Re: [PATCH 6/6] sysctl: pass kernel pointers to ->proc_handler
From: Andrey Ignatov
Date: Fri Apr 17 2020 - 15:40:25 EST
Christoph Hellwig <hch@xxxxxx> [Thu, 2020-04-16 23:42 -0700]:
> Instead of having all the sysctl handlers deal with user pointers, which
> is rather hairy in terms of the BPF interaction, copy the input to and
> from userspace in common code. This also means that the strings are
> always NUL-terminated by the common code, making the API a little bit
> safer.
>
> As most handler just pass through the data to one of the common handlers
> a lot of the changes are mechnical.
Great cleanup Christoph!
This user pointer in proc_handler complicated sysctl BPF hook
implementation quite a lot in the past and I was not brave enough to
convert it to kernel pointer across the whole code base :)
Though it breaks tools/testing/selftests/bpf/test_sysctl.c. I spent some
time debugging and found a couple of problems -- see below. But there is
something else .. Still I figured it's a good idea to give an early
heads-up.
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> ---
> arch/arm64/kernel/armv8_deprecated.c | 2 +-
> arch/arm64/kernel/fpsimd.c | 3 +-
> arch/mips/lasat/sysctl.c | 13 +-
> arch/s390/appldata/appldata_base.c | 11 +-
> arch/s390/kernel/debug.c | 2 +-
> arch/s390/kernel/topology.c | 2 +-
> arch/s390/mm/cmm.c | 12 +-
> arch/x86/kernel/itmt.c | 3 +-
> drivers/cdrom/cdrom.c | 2 +-
> drivers/char/random.c | 2 +-
> drivers/macintosh/mac_hid.c | 3 +-
> drivers/parport/procfs.c | 39 ++--
> fs/dcache.c | 2 +-
> fs/drop_caches.c | 2 +-
> fs/file_table.c | 4 +-
> fs/fscache/main.c | 3 +-
> fs/inode.c | 2 +-
> fs/proc/proc_sysctl.c | 47 +++--
> fs/quota/dquot.c | 2 +-
> fs/xfs/xfs_sysctl.c | 4 +-
> include/linux/bpf-cgroup.h | 9 +-
> include/linux/compaction.h | 2 +-
> include/linux/fs.h | 6 +-
> include/linux/ftrace.h | 3 +-
> include/linux/hugetlb.h | 15 +-
> include/linux/kprobes.h | 2 +-
> include/linux/latencytop.h | 4 +-
> include/linux/mm.h | 12 +-
> include/linux/mmzone.h | 23 ++-
> include/linux/nmi.h | 15 +-
> include/linux/perf_event.h | 13 +-
> include/linux/printk.h | 2 +-
> include/linux/sched/sysctl.h | 44 ++---
> include/linux/security.h | 2 +-
> include/linux/sysctl.h | 53 +++---
> include/linux/timer.h | 3 +-
> include/linux/vmstat.h | 8 +-
> include/linux/writeback.h | 28 ++-
> ipc/ipc_sysctl.c | 10 +-
> ipc/mq_sysctl.c | 4 +-
> kernel/bpf/cgroup.c | 43 ++---
> kernel/events/callchain.c | 2 +-
> kernel/events/core.c | 6 +-
> kernel/kprobes.c | 2 +-
> kernel/latencytop.c | 4 +-
> kernel/pid_namespace.c | 2 +-
> kernel/printk/printk.c | 2 +-
> kernel/sched/core.c | 9 +-
> kernel/sched/fair.c | 3 +-
> kernel/sched/rt.c | 10 +-
> kernel/sched/topology.c | 2 +-
> kernel/seccomp.c | 2 +-
> kernel/sysctl.c | 239 +++++++++---------------
> kernel/time/timer.c | 3 +-
> kernel/trace/trace.c | 2 +-
> kernel/umh.c | 2 +-
> kernel/utsname_sysctl.c | 2 +-
> kernel/watchdog.c | 12 +-
> mm/compaction.c | 2 +-
> mm/hugetlb.c | 9 +-
> mm/page-writeback.c | 16 +-
> mm/page_alloc.c | 30 +--
> mm/util.c | 10 +-
> mm/vmstat.c | 4 +-
> net/bridge/br_netfilter_hooks.c | 2 +-
> net/core/neighbour.c | 28 ++-
> net/core/sysctl_net_core.c | 27 +--
> net/decnet/dn_dev.c | 7 +-
> net/decnet/sysctl_net_decnet.c | 27 +--
> net/ipv4/devinet.c | 9 +-
> net/ipv4/route.c | 3 +-
> net/ipv4/sysctl_net_ipv4.c | 38 ++--
> net/ipv6/addrconf.c | 33 ++--
> net/ipv6/ndisc.c | 3 +-
> net/ipv6/route.c | 5 +-
> net/ipv6/sysctl_net_ipv6.c | 3 +-
> net/mpls/af_mpls.c | 5 +-
> net/netfilter/ipvs/ip_vs_ctl.c | 6 +-
> net/netfilter/nf_conntrack_standalone.c | 2 +-
> net/netfilter/nf_log.c | 2 +-
> net/phonet/sysctl.c | 3 +-
> net/rds/tcp.c | 6 +-
> net/sctp/sysctl.c | 32 ++--
> net/sunrpc/sysctl.c | 29 ++-
> net/sunrpc/xprtrdma/svc_rdma.c | 7 +-
> security/apparmor/lsm.c | 2 +-
> security/min_addr.c | 2 +-
> security/yama/yama_lsm.c | 2 +-
> 88 files changed, 459 insertions(+), 660 deletions(-)
>
> diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
> index c19aa81ddc8c..7364de008bab 100644
> --- a/arch/arm64/kernel/armv8_deprecated.c
> +++ b/arch/arm64/kernel/armv8_deprecated.c
> @@ -203,7 +203,7 @@ static void __init register_insn_emulation(struct insn_emulation_ops *ops)
> }
>
> static int emulation_proc_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int ret = 0;
> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
> index 94289d126993..35cb5e66c504 100644
> --- a/arch/arm64/kernel/fpsimd.c
> +++ b/arch/arm64/kernel/fpsimd.c
> @@ -341,8 +341,7 @@ static unsigned int find_supported_vector_length(unsigned int vl)
> #ifdef CONFIG_SYSCTL
>
> static int sve_proc_do_default_vl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
> int vl = sve_default_vl;
> diff --git a/arch/mips/lasat/sysctl.c b/arch/mips/lasat/sysctl.c
> index e666fe26c50d..2119541a5b8b 100644
> --- a/arch/mips/lasat/sysctl.c
> +++ b/arch/mips/lasat/sysctl.c
> @@ -95,16 +95,15 @@ int proc_lasat_ip(struct ctl_table *table, int write,
> len = 0;
> p = buffer;
> while (len < *lenp) {
> - if (get_user(c, p++))
> - return -EFAULT;
> + c = *p;
> + p++;
> if (c == 0 || c == '\n')
> break;
> len++;
> }
> if (len >= sizeof(ipbuf)-1)
> len = sizeof(ipbuf) - 1;
> - if (copy_from_user(ipbuf, buffer, len))
> - return -EFAULT;
> + memcpy(ipbuf, buffer, len);
> ipbuf[len] = 0;
> *ppos += *lenp;
> /* Now see if we can convert it to a valid IP */
> @@ -122,11 +121,9 @@ int proc_lasat_ip(struct ctl_table *table, int write,
> if (len > *lenp)
> len = *lenp;
> if (len)
> - if (copy_to_user(buffer, ipbuf, len))
> - return -EFAULT;
> + memcpy(buffer, ipbuf, len);
> if (len < *lenp) {
> - if (put_user('\n', ((char *) buffer) + len))
> - return -EFAULT;
> + *((char *)buffer + len) = '\n';
> len++;
> }
> *lenp = len;
> diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/appldata_base.c
> index aa738cad1338..d74a4c7d5df6 100644
> --- a/arch/s390/appldata/appldata_base.c
> +++ b/arch/s390/appldata/appldata_base.c
> @@ -51,10 +51,9 @@ static struct platform_device *appldata_pdev;
> */
> static const char appldata_proc_name[APPLDATA_PROC_NAME_LENGTH] = "appldata";
> static int appldata_timer_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> static int appldata_interval_handler(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
>
> static struct ctl_table_header *appldata_sysctl_header;
> static struct ctl_table appldata_table[] = {
> @@ -217,7 +216,7 @@ static void __appldata_vtimer_setup(int cmd)
> */
> static int
> appldata_timer_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int timer_active = appldata_timer_active;
> int rc;
> @@ -250,7 +249,7 @@ appldata_timer_handler(struct ctl_table *ctl, int write,
> */
> static int
> appldata_interval_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int interval = appldata_interval;
> int rc;
> @@ -280,7 +279,7 @@ appldata_interval_handler(struct ctl_table *ctl, int write,
> */
> static int
> appldata_generic_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct appldata_ops *ops = NULL, *tmp_ops;
> struct list_head *lh;
> diff --git a/arch/s390/kernel/debug.c b/arch/s390/kernel/debug.c
> index 6d321f5f101d..636446003a06 100644
> --- a/arch/s390/kernel/debug.c
> +++ b/arch/s390/kernel/debug.c
> @@ -867,7 +867,7 @@ static int debug_active = 1;
> * if debug_active is already off
> */
> static int s390dbf_procactive(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (!write || debug_stoppable || !debug_active)
> return proc_dointvec(table, write, buffer, lenp, ppos);
> diff --git a/arch/s390/kernel/topology.c b/arch/s390/kernel/topology.c
> index 5f70cefc13e4..332b542548cd 100644
> --- a/arch/s390/kernel/topology.c
> +++ b/arch/s390/kernel/topology.c
> @@ -594,7 +594,7 @@ static int __init topology_setup(char *str)
> early_param("topology", topology_setup);
>
> static int topology_ctl_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int enabled = topology_is_enabled();
> int new_mode;
> diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c
> index ae989b740376..36bce727897b 100644
> --- a/arch/s390/mm/cmm.c
> +++ b/arch/s390/mm/cmm.c
> @@ -245,7 +245,7 @@ static int cmm_skip_blanks(char *cp, char **endp)
> }
>
> static int cmm_pages_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> long nr = cmm_get_pages();
> struct ctl_table ctl_entry = {
> @@ -264,7 +264,7 @@ static int cmm_pages_handler(struct ctl_table *ctl, int write,
> }
>
> static int cmm_timed_pages_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> long nr = cmm_get_timed_pages();
> @@ -284,7 +284,7 @@ static int cmm_timed_pages_handler(struct ctl_table *ctl, int write,
> }
>
> static int cmm_timeout_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> char buf[64], *p;
> long nr, seconds;
> @@ -297,8 +297,7 @@ static int cmm_timeout_handler(struct ctl_table *ctl, int write,
>
> if (write) {
> len = min(*lenp, sizeof(buf));
> - if (copy_from_user(buf, buffer, len))
> - return -EFAULT;
> + memcpy(buf, buffer, len);
> buf[len - 1] = '\0';
> cmm_skip_blanks(buf, &p);
> nr = simple_strtoul(p, &p, 0);
> @@ -311,8 +310,7 @@ static int cmm_timeout_handler(struct ctl_table *ctl, int write,
> cmm_timeout_pages, cmm_timeout_seconds);
> if (len > *lenp)
> len = *lenp;
> - if (copy_to_user(buffer, buf, len))
> - return -EFAULT;
> + memcpy(buffer, buf, len);
> *lenp = len;
> *ppos += len;
> }
> diff --git a/arch/x86/kernel/itmt.c b/arch/x86/kernel/itmt.c
> index 1cb3ca9bba49..1afbdd1dd777 100644
> --- a/arch/x86/kernel/itmt.c
> +++ b/arch/x86/kernel/itmt.c
> @@ -39,8 +39,7 @@ static bool __read_mostly sched_itmt_capable;
> unsigned int __read_mostly sysctl_sched_itmt_enabled;
>
> static int sched_itmt_update_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> unsigned int old_sysctl;
> int ret;
> diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
> index faca0f346fff..e3bbe108eb54 100644
> --- a/drivers/cdrom/cdrom.c
> +++ b/drivers/cdrom/cdrom.c
> @@ -3631,7 +3631,7 @@ static void cdrom_update_settings(void)
> }
>
> static int cdrom_sysctl_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 0d10e31fd342..1e0db78b83ba 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -2057,7 +2057,7 @@ static char sysctl_bootid[16];
> * sysctl system call, as 16 bytes of binary data.
