[PATCH] bpf: move the bpf syscall sysctl table to its own module

[PATCH] bpf: move the bpf syscall sysctl table to its own module

[Yan Zhu]

Sysctl table is easier to read under its own module.

Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
---
 kernel/bpf/syscall.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 kernel/sysctl.c      | 71 ----------------------------------------------
 2 files changed, 80 insertions(+), 71 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index fa4505f9b611..3cc50292a032 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4850,3 +4850,83 @@ const struct bpf_verifier_ops bpf_syscall_verifier_ops = {
 const struct bpf_prog_ops bpf_syscall_prog_ops = {
 	.test_run = bpf_prog_test_run_syscall,
 };
+
+#ifdef CONFIG_SYSCTL
+static int bpf_stats_handler(struct ctl_table *table, int write,
+			     void *buffer, size_t *lenp, loff_t *ppos)
+{
+	struct static_key *key = (struct static_key *)table->data;
+	static int saved_val;
+	int val, ret;
+	struct ctl_table tmp = {
+		.data   = &val,
+		.maxlen = sizeof(val),
+		.mode   = table->mode,
+		.extra1 = SYSCTL_ZERO,
+		.extra2 = SYSCTL_ONE,
+	};
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	mutex_lock(&bpf_stats_enabled_mutex);
+	val = saved_val;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret && val != saved_val) {
+		if (val)
+			static_key_slow_inc(key);
+		else
+			static_key_slow_dec(key);
+		saved_val = val;
+	}
+	mutex_unlock(&bpf_stats_enabled_mutex);
+	return ret;
+}
+
+static int bpf_unpriv_handler(struct ctl_table *table, int write,
+			      void *buffer, size_t *lenp, loff_t *ppos)
+{
+	int ret, unpriv_enable = *(int *)table->data;
+	bool locked_state = unpriv_enable == 1;
+	struct ctl_table tmp = *table;
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	tmp.data = &unpriv_enable;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret) {
+		if (locked_state && unpriv_enable != 1)
+			return -EPERM;
+		*(int *)table->data = unpriv_enable;
+	}
+	return ret;
+}
+
+static struct ctl_table bpf_syscall_table[] = {
+	{
+		.procname	= "unprivileged_bpf_disabled",
+		.data		= &sysctl_unprivileged_bpf_disabled,
+		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
+		.mode		= 0644,
+		.proc_handler	= bpf_unpriv_handler,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_TWO,
+	},
+	{
+		.procname	= "bpf_stats_enabled",
+		.data		= &bpf_stats_enabled_key.key,
+		.maxlen		= sizeof(bpf_stats_enabled_key),
+		.mode		= 0644,
+		.proc_handler	= bpf_stats_handler,
+	},
+	{ }
+};
+
+static int __init bpf_syscall_sysctl_init(void)
+{
+	register_sysctl_init("kernel", bpf_syscall_table);
+	return 0;
+}
+late_initcall(bpf_syscall_sysctl_init);
+#endif /* CONFIG_SYSCTL */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 22037f03cd2b..5ae905677eaf 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -139,59 +139,6 @@ static const int max_extfrag_threshold = 1000;
 
 #endif /* CONFIG_SYSCTL */
 
-#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL)
-static int bpf_stats_handler(struct ctl_table *table, int write,
-			     void *buffer, size_t *lenp, loff_t *ppos)
-{
-	struct static_key *key = (struct static_key *)table->data;
-	static int saved_val;
-	int val, ret;
-	struct ctl_table tmp = {
-		.data   = &val,
-		.maxlen = sizeof(val),
-		.mode   = table->mode,
-		.extra1 = SYSCTL_ZERO,
-		.extra2 = SYSCTL_ONE,
-	};
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	mutex_lock(&bpf_stats_enabled_mutex);
-	val = saved_val;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret && val != saved_val) {
-		if (val)
-			static_key_slow_inc(key);
-		else
-			static_key_slow_dec(key);
-		saved_val = val;
-	}
-	mutex_unlock(&bpf_stats_enabled_mutex);
-	return ret;
-}
-
-static int bpf_unpriv_handler(struct ctl_table *table, int write,
-			      void *buffer, size_t *lenp, loff_t *ppos)
-{
-	int ret, unpriv_enable = *(int *)table->data;
-	bool locked_state = unpriv_enable == 1;
-	struct ctl_table tmp = *table;
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	tmp.data = &unpriv_enable;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret) {
-		if (locked_state && unpriv_enable != 1)
-			return -EPERM;
-		*(int *)table->data = unpriv_enable;
-	}
-	return ret;
-}
-#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */
-
 /*
  * /proc/sys support
  */
@@ -2125,24 +2072,6 @@ static struct ctl_table kern_table[] = {
 		.extra2		= SYSCTL_ONE,
 	},
 #endif
-#ifdef CONFIG_BPF_SYSCALL
-	{
-		.procname	= "unprivileged_bpf_disabled",
-		.data		= &sysctl_unprivileged_bpf_disabled,
-		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
-		.mode		= 0644,
-		.proc_handler	= bpf_unpriv_handler,
-		.extra1		= SYSCTL_ZERO,
-		.extra2		= SYSCTL_TWO,
-	},
-	{
-		.procname	= "bpf_stats_enabled",
-		.data		= &bpf_stats_enabled_key.key,
-		.maxlen		= sizeof(bpf_stats_enabled_key),
-		.mode		= 0644,
-		.proc_handler	= bpf_stats_handler,
-	},
-#endif
 #if defined(CONFIG_TREE_RCU)
 	{
 		.procname	= "panic_on_rcu_stall",
-- 
2.12.3

Re: [PATCH] bpf: move the bpf syscall sysctl table to its own module

[Luis Chamberlain]

On Wed, Feb 23, 2022 at 09:35:29AM +0800, Yan Zhu wrote:
> Sysctl table is easier to read under its own module.

