tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: Remove the now superfluous sentinel elements from ctl_table array

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/)

* Remove sentinel elements from ctl_table structs
* Remove instances where an array element is zeroed out to make it look
like a sentinel. This is not longer needed and is safe after commit
c899710fe7f9 ("networking: Update to register_net_sysctl_sz") added
the array size to the ctl_table registration
* Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
* Remove extra element in ctl_table arrays declarations

Acked-by: Kees Cook <keescook@chromium.org> # loadpin & yama
Signed-off-by: Joel Granados <j.granados@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Joel Granados and committed by
David S. Miller 635470eb 73dbd8cf

+5 -21
-1
net/bridge/br_netfilter_hooks.c
··· 1226 1226 .mode = 0644, 1227 1227 .proc_handler = brnf_sysctl_call_tables, 1228 1228 }, 1229 - { } 1230 1229 }; 1231 1230 1232 1231 static inline void br_netfilter_sysctl_default(struct brnf_net *brnf)
-1
net/ipv6/netfilter/nf_conntrack_reasm.c
··· 62 62 .mode = 0644, 63 63 .proc_handler = proc_doulongvec_minmax, 64 64 }, 65 - { } 66 65 }; 67 66 68 67 static int nf_ct_frag6_sysctl_register(struct net *net)
+1 -4
net/netfilter/ipvs/ip_vs_ctl.c
··· 2263 2263 .proc_handler = proc_dointvec, 2264 2264 }, 2265 2265 #endif 2266 - { } 2267 2266 }; 2268 2267 2269 2268 #endif ··· 4285 4286 return -ENOMEM; 4286 4287 4287 4288 /* Don't export sysctls to unprivileged users */ 4288 - if (net->user_ns != &init_user_ns) { 4289 - tbl[0].procname = NULL; 4289 + if (net->user_ns != &init_user_ns) 4290 4290 ctl_table_size = 0; 4291 - } 4292 4291 } else 4293 4292 tbl = vs_vars; 4294 4293 /* Initialize sysctl defaults */
+1 -4
net/netfilter/ipvs/ip_vs_lblc.c
··· 123 123 .mode = 0644, 124 124 .proc_handler = proc_dointvec_jiffies, 125 125 }, 126 - { } 127 126 }; 128 127 #endif 129 128 ··· 562 563 return -ENOMEM; 563 564 564 565 /* Don't export sysctls to unprivileged users */ 565 - if (net->user_ns != &init_user_ns) { 566 - ipvs->lblc_ctl_table[0].procname = NULL; 566 + if (net->user_ns != &init_user_ns) 567 567 vars_table_size = 0; 568 - } 569 568 570 569 } else 571 570 ipvs->lblc_ctl_table = vs_vars_table;
+1 -4
net/netfilter/ipvs/ip_vs_lblcr.c
··· 294 294 .mode = 0644, 295 295 .proc_handler = proc_dointvec_jiffies, 296 296 }, 297 - { } 298 297 }; 299 298 #endif 300 299 ··· 748 749 return -ENOMEM; 749 750 750 751 /* Don't export sysctls to unprivileged users */ 751 - if (net->user_ns != &init_user_ns) { 752 - ipvs->lblcr_ctl_table[0].procname = NULL; 752 + if (net->user_ns != &init_user_ns) 753 753 vars_table_size = 0; 754 - } 755 754 } else 756 755 ipvs->lblcr_ctl_table = vs_vars_table; 757 756 ipvs->sysctl_lblcr_expiration = DEFAULT_EXPIRATION;
+1 -5
net/netfilter/nf_conntrack_standalone.c
··· 616 616 NF_SYSCTL_CT_LWTUNNEL, 617 617 #endif 618 618 619 - __NF_SYSCTL_CT_LAST_SYSCTL, 619 + NF_SYSCTL_CT_LAST_SYSCTL, 620 620 }; 621 - 622 - #define NF_SYSCTL_CT_LAST_SYSCTL (__NF_SYSCTL_CT_LAST_SYSCTL + 1) 623 621 624 622 static struct ctl_table nf_ct_sysctl_table[] = { 625 623 [NF_SYSCTL_CT_MAX] = { ··· 955 957 .proc_handler = nf_hooks_lwtunnel_sysctl_handler, 956 958 }, 957 959 #endif 958 - {} 959 960 }; 960 961 961 962 static struct ctl_table nf_ct_netfilter_table[] = { ··· 965 968 .mode = 0644, 966 969 .proc_handler = proc_dointvec, 967 970 }, 968 - { } 969 971 }; 970 972 971 973 static void nf_conntrack_standalone_init_tcp_sysctl(struct net *net,
+1 -2
net/netfilter/nf_log.c
··· 395 395 396 396 #ifdef CONFIG_SYSCTL 397 397 static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3]; 398 - static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1]; 398 + static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO]; 399 399 static struct ctl_table_header *nf_log_sysctl_fhdr; 400 400 401 401 static struct ctl_table nf_log_sysctl_ftable[] = { ··· 406 406 .mode = 0644, 407 407 .proc_handler = proc_dointvec, 408 408 }, 409 - { } 410 409 }; 411 410 412 411 static int nf_log_proc_dostring(struct ctl_table *table, int write,