrote: > From: Joel Granados <j.granados@xxxxxxxxxxx> > > This commit comes at the tail end of a greater effort to remove the > empty elements at the end of the ctl_table arrays (sentinels) which will > reduce the overall build time size of the kernel and run time memory > bloat by ~64 bytes per sentinel (further information Link : > https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@xxxxxxxxxxxxxxxxxxxxxx/) > > * Remove sentinel elements from ctl_table structs > * Remove instances where an array element is zeroed out to make it look > like a sentinel. This is not longer needed and is safe after commit > c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added > the array size to the ctl_table registration > * Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the > sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL > * Remove extra element in ctl_table arrays declarations > > Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> # loadpin & yama > Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx> > --- > net/bridge/br_netfilter_hooks.c | 1 - > net/ipv6/netfilter/nf_conntrack_reasm.c | 1 - > net/netfilter/ipvs/ip_vs_ctl.c | 5 +---- > net/netfilter/ipvs/ip_vs_lblc.c | 5 +---- > net/netfilter/ipvs/ip_vs_lblcr.c | 5 +---- > net/netfilter/nf_conntrack_standalone.c | 6 +----- > net/netfilter/nf_log.c | 3 +-- > 7 files changed, 5 insertions(+), 21 deletions(-) ... > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c > index 143a341bbc0a..50b5dbe40eb8 100644 > --- a/net/netfilter/ipvs/ip_vs_ctl.c > +++ b/net/netfilter/ipvs/ip_vs_ctl.c ... > @@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) > return -ENOMEM; > > /* Don't export sysctls to unprivileged users */ > - if (net->user_ns != &init_user_ns) { > - tbl[0].procname = NULL; > + if (net->user_ns != &init_user_ns) > ctl_table_size = 0; > - } > } else > tbl = vs_vars; > /* Initialize sysctl defaults */ We are in process of changing this code (not in trees yet): https://marc.info/?t=171345219600002&r=1&w=2 As I'm not sure which patch will win, the end result should be this single if-block/hunk to be removed. Regards -- Julian Anastasov <ja@xxxxxx>