Hey Yan, thanks for you patch!

This does not explain how this is being to help with maitenance as
otherwise this makes kernel/sysctl.c hard to maintain and we also
tend to get many conflicts. It also does not explain how all the
filesystem sysctls are not gone and that this is just the next step,
moving slowly the rest of the sysctls. Explaining this in the commit
log will help patch review and subsystem maintainers understand the
conext / logic behind the move.

> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

I'd be more than happy to take this if bpf folks Ack. To avoid conflicts
I can route this through sysctl-next which is put forward in particular
to avoid conflicts across trees for this effort. Let me know.

 Luis

Re: [PATCH] bpf: move the bpf syscall sysctl table to its own module

[Matthew Wilcox]

On Wed, Feb 23, 2022 at 09:35:29AM +0800, Yan Zhu wrote:
> +static struct ctl_table bpf_syscall_table[] = {
> +	{
> +		.procname	= "unprivileged_bpf_disabled",
> +		.data		= &sysctl_unprivileged_bpf_disabled,
> +		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
> +		.mode		= 0644,
> +		.proc_handler	= bpf_unpriv_handler,
> +		.extra1		= SYSCTL_ZERO,
> +		.extra2		= SYSCTL_TWO,
> +	},
> +	{
> +		.procname	= "bpf_stats_enabled",
> +		.data		= &bpf_stats_enabled_key.key,
> +		.maxlen		= sizeof(bpf_stats_enabled_key),
> +		.mode		= 0644,
> +		.proc_handler	= bpf_stats_handler,
> +	},
> +	{ }
> +};

No progress towards a counted array instead of a NULL terminated one?

Re: [PATCH] bpf: move the bpf syscall sysctl table to its own module

[Alexei Starovoitov]

On Tue, Feb 22, 2022 at 5:35 PM Yan Zhu <zhuyan34@huawei.com> wrote:
>
> Sysctl table is easier to read under its own module.

"own module"?
What are you talking about?
It's not "easier to read" and looks like a pointless churn.

> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> ---
>  kernel/bpf/syscall.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  kernel/sysctl.c      | 71 ----------------------------------------------
>  2 files changed, 80 insertions(+), 71 deletions(-)

Re: [PATCH] bpf: move the bpf syscall sysctl table to its own module

[Yan Zhu]

On Tue, Feb 22, 2022 at 9:06 PM Alexei Starovoitov wrote:
> On Tue, Feb 22, 2022 at 5:35 PM Yan Zhu <zhuyan34@huawei.com> wrote:
> >
> > Sysctl table is easier to read under its own module.
> 
> "own module"?
> What are you talking about?
I'm sorry I didn't express it clearly. The meaning here is that
the code of bpf syscall sysctl is moved to the bpf module

I will fix it in v2 patch.

> It's not "easier to read" and looks like a pointless churn.

[PATCH v2 sysctl-next] bpf: move the bpf syscall sysctl table to bpf module

[Yan Zhu]

Aggregating the code of the feature in the code file of the feature
itself can improve readability and reduce merge conflicts. So move
the bpf syscall sysctl table to kernel/bpf/syscall.c

Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

---
v1->v2:
  1.Added patch branch identifier sysctl-next.
  2.Re-describe the reason for the patch submission.
---
 kernel/bpf/syscall.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 kernel/sysctl.c      | 71 ----------------------------------------------
 2 files changed, 80 insertions(+), 71 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 35646db3d950..50f85b47d478 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4888,3 +4888,83 @@ const struct bpf_verifier_ops bpf_syscall_verifier_ops = {
 const struct bpf_prog_ops bpf_syscall_prog_ops = {
 	.test_run = bpf_prog_test_run_syscall,
 };
+
+#ifdef CONFIG_SYSCTL
+static int bpf_stats_handler(struct ctl_table *table, int write,
+			     void *buffer, size_t *lenp, loff_t *ppos)
+{
+	struct static_key *key = (struct static_key *)table->data;
+	static int saved_val;
+	int val, ret;
+	struct ctl_table tmp = {
+		.data   = &val,
+		.maxlen = sizeof(val),
+		.mode   = table->mode,
+		.extra1 = SYSCTL_ZERO,
+		.extra2 = SYSCTL_ONE,
+	};
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	mutex_lock(&bpf_stats_enabled_mutex);
+	val = saved_val;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret && val != saved_val) {
+		if (val)
+			static_key_slow_inc(key);
+		else
+			static_key_slow_dec(key);
+		saved_val = val;
+	}
+	mutex_unlock(&bpf_stats_enabled_mutex);
+	return ret;
+}
+
+static int bpf_unpriv_handler(struct ctl_table *table, int write,
+			      void *buffer, size_t *lenp, loff_t *ppos)
+{
+	int ret, unpriv_enable = *(int *)table->data;
+	bool locked_state = unpriv_enable == 1;
+	struct ctl_table tmp = *table;
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	tmp.data = &unpriv_enable;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret) {
+		if (locked_state && unpriv_enable != 1)
+			return -EPERM;
+		*(int *)table->data = unpriv_enable;
+	}
+	return ret;
+}
+
+static struct ctl_table bpf_syscall_table[] = {
+	{
+		.procname	= "unprivileged_bpf_disabled",
+		.data		= &sysctl_unprivileged_bpf_disabled,
+		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
+		.mode		= 0644,
+		.proc_handler	= bpf_unpriv_handler,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_TWO,
+	},
+	{
+		.procname	= "bpf_stats_enabled",
+		.data		= &bpf_stats_enabled_key.key,
+		.maxlen		= sizeof(bpf_stats_enabled_key),
+		.mode		= 0644,
+		.proc_handler	= bpf_stats_handler,
+	},
+	{ }
+};
+
+static int __init bpf_syscall_sysctl_init(void)
+{
+	register_sysctl_init("kernel", bpf_syscall_table);
+	return 0;
+}
+late_initcall(bpf_syscall_sysctl_init);
+#endif /* CONFIG_SYSCTL */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ae5e59396b5d..c64db3755d9c 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -146,59 +146,6 @@ static const int max_extfrag_threshold = 1000;
 
