From d0d05f602c1504fb868ed4a560d1465d88a3c5e5 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 29 Apr 2025 14:30:00 +0200 Subject: [PATCH 01/23] module: Move modprobe_path and modules_disabled ctl_tables into the module subsys Move module sysctl (modprobe_path and modules_disabled) out of sysctl.c and into the modules subsystem. Make modules_disabled static as it no longer needs to be exported. Remove module.h from the includes in sysctl as it no longer uses any module exported variables. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Petr Pavlu Signed-off-by: Joel Granados --- include/linux/kmod.h | 3 --- include/linux/module.h | 1 - kernel/module/internal.h | 3 +++ kernel/module/main.c | 30 +++++++++++++++++++++++++++++- kernel/sysctl.c | 20 -------------------- 5 files changed, 32 insertions(+), 25 deletions(-) diff --git a/include/linux/kmod.h b/include/linux/kmod.h index 68f69362d427..9a07c3215389 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -14,10 +14,7 @@ #include #include -#define KMOD_PATH_LEN 256 - #ifdef CONFIG_MODULES -extern char modprobe_path[]; /* for sysctl */ /* modprobe exit status on success, -ve on error. Return value * usually useless though. */ extern __printf(2, 3) diff --git a/include/linux/module.h b/include/linux/module.h index 92e1420fccdf..e93cdb92ad92 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -304,7 +304,6 @@ struct notifier_block; #ifdef CONFIG_MODULES -extern int modules_disabled; /* for sysctl */ /* Get/put a kernel symbol (calls must be symmetric) */ void *__symbol_get(const char *symbol); void *__symbol_get_gpl(const char *symbol); diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 8d74b0a21c82..51ddd8866ef3 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -58,6 +58,9 @@ extern const struct kernel_symbol __stop___ksymtab_gpl[]; extern const u32 __start___kcrctab[]; extern const u32 __start___kcrctab_gpl[]; +#define KMOD_PATH_LEN 256 +extern char modprobe_path[]; + struct load_info { const char *name; /* pointer to module in temporary copy, freed at end of load_module() */ diff --git a/kernel/module/main.c b/kernel/module/main.c index 413ac6ea3702..c11d9a125001 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -126,9 +126,37 @@ static void mod_update_bounds(struct module *mod) } /* Block module loading/unloading? */ -int modules_disabled; +static int modules_disabled; core_param(nomodule, modules_disabled, bint, 0); +static const struct ctl_table module_sysctl_table[] = { + { + .procname = "modprobe", + .data = &modprobe_path, + .maxlen = KMOD_PATH_LEN, + .mode = 0644, + .proc_handler = proc_dostring, + }, + { + .procname = "modules_disabled", + .data = &modules_disabled, + .maxlen = sizeof(int), + .mode = 0644, + /* only handle a transition from default "0" to "1" */ + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ONE, + .extra2 = SYSCTL_ONE, + }, +}; + +static int __init init_module_sysctl(void) +{ + register_sysctl_init("kernel", module_sysctl_table); + return 0; +} + +subsys_initcall(init_module_sysctl); + /* Waiting for a module to finish initializing? */ static DECLARE_WAIT_QUEUE_HEAD(module_wq); diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 9b4f0cff76ea..473133d9651e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -19,7 +19,6 @@ * Removed it and replaced it with older style, 03/23/00, Bill Wendling */ -#include #include #include #include @@ -1616,25 +1615,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif -#ifdef CONFIG_MODULES - { - .procname = "modprobe", - .data = &modprobe_path, - .maxlen = KMOD_PATH_LEN, - .mode = 0644, - .proc_handler = proc_dostring, - }, - { - .procname = "modules_disabled", - .data = &modules_disabled, - .maxlen = sizeof(int), - .mode = 0644, - /* only handle a transition from default "0" to "1" */ - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ONE, - .extra2 = SYSCTL_ONE, - }, -#endif #ifdef CONFIG_UEVENT_HELPER { .procname = "hotplug", From f1b4f23a52c272f6c1e205e8ec243f563323c5aa Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 29 Apr 2025 15:12:17 +0200 Subject: [PATCH 02/23] locking/rtmutex: Move max_lock_depth into rtmutex.c Move the max_lock_depth sysctl table element into rtmutex_api.c. Removed the rtmutex.h include from sysctl.c. Chose to move into rtmutex_api.c to avoid multiple registrations every time rtmutex.c is included in other files. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Signed-off-by: Joel Granados --- include/linux/rtmutex.h | 2 +- kernel/locking/rtmutex_api.c | 18 ++++++++++++++++++ kernel/sysctl.c | 12 ------------ 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/include/linux/rtmutex.h b/include/linux/rtmutex.h index 7d049883a08a..fa9f1021541e 100644 --- a/include/linux/rtmutex.h +++ b/include/linux/rtmutex.h @@ -18,7 +18,7 @@ #include #include -extern int max_lock_depth; /* for sysctl */ +extern int max_lock_depth; struct rt_mutex_base { raw_spinlock_t wait_lock; diff --git a/kernel/locking/rtmutex_api.c b/kernel/locking/rtmutex_api.c index 2d933528a0fa..bafd5af98eae 100644 --- a/kernel/locking/rtmutex_api.c +++ b/kernel/locking/rtmutex_api.c @@ -13,6 +13,24 @@ */ int max_lock_depth = 1024; +static const struct ctl_table rtmutex_sysctl_table[] = { + { + .procname = "max_lock_depth", + .data = &max_lock_depth, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +}; + +static int __init init_rtmutex_sysctl(void) +{ + register_sysctl_init("kernel", rtmutex_sysctl_table); + return 0; +} + +subsys_initcall(init_rtmutex_sysctl); + /* * Debug aware fast / slowpath lock,trylock,unlock * diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 473133d9651e..a22f35013da0 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -59,9 +59,6 @@ #include #include #endif -#ifdef CONFIG_RT_MUTEXES -#include -#endif /* shared constants to be used in various sysctls */ const int sysctl_vals[] = { 0, 1, 2, 3, 4, 100, 200, 1000, 3000, INT_MAX, 65535, -1 }; @@ -1709,15 +1706,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif -#ifdef CONFIG_RT_MUTEXES - { - .procname = "max_lock_depth", - .data = &max_lock_depth, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec, - }, -#endif #ifdef CONFIG_TREE_RCU { .procname = "panic_on_rcu_stall", From fff6703fc843569d7a2f78ca08e7a69a9be22b0f Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Wed, 30 Apr 2025 14:07:33 +0200 Subject: [PATCH 03/23] rcu: Move rcu_stall related sysctls into rcu/tree_stall.h Move sysctl_panic_on_rcu_stall and sysctl_max_rcu_stall_to_panic into the kernel/rcu subdirectory. Make these static in tree_stall.h and removed them as extern from panic.h as their scope is now confined into one file. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Joel Fernandes Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- include/linux/panic.h | 2 -- kernel/rcu/tree_stall.h | 33 +++++++++++++++++++++++++++++++-- kernel/sysctl.c | 20 -------------------- 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/include/linux/panic.h b/include/linux/panic.h index 4adc65766935..8f2b5d92ac05 100644 --- a/include/linux/panic.h +++ b/include/linux/panic.h @@ -25,8 +25,6 @@ extern int panic_on_warn; extern unsigned long panic_on_taint; extern bool panic_on_taint_nousertaint; -extern int sysctl_panic_on_rcu_stall; -extern int sysctl_max_rcu_stall_to_panic; extern int sysctl_panic_on_stackoverflow; extern bool crash_kexec_post_notifiers; diff --git a/kernel/rcu/tree_stall.h b/kernel/rcu/tree_stall.h index 486c00536207..69482c2f0771 100644 --- a/kernel/rcu/tree_stall.h +++ b/kernel/rcu/tree_stall.h @@ -17,8 +17,37 @@ // Controlling CPU stall warnings, including delay calculation. /* panic() on RCU Stall sysctl. */ -int sysctl_panic_on_rcu_stall __read_mostly; -int sysctl_max_rcu_stall_to_panic __read_mostly; +static int sysctl_panic_on_rcu_stall __read_mostly; +static int sysctl_max_rcu_stall_to_panic __read_mostly; + +static const struct ctl_table rcu_stall_sysctl_table[] = { + { + .procname = "panic_on_rcu_stall", + .data = &sysctl_panic_on_rcu_stall, + .maxlen = sizeof(sysctl_panic_on_rcu_stall), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE, + }, + { + .procname = "max_rcu_stall_to_panic", + .data = &sysctl_max_rcu_stall_to_panic, + .maxlen = sizeof(sysctl_max_rcu_stall_to_panic), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ONE, + .extra2 = SYSCTL_INT_MAX, + }, +}; + +static int __init init_rcu_stall_sysctl(void) +{ + register_sysctl_init("kernel", rcu_stall_sysctl_table); + return 0; +} + +subsys_initcall(init_rcu_stall_sysctl); #ifdef CONFIG_SYSFS diff --git a/kernel/sysctl.c b/kernel/sysctl.c index a22f35013da0..fd76f0e1d490 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1706,26 +1706,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif -#ifdef CONFIG_TREE_RCU - { - .procname = "panic_on_rcu_stall", - .data = &sysctl_panic_on_rcu_stall, - .maxlen = sizeof(sysctl_panic_on_rcu_stall), - .mode = 0644, - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ZERO, - .extra2 = SYSCTL_ONE, - }, - { - .procname = "max_rcu_stall_to_panic", - .data = &sysctl_max_rcu_stall_to_panic, - .maxlen = sizeof(sysctl_max_rcu_stall_to_panic), - .mode = 0644, - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ONE, - .extra2 = SYSCTL_INT_MAX, - }, -#endif }; int __init sysctl_init_bases(void) From 851911aa7210ca27f007bd79553172e2e3ba8723 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Wed, 30 Apr 2025 14:42:13 +0200 Subject: [PATCH 04/23] mm: move randomize_va_space into memory.c Move the randomize_va_space variable together with all its sysctl table elements into memory.c. Register it to the "kernel" directory by adding it to the subsys initialization calls This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- kernel/sysctl.c | 9 --------- mm/memory.c | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index fd76f0e1d490..adc2d3ea1278 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1688,15 +1688,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif -#if defined(CONFIG_MMU) - { - .procname = "randomize_va_space", - .data = &randomize_va_space, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec, - }, -#endif #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN { .procname = "ignore-unaligned-usertrap", diff --git a/mm/memory.c b/mm/memory.c index 8eba595056fe..f9e334fb9166 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -125,6 +125,24 @@ int randomize_va_space __read_mostly = 2; #endif +static const struct ctl_table mmu_sysctl_table[] = { + { + .procname = "randomize_va_space", + .data = &randomize_va_space, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +}; + +static int __init init_mm_sysctl(void) +{ + register_sysctl_init("kernel", mmu_sysctl_table); + return 0; +} + +subsys_initcall(init_mm_sysctl); + #ifndef arch_wants_old_prefaulted_pte static inline bool arch_wants_old_prefaulted_pte(void) { From 9e2f403dd8c2b07aff012e72c1fe5455538d72d2 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 2 May 2025 15:32:17 +0200 Subject: [PATCH 05/23] parisc/power: Move soft-power into power.c Move the soft-power ctl table into parisc/power.c. As a consequence the pwrsw_enabled var is made static. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- drivers/parisc/power.c | 20 +++++++++++++++++++- include/linux/sysctl.h | 1 - kernel/sysctl.c | 9 --------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/drivers/parisc/power.c b/drivers/parisc/power.c index 7a6a3e7f2825..9d6c7bf72e29 100644 --- a/drivers/parisc/power.c +++ b/drivers/parisc/power.c @@ -83,7 +83,25 @@ static struct task_struct *power_task; #define SYSCTL_FILENAME "sys/kernel/power" /* soft power switch enabled/disabled */ -int pwrsw_enabled __read_mostly = 1; +static int pwrsw_enabled __read_mostly = 1; + +static const struct ctl_table power_sysctl_table[] = { + { + .procname = "soft-power", + .data = &pwrsw_enabled, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +}; + +static int __init init_power_sysctl(void) +{ + register_sysctl_init("kernel", power_sysctl_table); + return 0; +} + +arch_initcall(init_power_sysctl); /* main kernel thread worker. It polls the button state */ static int kpowerswd(void *param) diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 40a6ac6c9713..ae762eabb7c9 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -242,7 +242,6 @@ int do_proc_douintvec(const struct ctl_table *table, int write, int write, void *data), void *data); -extern int pwrsw_enabled; extern int unaligned_enabled; extern int unaligned_dump_stack; extern int no_unaligned_warning; diff --git a/kernel/sysctl.c b/kernel/sysctl.c index adc2d3ea1278..718140251972 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1594,15 +1594,6 @@ static const struct ctl_table kern_table[] = { .extra2 = SYSCTL_ONE, }, #endif -#ifdef CONFIG_PARISC - { - .procname = "soft-power", - .data = &pwrsw_enabled, - .maxlen = sizeof (int), - .mode = 0644, - .proc_handler = proc_dointvec, - }, -#endif #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW { .procname = "unaligned-trap", From 8e5f04b0d58c734c69a0b6e26317561919299638 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 2 May 2025 22:27:38 +0200 Subject: [PATCH 06/23] fork: mv threads-max into kernel/fork.c make sysctl_max_threads static as it no longer needs to be exported into sysctl.c. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- include/linux/sysctl.h | 3 --- kernel/fork.c | 20 +++++++++++++++++++- kernel/sysctl.c | 7 ------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index ae762eabb7c9..30bcbc59d12d 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -284,7 +284,4 @@ static inline bool sysctl_is_alias(char *param) } #endif /* CONFIG_SYSCTL */ -int sysctl_max_threads(const struct ctl_table *table, int write, void *buffer, - size_t *lenp, loff_t *ppos); - #endif /* _LINUX_SYSCTL_H */ diff --git a/kernel/fork.c b/kernel/fork.c index 1ee8eb11f38b..dea8e7740ad2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -3216,7 +3216,7 @@ int unshare_files(void) return 0; } -int sysctl_max_threads(const struct ctl_table *table, int write, +static int sysctl_max_threads(const struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { struct ctl_table t; @@ -3238,3 +3238,21 @@ int sysctl_max_threads(const struct ctl_table *table, int write, return 0; } + +static const struct ctl_table fork_sysctl_table[] = { + { + .procname = "threads-max", + .data = NULL, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = sysctl_max_threads, + }, +}; + +static int __init init_fork_sysctl(void) +{ + register_sysctl_init("kernel", fork_sysctl_table); + return 0; +} + +subsys_initcall(init_fork_sysctl); diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 718140251972..febf328054aa 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1630,13 +1630,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_do_cad_pid, }, #endif - { - .procname = "threads-max", - .data = NULL, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = sysctl_max_threads, - }, { .procname = "overflowuid", .data = &overflowuid, From 79ac8df97408b97175c01b6bff5ce0a97f35b439 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 2 May 2025 22:47:06 +0200 Subject: [PATCH 07/23] Input: sysrq: mv sysrq into drivers/tty/sysrq.c Move both sysrq ctl_table and supported sysrq_sysctl_handler helper function into drivers/tty/sysrq.c. Replaced the __do_proc_dointvec in helper function with do_proc_dointvec_minmax as the former is local to kernel/sysctl.c. Here we use the minmax version of do_proc_dointvec because do_proc_dointvec is static and calling do_proc_dointvec_minmax with a NULL min and max is the same as calling do_proc_dointvec. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Kees Cook Acked-by: Greg Kroah-Hartman Signed-off-by: Joel Granados --- drivers/tty/sysrq.c | 41 +++++++++++++++++++++++++++++++++++++++++ kernel/sysctl.c | 30 ------------------------------ 2 files changed, 41 insertions(+), 30 deletions(-) diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c index d77c03d22227..97f8a9a52285 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -1120,6 +1120,47 @@ int sysrq_toggle_support(int enable_mask) } EXPORT_SYMBOL_GPL(sysrq_toggle_support); +static int sysrq_sysctl_handler(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + int tmp, ret; + struct ctl_table t = *table; + + tmp = sysrq_mask(); + t.data = &tmp; + + /* + * Behaves like do_proc_dointvec as t does not have min nor max. + */ + ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos); + + if (ret || !write) + return ret; + + if (write) + sysrq_toggle_support(tmp); + + return 0; +} + +static const struct ctl_table sysrq_sysctl_table[] = { + { + .procname = "sysrq", + .data = NULL, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = sysrq_sysctl_handler, + }, +}; + +static int __init init_sysrq_sysctl(void) +{ + register_sysctl_init("kernel", sysrq_sysctl_table); + return 0; +} + +subsys_initcall(init_sysrq_sysctl); + static int __sysrq_swap_key_ops(u8 key, const struct sysrq_key_op *insert_op_p, const struct sysrq_key_op *remove_op_p) { diff --git a/kernel/sysctl.c b/kernel/sysctl.c index febf328054aa..ebcc7d75acd9 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -31,7 +31,6 @@ #include #include #include -#include #include #include #include @@ -964,26 +963,6 @@ int proc_dou8vec_minmax(const struct ctl_table *table, int write, } EXPORT_SYMBOL_GPL(proc_dou8vec_minmax); -#ifdef CONFIG_MAGIC_SYSRQ -static int sysrq_sysctl_handler(const struct ctl_table *table, int write, - void *buffer, size_t *lenp, loff_t *ppos) -{ - int tmp, ret; - - tmp = sysrq_mask(); - - ret = __do_proc_dointvec(&tmp, table, write, buffer, - lenp, ppos, NULL, NULL); - if (ret || !write) - return ret; - - if (write) - sysrq_toggle_support(tmp); - - return 0; -} -#endif - static int __do_proc_doulongvec_minmax(void *data, const struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos, @@ -1612,15 +1591,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dostring, }, #endif -#ifdef CONFIG_MAGIC_SYSRQ - { - .procname = "sysrq", - .data = NULL, - .maxlen = sizeof (int), - .mode = 0644, - .proc_handler = sysrq_sysctl_handler, - }, -#endif #ifdef CONFIG_PROC_SYSCTL { .procname = "cad_pid", From 942b296a6c35da6593eeeb126dce71d4e506f314 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Mon, 5 May 2025 21:20:07 +0200 Subject: [PATCH 08/23] sysctl: Move tainted ctl_table into kernel/panic.c Move the ctl_table with the "tainted" proc_name into kernel/panic.c. With it moves the proc_tainted helper function. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- kernel/panic.