From 315552310c7de92baea4e570967066569937a843 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 21 Nov 2023 12:02:18 +0100 Subject: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories. The function register_sysctl_mount_point now passes a ctl_table of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register. Make sure that the ctl_table has at least one element before testing for permanent emptiness. Signed-off-by: Joel Granados Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-lkp/202311201431.57aae8f3-oliver.sang@intel.com Signed-off-by: Luis Chamberlain --- fs/proc/proc_sysctl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'fs') diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 8064ea76f80b..84abf98340a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -44,7 +44,7 @@ static struct ctl_table sysctl_mount_point[] = { */ struct ctl_table_header *register_sysctl_mount_point(const char *path) { - return register_sysctl_sz(path, sysctl_mount_point, 0); + return register_sysctl(path, sysctl_mount_point); } EXPORT_SYMBOL(register_sysctl_mount_point); @@ -233,7 +233,8 @@ static int insert_header(struct ctl_dir *dir, struct ctl_table_header *header) return -EROFS; /* Am I creating a permanently empty directory? */ - if (sysctl_is_perm_empty_ctl_table(header->ctl_table)) { + if (header->ctl_table_size > 0 && + sysctl_is_perm_empty_ctl_table(header->ctl_table)) { if (!RB_EMPTY_ROOT(&dir->root)) return -EINVAL; sysctl_set_perm_empty_ctl_header(dir_h); @@ -1213,6 +1214,10 @@ static bool get_links(struct ctl_dir *dir, struct ctl_table_header *tmp_head; struct ctl_table *entry, *link; + if (header->ctl_table_size == 0 || + sysctl_is_perm_empty_ctl_table(header->ctl_table)) + return true; + /* Are there links available for every entry in table? */ list_for_each_table_entry(entry, header) { const char *procname = entry->procname; -- cgit v1.2.3 From e640fc5b7b241a0871fbbd94fa9a8a83ecd84391 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 21 Nov 2023 12:35:11 +0100 Subject: cachefiles: Remove the now superfluous sentinel element from ctl_table array This commit comes at the tail end of a greater effort to remove the empty elements at the end of the ctl_table arrays (sentinels) which will reduce the overall build time size of the kernel and run time memory bloat by ~64 bytes per sentinel (further information Link : https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/) Remove sentinel from cachefiles_sysctls Signed-off-by: Joel Granados Acked-by: Christian Brauner Signed-off-by: Luis Chamberlain --- fs/cachefiles/error_inject.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs') diff --git a/fs/cachefiles/error_inject.c b/fs/cachefiles/error_inject.c index 18de8a876b02..1715d5ca2b2d 100644 --- a/fs/cachefiles/error_inject.c +++ b/fs/cachefiles/error_inject.c @@ -19,7 +19,6 @@ static struct ctl_table cachefiles_sysctls[] = { .mode = 0644, .proc_handler = proc_douintvec, }, - {} }; int __init cachefiles_register_error_injection(void) -- cgit v1.2.3 From 9d5b9475356635d018b4d22f7e58fce32e2e89a7 Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 21 Nov 2023 12:35:12 +0100 Subject: fs: Remove the now superfluous sentinel elements from ctl_table array This commit comes at the tail end of a greater effort to remove the empty elements at the end of the ctl_table arrays (sentinels) which will reduce the overall build time size of the kernel and run time memory bloat by ~64 bytes per sentinel (further information Link : https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/) Remove sentinel elements ctl_table struct. Special attention was placed in making sure that an empty directory for fs/verity was created when CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not defined. In this case we use the register sysctl call that expects a size. Signed-off-by: Joel Granados Reviewed-by: Jan Kara Reviewed-by: "Darrick J. Wong" Acked-by: Christian Brauner Signed-off-by: Luis Chamberlain --- fs/aio.c | 1 - fs/coredump.c | 1 - fs/dcache.c | 1 - fs/devpts/inode.c | 1 - fs/eventpoll.c | 1 - fs/exec.c | 1 - fs/file_table.c | 1 - fs/inode.c | 1 - fs/lockd/svc.c | 1 - fs/locks.c | 1 - fs/namei.c | 1 - fs/namespace.c | 1 - fs/nfs/nfs4sysctl.c | 1 - fs/nfs/sysctl.c | 1 - fs/notify/dnotify/dnotify.c | 1 - fs/notify/fanotify/fanotify_user.c | 1 - fs/notify/inotify/inotify_user.c | 1 - fs/ntfs/sysctl.c | 1 - fs/ocfs2/stackglue.c | 1 - fs/pipe.c | 1 - fs/proc/proc_sysctl.c | 1 - fs/quota/dquot.c | 1 - fs/sysctls.c | 1 - fs/userfaultfd.c | 1 - fs/verity/init.c | 1 - fs/xfs/xfs_sysctl.c | 2 -- 26 files changed, 27 deletions(-) (limited to 'fs') diff --git a/fs/aio.c b/fs/aio.c index f8589caef9c1..ec8fdac7f9b6 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -239,7 +239,6 @@ static struct ctl_table aio_sysctls[] = { .mode = 0644, .proc_handler = proc_doulongvec_minmax, }, - {} }; static void __init aio_sysctl_init(void) diff --git a/fs/coredump.c b/fs/coredump.c index 9d235fa14ab9..f258c17c1841 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -981,7 +981,6 @@ static struct ctl_table coredump_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, - { } }; static int __init init_fs_coredump_sysctls(void) diff --git a/fs/dcache.c b/fs/dcache.c index c82ae731df9a..0bcfdc66823e 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -191,7 +191,6 @@ static struct ctl_table fs_dcache_sysctls[] = { .mode = 0444, .proc_handler = proc_nr_dentry, }, - { } }; static int __init init_fs_dcache_sysctls(void) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index c830261aa883..b20e565b9c5e 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -69,7 +69,6 @@ static struct ctl_table pty_table[] = { .data = &pty_count, .proc_handler = proc_dointvec, }, - {} }; struct pts_mount_opts { diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 2877cc01cff1..3534d36a1474 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -322,7 +322,6 @@ static struct ctl_table epoll_table[] = { .extra1 = &long_zero, .extra2 = &long_max, }, - { } }; static void __init epoll_sysctls_init(void) diff --git a/fs/exec.c b/fs/exec.c index 4aa19b24f281..dc7e5d66b3fa 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -2165,7 +2165,6 @@ static struct ctl_table fs_exec_sysctls[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_TWO, }, - { } }; static int __init init_fs_exec_sysctls(void) diff --git a/fs/file_table.c b/fs/file_table.c index de4a2915bfd4..d3af9feb4ad5 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -142,7 +142,6 @@ static struct ctl_table fs_stat_sysctls[] = { .extra1 = &sysctl_nr_open_min, .extra2 = &sysctl_nr_open_max, }, - { } }; static int __init init_fs_stat_sysctls(void) diff --git a/fs/inode.c b/fs/inode.c index f238d987dec9..0a9dd0c3e03f 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -129,7 +129,6 @@ static struct ctl_table inodes_sysctls[] = { .mode = 0444, .proc_handler = proc_nr_inodes, }, - { } }; static int __init init_fs_inode_sysctls(void) diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c index 81be07c1d3d1..96dc040656ae 100644 --- a/fs/lockd/svc.c +++ b/fs/lockd/svc.c @@ -475,7 +475,6 @@ static struct ctl_table nlm_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, - { } }; #endif /* CONFIG_SYSCTL */ diff --git a/fs/locks.c b/fs/locks.c index 46d88b9e222c..cc7c117ee192 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -111,7 +111,6 @@ static struct ctl_table locks_sysctls[] = { .proc_handler = proc_dointvec, }, #endif /* CONFIG_MMU */ - {} }; static int __init init_fs_locks_sysctls(void) diff --git a/fs/namei.c b/fs/namei.c index 71c13b2990b4..03660a29664f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1071,7 +1071,6 @@ static struct ctl_table namei_sysctls[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_TWO, }, - { } }; static int __init init_fs_namei_sysctls(void) diff --git a/fs/namespace.c b/fs/namespace.c index fbf0e596fcd3..91ca4693f905 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5010,7 +5010,6 @@ static struct ctl_table fs_namespace_sysctls[] = { .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ONE, }, - { } }; static int __init init_fs_namespace_sysctls(void) diff --git a/fs/nfs/nfs4sysctl.c b/fs/nfs/nfs4sysctl.c index e776200e9a11..886a7c4c60b3 100644 --- a/fs/nfs/nfs4sysctl.c +++ b/fs/nfs/nfs4sysctl.c @@ -34,7 +34,6 @@ static struct ctl_table nfs4_cb_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, - { } }; int nfs4_register_sysctl(void) diff --git a/fs/nfs/sysctl.c b/fs/nfs/sysctl.c index f39e2089bc4c..e645be1a3381 100644 --- a/fs/nfs/sysctl.c +++ b/fs/nfs/sysctl.c @@ -29,7 +29,6 @@ static struct ctl_table nfs_cb_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, - { } }; int nfs_register_sysctl(void) diff --git a/fs/notify/dnotify/dnotify.c b/fs/notify/dnotify/dnotify.c index 1cb9ad7e884e..3464fa7e8538 100644 --- a/fs/notify/dnotify/dnotify.c +++ b/fs/notify/dnotify/dnotify.c @@ -29,7 +29,6 @@ static struct ctl_table