> */
> static int proc_do_uuid(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table fake_table;
> unsigned char buf[64], tmp_uuid[16], *uuid;
> diff --git a/drivers/macintosh/mac_hid.c b/drivers/macintosh/mac_hid.c
> index 7af0c536d568..28b8581b44dd 100644
> --- a/drivers/macintosh/mac_hid.c
> +++ b/drivers/macintosh/mac_hid.c
> @@ -183,8 +183,7 @@ static void mac_hid_stop_emulation(void)
> }
>
> static int mac_hid_toggle_emumouse(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = table->data;
> int old_val = *valp;
> diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
> index 48804049d697..ee7b5daabfd4 100644
> --- a/drivers/parport/procfs.c
> +++ b/drivers/parport/procfs.c
> @@ -34,7 +34,7 @@
> #define PARPORT_MAX_SPINTIME_VALUE 1000
>
> static int do_active_device(struct ctl_table *table, int write,
> - void __user *result, size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport *port = (struct parport *)table->extra1;
> char buffer[256];
> @@ -65,13 +65,13 @@ static int do_active_device(struct ctl_table *table, int write,
> *lenp = len;
>
> *ppos += len;
> -
> - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
>
> #ifdef CONFIG_PARPORT_1284
> static int do_autoprobe(struct ctl_table *table, int write,
> - void __user *result, size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport_device_info *info = table->extra2;
> const char *str;
> @@ -108,13 +108,13 @@ static int do_autoprobe(struct ctl_table *table, int write,
>
> *ppos += len;
>
> - return copy_to_user (result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
> #endif /* IEEE1284.3 support. */
>
> static int do_hardware_base_addr(struct ctl_table *table, int write,
> - void __user *result,
> - size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport *port = (struct parport *)table->extra1;
> char buffer[20];
> @@ -136,13 +136,12 @@ static int do_hardware_base_addr(struct ctl_table *table, int write,
> *lenp = len;
>
> *ppos += len;
> -
> - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
>
> static int do_hardware_irq(struct ctl_table *table, int write,
> - void __user *result,
> - size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport *port = (struct parport *)table->extra1;
> char buffer[20];
> @@ -164,13 +163,12 @@ static int do_hardware_irq(struct ctl_table *table, int write,
> *lenp = len;
>
> *ppos += len;
> -
> - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
>
> static int do_hardware_dma(struct ctl_table *table, int write,
> - void __user *result,
> - size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport *port = (struct parport *)table->extra1;
> char buffer[20];
> @@ -192,13 +190,12 @@ static int do_hardware_dma(struct ctl_table *table, int write,
> *lenp = len;
>
> *ppos += len;
> -
> - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
>
> static int do_hardware_modes(struct ctl_table *table, int write,
> - void __user *result,
> - size_t *lenp, loff_t *ppos)
> + void *result, size_t *lenp, loff_t *ppos)
> {
> struct parport *port = (struct parport *)table->extra1;
> char buffer[40];
> @@ -231,8 +228,8 @@ static int do_hardware_modes(struct ctl_table *table, int write,
> *lenp = len;
>
> *ppos += len;
> -
> - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
> + memcpy(result, buffer, len);
> + return 0;
> }
>
> #define PARPORT_PORT_DIR(CHILD) { .procname = NULL, .mode = 0555, .child = CHILD }
> diff --git a/fs/dcache.c b/fs/dcache.c
> index b280e07e162b..8dd4d8d7bd0b 100644
> --- a/fs/dcache.c
> +++ b/fs/dcache.c
> @@ -165,7 +165,7 @@ static long get_nr_dentry_negative(void)
> return sum < 0 ? 0 : sum;
> }
>
> -int proc_nr_dentry(struct ctl_table *table, int write, void __user *buffer,
> +int proc_nr_dentry(struct ctl_table *table, int write, void *buffer,
> size_t *lenp, loff_t *ppos)
> {
> dentry_stat.nr_dentry = get_nr_dentry();
> diff --git a/fs/drop_caches.c b/fs/drop_caches.c
> index dc1a1d5d825b..f00fcc4a4f72 100644
> --- a/fs/drop_caches.c
> +++ b/fs/drop_caches.c
> @@ -47,7 +47,7 @@ static void drop_pagecache_sb(struct super_block *sb, void *unused)
> }
>
> int drop_caches_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int ret;
>
> diff --git a/fs/file_table.c b/fs/file_table.c
> index 30d55c9a1744..3b612535391f 100644
> --- a/fs/file_table.c
> +++ b/fs/file_table.c
> @@ -80,14 +80,14 @@ EXPORT_SYMBOL_GPL(get_max_files);
> */
> #if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS)
> int proc_nr_files(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> files_stat.nr_files = get_nr_files();
> return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
> }
> #else
> int proc_nr_files(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
> diff --git a/fs/fscache/main.c b/fs/fscache/main.c
> index 59c2494efda3..c1e6cc9091aa 100644
> --- a/fs/fscache/main.c
> +++ b/fs/fscache/main.c
> @@ -51,8 +51,7 @@ static unsigned fscache_op_max_active = 2;
> static struct ctl_table_header *fscache_sysctl_header;
>
> static int fscache_max_active_sysctl(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct workqueue_struct **wqp = table->extra1;
> unsigned int *datap = table->data;
> diff --git a/fs/inode.c b/fs/inode.c
> index 93d9252a00ab..cc6e701b7e5d 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -108,7 +108,7 @@ long get_nr_dirty_inodes(void)
> */
> #ifdef CONFIG_SYSCTL
> int proc_nr_inodes(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> inodes_stat.nr_inodes = get_nr_inodes();
> inodes_stat.nr_unused = get_nr_inodes_unused();
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index b6f5d459b087..d5c9a9bf4e90 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -539,13 +539,13 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
> return err;
> }
>
> -static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
> +static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
> size_t count, loff_t *ppos, int write)
> {
> struct inode *inode = file_inode(filp);
> struct ctl_table_header *head = grab_header(inode);
> struct ctl_table *table = PROC_I(inode)->sysctl_entry;
> - void *new_buf = NULL;
> + void *kbuf;
> ssize_t error;
>
> if (IS_ERR(head))
> @@ -564,27 +564,36 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
> if (!table->proc_handler)
> goto out;
>
> - error = BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, &count,
> - ppos, &new_buf);
> + if (write) {
> + kbuf = memdup_user_nul(ubuf, count);
> + if (IS_ERR(kbuf)) {
> + error = PTR_ERR(kbuf);
> + goto out;
> + }
> + } else {
> + error = -ENOMEM;
> + kbuf = kzalloc(count, GFP_KERNEL);
> + if (!kbuf)
> + goto out;
> + }
> +
> + error = BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, &kbuf, &count,
> + ppos);
> if (error)
> - goto out;
> + goto out_free_buf;
>
> /* careful: calling conventions are nasty here */
> - if (new_buf) {
> - mm_segment_t old_fs;
> -
> - old_fs = get_fs();
> - set_fs(KERNEL_DS);
> - error = table->proc_handler(table, write, (void __user *)new_buf,
> - &count, ppos);
> - set_fs(old_fs);
> - kfree(new_buf);
> - } else {
> - error = table->proc_handler(table, write, buf, &count, ppos);
> - }
> + error = table->proc_handler(table, write, kbuf, &count, ppos);
> + if (error)
> + goto out_free_buf;
> +
> + error = -EFAULT;
> + if (copy_to_user(ubuf, kbuf, count))
> + goto out_free_buf;
>
> - if (!error)
> - error = count;
> + error = count;
> +out_free_buf:
> + kfree(kbuf);
> out:
> sysctl_head_finish(head);
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index b6a4f692d345..7b4bac91146b 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -2841,7 +2841,7 @@ const struct quotactl_ops dquot_quotactl_sysfile_ops = {
> EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
>
> static int do_proc_dqstats(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> unsigned int type = (unsigned long *)table->data - dqstats.stat;
> s64 value = percpu_counter_sum(&dqstats.counter[type]);
> diff --git a/fs/xfs/xfs_sysctl.c b/fs/xfs/xfs_sysctl.c
> index 31b3bdbd2eba..021ef96d0542 100644
> --- a/fs/xfs/xfs_sysctl.c
> +++ b/fs/xfs/xfs_sysctl.c
> @@ -13,7 +13,7 @@ STATIC int
> xfs_stats_clear_proc_handler(
> struct ctl_table *ctl,
> int write,
> - void __user *buffer,
> + void *buffer,
> size_t *lenp,
> loff_t *ppos)
> {
> @@ -33,7 +33,7 @@ STATIC int
> xfs_panic_mask_proc_handler(
> struct ctl_table *ctl,
> int write,
> - void __user *buffer,
> + void *buffer,
> size_t *lenp,
> loff_t *ppos)
> {
> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
> index c11b413d5b1a..0b41fd5fc96b 100644
> --- a/include/linux/bpf-cgroup.h
> +++ b/include/linux/bpf-cgroup.h
> @@ -138,8 +138,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor,
>
> int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
> struct ctl_table *table, int write,
> - void __user *buf, size_t *pcount,
> - loff_t *ppos, void **new_buf,
> + void **buf, size_t *pcount, loff_t *ppos,
> enum bpf_attach_type type);
>
> int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level,
> @@ -302,12 +301,12 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key,
> })
>
>
> -#define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos, nbuf) \
> +#define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos) \
> ({ \
> int __ret = 0; \
> if (cgroup_bpf_enabled) \
> __ret = __cgroup_bpf_run_filter_sysctl(head, table, write, \
> - buf, count, pos, nbuf, \
> + buf, count, pos, \
> BPF_CGROUP_SYSCTL); \
> __ret; \
> })
> @@ -429,7 +428,7 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map,
> #define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; })
> -#define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos,nbuf) ({ 0; })
> +#define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos) ({ 0; })
> #define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, \
> optlen, max_optlen, retval) ({ retval; })
> diff --git a/include/linux/compaction.h b/include/linux/compaction.h
> index 4b898cdbdf05..a0eabfbeb0e1 100644
> --- a/include/linux/compaction.h
> +++ b/include/linux/compaction.h
> @@ -86,7 +86,7 @@ static inline unsigned long compact_gap(unsigned int order)
> #ifdef CONFIG_COMPACTION
> extern int sysctl_compact_memory;
> extern int sysctl_compaction_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos);
> + void *buffer, size_t *length, loff_t *ppos);
> extern int sysctl_extfrag_threshold;
> extern int sysctl_compact_unevictable_allowed;
>
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 4f6f59b4f22a..9b028d260649 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -3536,11 +3536,11 @@ ssize_t simple_attr_write(struct file *file, const char __user *buf,
>
> struct ctl_table;
