Re: [PATCH] Move sysctl check into debugging section and don't make it default y

[ebiederm@xmission.com (Eric W. Biederman)]

Andi Kleen <andi@firstfloor.org> writes:

>> What is a feature change like this doing coming in after the
>> merge window?
>
> I considered it a "anti bloat bugfix". Adding 30k of 
> object code to allno was a bit too much. 
>
>> Why doesn't an allnoconfig disable sysctl all together?
>
> Because it depends on EMBEDDED and EMBEDDED is not y. Yes it's not
> intuitive, on the other hand the end result is reasonable.

That makes sense in a silly sort of way.  Making
allnoconfig not a particularly good minimal size check.

>> These are the only checks we have against someone doing something
>> nasty in the sysctl hierarchy.   We have proven that we don't
>> have the discipline to do the right thing with code in the
>> core kernel.  I expect out of tree code will be much worse.
>
> My assumption is that they will be run at least once during
> a release cycle by someone and then the messages will appear
> and be reported. We do the same thing with a lot of other
> debug options (lockdep, slab debug, sleep debug etc.,). There's no 
> need for this one to be special.

But it really isn't a debug option.

> Also I'm not sure the check is all that useful anyways. We
> should just not accept any new binary numbered sysctl, and
> that's nearly the case anyways.

This code is the mechanism by which we do not accept any
new binary numbered sysctl into the kernel.

Andrew used to get them just often enough that I would get a message
ever couple of months.  What and why is our policy with respect to new
binary sysctls?

Since this code has yet to ship in any enterprise kernel to my knowledge
I expect there are going to be another raft load of kernel bugs discovered
in out of tree code when it does.  We have a decade or more of near
total neglect to make up for.

As for what the code does.  There is one big expensive (space wise)
check in there that ensures we don't add new sysctl binary names.
Beyond that the checks that sysctl_check performs are actual sanity
checks with the only expensive one being to ensure we don't register
the same name twice.  Real code hits those checks, and frequently not
in development, but in some weird production scenario.  And the code
only runs when we register a sysctl so it is cheap.

Which is the big difference between this code and debugging checks,
even when enabled it barely ever runs.

Now if you would like to fix the size issue.  The thing to do is to
add a type field or a conversion function onto those tables.  Which is
enough to implement all of our binary sysctls by looking up the ascii
equivalents and calling the proc handling functions.  Then those tables
would be much more then dead weight.

Eric