 #endif /* CONFIG_SYSCTL */
 
-#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL)
-static int bpf_stats_handler(struct ctl_table *table, int write,
-			     void *buffer, size_t *lenp, loff_t *ppos)
-{
-	struct static_key *key = (struct static_key *)table->data;
-	static int saved_val;
-	int val, ret;
-	struct ctl_table tmp = {
-		.data   = &val,
-		.maxlen = sizeof(val),
-		.mode   = table->mode,
-		.extra1 = SYSCTL_ZERO,
-		.extra2 = SYSCTL_ONE,
-	};
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	mutex_lock(&bpf_stats_enabled_mutex);
-	val = saved_val;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret && val != saved_val) {
-		if (val)
-			static_key_slow_inc(key);
-		else
-			static_key_slow_dec(key);
-		saved_val = val;
-	}
-	mutex_unlock(&bpf_stats_enabled_mutex);
-	return ret;
-}
-
-static int bpf_unpriv_handler(struct ctl_table *table, int write,
-			      void *buffer, size_t *lenp, loff_t *ppos)
-{
-	int ret, unpriv_enable = *(int *)table->data;
-	bool locked_state = unpriv_enable == 1;
-	struct ctl_table tmp = *table;
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	tmp.data = &unpriv_enable;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret) {
-		if (locked_state && unpriv_enable != 1)
-			return -EPERM;
-		*(int *)table->data = unpriv_enable;
-	}
-	return ret;
-}
-#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */
-
 /*
  * /proc/sys support
  */
@@ -2188,24 +2135,6 @@ static struct ctl_table kern_table[] = {
 		.extra2		= SYSCTL_ONE,
 	},
 #endif
-#ifdef CONFIG_BPF_SYSCALL
-	{
-		.procname	= "unprivileged_bpf_disabled",
-		.data		= &sysctl_unprivileged_bpf_disabled,
-		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
-		.mode		= 0644,
-		.proc_handler	= bpf_unpriv_handler,
-		.extra1		= SYSCTL_ZERO,
-		.extra2		= SYSCTL_TWO,
-	},
-	{
-		.procname	= "bpf_stats_enabled",
-		.data		= &bpf_stats_enabled_key.key,
-		.maxlen		= sizeof(bpf_stats_enabled_key),
-		.mode		= 0644,
-		.proc_handler	= bpf_stats_handler,
-	},
-#endif
 #if defined(CONFIG_TREE_RCU)
 	{
 		.procname	= "panic_on_rcu_stall",
-- 
2.12.3

Re: [PATCH v2 sysctl-next] bpf: move the bpf syscall sysctl table to bpf module

[Daniel Borkmann]

Hi Yan,

On 2/23/22 11:28 AM, Yan Zhu wrote:
> Aggregating the code of the feature in the code file of the feature
> itself can improve readability and reduce merge conflicts. So move
> the bpf syscall sysctl table to kernel/bpf/syscall.c
> 
> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> 
> ---
> v1->v2:
>    1.Added patch branch identifier sysctl-next.
>    2.Re-describe the reason for the patch submission.

I'm not applying it given there is very little value in this change, see also what
has been said earlier:

https://lore.kernel.org/bpf/CAADnVQKmBoQEG1+nmrCg2ePVncn9rZJX9R4eucP9ULiY=xVGjQ@mail.gmail.com/

Thanks,
Daniel

Re: [PATCH v2 sysctl-next] bpf: move the bpf syscall sysctl table to bpf module

[Luis Chamberlain]

On Mon, Feb 28, 2022 at 04:53:44PM +0100, Daniel Borkmann wrote:
> Hi Yan,
> 
> On 2/23/22 11:28 AM, Yan Zhu wrote:
> > Aggregating the code of the feature in the code file of the feature
> > itself can improve readability and reduce merge conflicts. So move
> > the bpf syscall sysctl table to kernel/bpf/syscall.c
> > 
> > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> > 
> > ---
> > v1->v2:
> >    1.Added patch branch identifier sysctl-next.
> >    2.Re-describe the reason for the patch submission.
> 
> I'm not applying it given there is very little value in this change, see also what
> has been said earlier:
> 
> https://lore.kernel.org/bpf/CAADnVQKmBoQEG1+nmrCg2ePVncn9rZJX9R4eucP9ULiY=xVGjQ@mail.gmail.com/

Daniel,

sorry folk are seing you patches with crap commit logs. The
justification should be made clearer: we're moving sysctls out of
kernel/sysctl.c as its a mess. I already moved all filesystem sysctls
out. And with time the goal is to move all sysctls out to their own
susbsystem/actual user.

kernel/sysctl.c has grown to an insane mess and its easy to run
into conflicts with it. The effort to move them out is part of this.

The commit logs should not suck though...