> int proc_nr_files(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> int proc_nr_dentry(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> int proc_nr_inodes(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> int __init get_filesystem_list(char *buf);
>
> #define __FMODE_EXEC ((__force int) FMODE_EXEC)
> diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
> index db95244a62d4..ddfc377de0d2 100644
> --- a/include/linux/ftrace.h
> +++ b/include/linux/ftrace.h
> @@ -1005,8 +1005,7 @@ extern void disable_trace_on_warning(void);
> extern int __disable_trace_on_warning;
>
> int tracepoint_printk_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
>
> #else /* CONFIG_TRACING */
> static inline void disable_trace_on_warning(void) { }
> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
> index 43a1cef8f0f1..92c21c5ccc58 100644
> --- a/include/linux/hugetlb.h
> +++ b/include/linux/hugetlb.h
> @@ -105,14 +105,13 @@ struct hugepage_subpool *hugepage_new_subpool(struct hstate *h, long max_hpages,
> void hugepage_put_subpool(struct hugepage_subpool *spool);
>
> void reset_vma_resv_huge_pages(struct vm_area_struct *vma);
> -int hugetlb_sysctl_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *);
> -int hugetlb_overcommit_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *);
> -int hugetlb_treat_movable_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *);
> -
> -#ifdef CONFIG_NUMA
> -int hugetlb_mempolicy_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -#endif
> +int hugetlb_sysctl_handler(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int hugetlb_overcommit_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int hugetlb_treat_movable_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int hugetlb_mempolicy_sysctl_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
>
> int copy_hugetlb_page_range(struct mm_struct *, struct mm_struct *, struct vm_area_struct *);
> long follow_hugetlb_page(struct mm_struct *, struct vm_area_struct *,
> diff --git a/include/linux/kprobes.h b/include/linux/kprobes.h
> index 04bdaf01112c..594265bfd390 100644
> --- a/include/linux/kprobes.h
> +++ b/include/linux/kprobes.h
> @@ -312,7 +312,7 @@ DEFINE_INSN_CACHE_OPS(optinsn);
> #ifdef CONFIG_SYSCTL
> extern int sysctl_kprobes_optimization;
> extern int proc_kprobes_optimization_handler(struct ctl_table *table,
> - int write, void __user *buffer,
> + int write, void *buffer,
> size_t *length, loff_t *ppos);
> #endif
> extern void wait_for_kprobe_optimizer(void);
> diff --git a/include/linux/latencytop.h b/include/linux/latencytop.h
> index 9022f0c2e2e4..abe3d95f795b 100644
> --- a/include/linux/latencytop.h
> +++ b/include/linux/latencytop.h
> @@ -38,8 +38,8 @@ account_scheduler_latency(struct task_struct *task, int usecs, int inter)
>
> void clear_tsk_latency_tracing(struct task_struct *p);
>
> -extern int sysctl_latencytop(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> +int sysctl_latencytop(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
>
> #else
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index 9c4e7e76dedd..a7b1ef8ed970 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -201,10 +201,10 @@ extern int sysctl_overcommit_memory;
> extern int sysctl_overcommit_ratio;
> extern unsigned long sysctl_overcommit_kbytes;
>
> -extern int overcommit_ratio_handler(struct ctl_table *, int, void __user *,
> - size_t *, loff_t *);
> -extern int overcommit_kbytes_handler(struct ctl_table *, int, void __user *,
> - size_t *, loff_t *);
> +int overcommit_ratio_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int overcommit_kbytes_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
>
> #define nth_page(page,n) pfn_to_page(page_to_pfn((page)) + (n))
>
> @@ -2957,8 +2957,8 @@ extern bool process_shares_mm(struct task_struct *p, struct mm_struct *mm);
>
> #ifdef CONFIG_SYSCTL
> extern int sysctl_drop_caches;
> -int drop_caches_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> +int drop_caches_sysctl_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> #endif
>
> void drop_slab(void);
> diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
> index b2af594ef0f7..93cf20f41e26 100644
> --- a/include/linux/mmzone.h
> +++ b/include/linux/mmzone.h
> @@ -910,22 +910,21 @@ static inline int is_highmem(struct zone *zone)
> /* These two functions are used to setup the per zone pages min values */
> struct ctl_table;
>
> -int min_free_kbytes_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -int watermark_scale_factor_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> +int min_free_kbytes_sysctl_handler(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int watermark_scale_factor_sysctl_handler(struct ctl_table *, int, void *,
> + size_t *, loff_t *);
> extern int sysctl_lowmem_reserve_ratio[MAX_NR_ZONES];
> -int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> +int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *, int, void *,
> + size_t *, loff_t *);
> int percpu_pagelist_fraction_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> + void *, size_t *, loff_t *);
> int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> + void *, size_t *, loff_t *);
> int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -
> -extern int numa_zonelist_order_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> + void *, size_t *, loff_t *);
> +int numa_zonelist_order_handler(struct ctl_table *, int,
> + void *, size_t *, loff_t *);
> extern int percpu_pagelist_fraction;
> extern char numa_zonelist_order[];
> #define NUMA_ZONELIST_ORDER_LEN 16
> diff --git a/include/linux/nmi.h b/include/linux/nmi.h
> index 9003e29cde46..750c7f395ca9 100644
> --- a/include/linux/nmi.h
> +++ b/include/linux/nmi.h
> @@ -202,16 +202,11 @@ static inline void watchdog_update_hrtimer_threshold(u64 period) { }
> #endif
>
> struct ctl_table;
> -extern int proc_watchdog(struct ctl_table *, int ,
> - void __user *, size_t *, loff_t *);
> -extern int proc_nmi_watchdog(struct ctl_table *, int ,
> - void __user *, size_t *, loff_t *);
> -extern int proc_soft_watchdog(struct ctl_table *, int ,
> - void __user *, size_t *, loff_t *);
> -extern int proc_watchdog_thresh(struct ctl_table *, int ,
> - void __user *, size_t *, loff_t *);
> -extern int proc_watchdog_cpumask(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> +int proc_watchdog(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_nmi_watchdog(struct ctl_table *, int , void *, size_t *, loff_t *);
> +int proc_soft_watchdog(struct ctl_table *, int , void *, size_t *, loff_t *);
> +int proc_watchdog_thresh(struct ctl_table *, int , void *, size_t *, loff_t *);
> +int proc_watchdog_cpumask(struct ctl_table *, int, void *, size_t *, loff_t *);
>
> #ifdef CONFIG_HAVE_ACPI_APEI_NMI
> #include <asm/nmi.h>
> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
> index 9c3e7619c929..347ea379622a 100644
> --- a/include/linux/perf_event.h
> +++ b/include/linux/perf_event.h
> @@ -1280,15 +1280,12 @@ extern int sysctl_perf_cpu_time_max_percent;
>
> extern void perf_sample_event_took(u64 sample_len_ns);
>
> -extern int perf_proc_update_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -
> +int perf_proc_update_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> int perf_event_max_stack_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
>
> /* Access to perf_event_open(2) syscall. */
> #define PERF_SECURITY_OPEN 0
> diff --git a/include/linux/printk.h b/include/linux/printk.h
> index e061635e0409..fcde0772ec98 100644
> --- a/include/linux/printk.h
> +++ b/include/linux/printk.h
> @@ -189,7 +189,7 @@ extern int printk_delay_msec;
> extern int dmesg_restrict;
>
> extern int
> -devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, void __user *buf,
> +devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, void *buf,
> size_t *lenp, loff_t *ppos);
>
> extern void wake_up_klogd(void);
> diff --git a/include/linux/sched/sysctl.h b/include/linux/sched/sysctl.h
> index d4f6215ee03f..7b4d3a49b6c5 100644
> --- a/include/linux/sched/sysctl.h
> +++ b/include/linux/sched/sysctl.h
> @@ -12,9 +12,8 @@ extern unsigned int sysctl_hung_task_panic;
> extern unsigned long sysctl_hung_task_timeout_secs;
> extern unsigned long sysctl_hung_task_check_interval_secs;
> extern int sysctl_hung_task_warnings;
> -extern int proc_dohung_task_timeout_secs(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos);
> +int proc_dohung_task_timeout_secs(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> #else
> /* Avoid need for ifdefs elsewhere in the code */
> enum { sysctl_hung_task_timeout_secs = 0 };
> @@ -43,8 +42,7 @@ extern __read_mostly unsigned int sysctl_sched_migration_cost;
> extern __read_mostly unsigned int sysctl_sched_nr_migrate;
>
> int sched_proc_update_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length,
> - loff_t *ppos);
> + void *buffer, size_t *length, loff_t *ppos);
> #endif
>
> /*
> @@ -72,33 +70,21 @@ extern unsigned int sysctl_sched_autogroup_enabled;
> extern int sysctl_sched_rr_timeslice;
> extern int sched_rr_timeslice;
>
> -extern int sched_rr_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -
> -extern int sched_rt_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -
> -#ifdef CONFIG_UCLAMP_TASK
> -extern int sysctl_sched_uclamp_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -#endif
> -
> -extern int sysctl_numa_balancing(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -
> -extern int sysctl_schedstats(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> +int sched_rr_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> +int sched_rt_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> +int sysctl_sched_uclamp_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int sysctl_numa_balancing(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> +int sysctl_schedstats(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
>
> #if defined(CONFIG_ENERGY_MODEL) && defined(CONFIG_CPU_FREQ_GOV_SCHEDUTIL)
> extern unsigned int sysctl_sched_energy_aware;
> -extern int sched_energy_aware_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> +int sched_energy_aware_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> #endif
>
> #endif /* _LINUX_SCHED_SYSCTL_H */
> diff --git a/include/linux/security.h b/include/linux/security.h
> index a8d9310472df..6aa229b252ce 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -211,7 +211,7 @@ struct request_sock;
>
> #ifdef CONFIG_MMU
> extern int mmap_min_addr_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> #endif
>
> /* security_inode_init_security callback function to write xattrs */
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index 36143ca40b56..f2401e45a3c2 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -44,35 +44,26 @@ struct ctl_dir;
