[PATCH 0/7] sysctl: Remove sentinel elements from misc directories

Joel Granados via B4 Relay devnull+j.granados.samsung.com at kernel.org
Thu Mar 28 15:57:47 UTC 2024


From: Joel Granados <j.granados at samsung.com>

What?
These commits remove the sentinel element (last empty element) from the
sysctl arrays of all the files under the "mm/", "security/", "ipc/",
"init/", "io_uring/", "drivers/perf/" and "crypto/" directories that
register a sysctl array. The inclusion of [4] to mainline allows the
removal of sentinel elements without behavioral change. This is safe
because the sysctl registration code (register_sysctl() and friends) use
the array size in addition to checking for a sentinel [1].

Why?
By removing the sysctl sentinel elements we avoid kernel bloat as
ctl_table arrays get moved out of kernel/sysctl.c into their own
respective subsystems. This move was started long ago to avoid merge
conflicts; the sentinel removal bit came after Mathew Wilcox suggested
it to avoid bloating the kernel by one element as arrays moved out. This
patchset will reduce the overall build time size of the kernel and run
time memory bloat by about ~64 bytes per declared ctl_table array (more
info here [5]).

When are we done?
There are 4 patchest (25 commits [2]) that are still outstanding to
completely remove the sentinels: files under "net/", files under
"kernel/" dir, misc dirs (this patchset) and the final set that removes
the unneeded check for ->procname == NULL.

Testing:
* Ran sysctl selftests (./tools/testing/selftests/sysctl/sysctl.sh)
* Ran this through 0-day with no errors or warnings

Savings in vmlinux:
  A total of 64 bytes per sentinel is saved after removal; I measured in
  x86_64 to give an idea of the aggregated savings. The actual savings
  will depend on individual kernel configuration.
    * bloat-o-meter
        - The "yesall" config saves 963 bytes (bloat-o-meter output [6])
        - A reduced config [3] saves 452 bytes (bloat-o-meter output [7])

Savings in allocated memory:
  None in this set but will occur when the superfluous allocations are
  removed from proc_sysctl.c. I include it here for context. The
  estimated savings during boot for config [3] are 6272 bytes. See [8]
  for how to measure it.

Comments/feedback greatly appreciated

Best

Joel

[1] https://lore.kernel.org/all/20230809105006.1198165-1-j.granados@samsung.com/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/joel.granados/linux.git/tag/?h=sysctl_remove_empty_elem_v5
[3] https://gist.github.com/Joelgranados/feaca7af5537156ca9b73aeaec093171
[4] https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/

[5]
Links Related to the ctl_table sentinel removal:
* Good summaries from Luis:
  https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/
  https://lore.kernel.org/all/ZMFizKFkVxUFtSqa@bombadil.infradead.org/
* Patches adjusting sysctl register calls:
  https://lore.kernel.org/all/20230302204612.782387-1-mcgrof@kernel.org/
  https://lore.kernel.org/all/20230302202826.776286-1-mcgrof@kernel.org/
* Discussions about expectations and approach
  https://lore.kernel.org/all/20230321130908.6972-1-frank.li@vivo.com
  https://lore.kernel.org/all/20220220060626.15885-1-tangmeng@uniontech.com

[6]
add/remove: 0/0 grow/shrink: 0/16 up/down: 0/-963 (-963)
Function                                     old     new   delta
setup_mq_sysctls                             502     499      -3
yama_sysctl_table                            128      64     -64
vm_page_writeback_sysctls                    512     448     -64
vm_oom_kill_table                            256     192     -64
vm_compaction                                320     256     -64
page_alloc_sysctl_table                      576     512     -64
mq_sysctls                                   384     320     -64
memory_failure_table                         192     128     -64
loadpin_sysctl_table                         128      64     -64
key_sysctls                                  448     384     -64
kernel_io_uring_disabled_table               192     128     -64
kern_do_mounts_initrd_table                  128      64     -64
ipc_sysctls                                  832     768     -64
hugetlb_vmemmap_sysctls                      128      64     -64
hugetlb_table                                320     256     -64
apparmor_sysctl_table                        256     192     -64
Total: Before=440605433, After=440604470, chg -0.00%

[7]
add/remove: 0/0 grow/shrink: 0/8 up/down: 0/-452 (-452)
Function                                     old     new   delta
setup_ipc_sysctls                            306     302      -4
vm_page_writeback_sysctls                    512     448     -64
vm_oom_kill_table                            256     192     -64
page_alloc_sysctl_table                      384     320     -64
key_sysctls                                  384     320     -64
kernel_io_uring_disabled_table               192     128     -64
ipc_sysctls                                  640     576     -64
hugetlb_table                                256     192     -64
Total: Before=8523801, After=8523349, chg -0.01%

[8]
To measure the in memory savings apply this on top of this patchset.

"
diff --git i/fs/proc/proc_sysctl.c w/fs/proc/proc_sysctl.c
index 37cde0efee57..896c498600e8 100644
--- i/fs/proc/proc_sysctl.c
+++ w/fs/proc/proc_sysctl.c
@@ -966,6 +966,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
        table[0].procname = new_name;
        table[0].mode = S_IFDIR|S_IRUGO|S_IXUGO;
        init_header(&new->header, set->dir.header.root, set, node, table, 1);
+       printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));

        return new;
 }
@@ -1189,6 +1190,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, s>
                link_name += len;
                link++;
        }
+       printk("%ld sysctl saved mem kzalloc\n", sizeof(struct ctl_table));
        init_header(links, dir->header.root, dir->header.set, node, link_table,
                    head->ctl_table_size);
        links->nreg = nr_entries;
"
and then run the following bash script in the kernel:

accum=0
for n in $(dmesg | grep kzalloc | awk '{print $3}') ; do
    accum=$(calc "$accum + $n")
done
echo $accum

Signed-off-by: Joel Granados <j.granados at samsung.com>

--

---
Joel Granados (7):
      memory: Remove the now superfluous sentinel element from ctl_table array
      security: Remove the now superfluous sentinel element from ctl_table array
      crypto: Remove the now superfluous sentinel element from ctl_table array
      initrd: Remove the now superfluous sentinel element from ctl_table array
      ipc: Remove the now superfluous sentinel element from ctl_table array
      io_uring: Remove the now superfluous sentinel elements from ctl_table array
      drivers: perf: Remove the now superfluous sentinel elements from ctl_table array

 crypto/fips.c                | 1 -
 drivers/perf/riscv_pmu_sbi.c | 1 -
 init/do_mounts_initrd.c      | 1 -
 io_uring/io_uring.c          | 1 -
 ipc/ipc_sysctl.c             | 1 -
 ipc/mq_sysctl.c              | 1 -
 mm/compaction.c              | 1 -
 mm/hugetlb.c                 | 1 -
 mm/hugetlb_vmemmap.c         | 1 -
 mm/memory-failure.c          | 1 -
 mm/oom_kill.c                | 1 -
 mm/page-writeback.c          | 1 -
 mm/page_alloc.c              | 1 -
 security/apparmor/lsm.c      | 1 -
 security/keys/sysctl.c       | 1 -
 security/loadpin/loadpin.c   | 1 -
 security/yama/yama_lsm.c     | 1 -
 17 files changed, 17 deletions(-)
---
base-commit: 4cece764965020c22cff7665b18a012006359095
change-id: 20240320-jag-sysctl_remset_misc-a261f5a7ddea

Best regards,
-- 
Joel Granados <j.granados at samsung.com>





More information about the Linux-security-module-archive mailing list