  Luis

Re: [PATCH v2 sysctl-next] bpf: move the bpf syscall sysctl table to bpf module

[Yan Zhu]

Mon, 28 Feb 2022 15:41:40 -0800, Luis Chamberlain wrote:
> On Mon, Feb 28, 2022 at 04:53:44PM +0100, Daniel Borkmann wrote:
> > Hi Yan,
> > 
> > On 2/23/22 11:28 AM, Yan Zhu wrote:
> > > Aggregating the code of the feature in the code file of the feature
> > > itself can improve readability and reduce merge conflicts. So move
> > > the bpf syscall sysctl table to kernel/bpf/syscall.c
> > > 
> > > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> > > 
> > > ---
> > > v1->v2:
> > >    1.Added patch branch identifier sysctl-next.
> > >    2.Re-describe the reason for the patch submission.
> > 
> > I'm not applying it given there is very little value in this change, see also what
> > has been said earlier:
> > 
> > https://lore.kernel.org/bpf/CAADnVQKmBoQEG1+nmrCg2ePVncn9rZJX9R4eucP9ULiY=xVGjQ@mail.gmail.com/
> 
> Daniel,
> 
> sorry folk are seing you patches with crap commit logs. The
> justification should be made clearer: we're moving sysctls out of
> kernel/sysctl.c as its a mess. I already moved all filesystem sysctls
> out. And with time the goal is to move all sysctls out to their own
> susbsystem/actual user.
> kernel/sysctl.c has grown to an insane mess and its easy to run
> into conflicts with it. The effort to move them out is part of this.
Luis,

Thanks for the suggestion, I will use it as my patch from the commit
message to be able to clearly describe the purpose of the patch.

> The commit logs should not suck though...

[PATCH v3 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Yan Zhu]

We're moving sysctls out of kernel/sysctl.c as its a mess. We
already moved all filesystem sysctls out. And with time the goal is
to move all sysctls out to their own susbsystem/actual user.

kernel/sysctl.c has grown to an insane mess and its easy to run
into conflicts with it. The effort to move them out is part of this.

Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

---
v1->v2:
  1.Added patch branch identifier sysctl-next.
  2.Re-describe the reason for the patch submission.

v2->v3:
  Re-describe the reason for the patch submission.
---
 kernel/bpf/syscall.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 kernel/sysctl.c      | 71 ----------------------------------------------
 2 files changed, 80 insertions(+), 71 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 35646db3d950..50f85b47d478 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4888,3 +4888,83 @@ const struct bpf_verifier_ops bpf_syscall_verifier_ops = {
 const struct bpf_prog_ops bpf_syscall_prog_ops = {
 	.test_run = bpf_prog_test_run_syscall,
 };
+
+#ifdef CONFIG_SYSCTL
+static int bpf_stats_handler(struct ctl_table *table, int write,
+			     void *buffer, size_t *lenp, loff_t *ppos)
+{
+	struct static_key *key = (struct static_key *)table->data;
+	static int saved_val;
+	int val, ret;
+	struct ctl_table tmp = {
+		.data   = &val,
+		.maxlen = sizeof(val),
+		.mode   = table->mode,
+		.extra1 = SYSCTL_ZERO,
+		.extra2 = SYSCTL_ONE,
+	};
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	mutex_lock(&bpf_stats_enabled_mutex);
+	val = saved_val;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret && val != saved_val) {
+		if (val)
+			static_key_slow_inc(key);
+		else
+			static_key_slow_dec(key);
+		saved_val = val;
+	}
+	mutex_unlock(&bpf_stats_enabled_mutex);
+	return ret;
+}
+
+static int bpf_unpriv_handler(struct ctl_table *table, int write,
+			      void *buffer, size_t *lenp, loff_t *ppos)
+{
+	int ret, unpriv_enable = *(int *)table->data;
+	bool locked_state = unpriv_enable == 1;
+	struct ctl_table tmp = *table;
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	tmp.data = &unpriv_enable;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret) {
+		if (locked_state && unpriv_enable != 1)
+			return -EPERM;
+		*(int *)table->data = unpriv_enable;
+	}
+	return ret;
+}
+
+static struct ctl_table bpf_syscall_table[] = {
+	{
+		.procname	= "unprivileged_bpf_disabled",
+		.data		= &sysctl_unprivileged_bpf_disabled,
+		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
+		.mode		= 0644,
+		.proc_handler	= bpf_unpriv_handler,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_TWO,
+	},
+	{
+		.procname	= "bpf_stats_enabled",
+		.data		= &bpf_stats_enabled_key.key,
+		.maxlen		= sizeof(bpf_stats_enabled_key),
+		.mode		= 0644,
+		.proc_handler	= bpf_stats_handler,
+	},
+	{ }
+};
+
+static int __init bpf_syscall_sysctl_init(void)
+{
+	register_sysctl_init("kernel", bpf_syscall_table);
+	return 0;
+}
+late_initcall(bpf_syscall_sysctl_init);
+#endif /* CONFIG_SYSCTL */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ae5e59396b5d..c64db3755d9c 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -146,59 +146,6 @@ static const int max_extfrag_threshold = 1000;
 
