patches/old/fs-move-namei-sysctls-to-its-own-file.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: Luis Chamberlain <mcgrof@kernel.org>
 Subject: fs: move namei sysctls to its own file

 kernel/sysctl.c is a kitchen sink where everyone leaves their dirty
 dishes, this makes it very difficult to maintain.

 To help with this maintenance let's start by moving sysctls to places
 where they actually belong.  The proc sysctl maintainers do not want to
 know what sysctl knobs you wish to add for your own piece of code, we just
 care about the core logic.

 So move namei's own sysctl knobs to its own file.

 Other than the move we also avoid initializing two static variables to 0
 as this is not needed:

   * sysctl_protected_symlinks
   * sysctl_protected_hardlinks

 Link: https://lkml.kernel.org/r/20211129205548.605569-8-mcgrof@kernel.org
 Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
 Cc: Al Viro <viro@zeniv.linux.org.uk>
 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
 Cc: Antti Palosaari <crope@iki.fi>
 Cc: Eric Biederman <ebiederm@xmission.com>
 Cc: Iurii Zaikin <yzaikin@google.com>
 Cc: "J. Bruce Fields" <bfields@fieldses.org>
 Cc: Jeff Layton <jlayton@kernel.org>
 Cc: Kees Cook <keescook@chromium.org>
 Cc: Lukas Middendorf <kernel@tuxforce.de>
 Cc: Stephen Kitt <steve@sk2.org>
 Cc: Xiaoming Ni <nixiaoming@huawei.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  fs/namei.c         |   58 ++++++++++++++++++++++++++++++++++++++++---
  include/linux/fs.h |    1
  kernel/sysctl.c    |   36 --------------------------
  3 files changed, 54 insertions(+), 41 deletions(-)

 --- a/fs/namei.c~fs-move-namei-sysctls-to-its-own-file
 +++ a/fs/namei.c
 @@ -1020,10 +1020,60 @@ static inline void put_link(struct namei
  		path_put(&last->link);
  }

 -int sysctl_protected_symlinks __read_mostly = 0;
 -int sysctl_protected_hardlinks __read_mostly = 0;
 -int sysctl_protected_fifos __read_mostly;
 -int sysctl_protected_regular __read_mostly;
 +static int sysctl_protected_symlinks __read_mostly;
 +static int sysctl_protected_hardlinks __read_mostly;
 +static int sysctl_protected_fifos __read_mostly;
 +static int sysctl_protected_regular __read_mostly;
 +
 +#ifdef CONFIG_SYSCTL
 +static struct ctl_table namei_sysctls[] = {
 +	{
 +		.procname	= "protected_symlinks",
 +		.data		= &sysctl_protected_symlinks,
 +		.maxlen		= sizeof(int),
 +		.mode		= 0600,
 +		.proc_handler	= proc_dointvec_minmax,
 +		.extra1		= SYSCTL_ZERO,
 +		.extra2		= SYSCTL_ONE,
 +	},
 +	{
 +		.procname	= "protected_hardlinks",
 +		.data		= &sysctl_protected_hardlinks,
 +		.maxlen		= sizeof(int),
 +		.mode		= 0600,
 +		.proc_handler	= proc_dointvec_minmax,
 +		.extra1		= SYSCTL_ZERO,
 +		.extra2		= SYSCTL_ONE,
 +	},
 +	{
 +		.procname	= "protected_fifos",
 +		.data		= &sysctl_protected_fifos,
 +		.maxlen		= sizeof(int),
 +		.mode		= 0600,
 +		.proc_handler	= proc_dointvec_minmax,
 +		.extra1		= SYSCTL_ZERO,
 +		.extra2		= SYSCTL_TWO,
 +	},
 +	{
 +		.procname	= "protected_regular",
 +		.data		= &sysctl_protected_regular,
 +		.maxlen		= sizeof(int),
 +		.mode		= 0600,
 +		.proc_handler	= proc_dointvec_minmax,
 +		.extra1		= SYSCTL_ZERO,
 +		.extra2		= SYSCTL_TWO,
 +	},
 +	{ }
 +};
 +
 +static int __init init_fs_namei_sysctls(void)
 +{
 +	register_sysctl_init("fs", namei_sysctls);
 +	return 0;
 +}
 +fs_initcall(init_fs_namei_sysctls);
 +
 +#endif /* CONFIG_SYSCTL */

