Skip to content
  • Eric W. Biederman's avatar
    sysctl: Improve the sysctl sanity checks · 7c60c48f
    Eric W. Biederman authored
    
    
    - Stop validating subdirectories now that we only register leaf tables
    
    - Cleanup and improve the duplicate filename check.
      * Run the duplicate filename check under the sysctl_lock to guarantee
        we never add duplicate names.
      * Reduce the duplicate filename check to nearly O(M*N) where M is the
        number of entries in tthe table we are registering and N is the
        number of entries in the directory before we got there.
    
    - Move the duplicate filename check into it's own function and call
      it directtly from __register_sysctl_table
    
    - Kill the config option as the sanity checks are now cheap enough
      the config option is unnecessary. The original reason for the config
      option was because we had a huge table used to verify the proc filename
      to binary sysctl mapping.  That table has now evolved into the binary_sysctl
      translation layer and is no longer part of the sysctl_check code.
    
    - Tighten up the permission checks.  Guarnateeing that files only have read
      or write permissions.
    
    - Removed redudant check for parents having a procname as now everything has
      a procname.
    
    - Generalize the backtrace logic so that we print a backtrace from
      any failure of __register_sysctl_table that was not caused by
      a memmory allocation failure.  The backtrace allows us to track
      down who erroneously registered a sysctl table.
    
    Bechmark before (CONFIG_SYSCTL_CHECK=y):
        make-dummies 0 999 -> 12s
        rmmod dummy        -> 0.08s
    
    Bechmark before (CONFIG_SYSCTL_CHECK=n):
        make-dummies 0 999 -> 0.7s
        rmmod dummy        -> 0.06s
        make-dummies 0 99999 -> 1m13s
        rmmod dummy          -> 0.38s
    
    Benchmark after:
        make-dummies 0 999 -> 0.65s
        rmmod dummy        -> 0.055s
        make-dummies 0 9999 -> 1m10s
        rmmod dummy         -> 0.39s
    
    The sysctl sanity checks now impose no measurable cost.
    
    Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    7c60c48f