 #endif /* CONFIG_SYSCTL */
 
-#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL)
-static int bpf_stats_handler(struct ctl_table *table, int write,
-			     void *buffer, size_t *lenp, loff_t *ppos)
-{
-	struct static_key *key = (struct static_key *)table->data;
-	static int saved_val;
-	int val, ret;
-	struct ctl_table tmp = {
-		.data   = &val,
-		.maxlen = sizeof(val),
-		.mode   = table->mode,
-		.extra1 = SYSCTL_ZERO,
-		.extra2 = SYSCTL_ONE,
-	};
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	mutex_lock(&bpf_stats_enabled_mutex);
-	val = saved_val;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret && val != saved_val) {
-		if (val)
-			static_key_slow_inc(key);
-		else
-			static_key_slow_dec(key);
-		saved_val = val;
-	}
-	mutex_unlock(&bpf_stats_enabled_mutex);
-	return ret;
-}
-
-static int bpf_unpriv_handler(struct ctl_table *table, int write,
-			      void *buffer, size_t *lenp, loff_t *ppos)
-{
-	int ret, unpriv_enable = *(int *)table->data;
-	bool locked_state = unpriv_enable == 1;
-	struct ctl_table tmp = *table;
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	tmp.data = &unpriv_enable;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret) {
-		if (locked_state && unpriv_enable != 1)
-			return -EPERM;
-		*(int *)table->data = unpriv_enable;
-	}
-	return ret;
-}
-#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */
-
 /*
  * /proc/sys support
  */
@@ -2188,24 +2135,6 @@ static struct ctl_table kern_table[] = {
 		.extra2		= SYSCTL_ONE,
 	},
 #endif
-#ifdef CONFIG_BPF_SYSCALL
-	{
-		.procname	= "unprivileged_bpf_disabled",
-		.data		= &sysctl_unprivileged_bpf_disabled,
-		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
-		.mode		= 0644,
-		.proc_handler	= bpf_unpriv_handler,
-		.extra1		= SYSCTL_ZERO,
-		.extra2		= SYSCTL_TWO,
-	},
-	{
-		.procname	= "bpf_stats_enabled",
-		.data		= &bpf_stats_enabled_key.key,
-		.maxlen		= sizeof(bpf_stats_enabled_key),
-		.mode		= 0644,
-		.proc_handler	= bpf_stats_handler,
-	},
-#endif
 #if defined(CONFIG_TREE_RCU)
 	{
 		.procname	= "panic_on_rcu_stall",
-- 
2.12.3

Re: [PATCH v3 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Luis Chamberlain]

On Wed, Mar 02, 2022 at 10:04:12AM +0800, Yan Zhu wrote:
> We're moving sysctls out of kernel/sysctl.c as its a mess. We
> already moved all filesystem sysctls out. And with time the goal is
> to move all sysctls out to their own susbsystem/actual user.
> 
> kernel/sysctl.c has grown to an insane mess and its easy to run
> into conflicts with it. The effort to move them out is part of this.
> 
> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

Daniel, let me know if this makes more sense now, and if so I can
offer take it through sysctl-next to avoid conflicts more sysctl knobs
get moved out from kernel/sysctl.c.

  Luis

Re: [PATCH v3 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Daniel Borkmann]

On 3/2/22 9:39 PM, Luis Chamberlain wrote:
> On Wed, Mar 02, 2022 at 10:04:12AM +0800, Yan Zhu wrote:
>> We're moving sysctls out of kernel/sysctl.c as its a mess. We
>> already moved all filesystem sysctls out. And with time the goal is
>> to move all sysctls out to their own susbsystem/actual user.
>>
>> kernel/sysctl.c has grown to an insane mess and its easy to run
>> into conflicts with it. The effort to move them out is part of this.
>>
>> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> 
> Daniel, let me know if this makes more sense now, and if so I can
> offer take it through sysctl-next to avoid conflicts more sysctl knobs
> get moved out from kernel/sysctl.c.

If this is a whole ongoing effort rather than drive-by patch, then it's
fine with me. Btw, the patch itself should also drop the linux/bpf.h
include from kernel/sysctl.c since nothing else is using it after the
patch.

Btw, related to cleanups.. historically, we have a bunch of other knobs
for BPF under net (in net_core_table), that is:

   /proc/sys/net/core/bpf_jit_enable
   /proc/sys/net/core/bpf_jit_harden
   /proc/sys/net/core/bpf_jit_kallsyms
   /proc/sys/net/core/bpf_jit_limit

Would be nice to consolidate all under e.g. /proc/sys/kernel/bpf_* for
future going forward, and technically, they should be usable also w/o
net configured into kernel. Is there infra to point the sysctl knobs
e.g. under net/core/ to kernel/, or best way would be to have single
struct ctl_table and register for both?

Cheers,
Daniel

Re: [PATCH v3 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Luis Chamberlain]

On Fri, Mar 04, 2022 at 12:44:48AM +0100, Daniel Borkmann wrote:
> On 3/2/22 9:39 PM, Luis Chamberlain wrote:
> > On Wed, Mar 02, 2022 at 10:04:12AM +0800, Yan Zhu wrote:
> > > We're moving sysctls out of kernel/sysctl.c as its a mess. We
> > > already moved all filesystem sysctls out. And with time the goal is
> > > to move all sysctls out to their own susbsystem/actual user.
> > > 
> > > kernel/sysctl.c has grown to an insane mess and its easy to run
> > > into conflicts with it. The effort to move them out is part of this.
> > > 
> > > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> > 
> > Daniel, let me know if this makes more sense now, and if so I can
> > offer take it through sysctl-next to avoid conflicts more sysctl knobs
> > get moved out from kernel/sysctl.c.
> 
> If this is a whole ongoing effort rather than drive-by patch,

It is ongoing effort, but it will take many releases before we tidy
this whole thing up.

> then it's
> fine with me. 

OK great. Thanks for understanding the mess.

> Btw, the patch itself should also drop the linux/bpf.h
> include from kernel/sysctl.c since nothing else is using it after the
> patch.

I'll let Yan deal with that.

> Btw, related to cleanups.. historically, we have a bunch of other knobs
> for BPF under net (in net_core_table), that is:
> 
>   /proc/sys/net/core/bpf_jit_enable
>   /proc/sys/net/core/bpf_jit_harden
>   /proc/sys/net/core/bpf_jit_kallsyms
>   /proc/sys/net/core/bpf_jit_limit
> 
> Would be nice to consolidate all under e.g. /proc/sys/kernel/bpf_* for

Oh the actual "name" / directory location is not changing.
What changes is just where in code you declare them.

> future going forward, and technically, they should be usable also w/o
> net configured into kernel.

That's up to you, and just consider if you have scrupts using these
already. You may need backward compatibility. You don't need networking
to create the net directory for sysctls too. The first sysctl to create
the directory creates it, if its not created, it will be created.