>
> extern const int sysctl_vals[];
>
> -typedef int proc_handler (struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> -
> -extern int proc_dostring(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_dointvec(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_douintvec(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_dointvec_minmax(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_douintvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -extern int proc_dointvec_jiffies(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_dointvec_userhz_jiffies(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_dointvec_ms_jiffies(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_doulongvec_minmax(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_do_large_bitmap(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> -extern int proc_do_static_key(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> +typedef int proc_handler(struct ctl_table *ctl, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> +
> +int proc_dostring(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_dointvec(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_douintvec(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_dointvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_douintvec_minmax(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> +int proc_dointvec_jiffies(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int proc_dointvec_ms_jiffies(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> +int proc_doulongvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int, void *,
> + size_t *, loff_t *);
> +int proc_do_large_bitmap(struct ctl_table *, int, void *, size_t *, loff_t *);
> +int proc_do_static_key(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
>
> /*
> * Register a set of sysctl names by calling register_sysctl_table
> @@ -246,7 +237,7 @@ static inline void setup_sysctl_set(struct ctl_table_set *p,
>
> #endif /* CONFIG_SYSCTL */
>
> -int sysctl_max_threads(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> +int sysctl_max_threads(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
>
> #endif /* _LINUX_SYSCTL_H */
> diff --git a/include/linux/timer.h b/include/linux/timer.h
> index 0dc19a8c39c9..07910ae5ddd9 100644
> --- a/include/linux/timer.h
> +++ b/include/linux/timer.h
> @@ -201,8 +201,7 @@ struct ctl_table;
>
> extern unsigned int sysctl_timer_migration;
> int timer_migration_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> #endif
>
> unsigned long __round_jiffies(unsigned long j, int cpu);
> diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
> index 292485f3d24d..cb507151710f 100644
> --- a/include/linux/vmstat.h
> +++ b/include/linux/vmstat.h
> @@ -16,8 +16,8 @@ extern int sysctl_stat_interval;
> #define DISABLE_NUMA_STAT 0
> extern int sysctl_vm_numa_stat;
> DECLARE_STATIC_KEY_TRUE(vm_numa_stat_key);
> -extern int sysctl_vm_numa_stat_handler(struct ctl_table *table,
> - int write, void __user *buffer, size_t *length, loff_t *ppos);
> +int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *length, loff_t *ppos);
> #endif
>
> struct reclaim_stat {
> @@ -274,8 +274,8 @@ void cpu_vm_stats_fold(int cpu);
> void refresh_zone_stat_thresholds(void);
>
> struct ctl_table;
> -int vmstat_refresh(struct ctl_table *, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> +int vmstat_refresh(struct ctl_table *, int write, void *buffer, size_t *lenp,
> + loff_t *ppos);
>
> void drain_zonestat(struct zone *zone, struct per_cpu_pageset *);
>
> diff --git a/include/linux/writeback.h b/include/linux/writeback.h
> index a19d845dd7eb..f8a7e1a850fb 100644
> --- a/include/linux/writeback.h
> +++ b/include/linux/writeback.h
> @@ -362,24 +362,18 @@ extern int vm_highmem_is_dirtyable;
> extern int block_dump;
> extern int laptop_mode;
>
> -extern int dirty_background_ratio_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -extern int dirty_background_bytes_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -extern int dirty_ratio_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -extern int dirty_bytes_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> +int dirty_background_ratio_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int dirty_background_bytes_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int dirty_ratio_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int dirty_bytes_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
> int dirtytime_interval_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos);
> -
> -struct ctl_table;
> -int dirty_writeback_centisecs_handler(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> + void *buffer, size_t *lenp, loff_t *ppos);
> +int dirty_writeback_centisecs_handler(struct ctl_table *table, int write,
> + void *buffer, size_t *lenp, loff_t *ppos);
>
> void global_dirty_limits(unsigned long *pbackground, unsigned long *pdirty);
> unsigned long wb_calc_thresh(struct bdi_writeback *wb, unsigned long thresh);
> diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
> index affd66537e87..d1b8644bfb88 100644
> --- a/ipc/ipc_sysctl.c
> +++ b/ipc/ipc_sysctl.c
> @@ -24,7 +24,7 @@ static void *get_ipc(struct ctl_table *table)
>
> #ifdef CONFIG_PROC_SYSCTL
> static int proc_ipc_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table ipc_table;
>
> @@ -35,7 +35,7 @@ static int proc_ipc_dointvec(struct ctl_table *table, int write,
> }
>
> static int proc_ipc_dointvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table ipc_table;
>
> @@ -46,7 +46,7 @@ static int proc_ipc_dointvec_minmax(struct ctl_table *table, int write,
> }
>
> static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ipc_namespace *ns = current->nsproxy->ipc_ns;
> int err = proc_ipc_dointvec_minmax(table, write, buffer, lenp, ppos);
> @@ -59,7 +59,7 @@ static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write,
> }
>
> static int proc_ipc_doulongvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table ipc_table;
> memcpy(&ipc_table, table, sizeof(ipc_table));
> @@ -70,7 +70,7 @@ static int proc_ipc_doulongvec_minmax(struct ctl_table *table, int write,
> }
>
> static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table ipc_table;
> int dummy = 0;
> diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
> index 7c00f28923a8..72a92a08c848 100644
> --- a/ipc/mq_sysctl.c
> +++ b/ipc/mq_sysctl.c
> @@ -19,7 +19,7 @@ static void *get_mq(struct ctl_table *table)
> }
>
> static int proc_mq_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table mq_table;
> memcpy(&mq_table, table, sizeof(mq_table));
> @@ -29,7 +29,7 @@ static int proc_mq_dointvec(struct ctl_table *table, int write,
> }
>
> static int proc_mq_dointvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table mq_table;
> memcpy(&mq_table, table, sizeof(mq_table));
> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
> index 929d9a7263da..38c4e6d63633 100644
> --- a/kernel/bpf/cgroup.c
> +++ b/kernel/bpf/cgroup.c
> @@ -1136,16 +1136,13 @@ const struct bpf_verifier_ops cg_dev_verifier_ops = {
> * @head: sysctl table header
> * @table: sysctl table
> * @write: sysctl is being read (= 0) or written (= 1)
> - * @buf: pointer to buffer passed by user space
> + * @buf: pointer to buffer (in and out)
> * @pcount: value-result argument: value is size of buffer pointed to by @buf,
> * result is size of @new_buf if program set new value, initial value
> * otherwise
> * @ppos: value-result argument: value is position at which read from or write
> * to sysctl is happening, result is new position if program overrode it,
> * initial value otherwise
> - * @new_buf: pointer to pointer to new buffer that will be allocated if program
> - * overrides new value provided by user space on sysctl write
> - * NOTE: it's caller responsibility to free *new_buf if it was set
> * @type: type of program to be executed
> *
> * Program is run when sysctl is being accessed, either read or written, and
> @@ -1156,52 +1153,41 @@ const struct bpf_verifier_ops cg_dev_verifier_ops = {
> */
> int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
> struct ctl_table *table, int write,
> - void __user *buf, size_t *pcount,
> - loff_t *ppos, void **new_buf,
> - enum bpf_attach_type type)
> + void **buf, size_t *pcount,
> + loff_t *ppos, enum bpf_attach_type type)
> {
> struct bpf_sysctl_kern ctx = {
> .head = head,
> .table = table,
> .write = write,
> .ppos = ppos,
> - .cur_val = NULL,
> + .cur_val = *buf,
cur_val is allocated separately below to read current value of sysctl
and not interfere with user-passed buffer.
> .cur_len = PAGE_SIZE,
> .new_val = NULL,
> .new_len = 0,
> .new_updated = 0,
> };
> struct cgroup *cgrp;
> + loff_t pos = 0;
> int ret;
>
> - ctx.cur_val = kmalloc_track_caller(ctx.cur_len, GFP_KERNEL);
> - if (ctx.cur_val) {
> - mm_segment_t old_fs;
> - loff_t pos = 0;
> -
> - old_fs = get_fs();
> - set_fs(KERNEL_DS);
> - if (table->proc_handler(table, 0, (void __user *)ctx.cur_val,
> - &ctx.cur_len, &pos)) {
> - /* Let BPF program decide how to proceed. */
> - ctx.cur_len = 0;
> - }
> - set_fs(old_fs);
> - } else {
> + if (table->proc_handler(table, 0, ctx.cur_val, &ctx.cur_len, &pos)) {
This call reads current value of sysclt into cur_val buffer.
Since you made cur_val point to kernel copy of user-passed buffer, this
call will always override whatever is there in that kernel copy.
For example, if user is writing to sysclt, then *buf is a pointer to new
value, but this call will override this new value and, corresondingly
new value will be lost.
I think cur_val should still be allocated separately.
> /* Let BPF program decide how to proceed. */
> ctx.cur_len = 0;
> }
>
> - if (write && buf && *pcount) {
> + if (write && *pcount) {
> /* BPF program should be able to override new value with a
> * buffer bigger than provided by user.
> */
> ctx.new_val = kmalloc_track_caller(PAGE_SIZE, GFP_KERNEL);
> - ctx.new_len = min_t(size_t, PAGE_SIZE, *pcount);
> - if (!ctx.new_val ||
> - copy_from_user(ctx.new_val, buf, ctx.new_len))
> + if (ctx.new_val) {
> + ctx.new_len = min_t(size_t, PAGE_SIZE, *pcount);
> + memcpy(ctx.new_val, buf, ctx.new_len);
This should be *buf, not buf. A typo I guess?
I applied the whole patchset to bpf-next tree and run selftests. This
patch breaks 4 of them:
% cd tools/testing/selftests/bpf/
% ./test_sysctl
...
Test case: sysctl_get_new_value sysctl:write ok .. [FAIL]
Test case: sysctl_get_new_value sysctl:write ok long .. [FAIL]
Test case: sysctl_get_new_value sysctl:write E2BIG .. [FAIL]
Test case: sysctl_set_new_value sysctl:read EINVAL .. [PASS]
Test case: sysctl_set_new_value sysctl:write ok .. [FAIL]
...
