diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-01-21 16:34:05 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-01-24 19:40:27 -0500 |
commit | 7c60c48f58a78195acc1f71c9a9d01958c02ab89 (patch) | |
tree | 7d1a66abc2510aa474105a747fdcd08b033f2b36 /lib | |
parent | f728019bb72e655680c02ad1829323054a8e875f (diff) |
sysctl: Improve the sysctl sanity checks
- Stop validating subdirectories now that we only register leaf tables
- Cleanup and improve the duplicate filename check.
* Run the duplicate filename check under the sysctl_lock to guarantee
we never add duplicate names.
* Reduce the duplicate filename check to nearly O(M*N) where M is the
number of entries in tthe table we are registering and N is the
number of entries in the directory before we got there.
- Move the duplicate filename check into it's own function and call
it directtly from __register_sysctl_table
- Kill the config option as the sanity checks are now cheap enough
the config option is unnecessary. The original reason for the config
option was because we had a huge table used to verify the proc filename
to binary sysctl mapping. That table has now evolved into the binary_sysctl
translation layer and is no longer part of the sysctl_check code.
- Tighten up the permission checks. Guarnateeing that files only have read
or write permissions.
- Removed redudant check for parents having a procname as now everything has
a procname.
- Generalize the backtrace logic so that we print a backtrace from
any failure of __register_sysctl_table that was not caused by
a memmory allocation failure. The backtrace allows us to track
down who erroneously registered a sysctl table.
Bechmark before (CONFIG_SYSCTL_CHECK=y):
make-dummies 0 999 -> 12s
rmmod dummy -> 0.08s
Bechmark before (CONFIG_SYSCTL_CHECK=n):
make-dummies 0 999 -> 0.7s
rmmod dummy -> 0.06s
make-dummies 0 99999 -> 1m13s
rmmod dummy -> 0.38s
Benchmark after:
make-dummies 0 999 -> 0.65s
rmmod dummy -> 0.055s
make-dummies 0 9999 -> 1m10s
rmmod dummy -> 0.39s
The sysctl sanity checks now impose no measurable cost.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Kconfig.debug | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 8745ac7d1f75..943a6182cdf2 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug | |||
@@ -1113,14 +1113,6 @@ config LATENCYTOP | |||
1113 | Enable this option if you want to use the LatencyTOP tool | 1113 | Enable this option if you want to use the LatencyTOP tool |
1114 | to find out which userspace is blocking on what kernel operations. | 1114 | to find out which userspace is blocking on what kernel operations. |
1115 | 1115 | ||
1116 | config SYSCTL_SYSCALL_CHECK | ||
1117 | bool "Sysctl checks" | ||
1118 | depends on SYSCTL | ||
1119 | ---help--- | ||
1120 | sys_sysctl uses binary paths that have been found challenging | ||
1121 | to properly maintain and use. This enables checks that help | ||
1122 | you to keep things correct. | ||
1123 | |||
1124 | source mm/Kconfig.debug | 1116 | source mm/Kconfig.debug |
1125 | source kernel/trace/Kconfig | 1117 | source kernel/trace/Kconfig |
1126 | 1118 | ||