> Is there infra to point the sysctl knobs
> e.g. under net/core/ to kernel/, or best way would be to have single
> struct ctl_table and register for both?

Try proc_symlink().

  Luis

Re: [PATCH v3 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Luis Chamberlain]

On Thu, Mar 03, 2022 at 04:23:26PM -0800, Luis Chamberlain wrote:
> On Fri, Mar 04, 2022 at 12:44:48AM +0100, Daniel Borkmann wrote:
> > On 3/2/22 9:39 PM, Luis Chamberlain wrote:
> > > On Wed, Mar 02, 2022 at 10:04:12AM +0800, Yan Zhu wrote:
> > > > We're moving sysctls out of kernel/sysctl.c as its a mess. We
> > > > already moved all filesystem sysctls out. And with time the goal is
> > > > to move all sysctls out to their own susbsystem/actual user.
> > > > 
> > > > kernel/sysctl.c has grown to an insane mess and its easy to run
> > > > into conflicts with it. The effort to move them out is part of this.
> > > > 
> > > > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> > > 
> > > Daniel, let me know if this makes more sense now, and if so I can
> > > offer take it through sysctl-next to avoid conflicts more sysctl knobs
> > > get moved out from kernel/sysctl.c.
> > 
> > If this is a whole ongoing effort rather than drive-by patch,
> 
> It is ongoing effort, but it will take many releases before we tidy
> this whole thing up.
> 
> > then it's
> > fine with me. 
> 
> OK great. Thanks for understanding the mess.
> 
> > Btw, the patch itself should also drop the linux/bpf.h
> > include from kernel/sysctl.c since nothing else is using it after the
> > patch.
> 
> I'll let Yan deal with that.

Yan, feel free to resubmit based on sysctl-next [0].

[0] https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git/log/?h=sysctl-next

  Luis

[PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Yan Zhu]

We're moving sysctls out of kernel/sysctl.c as its a mess. We
already moved all filesystem sysctls out. And with time the goal is
to move all sysctls out to their own subsystem/actual user.

kernel/sysctl.c has grown to an insane mess and its easy to run
into conflicts with it. The effort to move them out is part of this.

Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

---
v1->v2:
  1.Added patch branch identifier sysctl-next.
  2.Re-describe the reason for the patch submission.

v2->v3:
  Re-describe the reason for the patch submission.

v3->v4:
  1.Remove '#include <linux/bpf.h>' in kernel/sysctl.c
  2.re-adaptive the patch
---
 kernel/bpf/syscall.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 kernel/sysctl.c      | 79 -----------------------------------------------
 2 files changed, 87 insertions(+), 79 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index cdaa1152436a..e9621cfa09f2 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4908,3 +4908,90 @@ const struct bpf_verifier_ops bpf_syscall_verifier_ops = {
 const struct bpf_prog_ops bpf_syscall_prog_ops = {
 	.test_run = bpf_prog_test_run_syscall,
 };
+
+#ifdef CONFIG_SYSCTL
+static int bpf_stats_handler(struct ctl_table *table, int write,
+			     void *buffer, size_t *lenp, loff_t *ppos)
+{
+	struct static_key *key = (struct static_key *)table->data;
+	static int saved_val;
+	int val, ret;
+	struct ctl_table tmp = {
+		.data   = &val,
+		.maxlen = sizeof(val),
+		.mode   = table->mode,
+		.extra1 = SYSCTL_ZERO,
+		.extra2 = SYSCTL_ONE,
+	};
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	mutex_lock(&bpf_stats_enabled_mutex);
+	val = saved_val;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret && val != saved_val) {
+		if (val)
+			static_key_slow_inc(key);
+		else
+			static_key_slow_dec(key);
+		saved_val = val;
+	}
+	mutex_unlock(&bpf_stats_enabled_mutex);
+	return ret;
+}
+
+void __weak unpriv_ebpf_notify(int new_state)
+{
+}
+
+static int bpf_unpriv_handler(struct ctl_table *table, int write,
+			      void *buffer, size_t *lenp, loff_t *ppos)
+{
+	int ret, unpriv_enable = *(int *)table->data;
+	bool locked_state = unpriv_enable == 1;
+	struct ctl_table tmp = *table;
+
+	if (write && !capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
+	tmp.data = &unpriv_enable;
+	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+	if (write && !ret) {
+		if (locked_state && unpriv_enable != 1)
+			return -EPERM;
+		*(int *)table->data = unpriv_enable;
+	}
+
+	unpriv_ebpf_notify(unpriv_enable);
+
+	return ret;
+}
+
+static struct ctl_table bpf_syscall_table[] = {
+	{
+		.procname	= "unprivileged_bpf_disabled",
+		.data		= &sysctl_unprivileged_bpf_disabled,
+		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
+		.mode		= 0644,
+		.proc_handler	= bpf_unpriv_handler,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_TWO,
+	},
+	{
+		.procname	= "bpf_stats_enabled",
+		.data		= &bpf_stats_enabled_key.key,
+		.maxlen		= sizeof(bpf_stats_enabled_key),
+		.mode		= 0644,
+		.proc_handler	= bpf_stats_handler,
+	},
+	{ }
+};
+
+static int __init bpf_syscall_sysctl_init(void)
+{
+	register_sysctl_init("kernel", bpf_syscall_table);
+	return 0;
+}
+late_initcall(bpf_syscall_sysctl_init);
+#endif /* CONFIG_SYSCTL */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 21172d3dad6e..c0fdf465a93d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -62,7 +62,6 @@
 #include <linux/binfmts.h>
 #include <linux/sched/sysctl.h>
 #include <linux/kexec.h>
-#include <linux/bpf.h>
 #include <linux/mount.h>
 #include <linux/userfaultfd_k.h>
 #include <linux/latencytop.h>
@@ -139,66 +138,6 @@ static const int max_extfrag_threshold = 1000;
 
