Commit 635470eb authored by Joel Granados's avatar Joel Granados Committed by David S. Miller
Browse files

netfilter: Remove the now superfluous sentinel elements from ctl_table array 

This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which will
reduce the overall build time size of the kernel and run time memory
bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/

)

* Remove sentinel elements from ctl_table structs
* Remove instances where an array element is zeroed out to make it look
  like a sentinel. This is not longer needed and is safe after commit
  c899710f ("networking: Update to register_net_sysctl_sz") added
  the array size to the ctl_table registration
* Remove the need for having __NF_SYSCTL_CT_LAST_SYSCTL as the
  sysctl array size is now in NF_SYSCTL_CT_LAST_SYSCTL
* Remove extra element in ctl_table arrays declarations

Acked-by: Kees Cook <keescook@chromium.org> # loadpin & yama
Signed-off-by: default avatarJoel Granados <j.granados@samsung.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 73dbd8cf

net/bridge/br_netfilter_hooks.c

+0 −1
Original line number Diff line number Diff line
@@ -1226,7 +1226,6 @@ static struct ctl_table brnf_table[] = { 
		.mode		= 0644,

		.proc_handler	= brnf_sysctl_call_tables,

	},

	{ }

};



static inline void br_netfilter_sysctl_default(struct brnf_net *brnf)

net/ipv6/netfilter/nf_conntrack_reasm.c

+0 −1
Original line number Diff line number Diff line
@@ -62,7 +62,6 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { 
		.mode		= 0644,

		.proc_handler	= proc_doulongvec_minmax,

	},

	{ }

};



static int nf_ct_frag6_sysctl_register(struct net *net)

net/netfilter/ipvs/ip_vs_ctl.c

+1 −4
Original line number Diff line number Diff line
@@ -2263,7 +2263,6 @@ static struct ctl_table vs_vars[] = { 
		.proc_handler	= proc_dointvec,

	},

#endif

	{ }

};



#endif
@@ -4286,10 +4285,8 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) 
			return -ENOMEM;



		/* Don't export sysctls to unprivileged users */

		if (net->user_ns != &init_user_ns) {

			tbl[0].procname = NULL;

		if (net->user_ns != &init_user_ns)

			ctl_table_size = 0;

		}

	} else

		tbl = vs_vars;

	/* Initialize sysctl defaults */

net/netfilter/ipvs/ip_vs_lblc.c

+1 −4
Original line number Diff line number Diff line
@@ -123,7 +123,6 @@ static struct ctl_table vs_vars_table[] = { 
		.mode		= 0644,

		.proc_handler	= proc_dointvec_jiffies,

	},

	{ }

};

#endif
@@ -563,10 +562,8 @@ static int __net_init __ip_vs_lblc_init(struct net *net) 
			return -ENOMEM;



		/* Don't export sysctls to unprivileged users */

		if (net->user_ns != &init_user_ns) {

			ipvs->lblc_ctl_table[0].procname = NULL;

		if (net->user_ns != &init_user_ns)

			vars_table_size = 0;

		}



	} else

		ipvs->lblc_ctl_table = vs_vars_table;

net/netfilter/ipvs/ip_vs_lblcr.c

+1 −4
Original line number Diff line number Diff line
@@ -294,7 +294,6 @@ static struct ctl_table vs_vars_table[] = { 
		.mode		= 0644,

		.proc_handler	= proc_dointvec_jiffies,

	},

	{ }

};

#endif
@@ -749,10 +748,8 @@ static int __net_init __ip_vs_lblcr_init(struct net *net) 
			return -ENOMEM;



		/* Don't export sysctls to unprivileged users */

		if (net->user_ns != &init_user_ns) {

			ipvs->lblcr_ctl_table[0].procname = NULL;

		if (net->user_ns != &init_user_ns)

			vars_table_size = 0;

		}

	} else

		ipvs->lblcr_ctl_table = vs_vars_table;

	ipvs->sysctl_lblcr_expiration = DEFAULT_EXPIRATION;