From nobody Fri Jun 19 06:16:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC5DCC433EF for ; Thu, 7 Apr 2022 07:08:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238559AbiDGHKU (ORCPT ); Thu, 7 Apr 2022 03:10:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240393AbiDGHKM (ORCPT ); Thu, 7 Apr 2022 03:10:12 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FCE321836; Thu, 7 Apr 2022 00:08:09 -0700 (PDT) Received: from kwepemi500017.china.huawei.com (unknown [172.30.72.53]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KYss60v2WzdZhQ; Thu, 7 Apr 2022 15:07:38 +0800 (CST) Received: from linux-suse12sp5.huawei.com (10.67.133.175) by kwepemi500017.china.huawei.com (7.221.188.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 7 Apr 2022 15:08:05 +0800 From: Yan Zhu To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module Date: Thu, 7 Apr 2022 15:07:59 +0800 Message-ID: <20220407070759.29506-1-zhuyan34@huawei.com> X-Mailer: git-send-email 2.12.3 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.67.133.175] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemi500017.china.huawei.com (7.221.188.110) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We're moving sysctls out of kernel/sysctl.c as its a mess. We already moved all filesystem sysctls out. And with time the goal is to move all sysctls out to their own subsystem/actual user. kernel/sysctl.c has grown to an insane mess and its easy to run into conflicts with it. The effort to move them out is part of this. Signed-off-by: Yan Zhu Acked-by: Daniel Borkmann --- v1->v2: 1.Added patch branch identifier sysctl-next. 2.Re-describe the reason for the patch submission. v2->v3: Re-describe the reason for the patch submission. v3->v4: 1.Remove '#include ' in kernel/sysctl.c 2.re-adaptive the patch --- kernel/bpf/syscall.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++= ++++ kernel/sysctl.c | 79 ----------------------------------------------- 2 files changed, 87 insertions(+), 79 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index cdaa1152436a..e9621cfa09f2 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -4908,3 +4908,90 @@ const struct bpf_verifier_ops bpf_syscall_verifier_o= ps =3D { const struct bpf_prog_ops bpf_syscall_prog_ops =3D { .test_run =3D bpf_prog_test_run_syscall, }; + +#ifdef CONFIG_SYSCTL +static int bpf_stats_handler(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + struct static_key *key =3D (struct static_key *)table->data; + static int saved_val; + int val, ret; + struct ctl_table tmp =3D { + .data =3D &val, + .maxlen =3D sizeof(val), + .mode =3D table->mode, + .extra1 =3D SYSCTL_ZERO, + .extra2 =3D SYSCTL_ONE, + }; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + mutex_lock(&bpf_stats_enabled_mutex); + val =3D saved_val; + ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); + if (write && !ret && val !=3D saved_val) { + if (val) + static_key_slow_inc(key); + else + static_key_slow_dec(key); + saved_val =3D val; + } + mutex_unlock(&bpf_stats_enabled_mutex); + return ret; +} + +void __weak unpriv_ebpf_notify(int new_state) +{ +} + +static int bpf_unpriv_handler(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + int ret, unpriv_enable =3D *(int *)table->data; + bool locked_state =3D unpriv_enable =3D=3D 1; + struct ctl_table tmp =3D *table; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + tmp.data =3D &unpriv_enable; + ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); + if (write && !ret) { + if (locked_state && unpriv_enable !=3D 1) + return -EPERM; + *(int *)table->data =3D unpriv_enable; + } + + unpriv_ebpf_notify(unpriv_enable); + + return ret; +} + +static struct ctl_table bpf_syscall_table[] =3D { + { + .procname =3D "unprivileged_bpf_disabled", + .data =3D &sysctl_unprivileged_bpf_disabled, + .maxlen =3D sizeof(sysctl_unprivileged_bpf_disabled), + .mode =3D 0644, + .proc_handler =3D bpf_unpriv_handler, + .extra1 =3D SYSCTL_ZERO, + .extra2 =3D SYSCTL_TWO, + }, + { + .procname =3D "bpf_stats_enabled", + .data =3D &bpf_stats_enabled_key.key, + .maxlen =3D sizeof(bpf_stats_enabled_key), + .mode =3D 0644, + .proc_handler =3D bpf_stats_handler, + }, + { } +}; + +static int __init bpf_syscall_sysctl_init(void) +{ + register_sysctl_init("kernel", bpf_syscall_table); + return 0; +} +late_initcall(bpf_syscall_sysctl_init); +#endif /* CONFIG_SYSCTL */ diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 21172d3dad6e..c0fdf465a93d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -62,7 +62,6 @@ #include #include #include -#include #include #include #include @@ -139,66 +138,6 @@ static const int max_extfrag_threshold =3D 1000; =20 #endif /* CONFIG_SYSCTL */ =20 -#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL) -static int bpf_stats_handler(struct ctl_table *table, int write, - void *buffer, size_t *lenp, loff_t *ppos) -{ - struct static_key *key =3D (struct static_key *)table->data; - static int saved_val; - int val, ret; - struct ctl_table tmp =3D { - .data =3D &val, - .maxlen =3D sizeof(val), - .mode =3D table->mode, - .extra1 =3D SYSCTL_ZERO, - .extra2 =3D SYSCTL_ONE, - }; - - if (write && !capable(CAP_SYS_ADMIN)) - return -EPERM; - - mutex_lock(&bpf_stats_enabled_mutex); - val =3D saved_val; - ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); - if (write && !ret && val !=3D saved_val) { - if (val) - static_key_slow_inc(key); - else - static_key_slow_dec(key); - saved_val =3D val; - } - mutex_unlock(&bpf_stats_enabled_mutex); - return ret; -} - -void __weak unpriv_ebpf_notify(int new_state) -{ -} - -static int bpf_unpriv_handler(struct ctl_table *table, int write, - void *buffer, size_t *lenp, loff_t *ppos) -{ - int ret, unpriv_enable =3D *(int *)table->data; - bool locked_state =3D unpriv_enable =3D=3D 1; - struct ctl_table tmp =3D *table; - - if (write && !capable(CAP_SYS_ADMIN)) - return -EPERM; - - tmp.data =3D &unpriv_enable; - ret =3D proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); - if (write && !ret) { - if (locked_state && unpriv_enable !=3D 1) - return -EPERM; - *(int *)table->data =3D unpriv_enable; - } - - unpriv_ebpf_notify(unpriv_enable); - - return ret; -} -#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */ - /* * /proc/sys support */ @@ -2112,24 +2051,6 @@ static struct ctl_table kern_table[] =3D { .extra2 =3D SYSCTL_ONE, }, #endif -#ifdef CONFIG_BPF_SYSCALL - { - .procname =3D "unprivileged_bpf_disabled", - .data =3D &sysctl_unprivileged_bpf_disabled, - .maxlen =3D sizeof(sysctl_unprivileged_bpf_disabled), - .mode =3D 0644, - .proc_handler =3D bpf_unpriv_handler, - .extra1 =3D SYSCTL_ZERO, - .extra2 =3D SYSCTL_TWO, - }, - { - .procname =3D "bpf_stats_enabled", - .data =3D &bpf_stats_enabled_key.key, - .maxlen =3D sizeof(bpf_stats_enabled_key), - .mode =3D 0644, - .proc_handler =3D bpf_stats_handler, - }, -#endif #if defined(CONFIG_TREE_RCU) { .procname =3D "panic_on_rcu_stall", --=20 2.12.3