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ kernel/sysctl.c | 49 ------------------------------------------------ 2 files changed, 50 insertions(+), 49 deletions(-) diff --git a/kernel/panic.c b/kernel/panic.c index b0b9a8bf4560..39e5b1ddf1a8 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -84,6 +84,50 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); EXPORT_SYMBOL(panic_notifier_list); #ifdef CONFIG_SYSCTL + +/* + * Taint values can only be increased + * This means we can safely use a temporary. + */ +static int proc_taint(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + struct ctl_table t; + unsigned long tmptaint = get_taint(); + int err; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + t = *table; + t.data = &tmptaint; + err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); + if (err < 0) + return err; + + if (write) { + int i; + + /* + * If we are relying on panic_on_taint not producing + * false positives due to userspace input, bail out + * before setting the requested taint flags. + */ + if (panic_on_taint_nousertaint && (tmptaint & panic_on_taint)) + return -EINVAL; + + /* + * Poor man's atomic or. Not worth adding a primitive + * to everyone's atomic.h for this + */ + for (i = 0; i < TAINT_FLAGS_COUNT; i++) + if ((1UL << i) & tmptaint) + add_taint(i, LOCKDEP_STILL_OK); + } + + return err; +} + static const struct ctl_table kern_panic_table[] = { #ifdef CONFIG_SMP { @@ -96,6 +140,12 @@ static const struct ctl_table kern_panic_table[] = { .extra2 = SYSCTL_ONE, }, #endif + { + .procname = "tainted", + .maxlen = sizeof(long), + .mode = 0644, + .proc_handler = proc_taint, + }, { .procname = "panic", .data = &panic_timeout, diff --git a/kernel/sysctl.c b/kernel/sysctl.c index ebcc7d75acd9..9d8db9cef111 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -731,49 +731,6 @@ int proc_douintvec(const struct ctl_table *table, int write, void *buffer, do_proc_douintvec_conv, NULL); } -/* - * Taint values can only be increased - * This means we can safely use a temporary. - */ -static int proc_taint(const struct ctl_table *table, int write, - void *buffer, size_t *lenp, loff_t *ppos) -{ - struct ctl_table t; - unsigned long tmptaint = get_taint(); - int err; - - if (write && !capable(CAP_SYS_ADMIN)) - return -EPERM; - - t = *table; - t.data = &tmptaint; - err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); - if (err < 0) - return err; - - if (write) { - int i; - - /* - * If we are relying on panic_on_taint not producing - * false positives due to userspace input, bail out - * before setting the requested taint flags. - */ - if (panic_on_taint_nousertaint && (tmptaint & panic_on_taint)) - return -EINVAL; - - /* - * Poor man's atomic or. Not worth adding a primitive - * to everyone's atomic.h for this - */ - for (i = 0; i < TAINT_FLAGS_COUNT; i++) - if ((1UL << i) & tmptaint) - add_taint(i, LOCKDEP_STILL_OK); - } - - return err; -} - /** * struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure * @min: pointer to minimum allowable value @@ -1557,12 +1514,6 @@ int proc_do_static_key(const struct ctl_table *table, int write, static const struct ctl_table kern_table[] = { #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", - .maxlen = sizeof(long), - .mode = 0644, - .proc_handler = proc_taint, - }, { .procname = "sysctl_writes_strict", .data = &sysctl_writes_strict, From e054bcbe7e7af2baad3752f1a4916a7fffc0457e Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Mon, 5 May 2025 21:47:47 +0200 Subject: [PATCH 09/23] sysctl: move cad_pid into kernel/pid.c Move cad_pid as well as supporting function proc_do_cad_pid into kernel/pic.c. Replaced call to __do_proc_dointvec with proc_dointvec inside proc_do_cad_pid which requires the copy of the ctl_table to handle the temp value. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- kernel/pid.c | 31 +++++++++++++++++++++++++++++++ kernel/sysctl.c | 31 ------------------------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/kernel/pid.c b/kernel/pid.c index 8317bcbc7cf7..9ea0db2cdc29 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -713,6 +713,29 @@ static struct ctl_table_root pid_table_root = { .set_ownership = pid_table_root_set_ownership, }; +static int proc_do_cad_pid(const struct ctl_table *table, int write, void *buffer, + size_t *lenp, loff_t *ppos) +{ + struct pid *new_pid; + pid_t tmp_pid; + int r; + struct ctl_table tmp_table = *table; + + tmp_pid = pid_vnr(cad_pid); + tmp_table.data = &tmp_pid; + + r = proc_dointvec(&tmp_table, write, buffer, lenp, ppos); + if (r || !write) + return r; + + new_pid = find_get_pid(tmp_pid); + if (!new_pid) + return -ESRCH; + + put_pid(xchg(&cad_pid, new_pid)); + return 0; +} + static const struct ctl_table pid_table[] = { { .procname = "pid_max", @@ -723,6 +746,14 @@ static const struct ctl_table pid_table[] = { .extra1 = &pid_max_min, .extra2 = &pid_max_max, }, +#ifdef CONFIG_PROC_SYSCTL + { + .procname = "cad_pid", + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_do_cad_pid, + }, +#endif }; #endif diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 9d8db9cef111..d5bebdd02cd4 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1224,28 +1224,6 @@ int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write, void *buf do_proc_dointvec_ms_jiffies_conv, NULL); } -static int proc_do_cad_pid(const struct ctl_table *table, int write, void *buffer, - size_t *lenp, loff_t *ppos) -{ - struct pid *new_pid; - pid_t tmp; - int r; - - tmp = pid_vnr(cad_pid); - - r = __do_proc_dointvec(&tmp, table, write, buffer, - lenp, ppos, NULL, NULL); - if (r || !write) - return r; - - new_pid = find_get_pid(tmp); - if (!new_pid) - return -ESRCH; - - put_pid(xchg(&cad_pid, new_pid)); - return 0; -} - /** * proc_do_large_bitmap - read/write from/to a large bitmap * @table: the sysctl table @@ -1541,15 +1519,6 @@ static const struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dostring, }, -#endif -#ifdef CONFIG_PROC_SYSCTL - { - .procname = "cad_pid", - .data = NULL, - .maxlen = sizeof (int), - .mode = 0600, - .proc_handler = proc_do_cad_pid, - }, #endif { .procname = "overflowuid", From 5a477e934152d0b32201000444d7a5e8358c9480 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Thu, 8 May 2025 21:35:27 +0200 Subject: [PATCH 10/23] sysctl: Move sysctl_panic_on_stackoverflow