Summary: 36 PASSED, 4 FAILED
I applied both changes I suggested above and it reduces number of broken
selftests to one:
Test case: sysctl_set_new_value sysctl:write ok .. [FAIL]
I haven't debugged this last one though yet ..
All these tests are available in
tools/testing/selftests/bpf/test_sysctl.c.
I think it's a good idea to run these tests locally before sending the
next version of the patch set.
> + } else {
> /* Let BPF program decide how to proceed. */
> ctx.new_len = 0;
> + }
> }
>
> rcu_read_lock();
> @@ -1209,11 +1195,10 @@ int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
> ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], &ctx, BPF_PROG_RUN);
> rcu_read_unlock();
>
> - kfree(ctx.cur_val);
> -
> if (ret == 1 && ctx.new_updated) {
> - *new_buf = ctx.new_val;
> + *buf = ctx.new_val;
> *pcount = ctx.new_len;
> + kfree(ctx.cur_val);
> } else {
> kfree(ctx.new_val);
> }
> diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c
> index c2b41a263166..bdb1533ada81 100644
> --- a/kernel/events/callchain.c
> +++ b/kernel/events/callchain.c
> @@ -236,7 +236,7 @@ get_perf_callchain(struct pt_regs *regs, u32 init_nr, bool kernel, bool user,
> * sysctl_perf_event_max_contexts_per_stack.
> */
> int perf_event_max_stack_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *value = table->data;
> int new_value = *value, ret;
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index bc9b98a9af9a..f86d46f2c4d9 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -437,8 +437,7 @@ static void update_perf_cpu_limits(void)
> static bool perf_rotate_context(struct perf_cpu_context *cpuctx);
>
> int perf_proc_update_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
> int perf_cpu = sysctl_perf_cpu_time_max_percent;
> @@ -462,8 +461,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
> int sysctl_perf_cpu_time_max_percent __read_mostly = DEFAULT_CPU_TIME_MAX_PERCENT;
>
> int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 2625c241ac00..ffbe03a45c16 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -892,7 +892,7 @@ static void unoptimize_all_kprobes(void)
> static DEFINE_MUTEX(kprobe_sysctl_mutex);
> int sysctl_kprobes_optimization;
> int proc_kprobes_optimization_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length,
> + void *buffer, size_t *length,
> loff_t *ppos)
> {
> int ret;
> diff --git a/kernel/latencytop.c b/kernel/latencytop.c
> index 8d1c15832e55..166d7bf49666 100644
> --- a/kernel/latencytop.c
> +++ b/kernel/latencytop.c
> @@ -269,8 +269,8 @@ static int __init init_lstats_procfs(void)
> return 0;
> }
>
> -int sysctl_latencytop(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int sysctl_latencytop(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int err;
>
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index 01f8ba32cc0c..3ccaba5f15c0 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -263,7 +263,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
>
> #ifdef CONFIG_CHECKPOINT_RESTORE
> static int pid_ns_ctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct pid_namespace *pid_ns = task_active_pid_ns(current);
> struct ctl_table tmp = *table;
> diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
> index 9a9b6156270b..471f649b5868 100644
> --- a/kernel/printk/printk.c
> +++ b/kernel/printk/printk.c
> @@ -173,7 +173,7 @@ __setup("printk.devkmsg=", control_devkmsg);
> char devkmsg_log_str[DEVKMSG_STR_MAX_SIZE] = "ratelimit";
>
> int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> char old_str[DEVKMSG_STR_MAX_SIZE];
> unsigned int old;
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 3a61a3b8eaa9..5c589a2e4d19 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -1110,8 +1110,7 @@ static void uclamp_update_root_tg(void) { }
> #endif
>
> int sysctl_sched_uclamp_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> bool update_root_tg = false;
> int old_min, old_max;
> @@ -2723,7 +2722,7 @@ void set_numabalancing_state(bool enabled)
>
> #ifdef CONFIG_PROC_SYSCTL
> int sysctl_numa_balancing(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> int err;
> @@ -2797,8 +2796,8 @@ static void __init init_schedstats(void)
> }
>
> #ifdef CONFIG_PROC_SYSCTL
> -int sysctl_schedstats(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int sysctl_schedstats(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> int err;
> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
> index 02f323b85b6d..b6077fd5b32f 100644
> --- a/kernel/sched/fair.c
> +++ b/kernel/sched/fair.c
> @@ -645,8 +645,7 @@ struct sched_entity *__pick_last_entity(struct cfs_rq *cfs_rq)
> */
>
> int sched_proc_update_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
> unsigned int factor = get_update_sysctl_factor();
> diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
> index df11d88c9895..45da29de3ecc 100644
> --- a/kernel/sched/rt.c
> +++ b/kernel/sched/rt.c
> @@ -2714,9 +2714,8 @@ static void sched_rt_do_global(void)
> def_rt_bandwidth.rt_period = ns_to_ktime(global_rt_period());
> }
>
> -int sched_rt_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +int sched_rt_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int old_period, old_runtime;
> static DEFINE_MUTEX(mutex);
> @@ -2754,9 +2753,8 @@ int sched_rt_handler(struct ctl_table *table, int write,
> return ret;
> }
>
> -int sched_rr_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +int sched_rr_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int ret;
> static DEFINE_MUTEX(mutex);
> diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c
> index 8344757bba6e..fa64b2ee9fe6 100644
> --- a/kernel/sched/topology.c
> +++ b/kernel/sched/topology.c
> @@ -209,7 +209,7 @@ bool sched_energy_update;
>
> #ifdef CONFIG_PROC_SYSCTL
> int sched_energy_aware_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret, state;
>
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 55a6184f5990..d653d8426de9 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -1776,7 +1776,7 @@ static void audit_actions_logged(u32 actions_logged, u32 old_actions_logged,
> }
>
> static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int ret;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 511543d23879..e26fe7e8e19d 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -208,12 +208,10 @@ static int max_extfrag_threshold = 1000;
> #ifdef CONFIG_PROC_SYSCTL
>
> static int _proc_do_string(char *data, int maxlen, int write,
> - char __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + char *buffer, size_t *lenp, loff_t *ppos)
> {
> size_t len;
> - char __user *p;
> - char c;
> + char c, *p;
>
> if (!data || !maxlen || !*lenp) {
> *lenp = 0;
> @@ -238,8 +236,7 @@ static int _proc_do_string(char *data, int maxlen, int write,
> *ppos += *lenp;
> p = buffer;
> while ((p - buffer) < *lenp && len < maxlen - 1) {
> - if (get_user(c, p++))
> - return -EFAULT;
> + c = *(p++);
> if (c == 0 || c == '\n')
> break;
> data[len++] = c;
> @@ -261,11 +258,9 @@ static int _proc_do_string(char *data, int maxlen, int write,
> if (len > *lenp)
> len = *lenp;
> if (len)
> - if (copy_to_user(buffer, data, len))
> - return -EFAULT;
> + memcpy(buffer, data, len);
> if (len < *lenp) {
> - if (put_user('\n', buffer + len))
> - return -EFAULT;
> + buffer[len] = '\n';
> len++;
> }
> *lenp = len;
> @@ -326,13 +321,13 @@ static bool proc_first_pos_non_zero_ignore(loff_t *ppos,
> * Returns 0 on success.
> */
> int proc_dostring(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (write)
> proc_first_pos_non_zero_ignore(ppos, table);
>
> - return _proc_do_string((char *)(table->data), table->maxlen, write,
> - (char __user *)buffer, lenp, ppos);
> + return _proc_do_string(table->data, table->maxlen, write, buffer, lenp,
> + ppos);
> }
>
> static size_t proc_skip_spaces(char **buf)
> @@ -463,11 +458,10 @@ static int proc_get_long(char **buf, size_t *size,
> * @val: the integer to be converted
> * @neg: sign of the number, %TRUE for negative
> *
> - * In case of success %0 is returned and @buf and @size are updated with
> - * the amount of bytes written.
> + * In case of success @buf and @size are updated with the amount of bytes
> + * written.