 #endif /* CONFIG_SYSCTL */
 
-#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_SYSCTL)
-static int bpf_stats_handler(struct ctl_table *table, int write,
-			     void *buffer, size_t *lenp, loff_t *ppos)
-{
-	struct static_key *key = (struct static_key *)table->data;
-	static int saved_val;
-	int val, ret;
-	struct ctl_table tmp = {
-		.data   = &val,
-		.maxlen = sizeof(val),
-		.mode   = table->mode,
-		.extra1 = SYSCTL_ZERO,
-		.extra2 = SYSCTL_ONE,
-	};
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	mutex_lock(&bpf_stats_enabled_mutex);
-	val = saved_val;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret && val != saved_val) {
-		if (val)
-			static_key_slow_inc(key);
-		else
-			static_key_slow_dec(key);
-		saved_val = val;
-	}
-	mutex_unlock(&bpf_stats_enabled_mutex);
-	return ret;
-}
-
-void __weak unpriv_ebpf_notify(int new_state)
-{
-}
-
-static int bpf_unpriv_handler(struct ctl_table *table, int write,
-			      void *buffer, size_t *lenp, loff_t *ppos)
-{
-	int ret, unpriv_enable = *(int *)table->data;
-	bool locked_state = unpriv_enable == 1;
-	struct ctl_table tmp = *table;
-
-	if (write && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
-	tmp.data = &unpriv_enable;
-	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-	if (write && !ret) {
-		if (locked_state && unpriv_enable != 1)
-			return -EPERM;
-		*(int *)table->data = unpriv_enable;
-	}
-
-	unpriv_ebpf_notify(unpriv_enable);
-
-	return ret;
-}
-#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */
-
 /*
  * /proc/sys support
  */
@@ -2112,24 +2051,6 @@ static struct ctl_table kern_table[] = {
 		.extra2		= SYSCTL_ONE,
 	},
 #endif
-#ifdef CONFIG_BPF_SYSCALL
-	{
-		.procname	= "unprivileged_bpf_disabled",
-		.data		= &sysctl_unprivileged_bpf_disabled,
-		.maxlen		= sizeof(sysctl_unprivileged_bpf_disabled),
-		.mode		= 0644,
-		.proc_handler	= bpf_unpriv_handler,
-		.extra1		= SYSCTL_ZERO,
-		.extra2		= SYSCTL_TWO,
-	},
-	{
-		.procname	= "bpf_stats_enabled",
-		.data		= &bpf_stats_enabled_key.key,
-		.maxlen		= sizeof(bpf_stats_enabled_key),
-		.mode		= 0644,
-		.proc_handler	= bpf_stats_handler,
-	},
-#endif
 #if defined(CONFIG_TREE_RCU)
 	{
 		.procname	= "panic_on_rcu_stall",
-- 
2.12.3

Re: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Daniel Borkmann]

On 4/7/22 9:07 AM, Yan Zhu wrote:
> We're moving sysctls out of kernel/sysctl.c as its a mess. We
> already moved all filesystem sysctls out. And with time the goal is
> to move all sysctls out to their own subsystem/actual user.
> 
> kernel/sysctl.c has grown to an insane mess and its easy to run
> into conflicts with it. The effort to move them out is part of this.
> 
> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>

Acked-by: Daniel Borkmann <daniel@iogearbox.net>

Given the desire is to route this via sysctl-next and we're not shortly
before but after the merge win, could we get a feature branch for bpf-next
to pull from to avoid conflicts with ongoing development cycle?

Thanks,
Daniel

Re: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Luis Chamberlain]

On Wed, Apr 13, 2022 at 04:45:00PM +0200, Daniel Borkmann wrote:
> On 4/7/22 9:07 AM, Yan Zhu wrote:
> > We're moving sysctls out of kernel/sysctl.c as its a mess. We
> > already moved all filesystem sysctls out. And with time the goal is
> > to move all sysctls out to their own subsystem/actual user.
> > 
> > kernel/sysctl.c has grown to an insane mess and its easy to run
> > into conflicts with it. The effort to move them out is part of this.
> > 
> > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> 
> Acked-by: Daniel Borkmann <daniel@iogearbox.net>
> 
> Given the desire is to route this via sysctl-next and we're not shortly
> before but after the merge win, could we get a feature branch for bpf-next
> to pull from to avoid conflicts with ongoing development cycle?

Sure thing. So I've never done this sort of thing, so forgive me for
being new at it. Would it make sense to merge this change to sysctl-next
as-is today and put a frozen branch sysclt-next-bpf to reflect this,
which bpf-next can merge. And then sysctl-next just continues to chug on
its own? As-is my goal is to keep sysctl-next as immutable as well.

Or is there a better approach you can recommend?

  Luis

Re: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Daniel Borkmann]

On 4/13/22 9:00 PM, Luis Chamberlain wrote:
> On Wed, Apr 13, 2022 at 04:45:00PM +0200, Daniel Borkmann wrote:
>> On 4/7/22 9:07 AM, Yan Zhu wrote:
>>> We're moving sysctls out of kernel/sysctl.c as its a mess. We
>>> already moved all filesystem sysctls out. And with time the goal is
>>> to move all sysctls out to their own subsystem/actual user.
>>>
>>> kernel/sysctl.c has grown to an insane mess and its easy to run
>>> into conflicts with it. The effort to move them out is part of this.
>>>
>>> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
>>
>> Acked-by: Daniel Borkmann <daniel@iogearbox.net>
>>
>> Given the desire is to route this via sysctl-next and we're not shortly
>> before but after the merge win, could we get a feature branch for bpf-next
>> to pull from to avoid conflicts with ongoing development cycle?
> 
> Sure thing. So I've never done this sort of thing, so forgive me for
> being new at it. Would it make sense to merge this change to sysctl-next
> as-is today and put a frozen branch sysclt-next-bpf to reflect this,
> which bpf-next can merge. And then sysctl-next just continues to chug on
> its own? As-is my goal is to keep sysctl-next as immutable as well.
> 
> Or is there a better approach you can recommend?

