On Tue, Apr 30, 2019 at 11:01 AM Matteo Croce <mcr...@redhat.com> wrote: > > In the sysctl code the proc_dointvec_minmax() function is often used to > validate the user supplied value between an allowed range. This function > uses the extra1 and extra2 members from struct ctl_table as minimum and > maximum allowed value. > > On sysctl handler declaration, in every source file there are some readonly > variables containing just an integer which address is assigned to the > extra1 and extra2 members, so the sysctl range is enforced. > > The special values 0, 1 and INT_MAX are very often used as range boundary, > leading duplication of variables like zero=0, one=1, int_max=INT_MAX in > different source files: > > $ git grep -E '\.extra[12].*&(zero|one|int_max)\b' |wc -l > 248 > > Add a const int array containing the most commonly used values, > some macros to refer more easily to the correct array member, > and use them instead of creating a local one for every object file. > > This is the bloat-o-meter output comparing the old and new binary > compiled with the default Fedora config: > > # scripts/bloat-o-meter -d vmlinux.o.old vmlinux.o > add/remove: 2/2 grow/shrink: 0/2 up/down: 24/-188 (-164) > Data old new delta > sysctl_vals - 12 +12 > __kstrtab_sysctl_vals - 12 +12 > max 14 10 -4 > int_max 16 - -16 > one 68 - -68 > zero 128 28 -100 > Total: Before=20583249, After=20583085, chg -0.00% > > Signed-off-by: Matteo Croce <mcr...@redhat.com>
Acked-by: Kees Cook <keesc...@chromium.org> -- Kees Cook