> */
> -static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
> - bool neg)
> +static void proc_put_long(void **buf, size_t *size, unsigned long val, bool neg)
> {
> int len;
> char tmp[TMPBUFLEN], *p = tmp;
> @@ -476,24 +470,22 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
> len = strlen(tmp);
> if (len > *size)
> len = *size;
> - if (copy_to_user(*buf, tmp, len))
> - return -EFAULT;
> + memcpy(*buf, tmp, len);
> *size -= len;
> *buf += len;
> - return 0;
> }
> #undef TMPBUFLEN
>
> -static int proc_put_char(void __user **buf, size_t *size, char c)
> +static void proc_put_char(void **buf, size_t *size, char c)
> {
> if (*size) {
> - char __user **buffer = (char __user **)buf;
> - if (put_user(c, *buffer))
> - return -EFAULT;
> - (*size)--, (*buffer)++;
> + char **buffer = (char **)buf;
> + **buffer = c;
> +
> + (*size)--;
> + (*buffer)++;
> *buf = *buffer;
> }
> - return 0;
> }
>
> static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
> @@ -541,7 +533,7 @@ static int do_proc_douintvec_conv(unsigned long *lvalp,
> static const char proc_wspace_sep[] = { ' ', '\t', '\n' };
>
> static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
> - int write, void __user *buffer,
> + int write, void *buffer,
> size_t *lenp, loff_t *ppos,
> int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
> int write, void *data),
> @@ -549,7 +541,7 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
> {
> int *i, vleft, first = 1, err = 0;
> size_t left;
> - char *kbuf = NULL, *p;
> + char *p;
>
> if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) {
> *lenp = 0;
> @@ -569,9 +561,7 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
>
> if (left > PAGE_SIZE - 1)
> left = PAGE_SIZE - 1;
> - p = kbuf = memdup_user_nul(buffer, left);
> - if (IS_ERR(kbuf))
> - return PTR_ERR(kbuf);
> + p = buffer;
> }
>
> for (; left && vleft--; i++, first=0) {
> @@ -598,24 +588,17 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
> break;
> }
> if (!first)
> - err = proc_put_char(&buffer, &left, '\t');
> - if (err)
> - break;
> - err = proc_put_long(&buffer, &left, lval, neg);
> - if (err)
> - break;
> + proc_put_char(&buffer, &left, '\t');
> + proc_put_long(&buffer, &left, lval, neg);
> }
> }
>
> if (!write && !first && left && !err)
> - err = proc_put_char(&buffer, &left, '\n');
> + proc_put_char(&buffer, &left, '\n');
> if (write && !err && left)
> left -= proc_skip_spaces(&p);
> - if (write) {
> - kfree(kbuf);
> - if (first)
> - return err ? : -EINVAL;
> - }
> + if (write && first)
> + return err ? : -EINVAL;
> *lenp -= left;
> out:
> *ppos += *lenp;
> @@ -623,7 +606,7 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
> }
>
> static int do_proc_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos,
> + void *buffer, size_t *lenp, loff_t *ppos,
> int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
> int write, void *data),
> void *data)
> @@ -634,7 +617,7 @@ static int do_proc_dointvec(struct ctl_table *table, int write,
>
> static int do_proc_douintvec_w(unsigned int *tbl_data,
> struct ctl_table *table,
> - void __user *buffer,
> + void *buffer,
> size_t *lenp, loff_t *ppos,
> int (*conv)(unsigned long *lvalp,
> unsigned int *valp,
> @@ -645,7 +628,7 @@ static int do_proc_douintvec_w(unsigned int *tbl_data,
> int err = 0;
> size_t left;
> bool neg;
> - char *kbuf = NULL, *p;
> + char *p = buffer;
>
> left = *lenp;
>
> @@ -655,10 +638,6 @@ static int do_proc_douintvec_w(unsigned int *tbl_data,
> if (left > PAGE_SIZE - 1)
> left = PAGE_SIZE - 1;
>
> - p = kbuf = memdup_user_nul(buffer, left);
> - if (IS_ERR(kbuf))
> - return -EINVAL;
> -
> left -= proc_skip_spaces(&p);
> if (!left) {
> err = -EINVAL;
> @@ -682,7 +661,6 @@ static int do_proc_douintvec_w(unsigned int *tbl_data,
> left -= proc_skip_spaces(&p);
>
> out_free:
> - kfree(kbuf);
> if (err)
> return -EINVAL;
>
> @@ -694,7 +672,7 @@ static int do_proc_douintvec_w(unsigned int *tbl_data,
> return err;
> }
>
> -static int do_proc_douintvec_r(unsigned int *tbl_data, void __user *buffer,
> +static int do_proc_douintvec_r(unsigned int *tbl_data, void *buffer,
> size_t *lenp, loff_t *ppos,
> int (*conv)(unsigned long *lvalp,
> unsigned int *valp,
> @@ -712,11 +690,11 @@ static int do_proc_douintvec_r(unsigned int *tbl_data, void __user *buffer,
> goto out;
> }
>
> - err = proc_put_long(&buffer, &left, lval, false);
> - if (err || !left)
> + proc_put_long(&buffer, &left, lval, false);
> + if (!left)
> goto out;
>
> - err = proc_put_char(&buffer, &left, '\n');
> + proc_put_char(&buffer, &left, '\n');
>
> out:
> *lenp -= left;
> @@ -726,7 +704,7 @@ static int do_proc_douintvec_r(unsigned int *tbl_data, void __user *buffer,
> }
>
> static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table,
> - int write, void __user *buffer,
> + int write, void *buffer,
> size_t *lenp, loff_t *ppos,
> int (*conv)(unsigned long *lvalp,
> unsigned int *valp,
> @@ -762,7 +740,7 @@ static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table,
> }
>
> static int do_proc_douintvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos,
> + void *buffer, size_t *lenp, loff_t *ppos,
> int (*conv)(unsigned long *lvalp,
> unsigned int *valp,
> int write, void *data),
> @@ -785,16 +763,15 @@ static int do_proc_douintvec(struct ctl_table *table, int write,
> *
> * Returns 0 on success.
> */
> -int proc_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int proc_dointvec(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL);
> }
>
> #ifdef CONFIG_COMPACTION
> static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table,
> - int write, void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + int write, void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret, old;
>
> @@ -826,8 +803,8 @@ static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table,
> *
> * Returns 0 on success.
> */
> -int proc_douintvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int proc_douintvec(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> return do_proc_douintvec(table, write, buffer, lenp, ppos,
> do_proc_douintvec_conv, NULL);
> @@ -838,7 +815,7 @@ int proc_douintvec(struct ctl_table *table, int write,
> * This means we can safely use a temporary.
> */
> static int proc_taint(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> unsigned long tmptaint = get_taint();
> @@ -870,7 +847,7 @@ static int proc_taint(struct ctl_table *table, int write,
>
> #ifdef CONFIG_PRINTK
> static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (write && !capable(CAP_SYS_ADMIN))
> return -EPERM;
> @@ -936,7 +913,7 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
> * Returns 0 on success or -EINVAL on write when the range check fails.
> */
> int proc_dointvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct do_proc_dointvec_minmax_conv_param param = {
> .min = (int *) table->extra1,
> @@ -1005,7 +982,7 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
> * Returns 0 on success or -ERANGE on write when the range check fails.
> */
> int proc_douintvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct do_proc_douintvec_minmax_conv_param param = {
> .min = (unsigned int *) table->extra1,
> @@ -1036,7 +1013,7 @@ static int do_proc_dopipe_max_size_conv(unsigned long *lvalp,
> }
>
> static int proc_dopipe_max_size(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return do_proc_douintvec(table, write, buffer, lenp, ppos,
> do_proc_dopipe_max_size_conv, NULL);
> @@ -1057,7 +1034,7 @@ static void validate_coredump_safety(void)
> }
>
> static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int error = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
> if (!error)
> @@ -1067,7 +1044,7 @@ static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
>
> #ifdef CONFIG_COREDUMP
> static int proc_dostring_coredump(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int error = proc_dostring(table, write, buffer, lenp, ppos);
> if (!error)
> @@ -1078,7 +1055,7 @@ static int proc_dostring_coredump(struct ctl_table *table, int write,
>
> #ifdef CONFIG_MAGIC_SYSRQ
> static int sysrq_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int tmp, ret;
>
> @@ -1096,16 +1073,14 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
> }
> #endif
>
> -static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos,
> - unsigned long convmul,
> - unsigned long convdiv)
> +static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table,
> + int write, void *buffer, size_t *lenp, loff_t *ppos,
> + unsigned long convmul, unsigned long convdiv)
> {
> unsigned long *i, *min, *max;
> int vleft, first = 1, err = 0;
> size_t left;
> - char *kbuf = NULL, *p;
> + char *p;
>
> if (!data || !table->maxlen || !*lenp || (*ppos && !write)) {
> *lenp = 0;
> @@ -1124,9 +1099,7 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
>
> if (left > PAGE_SIZE - 1)
> left = PAGE_SIZE - 1;
> - p = kbuf = memdup_user_nul(buffer, left);
> - if (IS_ERR(kbuf))
> - return PTR_ERR(kbuf);
> + p = buffer;
> }
>
> for (; left && vleft--; i++, first = 0) {
> @@ -1154,26 +1127,18 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
> *i = val;
> } else {
> val = convdiv * (*i) / convmul;
> - if (!first) {
> - err = proc_put_char(&buffer, &left, '\t');
> - if (err)
> - break;
> - }
> - err = proc_put_long(&buffer, &left, val, false);
> - if (err)
> - break;
> + if (!first)
> + proc_put_char(&buffer, &left, '\t');
> + proc_put_long(&buffer, &left, val, false);
> }
> }
>
> if (!write && !first && left && !err)
> - err = proc_put_char(&buffer, &left, '\n');
> + proc_put_char(&buffer, &left, '\n');
> if (write && !err)
> left -= proc_skip_spaces(&p);
> - if (write) {
> - kfree(kbuf);
> - if (first)
> - return err ? : -EINVAL;
> - }
> + if (write && first)
> + return err ? : -EINVAL;
> *lenp -= left;
> out:
> *ppos += *lenp;
> @@ -1181,10 +1146,8 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
> }
>
> static int do_proc_doulongvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos,
> - unsigned long convmul,
> - unsigned long convdiv)
> + void *buffer, size_t *lenp, loff_t *ppos, unsigned long convmul,
> + unsigned long convdiv)
> {
> return __do_proc_doulongvec_minmax(table->data, table, write,
> buffer, lenp, ppos, convmul, convdiv);
> @@ -1207,7 +1170,7 @@ static int do_proc_doulongvec_minmax(struct ctl_table *table, int write,
> * Returns 0 on success.
> */
> int proc_doulongvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return do_proc_doulongvec_minmax(table, write, buffer, lenp, ppos, 1l, 1l);
> }
> @@ -1230,8 +1193,7 @@ int proc_doulongvec_minmax(struct ctl_table *table, int write,
> * Returns 0 on success.
> */
> int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return do_proc_doulongvec_minmax(table, write, buffer,
> lenp, ppos, HZ, 1000l);
> @@ -1325,7 +1287,7 @@ static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp,
> * Returns 0 on success.
> */
> int proc_dointvec_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return do_proc_dointvec(table,write,buffer,lenp,ppos,
> do_proc_dointvec_jiffies_conv,NULL);
> @@ -1347,7 +1309,7 @@ int proc_dointvec_jiffies(struct ctl_table *table, int write,
> * Returns 0 on success.
> */
> int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return do_proc_dointvec(table,write,buffer,lenp,ppos,
> do_proc_dointvec_userhz_jiffies_conv,NULL);
> @@ -1369,15 +1331,15 @@ int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write,
> *
> * Returns 0 on success.
> */
> -int proc_dointvec_ms_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> return do_proc_dointvec(table, write, buffer, lenp, ppos,
> do_proc_dointvec_ms_jiffies_conv, NULL);
> }
>
> -static int proc_do_cad_pid(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int proc_do_cad_pid(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> struct pid *new_pid;
> pid_t tmp;
> @@ -1416,7 +1378,7 @@ static int proc_do_cad_pid(struct ctl_table *table, int write,
> * Returns 0 on success.
