On Fri, Apr 26, 2024 at 03:09:45PM +0300, Julian Anastasov wrote: > > Hello, > > On Fri, 26 Apr 2024, Joel Granados via B4 Relay wrote: > > > From: Joel Granados <j.granados@xxxxxxxxxxx> > > > > This commit comes at the tail end of a greater effort to remove the > > empty elements at the end of the ctl_table arrays (sentinels) which will > > reduce the overall build time size of the kernel and run time memory > > bloat by ~64 bytes per sentinel (further information Link : > > https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@xxxxxxxxxxxxxxxxxxxxxx/) > > > > * Remove sentinel elements from ctl_table structs > > * Remove instances where an array element is zeroed out to make it look > > like a sentinel. This is not longer needed and is safe after commit > > c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added > > the array size to the ctl_table registration > > * Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the > > sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL > > * Remove extra element in ctl_table arrays declarations > > > > Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> # loadpin & yama > > Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx> > > --- > > net/bridge/br_netfilter_hooks.c | 1 - > > net/ipv6/netfilter/nf_conntrack_reasm.c | 1 - > > net/netfilter/ipvs/ip_vs_ctl.c | 5 +---- > > net/netfilter/ipvs/ip_vs_lblc.c | 5 +---- > > net/netfilter/ipvs/ip_vs_lblcr.c | 5 +---- > > net/netfilter/nf_conntrack_standalone.c | 6 +----- > > net/netfilter/nf_log.c | 3 +-- > > 7 files changed, 5 insertions(+), 21 deletions(-) > > ... > > > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c > > index 143a341bbc0a..50b5dbe40eb8 100644 > > --- a/net/netfilter/ipvs/ip_vs_ctl.c > > +++ b/net/netfilter/ipvs/ip_vs_ctl.c > > ... > > > @@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) > > return -ENOMEM; > > > > /* Don't export sysctls to unprivileged users */ > > - if (net->user_ns != &init_user_ns) { > > - tbl[0].procname = NULL; > > + if (net->user_ns != &init_user_ns) > > ctl_table_size = 0; > > - } > > } else > > tbl = vs_vars; > > /* Initialize sysctl defaults */ > > We are in process of changing this code (not in trees yet): > > https://marc.info/?t=171345219600002&r=1&w=2 > > As I'm not sure which patch will win, the end result should > be this single if-block/hunk to be removed. Thx for the heads up. I have made a note of it in case this set ends up being after yours. > > Regards > > -- > Julian Anastasov <ja@xxxxxx> > -- Joel Granados
Attachment:
signature.asc
Description: PGP signature