  /**
   * may_follow_link - Check symlink following for unsafe situations
 --- a/include/linux/fs.h~fs-move-namei-sysctls-to-its-own-file
 +++ a/include/linux/fs.h
 @@ -81,7 +81,6 @@ extern void __init files_maxfiles_init(v

  extern unsigned long get_max_files(void);
  extern unsigned int sysctl_nr_open;
 -extern int leases_enable, lease_break_time;

  typedef __kernel_rwf_t rwf_t;

 --- a/kernel/sysctl.c~fs-move-namei-sysctls-to-its-own-file
 +++ a/kernel/sysctl.c
 @@ -2898,42 +2898,6 @@ static struct ctl_table vm_table[] = {

  static struct ctl_table fs_table[] = {
  	{
 -		.procname	= "protected_symlinks",
 -		.data		= &sysctl_protected_symlinks,
 -		.maxlen		= sizeof(int),
 -		.mode		= 0600,
 -		.proc_handler	= proc_dointvec_minmax,
 -		.extra1		= SYSCTL_ZERO,
 -		.extra2		= SYSCTL_ONE,
 -	},
 -	{
 -		.procname	= "protected_hardlinks",
 -		.data		= &sysctl_protected_hardlinks,
 -		.maxlen		= sizeof(int),
 -		.mode		= 0600,
 -		.proc_handler	= proc_dointvec_minmax,
 -		.extra1		= SYSCTL_ZERO,
 -		.extra2		= SYSCTL_ONE,
 -	},
 -	{
 -		.procname	= "protected_fifos",
 -		.data		= &sysctl_protected_fifos,
 -		.maxlen		= sizeof(int),
 -		.mode		= 0600,
 -		.proc_handler	= proc_dointvec_minmax,
 -		.extra1		= SYSCTL_ZERO,
 -		.extra2		= SYSCTL_TWO,
 -	},
 -	{
 -		.procname	= "protected_regular",
 -		.data		= &sysctl_protected_regular,
 -		.maxlen		= sizeof(int),
 -		.mode		= 0600,
 -		.proc_handler	= proc_dointvec_minmax,
 -		.extra1		= SYSCTL_ZERO,
 -		.extra2		= SYSCTL_TWO,
 -	},
 -	{
  		.procname	= "suid_dumpable",
  		.data		= &suid_dumpable,
  		.maxlen		= sizeof(int),
 _
	From: Luis Chamberlain <mcgrof@kernel.org>
	Subject: fs: move namei sysctls to its own file

	kernel/sysctl.c is a kitchen sink where everyone leaves their dirty
	dishes, this makes it very difficult to maintain.

	To help with this maintenance let's start by moving sysctls to places
	where they actually belong. The proc sysctl maintainers do not want to
	know what sysctl knobs you wish to add for your own piece of code, we just
	care about the core logic.

	So move namei's own sysctl knobs to its own file.

	Other than the move we also avoid initializing two static variables to 0
	as this is not needed:

	* sysctl_protected_symlinks
	* sysctl_protected_hardlinks

	Link: https://lkml.kernel.org/r/20211129205548.605569-8-mcgrof@kernel.org
	Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
	Cc: Al Viro <viro@zeniv.linux.org.uk>
	Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
	Cc: Antti Palosaari <crope@iki.fi>
	Cc: Eric Biederman <ebiederm@xmission.com>
	Cc: Iurii Zaikin <yzaikin@google.com>
	Cc: "J. Bruce Fields" <bfields@fieldses.org>
	Cc: Jeff Layton <jlayton@kernel.org>
	Cc: Kees Cook <keescook@chromium.org>
	Cc: Lukas Middendorf <kernel@tuxforce.de>
	Cc: Stephen Kitt <steve@sk2.org>
	Cc: Xiaoming Ni <nixiaoming@huawei.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	fs/namei.c \| 58 ++++++++++++++++++++++++++++++++++++++++---
	include/linux/fs.h \| 1
	kernel/sysctl.c \| 36 --------------------------
	3 files changed, 54 insertions(+), 41 deletions(-)

	--- a/fs/namei.c~fs-move-namei-sysctls-to-its-own-file
	+++ a/fs/namei.c
	@@ -1020,10 +1020,60 @@ static inline void put_link(struct namei
	path_put(&last->link);
	}