> */
> int proc_do_large_bitmap(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int err = 0;
> bool first = 1;
> @@ -1432,7 +1394,7 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
> }
>
> if (write) {
> - char *kbuf, *p;
> + char *p = buffer;
> size_t skipped = 0;
>
> if (left > PAGE_SIZE - 1) {
> @@ -1441,15 +1403,9 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
> skipped = *lenp - left;
> }
>
> - p = kbuf = memdup_user_nul(buffer, left);
> - if (IS_ERR(kbuf))
> - return PTR_ERR(kbuf);
> -
> tmp_bitmap = bitmap_zalloc(bitmap_len, GFP_KERNEL);
> - if (!tmp_bitmap) {
> - kfree(kbuf);
> + if (!tmp_bitmap)
> return -ENOMEM;
> - }
> proc_skip_char(&p, &left, '\n');
> while (!err && left) {
> unsigned long val_a, val_b;
> @@ -1513,7 +1469,6 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
> first = 0;
> proc_skip_char(&p, &left, '\n');
> }
> - kfree(kbuf);
> left += skipped;
> } else {
> unsigned long bit_a, bit_b = 0;
> @@ -1525,27 +1480,17 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
> bit_b = find_next_zero_bit(bitmap, bitmap_len,
> bit_a + 1) - 1;
>
> - if (!first) {
> - err = proc_put_char(&buffer, &left, ',');
> - if (err)
> - break;
> - }
> - err = proc_put_long(&buffer, &left, bit_a, false);
> - if (err)
> - break;
> + if (!first)
> + proc_put_char(&buffer, &left, ',');
> + proc_put_long(&buffer, &left, bit_a, false);
> if (bit_a != bit_b) {
> - err = proc_put_char(&buffer, &left, '-');
> - if (err)
> - break;
> - err = proc_put_long(&buffer, &left, bit_b, false);
> - if (err)
> - break;
> + proc_put_char(&buffer, &left, '-');
> + proc_put_long(&buffer, &left, bit_b, false);
> }
>
> first = 0; bit_b++;
> }
> - if (!err)
> - err = proc_put_char(&buffer, &left, '\n');
> + proc_put_char(&buffer, &left, '\n');
> }
>
> if (!err) {
> @@ -1566,68 +1511,67 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
> #else /* CONFIG_PROC_SYSCTL */
>
> int proc_dostring(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_douintvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_dointvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_douintvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_dointvec_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_dointvec_ms_jiffies(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_doulongvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
>
> int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> - return -ENOSYS;
> + return -ENOSYS;
> }
>
> int proc_do_large_bitmap(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return -ENOSYS;
> }
> @@ -1636,8 +1580,7 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
>
> #if defined(CONFIG_SYSCTL)
> int proc_do_static_key(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct static_key *key = (struct static_key *)table->data;
> static DEFINE_MUTEX(static_key_mutex);
> diff --git a/kernel/time/timer.c b/kernel/time/timer.c
> index a5221abb4594..398e6eadb861 100644
> --- a/kernel/time/timer.c
> +++ b/kernel/time/timer.c
> @@ -249,8 +249,7 @@ void timers_update_nohz(void)
> }
>
> int timer_migration_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 8d2b98812625..167a74a15b1a 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -2661,7 +2661,7 @@ static void output_printk(struct trace_event_buffer *fbuffer)
> }
>
> int tracepoint_printk_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int save_tracepoint_printk;
> diff --git a/kernel/umh.c b/kernel/umh.c
> index 7f255b5a8845..9788ed481a6a 100644
> --- a/kernel/umh.c
> +++ b/kernel/umh.c
> @@ -630,7 +630,7 @@ int call_usermodehelper(const char *path, char **argv, char **envp, int wait)
> EXPORT_SYMBOL(call_usermodehelper);
>
> static int proc_cap_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
> diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
> index 3732c888a949..4ca61d49885b 100644
> --- a/kernel/utsname_sysctl.c
> +++ b/kernel/utsname_sysctl.c
> @@ -30,7 +30,7 @@ static void *get_uts(struct ctl_table *table)
> * to observe. Should this be in kernel/sys.c ????
> */
> static int proc_do_uts_string(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table uts_table;
> int r;
> diff --git a/kernel/watchdog.c b/kernel/watchdog.c
> index b6b1f54a7837..53ff2c81b084 100644
> --- a/kernel/watchdog.c
> +++ b/kernel/watchdog.c
> @@ -661,7 +661,7 @@ static void proc_watchdog_update(void)
> * proc_soft_watchdog | soft_watchdog_user_enabled | SOFT_WATCHDOG_ENABLED
> */
> static int proc_watchdog_common(int which, struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int err, old, *param = table->data;
>
> @@ -688,7 +688,7 @@ static int proc_watchdog_common(int which, struct ctl_table *table, int write,
> * /proc/sys/kernel/watchdog
> */
> int proc_watchdog(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return proc_watchdog_common(NMI_WATCHDOG_ENABLED|SOFT_WATCHDOG_ENABLED,
> table, write, buffer, lenp, ppos);
> @@ -698,7 +698,7 @@ int proc_watchdog(struct ctl_table *table, int write,
> * /proc/sys/kernel/nmi_watchdog
> */
> int proc_nmi_watchdog(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (!nmi_watchdog_available && write)
> return -ENOTSUPP;
> @@ -710,7 +710,7 @@ int proc_nmi_watchdog(struct ctl_table *table, int write,
> * /proc/sys/kernel/soft_watchdog
> */
> int proc_soft_watchdog(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> return proc_watchdog_common(SOFT_WATCHDOG_ENABLED,
> table, write, buffer, lenp, ppos);
> @@ -720,7 +720,7 @@ int proc_soft_watchdog(struct ctl_table *table, int write,
> * /proc/sys/kernel/watchdog_thresh
> */
> int proc_watchdog_thresh(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int err, old;
>
> @@ -743,7 +743,7 @@ int proc_watchdog_thresh(struct ctl_table *table, int write,
> * been brought online, if desired.
> */
> int proc_watchdog_cpumask(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int err;
>
> diff --git a/mm/compaction.c b/mm/compaction.c
> index 46f0fcc93081..d8cfb7b99a83 100644
> --- a/mm/compaction.c
> +++ b/mm/compaction.c
> @@ -2463,7 +2463,7 @@ int sysctl_compact_memory;
> * /proc/sys/vm/compact_memory
> */
> int sysctl_compaction_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> if (write)
> compact_nodes();
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index cd459155d28a..2277c5728b1f 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -3352,7 +3352,7 @@ static unsigned int cpuset_mems_nr(unsigned int *array)
> #ifdef CONFIG_SYSCTL
> static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
> struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> struct hstate *h = &default_hstate;
> unsigned long tmp = h->max_huge_pages;
> @@ -3375,7 +3375,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
> }
>
> int hugetlb_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
>
> return hugetlb_sysctl_handler_common(false, table, write,
> @@ -3384,7 +3384,7 @@ int hugetlb_sysctl_handler(struct ctl_table *table, int write,
>
> #ifdef CONFIG_NUMA
> int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> return hugetlb_sysctl_handler_common(true, table, write,
> buffer, length, ppos);
> @@ -3392,8 +3392,7 @@ int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int write,
> #endif /* CONFIG_NUMA */
>
> int hugetlb_overcommit_handler(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> struct hstate *h = &default_hstate;
> unsigned long tmp;
> diff --git a/mm/page-writeback.c b/mm/page-writeback.c
> index 7326b54ab728..d3ee4c4dafac 100644
> --- a/mm/page-writeback.c
> +++ b/mm/page-writeback.c
> @@ -512,8 +512,7 @@ bool node_dirty_ok(struct pglist_data *pgdat)
> }
>
> int dirty_background_ratio_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> @@ -524,8 +523,7 @@ int dirty_background_ratio_handler(struct ctl_table *table, int write,
> }
>
> int dirty_background_bytes_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> @@ -535,9 +533,8 @@ int dirty_background_bytes_handler(struct ctl_table *table, int write,
> return ret;
> }
>
> -int dirty_ratio_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +int dirty_ratio_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int old_ratio = vm_dirty_ratio;
> int ret;
> @@ -551,8 +548,7 @@ int dirty_ratio_handler(struct ctl_table *table, int write,
> }
>
> int dirty_bytes_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> unsigned long old_bytes = vm_dirty_bytes;
> int ret;
> @@ -1972,7 +1968,7 @@ bool wb_over_bg_thresh(struct bdi_writeback *wb)
> * sysctl handler for /proc/sys/vm/dirty_writeback_centisecs
> */
> int dirty_writeback_centisecs_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> unsigned int old_interval = dirty_writeback_interval;
> int ret;
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 62c1550cd43e..0c43e9ae5004 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -5546,21 +5546,11 @@ char numa_zonelist_order[] = "Node";
> * sysctl handler for numa_zonelist_order
> */
> int numa_zonelist_order_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length,
> - loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> - char *str;
> - int ret;
> -
> - if (!write)
> - return proc_dostring(table, write, buffer, length, ppos);
> - str = memdup_user_nul(buffer, 16);
> - if (IS_ERR(str))
> - return PTR_ERR(str);
> -
> - ret = __parse_numa_zonelist_order(str);
> - kfree(str);
> - return ret;
> + if (write)
> + return __parse_numa_zonelist_order(buffer);
> + return proc_dostring(table, write, buffer, length, ppos);
> }
>
>
> @@ -7963,7 +7953,7 @@ core_initcall(init_per_zone_wmark_min)
> * changes.
> */
> int min_free_kbytes_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int rc;
>
> @@ -7979,7 +7969,7 @@ int min_free_kbytes_sysctl_handler(struct ctl_table *table, int write,
> }
>
> int watermark_scale_factor_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int rc;
>
> @@ -8009,7 +7999,7 @@ static void setup_min_unmapped_ratio(void)
>
>
> int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int rc;
>
> @@ -8036,7 +8026,7 @@ static void setup_min_slab_ratio(void)
> }
>
> int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int rc;
>
> @@ -8060,7 +8050,7 @@ int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *table, int write,
> * if in function of the boot time zone sizes.
> */
> int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> proc_dointvec_minmax(table, write, buffer, length, ppos);
> setup_per_zone_lowmem_reserve();
> @@ -8082,7 +8072,7 @@ static void __zone_pcp_update(struct zone *zone)
> * pagelist can have before it gets flushed back to buddy allocator.
