Re: [PATCH 00/15] sysctl: Remove sentinel elements from drivers
Le 02/10/2023 à 10:47, Joel Granados a écrit : > On Thu, Sep 28, 2023 at 04:31:30PM +, Christophe Leroy wrote: > I followed this trace and proc_handler is correctly defined in tty_table > (struct ctl_table) in drivers/tty/tty_io.c:tty_init and there is not > path that changes these values. > Additionally, we then fail trying to print instead of continuing with > the initialization. My conjecture is that this might be due to something > different than tht sysctl register call. > > Does this happen consistenly or is this just a one off issue? Don't know. > > To what branch are these patches being applied to? As far as I understand from https://github.com/linuxppc/linux-snowpatch/commits/snowpatch/375319, it's being applied on https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=d774975 > > I'm going to post my V2 and keep working on this issue if it pops up > again. > Christophe
Re: [PATCH 00/15] sysctl: Remove sentinel elements from drivers
On Thu, Sep 28, 2023 at 04:31:30PM +, Christophe Leroy wrote: > > > Le 28/09/2023 à 15:21, Joel Granados via B4 Relay a écrit : > > From: Joel Granados > > Automatic test fails on powerpc, see > https://patchwork.ozlabs.org/project/linuxppc-dev/patch/20230928-jag-sysctl_remove_empty_elem_drivers-v1-15-e59120fca...@samsung.com/ From this I got to this URL https://github.com/linuxppc/linux-snowpatch/actions/runs/6339718136/job/17221399242 and saw this message "sysctl table check failed: dev/tty/ No proc_handler". This means that we hit the check for entry->proc_handler in sysctl_check_table. > > Kernel attempted to read user page (1a111316) - exploit attempt? (uid: 0) > BUG: Unable to handle kernel data access on read at 0x1a111316 > Faulting instruction address: 0xc0545338 > Oops: Kernel access of bad area, sig: 11 [#1] > BE PAGE_SIZE=4K PowerPC 44x Platform > Modules linked in: > CPU: 0 PID: 1 Comm: swapper Not tainted 6.5.0-rc6-gdef13277bacb #1 > Hardware name: amcc,bamboo 440GR Rev. B 0x422218d3 PowerPC 44x Platform > NIP: c0545338 LR: c0548468 CTR: > REGS: c084fae0 TRAP: 0300 Not tainted (6.5.0-rc6-gdef13277bacb) > MSR: 00021000 CR: 84004288 XER: > DEAR: 1a111316 ESR: > GPR00: c0548468 c084fbd0 c0888000 c084fc99 c084fc7c 1a110316 > 000a > GPR08: c084fd18 1a111316 04ff 22000282 c00027c0 > > GPR16: c004 c003d544 0001 c003eb2c 096023d4 > > GPR24: c0636502 c0636502 c084fc74 c0588510 c084fc68 c084fc7c c084fc99 > 0002 > NIP [c0545338] string+0x78/0x148 > LR [c0548468] vsnprintf+0x3d8/0x824 > Call Trace: > [c084fbd0] [c084fc7c] 0xc084fc7c (unreliable) > [c084fbe0] [c0548468] vsnprintf+0x3d8/0x824 > [c084fc30] [c0072dec] vprintk_store+0x17c/0x4c8 > [c084fcc0] [c007322c] vprintk_emit+0xf4/0x2a0 > [c084fd00] [c0073d04] _printk+0x60/0x88 > [c084fd40] [c01ab63c] sysctl_err+0x78/0xa4 > [c084fd80] [c01ab404] __register_sysctl_table+0x6a0/0x6c4 > [c084fde0] [c06a585c] __register_sysctl_init+0x30/0x78 > [c084fe00] [c06a8cc8] tty_init+0x44/0x168 > [c084fe30] [c00023c4] do_one_initcall+0x64/0x2a0 > [c084fea0] [c068f060] kernel_init_freeable+0x184/0x230 > [c084fee0] [c00027e4] kernel_init+0x24/0x124 > [c084ff00] [c000f1fc] ret_from_kernel_user_thread+0x14/0x1c I followed this trace and proc_handler is correctly defined in tty_table (struct ctl_table) in drivers/tty/tty_io.c:tty_init and there is not path that changes these values. Additionally, we then fail trying to print instead of continuing with the initialization. My