	-int sysctl_protected_symlinks __read_mostly = 0;
	-int sysctl_protected_hardlinks __read_mostly = 0;
	-int sysctl_protected_fifos __read_mostly;
	-int sysctl_protected_regular __read_mostly;
	+static int sysctl_protected_symlinks __read_mostly;
	+static int sysctl_protected_hardlinks __read_mostly;
	+static int sysctl_protected_fifos __read_mostly;
	+static int sysctl_protected_regular __read_mostly;
	+
	+#ifdef CONFIG_SYSCTL
	+static struct ctl_table namei_sysctls[] = {
	+ {
	+ .procname = "protected_symlinks",
	+ .data = &sysctl_protected_symlinks,
	+ .maxlen = sizeof(int),
	+ .mode = 0600,
	+ .proc_handler = proc_dointvec_minmax,
	+ .extra1 = SYSCTL_ZERO,
	+ .extra2 = SYSCTL_ONE,
	+ },
	+ {
	+ .procname = "protected_hardlinks",
	+ .data = &sysctl_protected_hardlinks,
	+ .maxlen = sizeof(int),
	+ .mode = 0600,
	+ .proc_handler = proc_dointvec_minmax,
	+ .extra1 = SYSCTL_ZERO,
	+ .extra2 = SYSCTL_ONE,
	+ },
	+ {
	+ .procname = "protected_fifos",
	+ .data = &sysctl_protected_fifos,
	+ .maxlen = sizeof(int),
	+ .mode = 0600,
	+ .proc_handler = proc_dointvec_minmax,
	+ .extra1 = SYSCTL_ZERO,
	+ .extra2 = SYSCTL_TWO,
	+ },
	+ {
	+ .procname = "protected_regular",
	+ .data = &sysctl_protected_regular,
	+ .maxlen = sizeof(int),
	+ .mode = 0600,
	+ .proc_handler = proc_dointvec_minmax,
	+ .extra1 = SYSCTL_ZERO,
	+ .extra2 = SYSCTL_TWO,
	+ },
	+ { }
	+};
	+
	+static int __init init_fs_namei_sysctls(void)
	+{
	+ register_sysctl_init("fs", namei_sysctls);
	+ return 0;
	+}
	+fs_initcall(init_fs_namei_sysctls);
	+
	+#endif /* CONFIG_SYSCTL */

	/**
	* may_follow_link - Check symlink following for unsafe situations
	--- a/include/linux/fs.h~fs-move-namei-sysctls-to-its-own-file
	+++ a/include/linux/fs.h
	@@ -81,7 +81,6 @@ extern void __init files_maxfiles_init(v

	extern unsigned long get_max_files(void);
	extern unsigned int sysctl_nr_open;
	-extern int leases_enable, lease_break_time;

	typedef __kernel_rwf_t rwf_t;

	--- a/kernel/sysctl.c~fs-move-namei-sysctls-to-its-own-file
	+++ a/kernel/sysctl.c
	@@ -2898,42 +2898,6 @@ static struct ctl_table vm_table[] = {

	static struct ctl_table fs_table[] = {
	{
	- .procname = "protected_symlinks",
	- .data = &sysctl_protected_symlinks,
	- .maxlen = sizeof(int),
	- .mode = 0600,
	- .proc_handler = proc_dointvec_minmax,
	- .extra1 = SYSCTL_ZERO,
	- .extra2 = SYSCTL_ONE,
	- },
	- {
	- .procname = "protected_hardlinks",
	- .data = &sysctl_protected_hardlinks,
	- .maxlen = sizeof(int),
	- .mode = 0600,
	- .proc_handler = proc_dointvec_minmax,
	- .extra1 = SYSCTL_ZERO,
	- .extra2 = SYSCTL_ONE,
	- },
	- {
	- .procname = "protected_fifos",
	- .data = &sysctl_protected_fifos,
	- .maxlen = sizeof(int),
	- .mode = 0600,
	- .proc_handler = proc_dointvec_minmax,
	- .extra1 = SYSCTL_ZERO,
	- .extra2 = SYSCTL_TWO,
	- },
	- {
	- .procname = "protected_regular",
	- .data = &sysctl_protected_regular,
	- .maxlen = sizeof(int),
	- .mode = 0600,
	- .proc_handler = proc_dointvec_minmax,
	- .extra1 = SYSCTL_ZERO,
	- .extra2 = SYSCTL_TWO,
	- },
	- {
	.procname = "suid_dumpable",
	.data = &suid_dumpable,
	.maxlen = sizeof(int),
	_