Are you able to merge the pr/bpf-sysctl branch into your sysctl-next tree?

   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/?h=pr/bpf-sysctl

This is based off common base for both trees (3123109284176b1532874591f7c81f3837bbdc17)
so should only pull in the single commit then.

Thanks,
Daniel

Re: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Luis Chamberlain]

On Wed, Apr 13, 2022 at 09:40:58PM +0200, Daniel Borkmann wrote:
> On 4/13/22 9:00 PM, Luis Chamberlain wrote:
> > On Wed, Apr 13, 2022 at 04:45:00PM +0200, Daniel Borkmann wrote:
> > > On 4/7/22 9:07 AM, Yan Zhu wrote:
> > > > We're moving sysctls out of kernel/sysctl.c as its a mess. We
> > > > already moved all filesystem sysctls out. And with time the goal is
> > > > to move all sysctls out to their own subsystem/actual user.
> > > > 
> > > > kernel/sysctl.c has grown to an insane mess and its easy to run
> > > > into conflicts with it. The effort to move them out is part of this.
> > > > 
> > > > Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
> > > 
> > > Acked-by: Daniel Borkmann <daniel@iogearbox.net>
> > > 
> > > Given the desire is to route this via sysctl-next and we're not shortly
> > > before but after the merge win, could we get a feature branch for bpf-next
> > > to pull from to avoid conflicts with ongoing development cycle?
> > 
> > Sure thing. So I've never done this sort of thing, so forgive me for
> > being new at it. Would it make sense to merge this change to sysctl-next
> > as-is today and put a frozen branch sysclt-next-bpf to reflect this,
> > which bpf-next can merge. And then sysctl-next just continues to chug on
> > its own? As-is my goal is to keep sysctl-next as immutable as well.
> > 
> > Or is there a better approach you can recommend?
> 
> Are you able to merge the pr/bpf-sysctl branch into your sysctl-next tree?
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/?h=pr/bpf-sysctl
> 
> This is based off common base for both trees (3123109284176b1532874591f7c81f3837bbdc17)
> so should only pull in the single commit then.

Yup. That worked just fine. I pushed it.

  Luis

Re: [PATCH v4 sysctl-next] bpf: move bpf sysctls from kernel/sysctl.c to bpf module

[Daniel Borkmann]

On 4/13/22 9:46 PM, Luis Chamberlain wrote:
> On Wed, Apr 13, 2022 at 09:40:58PM +0200, Daniel Borkmann wrote:
>> On 4/13/22 9:00 PM, Luis Chamberlain wrote:
>>> On Wed, Apr 13, 2022 at 04:45:00PM +0200, Daniel Borkmann wrote:
>>>> On 4/7/22 9:07 AM, Yan Zhu wrote:
>>>>> We're moving sysctls out of kernel/sysctl.c as its a mess. We
>>>>> already moved all filesystem sysctls out. And with time the goal is
>>>>> to move all sysctls out to their own subsystem/actual user.
>>>>>
>>>>> kernel/sysctl.c has grown to an insane mess and its easy to run
>>>>> into conflicts with it. The effort to move them out is part of this.
>>>>>
>>>>> Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
>>>>
>>>> Acked-by: Daniel Borkmann <daniel@iogearbox.net>
>>>>
>>>> Given the desire is to route this via sysctl-next and we're not shortly
>>>> before but after the merge win, could we get a feature branch for bpf-next
>>>> to pull from to avoid conflicts with ongoing development cycle?
>>>
>>> Sure thing. So I've never done this sort of thing, so forgive me for
>>> being new at it. Would it make sense to merge this change to sysctl-next
>>> as-is today and put a frozen branch sysclt-next-bpf to reflect this,
>>> which bpf-next can merge. And then sysctl-next just continues to chug on
>>> its own? As-is my goal is to keep sysctl-next as immutable as well.
>>>
>>> Or is there a better approach you can recommend?
>>
>> Are you able to merge the pr/bpf-sysctl branch into your sysctl-next tree?
>>
>>    https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/?h=pr/bpf-sysctl
>>
>> This is based off common base for both trees (3123109284176b1532874591f7c81f3837bbdc17)
>> so should only pull in the single commit then.
> 
> Yup. That worked just fine. I pushed it.

Great, thanks!

Re: [PATCH] bpf: move the bpf syscall sysctl table to its own module

[zhuyan (M)]

On Wed, Feb 23, 2022 at 09:42:00AM +0800, Luis Chamberlain wrote:
> On Wed, Feb 23, 2022 at 09:35:29AM +0800, Yan Zhu wrote:
> > Sysctl table is easier to read under its own module.
> 
> Hey Yan, thanks for you patch!
> 
> This does not explain how this is being to help with maitenance as otherwise this makes
> kernel/sysctl.c hard to maintain and we also tend to get many conflicts. It also does not
> explain how all the filesystem sysctls are not gone and that this is just the next step, 
> moving slowly the rest of the sysctls. Explaining this in the commit log will help patch
> review and subsystem maintainers understand the conext / logic behind the move.
> 
> I'd be more than happy to take this if bpf folks Ack. To avoid conflicts I can route this
> through sysctl-next which is put forward in particular to avoid conflicts across trees for
> this effort. Let me know.

Thank you for your reply. 

My patch is based on sysctl-next, sorry I forgot to identify it as a patch from the
sysctl-next branch. I will send the v2 patch later.