conjecture is that this might be due to something different than tht sysctl register call. Does this happen consistenly or is this just a one off issue? To what branch are these patches being applied to? I'm going to post my V2 and keep working on this issue if it pops up again. Thx for the report Best > --- interrupt: 0 at 0x0 > NIP: LR: CTR: > REGS: c084ff10 TRAP: Not tainted (6.5.0-rc6-gdef13277bacb) > MSR: <> CR: XER: > > GPR00: > > GPR08: > > GPR16: > > GPR24: > > NIP [] 0x0 > LR [] 0x0 > --- interrupt: 0 > Code: 91610008 90e1000c 4bffd0b5 80010014 38210010 7c0803a6 4e800020 > 409d0008 9923 38630001 38840001 4240ffd0 <7d2a20ae> 7f851840 > 5528063e 2c08 > ---[ end trace ]--- > > note: swapper[1] exited with irqs disabled > Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b > > > > > > What? > > These commits remove the sentinel element (last empty element) from the > > sysctl arrays of all the files under the "drivers/" directory that use a > > sysctl array for registration. The merging of the preparation patches > > (in https://lore.kernel.org/all/zo5yx5jfoggi%2f...@bombadil.infradead.org/) > > to mainline allows us to just remove sentinel elements without changing > > behavior (more info here [1]). <--- snip ---> > > drivers/macintosh/mac_hid.c | 3 +- > > drivers/md/md.c | 3 +- > > drivers/misc/sgi-xp/xpc_main.c| 6 ++-- > > drivers/net/vrf.c | 3 +- > > drivers/parport/procfs.c | 42 > > --- > > drivers/scsi/scsi_sysctl.c| 3 +- > > drivers/scsi/sg.c | 3 +- > > drivers/tty/tty_io.c | 3 +- > > drivers/xen/balloon.c | 3 +- > > 18 files changed, 36 insertions(+), 60 deletions(-) > > --- > > base-commit: 0e945134b680040b8613e962f586d91b6d40292d > > change-id: 20230927-jag-sysctl_remove_empty_
Re: [PATCH 00/15] sysctl: Remove sentinel elements from drivers
Le 28/09/2023 à 15:21, Joel Granados via B4 Relay a écrit : > From: Joel Granados Automatic test fails on powerpc, see https://patchwork.ozlabs.org/project/linuxppc-dev/patch/20230928-jag-sysctl_remove_empty_elem_drivers-v1-15-e59120fca...@samsung.com/ Kernel attempted to read user page (1a111316) - exploit attempt? (uid: 0) BUG: Unable to handle kernel data access on read at 0x1a111316 Faulting instruction address: 0xc0545338 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=4K PowerPC 44x Platform Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 6.5.0-rc6-gdef13277bacb #1 Hardware name: amcc,bamboo 440GR Rev. B 0x422218d3 PowerPC 44x Platform NIP: c0545338 LR: c0548468 CTR: REGS: c084fae0 TRAP: 0300 Not tainted (6.5.0-rc6-gdef13277bacb) MSR: 00021000 CR: 84004288 XER: DEAR: 1a111316 ESR: GPR00: c0548468 c084fbd0 c0888000 c084fc99 c084fc7c 1a110316 000a GPR08: c084fd18 1a111316 04ff 22000282 c00027c0 GPR16: c004 c003d544 0001 c003eb2c 096023d4 GPR24: c0636502 c0636502 c084fc74 c0588510 c084fc68 c084fc7c c084fc99 0002 NIP [c0545338] string+0x78/0x148 LR [c0548468] vsnprintf+0x3d8/0x824 Call Trace: [c084fbd0] [c084fc7c] 0xc084fc7c (unreliable) [c084fbe0] [c0548468] vsnprintf+0x3d8/0x824 [c084fc30] [c0072dec] vprintk_store+0x17c/0x4c8 [c084fcc0] [c007322c] vprintk_emit+0xf4/0x2a0 [c084fd00] [c0073d04] _printk+0x60/0x88 [c084fd40] [c01ab63c] sysctl_err+0x78/0xa4 [c084fd80] [c01ab404] __register_sysctl_table+0x6a0/0x6c4 [c084fde0] [c06a585c] __register_sysctl_init+0x30/0x78 [c084fe00] [c06a8cc8] tty_init+0x44/0x168 [c084fe30] [c00023c4] do_one_initcall+0x64/0x2a0 [c084fea0] [c068f060] kernel_init_freeable+0x184/0x230 [c084fee0] [c00027e4] kernel_init+0x24/0x124 [c084ff00] [c000f1fc] ret_from_kernel_user_thread+0x14/0x1c --- interrupt: 0 at 0x0 NIP: LR: CTR: REGS: c084ff10 TRAP: Not tainted (6.5.0-rc6-gdef13277bacb) MSR: <> CR: XER: GPR00: GPR08: GPR16: GPR24: NIP [] 0x0 LR [] 0x0 --- interrupt: 0 Code: 91610008 90e1000c 4bffd0b5 80010014 38210010 7c0803a6 4e800020 409d0008 9923 38630001 38840001 4240ffd0 <7d2a20ae> 7f851840 5528063e 2c08 ---[ end trace ]--- note: swapper[1] exited with irqs disabled Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b > > What? > These commits remove the sentinel element (last empty element) from the > sysctl arrays of all the files under the "drivers/" directory that use a > sysctl array for registration. The merging of the preparation patches > (in https://lore.kernel.org/all/zo5yx5jfoggi%2f...@bombadil.infradead.org/) > to mainline allows us to just remove sentinel elements without changing > behavior (more info here [1]). > > These commits are part of a bigger set (here > https://github.com/Joelgranados/linux/tree/tag/sysctl_remove_empty_elem_V4) > that remove the ctl_table sentinel. Make the review process easier by > chunking the commits into manageable pieces. Each chunk can be reviewed > separately without noise from parallel sets. > > Now that the architecture chunk has been mostly reviewed [6], we send > the "drivers/" directory. Once this one is done, it will be follwed by > "fs/*", "kernel/*", "net/*" and miscellaneous. The final set will remove > the unneeded check for ->procname == NULL. > > Why? > By removing the sysctl sentinel elements we avoid kernel bloat as > ctl_table arrays get moved out of kernel/sysctl.c into their own > respective subsystems. This move was started long ago to avoid merge > conflicts; the sentinel removal bit came after Mathew Wilcox suggested > it to avoid bloating the kernel by one element as arrays moved out. This > patchset will reduce the overall build time size of the kernel and run > time memory bloat by about ~64 bytes per declared ctl_table array. I > have consolidated some links that shed light on the history of this > effort [2]. > > Testing: > * Ran sysctl selftests (./tools/testing/selftests/sysctl/sysctl.sh) > * Ran this through 0-day with no errors or warnings > > Size saving after removing all sentinels: >These are the bytes that we save after removing all the sentinels >(this plus all the other chunks). I included them to get an idea of >how much memory we are talking about. > * bloat-o-meter: > - The "yesall" configuration results save 9158 bytes > > https://lore.kernel.org/all/20230621091000.424843-1-j.grana...@samsung.com/ > - The "tiny" config + CONFIG_SYSCTL save 1215 bytes > > https://lore.
[PATCH 00/15] sysctl: Remove sentinel elements from drivers
From: Joel Granados
What?
These commits remove the sentinel element (last empty element) from the
sysctl arrays of all the files under the "drivers/" directory that use a
sysctl array for registration. The merging of the preparation patches
(in https://lore.kernel.org/all/zo5yx5jfoggi%2f...@bombadil.infradead.org/)
to mainline allows us to just remove sentinel elements without changing
behavior (more info here [1]).
These commits are part of a bigger set (here
https://github.com/Joelgranados/linux/tree/tag/sysctl_remove_empty_elem_V4)
that remove the ctl_table sentinel. Make the review process easier by
chunking the commits into manageable pieces. Each chunk can be reviewed
separately without noise from parallel sets.