dnotify_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, - {} }; static void __init dnotify_sysctl_init(void) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 4d765c72496f..f902c0f58537 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -86,7 +86,6 @@ static struct ctl_table fanotify_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO }, - { } }; static void __init fanotify_sysctls_init(void) diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c index a3809ae92170..85d8fdd55329 100644 --- a/fs/notify/inotify/inotify_user.c +++ b/fs/notify/inotify/inotify_user.c @@ -85,7 +85,6 @@ static struct ctl_table inotify_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO }, - { } }; static void __init inotify_sysctls_init(void) diff --git a/fs/ntfs/sysctl.c b/fs/ntfs/sysctl.c index 174fe536a1c0..4e980170d86a 100644 --- a/fs/ntfs/sysctl.c +++ b/fs/ntfs/sysctl.c @@ -28,7 +28,6 @@ static struct ctl_table ntfs_sysctls[] = { .mode = 0644, /* Mode, proc handler. */ .proc_handler = proc_dointvec }, - {} }; /* Storage for the sysctls header. */ diff --git a/fs/ocfs2/stackglue.c b/fs/ocfs2/stackglue.c index a8d5ca98fa57..20aa37b67cfb 100644 --- a/fs/ocfs2/stackglue.c +++ b/fs/ocfs2/stackglue.c @@ -658,7 +658,6 @@ static struct ctl_table ocfs2_nm_table[] = { .mode = 0644, .proc_handler = proc_dostring, }, - { } }; static struct ctl_table_header *ocfs2_table_header; diff --git a/fs/pipe.c b/fs/pipe.c index 804a7d789452..4ed752910c6c 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -1497,7 +1497,6 @@ static struct ctl_table fs_pipe_sysctls[] = { .mode = 0644, .proc_handler = proc_doulongvec_minmax, }, - { } }; #endif diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 84abf98340a0..7e16ce3ccbae 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -71,7 +71,6 @@ static struct ctl_table root_table[] = { .procname = "", .mode = S_IFDIR|S_IRUGO|S_IXUGO, }, - { } }; static struct ctl_table_root sysctl_table_root = { .default_set.dir.header = { diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index 58b5de081b57..6ad4140bca9c 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c @@ -2969,7 +2969,6 @@ static struct ctl_table fs_dqstats_table[] = { .proc_handler = proc_dointvec, }, #endif - { }, }; static int __init dquot_init(void) diff --git a/fs/sysctls.c b/fs/sysctls.c index 76a0aee8c229..8dbde9a802fa 100644 --- a/fs/sysctls.c +++ b/fs/sysctls.c @@ -26,7 +26,6 @@ static struct ctl_table fs_shared_sysctls[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_MAXOLDUID, }, - { } }; static int __init init_fs_sysctls(void) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index e8af40b05549..1d642d1d28c6 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -45,7 +45,6 @@ static struct ctl_table vm_userfaultfd_table[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_ONE, }, - { } }; #endif diff --git a/fs/verity/init.c b/fs/verity/init.c index a29f062f6047..b64a76b9ac36 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -24,7 +24,6 @@ static struct ctl_table fsverity_sysctl_table[] = { .extra2 = SYSCTL_ONE, }, #endif - { } }; static void __init fsverity_init_sysctl(void) diff --git a/fs/xfs/xfs_sysctl.c b/fs/xfs/xfs_sysctl.c index fade33735393..a191f6560f98 100644 --- a/fs/xfs/xfs_sysctl.c +++ b/fs/xfs/xfs_sysctl.c @@ -206,8 +206,6 @@ static struct ctl_table xfs_table[] = { .extra2 = &xfs_params.stats_clear.max }, #endif /* CONFIG_PROC_FS */ - - {} }; int -- cgit v1.2.3 From 00992a1358b67d6a4e612e1be538bdfe0a2a30ff Mon Sep 17 00:00:00 2001 From: Joel Granados Date: Tue, 21 Nov 2023 12:35:14 +0100 Subject: coda: Remove the now superfluous sentinel elements from ctl_table array This commit comes at the tail end of a greater effort to remove the empty elements at the end of the ctl_table arrays (sentinels) which will reduce the overall build time size of the kernel and run time memory bloat by ~64 bytes per sentinel (further information Link : https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/) Remove empty sentinel from coda_table Signed-off-by: Joel Granados Acked-by: Christian Brauner Signed-off-by: Luis Chamberlain --- fs/coda/sysctl.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs') diff --git a/fs/coda/sysctl.c b/fs/coda/sysctl.c index a247c14aaab7..9f2d5743e2c8 100644 --- a/fs/coda/sysctl.c +++ b/fs/coda/sysctl.c @@ -36,7 +36,6 @@ static struct ctl_table coda_table[] = { .mode = 0600, .proc_handler = proc_dointvec }, - {} }; void coda_sysctl_init(void) -- cgit v1.2.3