to kernel/panic.c This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- kernel/panic.c | 10 ++++++++++ kernel/sysctl.c | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/kernel/panic.c b/kernel/panic.c index 39e5b1ddf1a8..64e58835086d 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -183,6 +183,16 @@ static const struct ctl_table kern_panic_table[] = { .mode = 0644, .proc_handler = proc_douintvec, }, +#if (defined(CONFIG_X86_32) || defined(CONFIG_PARISC)) && \ + defined(CONFIG_DEBUG_STACKOVERFLOW) + { + .procname = "panic_on_stackoverflow", + .data = &sysctl_panic_on_stackoverflow, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +#endif }; static __init int kernel_panic_sysctls_init(void) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index d5bebdd02cd4..446d77ec44f5 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1552,16 +1552,6 @@ static const struct ctl_table kern_table[] = { .mode = 0444, .proc_handler = proc_dointvec, }, -#if (defined(CONFIG_X86_32) || defined(CONFIG_PARISC)) && \ - defined(CONFIG_DEBUG_STACKOVERFLOW) - { - .procname = "panic_on_stackoverflow", - .data = &sysctl_panic_on_stackoverflow, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec, - }, -#endif #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN { .procname = "ignore-unaligned-usertrap", From ad0800b1d49ade38bd25409c9d66da0446977c87 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Mon, 5 May 2025 13:42:27 +0200 Subject: [PATCH 11/23] sysctl: Remove (very) old file changelog These comments are older than 2003 and therefore do not bare any relevance on the current state of the sysctl.c file. Remove them as they confuse more than clarify. Reviewed-by: Luis Chamberlain Reviewed-by: Kees Cook Signed-off-by: Joel Granados --- kernel/sysctl.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 446d77ec44f5..dee9a818a9bb 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1,22 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* * sysctl.c: General linux system control interface - * - * Begun 24 March 1995, Stephen Tweedie - * Added /proc support, Dec 1995 - * Added bdflush entry and intvec min/max checking, 2/23/96, Tom Dyas. - * Added hooks for /proc/sys/net (minor, minor patch), 96/4/1, Mike Shaver. - * Added kernel/java-{interpreter,appletviewer}, 96/5/10, Mike Shaver. - * Dynamic registration fixes, Stephen Tweedie. - * Added kswapd-interval, ctrl-alt-del, printk stuff, 1/8/97, Chris Horn. - * Made sysctl support optional via CONFIG_SYSCTL, 1/10/97, Chris - * Horn. - * Added proc_doulongvec_ms_jiffies_minmax, 09/08/99, Carlos H. Bauer. - * Added proc_doulongvec_minmax, 09/08/99, Carlos H. Bauer. - * Changed linked lists to use list.h instead of lists.h, 02/24/00, Bill - * Wendling. - * The list_for_each() macro wasn't appropriate for the sysctl loop. - * Removed it and replaced it with older style, 03/23/00, Bill Wendling */ #include From 6519dba9af439722b3fd938dec939792cc0ecf8e Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Mon, 5 May 2025 10:53:28 +0200 Subject: [PATCH 12/23] sysctl: Remove superfluous includes from kernel/sysctl.c Remove the following headers from the include list in sysctl.c. * These are removed as the related variables are no longer there. =================== ==================== Include Related Var =================== ==================== linux/kmod.h usermodehelper asm/nmi.h nmi_watchdoc_enabled asm/io.h io_delay_type linux/pid.h pid_max_{,min,max} linux/sched/sysctl.h sysctl_{sched_*,numa_*,timer_*} linux/mount.h sysctl_mount_max linux/reboot.h poweroff_cmd linux/ratelimit.h {,printk_}ratelimit_state linux/printk.h kptr_restrict linux/security.h CONFIG_SECURITY_CAPABILITIES linux/net.h net_table linux/key.h key_sysctls linux/nvs_fs.h acpi_video_flags linux/acpi.h acpi_video_flags linux/fs.h proc_nr_files * These are no longer needed as intermediate includes ============== Include ============== linux/filter.h linux/binfmts.h Reviewed-by: Kees Cook Reviewed-by: Luis Chamberlain Signed-off-by: Joel Granados --- kernel/sysctl.c | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index dee9a818a9bb..0716c7df7243 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -5,44 +5,24 @@ #include #include -#include #include -#include #include -#include -#include #include #include #include -#include #include #include -#include #include -#include #include #include #include -#include -#include -#include -#include #include -#include -#include -#include -#include #include "../lib/kstrtox.h" #include #include -#ifdef CONFIG_X86 -#include -#include -#endif - /* shared constants to be used in various sysctls */ const int sysctl_vals[] = { 0, 1, 2, 3, 4, 100, 200, 1000, 3000, INT_MAX, 65535, -1 }; EXPORT_SYMBOL(sysctl_vals); From 02b072fd9fe1c5e16b7ae8da2f4ae31c8ef6f6a3 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Thu, 26 Jun 2025 14:48:08 +0200 Subject: [PATCH 13/23] sysctl: Nixify sysctl.sh Use "#!/usr/bin/env bash" instead of "#!/bin/bash". Needed for testing in nix environments as they only provide /usr/bin/env at the standard location. Signed-off-by: Joel Granados --- tools/testing/selftests/sysctl/sysctl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sysctl/sysctl.sh b/tools/testing/selftests/sysctl/sysctl.sh index a10350c8a46e..b2d8bd9026a7 100755 --- a/tools/testing/selftests/sysctl/sysctl.sh +++ b/tools/testing/selftests/sysctl/sysctl.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # SPDX-License-Identifier: GPL-2.0-or-later OR copyleft-next-0.3.1 # Copyright (C) 2017 Luis R. Rodriguez From 39dac316f09ae5a0930878d2cae8aea113648b5a Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 27 Jun 2025 09:00:05 +0200 Subject: [PATCH 14/23] sysctl: Removed unused variable Remove unaligned_dump_stack from sysctl.h; it is no longer used or defined. Signed-off-by: Joel Granados --- include/linux/sysctl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 30bcbc59d12d..92e9146b1104 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -243,7 +243,6 @@ int do_proc_douintvec(const struct ctl_table *table, int write, void *data); extern int unaligned_enabled; -extern int unaligned_dump_stack; extern int no_unaligned_warning; #else /* CONFIG_SYSCTL */ From 88eddb0502d45680efef870ea470a9e8955c5c8b Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 27 Jun 2025 09:29:56 +0200 Subject: [PATCH 15/23] uevent: mv uevent_helper into kobject_uevent.c Move both uevent_helper table into lib/kobject_uevent.c. Place the registration early in the initcall order with postcore_initcall. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Signed-off-by: Joel Granados --- kernel/sysctl.c | 9 --------- lib/kobject_uevent.c | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 0716c7df7243..2df63b69edf6 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1474,15 +1474,6 @@ static const struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dointvec, }, -#endif -#ifdef CONFIG_UEVENT_HELPER - { - .procname = "hotplug", - .data = &uevent_helper, - .maxlen = UEVENT_HELPER_PATH_LEN, - .mode = 0644, - .proc_handler = proc_dostring, - }, #endif { .procname = "overflowuid", diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index b7f2fa08d9c8..78e16b95d210 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c @@ -826,3 +826,23 @@ static int __init kobject_uevent_init(void) postcore_initcall(kobject_uevent_init); #endif + +#ifdef CONFIG_UEVENT_HELPER +static const struct ctl_table uevent_helper_sysctl_table[] = { + { + .procname = "hotplug", + .data = &uevent_helper, + .maxlen = UEVENT_HELPER_PATH_LEN, + .mode = 0644, + .proc_handler = proc_dostring, + }, +}; + +static int __init init_uevent_helper_sysctl(void) +{ + register_sysctl_init("kernel", uevent_helper_sysctl_table); + return 0; +} + +postcore_initcall(init_uevent_helper_sysctl); +#endif From 25ebbce1f188aa2d3e83fcfcf24da8610362564b Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 27 Jun 2025 10:00:51 +0200 Subject: [PATCH 16/23] kernel/sys.c: Move overflow{uid,gid} sysctl into kernel/sys.c Moved ctl_tables elements for overflowuid and overflowgid into in kernel/sys.c. Create a register function that keeps them under "kernel" and run it after core with postcore_initcall. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Signed-off-by: Joel Granados --- kernel/sys.c | 30 ++++++++++++++++++++++++++++++ kernel/sysctl.c | 18 ------------------ 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index adc0de0aa364..bbeee62f9abc 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -181,6 +181,36 @@ int fs_overflowgid = DEFAULT_FS_OVERFLOWGID; EXPORT_SYMBOL(fs_overflowuid); EXPORT_SYMBOL(fs_overflowgid); +static const struct ctl_table overflow_sysctl_table[] = { + { + .procname = "overflowuid", + .data = &overflowuid, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_MAXOLDUID, + }, + { + .procname = "overflowgid", + .data = &overflowgid, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_MAXOLDUID, + }, +}; + +static int __init init_overflow_sysctl(void) +{ + register_sysctl_init("kernel", overflow_sysctl_table); + return 0; +} + +postcore_initcall(init_overflow_sysctl); + + /* * Returns true if current's euid is same as p's uid or euid, * or has CAP_SYS_NICE to p's user_ns. diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 2df63b69edf6..21b70443aea7 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1475,24 +1475,6 @@ static const struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif - { - .procname = "overflowuid", - .data = &overflowuid, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ZERO, - .extra2 = SYSCTL_MAXOLDUID, - }, - { - .procname = "overflowgid", - .data = &overflowgid, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec_minmax, - .extra1 = SYSCTL_ZERO, - .extra2 = SYSCTL_MAXOLDUID, - }, { .procname = "ngroups_max", .data = (void *)&ngroups_max, From 73184c8e4ff447b866dac13fc4f1a4079c78a69d Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Fri, 27 Jun 2025 10:12:40 +0200 Subject: [PATCH 17/23] sysctl: rename kern_table -> sysctl_subsys_table Renamed sysctl table from kern_table to sysctl_subsys_table and grouped the two arch specific ctls to the end of the array. This is part of a greater effort to move ctl tables into their respective subsystems which will reduce the merge conflicts in kernel/sysctl.c. Signed-off-by: Joel Granados --- kernel/sys.c | 1 - kernel/sysctl.c | 22 +++++++++++----------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index bbeee62f9abc..18a037cc6f61 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -210,7 +210,6 @@ static int __init init_overflow_sysctl(void) postcore_initcall(init_overflow_sysctl); - /* * Returns true if current's euid is same as p's uid or euid, * or has CAP_SYS_NICE to p's user_ns. diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 21b70443aea7..cb6196e3fa99 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1454,7 +1454,7 @@ int proc_do_static_key(const struct ctl_table *table, int write, return ret; } -static const struct ctl_table kern_table[] = { +static const struct ctl_table sysctl_subsys_table[] = { #ifdef CONFIG_PROC_SYSCTL { .procname = "sysctl_writes_strict", @@ -1465,15 +1465,6 @@ static const struct ctl_table kern_table[] = { .extra1 = SYSCTL_NEG_ONE, .extra2 = SYSCTL_ONE, }, -#endif -#ifdef CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW - { - .procname = "unaligned-trap", - .data = &unaligned_enabled, - .maxlen = sizeof (int), - .mode = 0644, - .proc_handler = proc_dointvec, - }, #endif { .procname = "ngroups_max", @@ -1489,6 +1480,15 @@ static const struct ctl_table kern_table[] = { .mode = 0444, .proc_handler = proc_dointvec, }, +#ifdef CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW + { + .procname = "unaligned-trap", + .data = &unaligned_enabled, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +#endif #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN { .procname = "ignore-unaligned-usertrap", @@ -1502,7 +1502,7 @@ static const struct ctl_table kern_table[] = { int __init sysctl_init_bases(void) { - register_sysctl_init("kernel", kern_table); + register_sysctl_init("kernel", sysctl_subsys_table); return 0; } From 89b491bcf2d19516dd19b1f7a8872394a58b591b Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 09:51:57 +0200 Subject: [PATCH 18/23] docs: nixify check-sysctl-docs Use "#!/usr/bin/env -S gawk -f" instead of "#!