Now that the architecture chunk has been mostly reviewed [6], we send
the "drivers/" directory. Once this one is done, it will be follwed by
"fs/*", "kernel/*", "net/*" and miscellaneous. The final set will remove
the unneeded check for ->procname == NULL.
Why?
By removing the sysctl sentinel elements we avoid kernel bloat as
ctl_table arrays get moved out of kernel/sysctl.c into their own
respective subsystems. This move was started long ago to avoid merge
conflicts; the sentinel removal bit came after Mathew Wilcox suggested
it to avoid bloating the kernel by one element as arrays moved out. This
patchset will reduce the overall build time size of the kernel and run
time memory bloat by about ~64 bytes per declared ctl_table array. I
have consolidated some links that shed light on the history of this
effort [2].
Testing:
* Ran sysctl selftests (./tools/testing/selftests/sysctl/sysctl.sh)
* Ran this through 0-day with no errors or warnings
Size saving after removing all sentinels:
These are the bytes that we save after removing all the sentinels
(this plus all the other chunks). I included them to get an idea of
how much memory we are talking about.
* bloat-o-meter:
- The "yesall" configuration results save 9158 bytes
https://lore.kernel.org/all/20230621091000.424843-1-j.grana...@samsung.com/
- The "tiny" config + CONFIG_SYSCTL save 1215 bytes
https://lore.kernel.org/all/20230809105006.1198165-1-j.grana...@samsung.com/
* memory usage:
In memory savings are measured to be 7296 bytes. (here is how to
measure [3])
Size saving after this patchset:
* bloat-o-meter
- The "yesall" config saves 2432 bytes [4]
- The "tiny" config saves 64 bytes [5]
* memory usage:
In this case there were no bytes saved because I do not have any
of the drivers in the patch. To measure it comment the printk in
`new_dir` and uncomment the if conditional in `new_links` [3].
Comments/feedback greatly appreciated
Best
Joel
[1]
We are able to remove a sentinel table without behavioral change by
introducing a table_size argument in the same place where procname is
checked for NULL. The idea is for it to keep stopping when it hits
->procname == NULL, while the sentinel is still present. And when the
sentinel is removed, it will stop on the table_size. You can go to
(https://lore.kernel.org/all/20230809105006.1198165-1-j.grana...@samsung.com/)
for more information.
[2]
Links Related to the ctl_table sentinel removal:
* Good summary from Luis sent with the "pull request" for the
preparation patches.
https://lore.kernel.org/all/zo5yx5jfoggi%2f...@bombadil.infradead.org/
* Another very good summary from Luis.
https://lore.kernel.org/all/zmfizkfkvxuft...@bombadil.infradead.org/
* This is a patch set that replaces register_sysctl_table with register_sysctl
https://lore.kernel.org/all/20230302204612.782387-1-mcg...@kernel.org/
* Patch set to deprecate register_sysctl_paths()
https://lore.kernel.org/all/20230302202826.776286-1-mcg...@kernel.org/
* Here there is an explicit expectation for the removal of the sentinel element.
https://lore.kernel.org/all/20230321130908.6972-1-frank...@vivo.com
* The "ARRAY_SIZE" approach was mentioned (proposed?) in this thread
https://lore.kernel.org/all/20220220060626.15885-1-tangm...@uniontech.com
[3]
To measure the in memory savings apply this on top of this patchset.
"
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index c88854df0b62..e0073a627bac 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -976,6 +976,8 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
table[0].procname = new_name;
table[0].mode = S_IFDIR|S_IRUGO|S_IXUGO;
init_header(&new->header, set->dir.header.root, set, node, table, 1);
+ // Counts additional sentinel used for each new dir.
+ printk("%ld sysctl saved mem kzalloc \n", sizeof(struct ctl_table));
return new;
}
@@ -1199,6 +1201,9 @@ static struct ctl_table_header *new_links(struct ctl_dir
*dir, struct ctl_table_
link_name += len;
link++;
}
+ // Counts additional sentinel used for each new registration