/bin/gawk". Needed for testing in nix environments as they only provide /usr/bin/env at the standard location. Signed-off-by: Joel Granados --- scripts/check-sysctl-docs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs index 20274c63e745..178dcf2888ff 100755 --- a/scripts/check-sysctl-docs +++ b/scripts/check-sysctl-docs @@ -1,4 +1,4 @@ -#!/usr/bin/gawk -f +#!/usr/bin/env -S gawk -f # SPDX-License-Identifier: GPL-2.0 # Script to check sysctl documentation against source files From be0aef10dca87a644affb087f01728386c19903a Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 09:55:39 +0200 Subject: [PATCH 19/23] docs: Use skiplist when checking sysctl admin-guide Use a skiplist to "skip" the titles in the guide documentation (Documentation/admin-guide/sysctl/*) that are not sysctls. This will give a more accurate account of what sysctl are miss-documented. Signed-off-by: Joel Granados --- scripts/check-sysctl-docs | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs index 178dcf2888ff..568197cb1c0a 100755 --- a/scripts/check-sysctl-docs +++ b/scripts/check-sysctl-docs @@ -17,6 +17,18 @@ BEGIN { print "Please specify the table to look for using the table variable" > "/dev/stderr" exit 1 } + + # Documentation title skiplist + skiplist[0] = "^Documentation for" + skiplist[1] = "Network core options$" + skiplist[2] = "POSIX message queues filesystem$" + skiplist[3] = "Configuration options" + skiplist[4] = ". /proc/sys/fs" + skiplist[5] = "^Introduction$" + skiplist[6] = "^seccomp$" + skiplist[7] = "^pty$" + skiplist[8] = "^firmware_config$" + skiplist[9] = "^random$" } # The following globals are used: @@ -53,10 +65,11 @@ function printentry(entry) { # Stage 1: build the list of documented entries FNR == NR && /^=+$/ { - if (prevline ~ /Documentation for/) { - # This is the main title - next - } + for (i in skiplist) { + if (prevline ~ skiplist[i]) { + next + } + } # The previous line is a section title, parse it $0 = prevline From e97a96baa527d8ce51db483d44599dff9ec62af0 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 10:07:04 +0200 Subject: [PATCH 20/23] docs: Add awk section for ucount sysctl entries Adjust the sysctl table detection to include the macro pattern used for the ucount ctl_tables. This prevents falsly assigning them as non-documented ctl_tables Signed-off-by: Joel Granados --- scripts/check-sysctl-docs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs index 568197cb1c0a..3166012b9c6e 100755 --- a/scripts/check-sysctl-docs +++ b/scripts/check-sysctl-docs @@ -130,6 +130,14 @@ curtable && /\.procname[\t ]*=[\t ]*".+"/ { file[curentry] = FILENAME } +curtable && /UCOUNT_ENTRY.*/ { + match($0, /UCOUNT_ENTRY\("([^"]+)"\)/, names) + curentry = names[1] + if (debug) print "Adding entry " curentry " to table " curtable + entries[curtable][curentry]++ + file[curentry] = FILENAME +} + /register_sysctl.*/ { match($0, /register_sysctl(|_init|_sz)\("([^"]+)" *, *([^,)]+)/, tables) if (debug) print "Registering table " tables[3] " at " tables[2] From 30ec9fde45b553467982382e7cd00bcca94bdba5 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 10:07:46 +0200 Subject: [PATCH 21/23] docs: Remove colon from ctltable title in vm.rst Removing them solves an issue where they were incorrectly considered as not implemented by the check-sysctl-docs script Signed-off-by: Joel Granados --- Documentation/admin-guide/sysctl/vm.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysctl/vm.rst index 9bef46151d53..4d71211fdad8 100644 --- a/Documentation/admin-guide/sysctl/vm.rst +++ b/Documentation/admin-guide/sysctl/vm.rst @@ -465,8 +465,8 @@ The minimum value is 1 (1/1 -> 100%). The value less than 1 completely disables protection of the pages. -max_map_count: -============== +max_map_count +============= This file contains the maximum number of memory map areas a process may have. Memory map areas are used as a side-effect of calling @@ -495,8 +495,8 @@ memory allocations. The default value depends on CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT. -memory_failure_early_kill: -========================== +memory_failure_early_kill +========================= Control how to kill processes when uncorrected memory error (typically a 2bit error in a memory module) is detected in the background by hardware From 999aab7f5645f8e5daf1a102a4c4e79275555cf8 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 10:19:09 +0200 Subject: [PATCH 22/23] docs: Replace spaces with tabs in check-sysctl-docs Remove the combination of spaces and tabs in favor of just tabs. Signed-off-by: Joel Granados --- scripts/check-sysctl-docs | 163 +++++++++++++++++++------------------- 1 file changed, 81 insertions(+), 82 deletions(-) diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs index 3166012b9c6e..910fd8a9a268 100755 --- a/scripts/check-sysctl-docs +++ b/scripts/check-sysctl-docs @@ -13,10 +13,10 @@ # Specify -vdebug=1 to see debugging information BEGIN { - if (!table) { + if (!table) { print "Please specify the table to look for using the table variable" > "/dev/stderr" exit 1 - } + } # Documentation title skiplist skiplist[0] = "^Documentation for" @@ -43,23 +43,23 @@ BEGIN { # Remove punctuation from the given value function trimpunct(value) { - while (value ~ /^["&]/) { - value = substr(value, 2) - } - while (value ~ /[]["&,}]$/) { - value = substr(value, 1, length(value) - 1) - } - return value + while (value ~ /^["&]/) { + value = substr(value, 2) + } + while (value ~ /[]["&,}]$/) { + value = substr(value, 1, length(value) - 1) + } + return value } # Print the information for the given entry function printentry(entry) { - seen[entry]++ - printf "* %s from %s", entry, file[entry] - if (documented[entry]) { - printf " (documented)" - } - print "" + seen[entry]++ + printf "* %s from %s", entry, file[entry] + if (documented[entry]) { + printf " (documented)" + } + print "" } @@ -71,105 +71,104 @@ FNR == NR && /^=+$/ { } } - # The previous line is a section title, parse it - $0 = prevline - if (debug) print "Parsing " $0 - inbrackets = 0 - for (i = 1; i <= NF; i++) { - if (length($i) == 0) { - continue + # The previous line is a section title, parse it + $0 = prevline + if (debug) print "Parsing " $0 + inbrackets = 0 + for (i = 1; i <= NF; i++) { + if (length($i) == 0) { + continue + } + if (!inbrackets && substr($i, 1, 1) == "(") { + inbrackets = 1 + } + if (!inbrackets) { + token = trimpunct($i) + if (length(token) > 0 && token != "and") { + if (debug) print trimpunct($i) + documented[trimpunct($i)]++ + } + } + if (inbrackets && substr($i, length($i), 1) == ")") { + inbrackets = 0 + } } - if (!inbrackets && substr($i, 1, 1) == "(") { - inbrackets = 1 - } - if (!inbrackets) { - token = trimpunct($i) - if (length(token) > 0 && token != "and") { - if (debug) print trimpunct($i) - documented[trimpunct($i)]++ - } - } - if (inbrackets && substr($i, length($i), 1) == ")") { - inbrackets = 0 - } - } } FNR == NR { - prevline = $0 - next + prevline = $0 + next } # Stage 2: process each file and find all sysctl tables BEGINFILE { - delete entries - curtable = "" - curentry = "" - delete vars - if (debug) print "Processing file " FILENAME + delete entries + curtable = "" + curentry = "" + delete vars + if (debug) print "Processing file " FILENAME } /^static( const)? struct ctl_table/ { - match($0, /static( const)? struct ctl_table ([^][]+)/, tables) - curtable = tables[2] - if (debug) print "Processing table " curtable + match($0, /static( const)? struct ctl_table ([^][]+)/, tables) + curtable = tables[2] + if (debug) print "Processing table " curtable } /^};$/ { - curtable = "" - curentry = "" - delete vars + curtable = "" + curentry = "" + delete vars } curtable && /\.procname[\t ]*=[\t ]*".+"/ { - match($0, /.procname[\t ]*=[\t ]*"([^"]+)"/, names) - curentry = names[1] - if (debug) print "Adding entry " curentry " to table " curtable - entries[curtable][curentry]++ - file[curentry] = FILENAME + match($0, /.procname[\t ]*=[\t ]*"([^"]+)"/, names) + curentry = names[1] + if (debug) print "Adding entry " curentry " to table " curtable + entries[curtable][curentry]++ + file[curentry] = FILENAME } curtable && /UCOUNT_ENTRY.*/ { - match($0, /UCOUNT_ENTRY\("([^"]+)"\)/, names) - curentry = names[1] - if (debug) print "Adding entry " curentry " to table " curtable - entries[curtable][curentry]++ - file[curentry] = FILENAME + match($0, /UCOUNT_ENTRY\("([^"]+)"\)/, names) + curentry = names[1] + if (debug) print "Adding entry " curentry " to table " curtable + entries[curtable][curentry]++ + file[curentry] = FILENAME } /register_sysctl.*/ { - match($0, /register_sysctl(|_init|_sz)\("([^"]+)" *, *([^,)]+)/, tables) - if (debug) print "Registering table " tables[3] " at " tables[2] - if (tables[2] == table) { - for (entry in entries[tables[3]]) { - printentry(entry) - } - } + match($0, /register_sysctl(|_init|_sz)\("([^"]+)" *, *([^,)]+)/, tables) + if (debug) print "Registering table " tables[3] " at " tables[2] + if (tables[2] == table) { + for (entry in entries[tables[3]]) { + printentry(entry) + } + } } /kmemdup.*/ { - match($0, /([^ \t]+) *= *kmemdup\(([^,]+) *,/, names) - if (debug) print "Found variable " names[1] " for table " names[2] - if (names[2] in entries) { - vars[names[1]] = names[2] - } + match($0, /([^ \t]+) *= *kmemdup\(([^,]+) *,/, names) + if (debug) print "Found variable " names[1] " for table " names[2] + if (names[2] in entries) { + vars[names[1]] = names[2] + } } /__register_sysctl_table.*/ { - match($0, /__register_sysctl_table\([^,]+, *"([^"]+)" *, *([^,]+)/, tables) - if (debug) print "Registering variable table " tables[2] " at " tables[1] - if (tables[1] == table && tables[2] in vars) { - for (entry in entries[vars[tables[2]]]) { - printentry(entry) - } - } + match($0, /__register_sysctl_table\([^,]+, *"([^"]+)" *, *([^,]+)/, tables) + if (debug) print "Registering variable table " tables[2] " at " tables[1] + if (tables[1] == table && tables[2] in vars) { + for (entry in entries[vars[tables[2]]]) { + printentry(entry) + } + } } END { - for (entry in documented) { - if (!seen[entry]) { - print "No implementation for " entry + for (entry in documented) { + if (!seen[entry]) + print "No implementation for " entry } - } } From ffc137c5c195a7c2a0f3bdefd9bafa639ba5a430 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 1 Jul 2025 10:39:27 +0200 Subject: [PATCH 23/23] docs: Downgrade arm64 & riscv from titles to comment Remove the title string ("====") from under arm64 & riscv and move them to a commment under the perf_user_access sysctl. They are explanations, *not* sysctls themselves This effectively removes these two strings from appearing as not implemented when the check-sysctl-docs script is run Signed-off-by: Joel Granados --- Documentation/admin-guide/sysctl/kernel.rst | 32 +++++++++------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index dd49a89a62d3..c2683ce17b25 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1014,30 +1014,26 @@ perf_user_access (arm64 and riscv only) Controls user space access for reading perf event counters. -arm64 -===== +* for arm64 + The default value is 0 (access disabled). -The default value is 0 (access disabled). + When set to 1, user space can read performance monitor counter registers + directly. -When set to 1, user space can read performance monitor counter registers -directly. + See Documentation/arch/arm64/perf.rst for more information. -See Documentation/arch/arm64/perf.rst for more information. +* for riscv + When set to 0, user space access is disabled. -riscv -===== + The default value is 1, user space can read performance monitor counter + registers through perf, any direct access without perf intervention will trigger + an illegal instruction. -When set to 0, user space access is disabled. + When set to 2, which enables legacy mode (user space has direct access to cycle + and insret CSRs only). Note that this legacy value is deprecated and will be + removed once all user space applications are fixed. -The default value is 1, user space can read performance monitor counter -registers through perf, any direct access without perf intervention will trigger -an illegal instruction. - -When set to 2, which enables legacy mode (user space has direct access to cycle -and insret CSRs only). Note that this legacy value is deprecated and will be -removed once all user space applications are fixed. - -Note that the time CSR is always directly accessible to all modes. + Note that the time CSR is always directly accessible to all modes. pid_max =======