> */
> int percpu_pagelist_fraction_sysctl_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> struct zone *zone;
> int old_percpu_pagelist_fraction;
> diff --git a/mm/util.c b/mm/util.c
> index 988d11e6c17c..8defc8ec141f 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -717,9 +717,8 @@ int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
> unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */
> unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */
>
> -int overcommit_ratio_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +int overcommit_ratio_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> @@ -729,9 +728,8 @@ int overcommit_ratio_handler(struct ctl_table *table, int write,
> return ret;
> }
>
> -int overcommit_kbytes_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +int overcommit_kbytes_handler(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/mm/vmstat.c b/mm/vmstat.c
> index 96d21a792b57..c03a8c914922 100644
> --- a/mm/vmstat.c
> +++ b/mm/vmstat.c
> @@ -76,7 +76,7 @@ static void invalid_numa_statistics(void)
> static DEFINE_MUTEX(vm_numa_stat_lock);
>
> int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *length, loff_t *ppos)
> + void *buffer, size_t *length, loff_t *ppos)
> {
> int ret, oldval;
>
> @@ -1751,7 +1751,7 @@ static void refresh_vm_stats(struct work_struct *work)
> }
>
> int vmstat_refresh(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> long val;
> int err;
> diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
> index 59980ecfc962..04c3f9a82650 100644
> --- a/net/bridge/br_netfilter_hooks.c
> +++ b/net/bridge/br_netfilter_hooks.c
> @@ -1027,7 +1027,7 @@ int br_nf_hook_thresh(unsigned int hook, struct net *net,
> #ifdef CONFIG_SYSCTL
> static
> int brnf_sysctl_call_tables(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 39d37d0ef575..3f2263e79e4b 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -3379,7 +3379,7 @@ EXPORT_SYMBOL(neigh_app_ns);
> static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
>
> static int proc_unres_qlen(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int size, ret;
> struct ctl_table tmp = *ctl;
> @@ -3443,8 +3443,8 @@ static void neigh_proc_update(struct ctl_table *ctl, int write)
> }
>
> static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp,
> + loff_t *ppos)
> {
> struct ctl_table tmp = *ctl;
> int ret;
> @@ -3457,8 +3457,8 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
> return ret;
> }
>
> -int neigh_proc_dointvec(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
>
> @@ -3467,8 +3467,7 @@ int neigh_proc_dointvec(struct ctl_table *ctl, int write,
> }
> EXPORT_SYMBOL(neigh_proc_dointvec);
>
> -int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
> - void __user *buffer,
> +int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer,
> size_t *lenp, loff_t *ppos)
> {
> int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
> @@ -3479,8 +3478,8 @@ int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
> EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
>
> static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp,
> + loff_t *ppos)
> {
> int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
>
> @@ -3489,8 +3488,7 @@ static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
> }
>
> int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
>
> @@ -3500,8 +3498,8 @@ int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
> EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
>
> static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp,
> + loff_t *ppos)
> {
> int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
>
> @@ -3510,8 +3508,8 @@ static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
> }
>
> static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp,
> + loff_t *ppos)
> {
> struct neigh_parms *p = ctl->extra2;
> int ret;
> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> index 9f9e00ba3ad7..0ddb13a6282b 100644
> --- a/net/core/sysctl_net_core.c
> +++ b/net/core/sysctl_net_core.c
> @@ -45,7 +45,7 @@ EXPORT_SYMBOL(sysctl_devconf_inherit_init_net);
>
> #ifdef CONFIG_RPS
> static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> unsigned int orig_size, size;
> int ret, i;
> @@ -115,8 +115,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
> static DEFINE_MUTEX(flow_limit_update_mutex);
>
> static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct sd_flow_limit *cur;
> struct softnet_data *sd;
> @@ -180,10 +179,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
> }
> if (len < *lenp)
> kbuf[len++] = '\n';
> - if (copy_to_user(buffer, kbuf, len)) {
> - ret = -EFAULT;
> - goto done;
> - }
> + memcpy(buffer, kbuf, len);
> *lenp = len;
> *ppos += len;
> }
> @@ -194,8 +190,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
> }
>
> static int flow_limit_table_len_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> unsigned int old, *ptr;
> int ret;
> @@ -217,7 +212,7 @@ static int flow_limit_table_len_sysctl(struct ctl_table *table, int write,
>
> #ifdef CONFIG_NET_SCHED
> static int set_default_qdisc(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> char id[IFNAMSIZ];
> struct ctl_table tbl = {
> @@ -236,7 +231,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
> #endif
>
> static int proc_do_dev_weight(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> @@ -251,7 +246,7 @@ static int proc_do_dev_weight(struct ctl_table *table, int write,
> }
>
> static int proc_do_rss_key(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table fake_table;
> char buf[NETDEV_RSS_KEY_LEN * 3];
> @@ -264,7 +259,7 @@ static int proc_do_rss_key(struct ctl_table *table, int write,
>
> #ifdef CONFIG_BPF_JIT
> static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int ret, jit_enable = *(int *)table->data;
> @@ -291,8 +286,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write,
> # ifdef CONFIG_HAVE_EBPF_JIT
> static int
> proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
> @@ -303,8 +297,7 @@ proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
>
> static int
> proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
> diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
> index cca7ae712995..65abcf1b3210 100644
> --- a/net/decnet/dn_dev.c
> +++ b/net/decnet/dn_dev.c
> @@ -160,8 +160,8 @@ static int max_t3[] = { 8191 }; /* Must fit in 16 bits when multiplied by BCT3MU
> static int min_priority[1];
> static int max_priority[] = { 127 }; /* From DECnet spec */
>
> -static int dn_forwarding_proc(struct ctl_table *, int,
> - void __user *, size_t *, loff_t *);
> +static int dn_forwarding_proc(struct ctl_table *, int, void *, size_t *,
> + loff_t *);
> static struct dn_dev_sysctl_table {
> struct ctl_table_header *sysctl_header;
> struct ctl_table dn_dev_vars[5];
> @@ -245,8 +245,7 @@ static void dn_dev_sysctl_unregister(struct dn_dev_parms *parms)
> }
>
> static int dn_forwarding_proc(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> #ifdef CONFIG_DECNET_ROUTER
> struct net_device *dev = table->extra1;
> diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
> index 55bf64a22b59..deae519bdeec 100644
> --- a/net/decnet/sysctl_net_decnet.c
> +++ b/net/decnet/sysctl_net_decnet.c
> @@ -134,8 +134,7 @@ static int parse_addr(__le16 *addr, char *str)
> }
>
> static int dn_node_address_handler(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> char addr[DN_ASCBUF_LEN];
> size_t len;
> @@ -148,10 +147,7 @@ static int dn_node_address_handler(struct ctl_table *table, int write,
>
> if (write) {
> len = (*lenp < DN_ASCBUF_LEN) ? *lenp : (DN_ASCBUF_LEN-1);
> -
> - if (copy_from_user(addr, buffer, len))
> - return -EFAULT;
> -
> + memcpy(addr, buffer, len);
> addr[len] = 0;
> strip_it(addr);
>
> @@ -173,11 +169,9 @@ static int dn_node_address_handler(struct ctl_table *table, int write,
> len = strlen(addr);
> addr[len++] = '\n';
>
> - if (len > *lenp) len = *lenp;
> -
> - if (copy_to_user(buffer, addr, len))
> - return -EFAULT;
> -
> + if (len > *lenp)
> + len = *lenp;
> + memcpy(buffer, addr, len);
> *lenp = len;
> *ppos += len;
>
> @@ -185,8 +179,7 @@ static int dn_node_address_handler(struct ctl_table *table, int write,
> }
>
> static int dn_def_dev_handler(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> size_t len;
> struct net_device *dev;
> @@ -201,9 +194,7 @@ static int dn_def_dev_handler(struct ctl_table *table, int write,
> if (*lenp > 16)
> return -E2BIG;
>
> - if (copy_from_user(devname, buffer, *lenp))
> - return -EFAULT;
> -
> + memcpy(devname, buffer, *lenp);
> devname[*lenp] = 0;
> strip_it(devname);
>
> @@ -238,9 +229,7 @@ static int dn_def_dev_handler(struct ctl_table *table, int write,
>
> if (len > *lenp) len = *lenp;
>
> - if (copy_to_user(buffer, devname, len))
> - return -EFAULT;
> -
> + memcpy(buffer, devname, len);
> *lenp = len;
> *ppos += len;
>
> diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
> index 30fa42f5997d..a118978d222c 100644
> --- a/net/ipv4/devinet.c
> +++ b/net/ipv4/devinet.c
> @@ -2361,8 +2361,7 @@ static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
> }
>
> static int devinet_conf_proc(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int old_value = *(int *)ctl->data;
> int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
> @@ -2414,8 +2413,7 @@ static int devinet_conf_proc(struct ctl_table *ctl, int write,
> }
>
> static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int val = *valp;
> @@ -2458,8 +2456,7 @@ static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
> }
>
> static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int val = *valp;
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index 788c69d9bfe0..041f4dcac440 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -3336,8 +3336,7 @@ static int ip_rt_gc_elasticity __read_mostly = 8;
> static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU;
>
> static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = (struct net *)__ctl->extra1;
>
> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
> index 81b267e990a1..868e317cc324 100644
> --- a/net/ipv4/sysctl_net_ipv4.c
> +++ b/net/ipv4/sysctl_net_ipv4.c
> @@ -71,8 +71,7 @@ static void set_local_port_range(struct net *net, int range[2])
>
> /* Validate changes from /proc interface. */
> static int ipv4_local_port_range(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net =
> container_of(table->data, struct net, ipv4.ip_local_ports.range);
> @@ -107,7 +106,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
>
> /* Validate changes from /proc interface. */
> static int ipv4_privileged_ports(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = container_of(table->data, struct net,
> ipv4.sysctl_ip_prot_sock);
> @@ -168,8 +167,7 @@ static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t hig
>
> /* Validate changes from /proc interface. */
> static int ipv4_ping_group_range(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct user_namespace *user_ns = current_user_ns();
> int ret;
> @@ -204,8 +202,7 @@ static int ipv4_ping_group_range(struct ctl_table *table, int write,
> }
>
> static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net;
> int ret;
> @@ -221,7 +218,7 @@ static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
> }
>
> static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = container_of(ctl->data, struct net,
> ipv4.tcp_congestion_control);
> @@ -241,9 +238,8 @@ static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
> }
>
> static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
> - int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
> int ret;
> @@ -258,9 +254,8 @@ static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
> }
>
> static int proc_allowed_congestion_control(struct ctl_table *ctl,
> - int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
> int ret;
> @@ -296,8 +291,7 @@ static int sscanf_key(char *buf, __le32 *key)
> }
>
> static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = container_of(table->data, struct net,
> ipv4.sysctl_tcp_fastopen);
> @@ -399,7 +393,7 @@ static void proc_configure_early_demux(int enabled, int protocol)
> }
>
> static int proc_tcp_early_demux(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret = 0;
>
> @@ -415,7 +409,7 @@ static int proc_tcp_early_demux(struct ctl_table *table, int write,
> }
>
> static int proc_udp_early_demux(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret = 0;
>
> @@ -431,8 +425,7 @@ static int proc_udp_early_demux(struct ctl_table *table, int write,
> }
>
> static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
> - int write,
> - void __user *buffer,
> + int write, void *buffer,
> size_t *lenp, loff_t *ppos)
> {
> struct net *net = container_of(table->data, struct net,
> @@ -447,8 +440,7 @@ static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
> }
>
> static int proc_tcp_available_ulp(struct ctl_table *ctl,
> - int write,
> - void __user *buffer, size_t *lenp,
> + int write, void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
> @@ -466,7 +458,7 @@ static int proc_tcp_available_ulp(struct ctl_table *ctl,
>
> #ifdef CONFIG_IP_ROUTE_MULTIPATH
> static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> struct net *net = container_of(table->data, struct net,
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 24e319dfb510..9d0e89bccb90 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -6108,9 +6108,8 @@ static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
>
> #ifdef CONFIG_SYSCTL
>
> -static
> -int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int val = *valp;
> @@ -6134,9 +6133,8 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
> return ret;
> }
>
> -static
> -int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct inet6_dev *idev = ctl->extra1;
> int min_mtu = IPV6_MIN_MTU;
> @@ -6206,9 +6204,8 @@ static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
> return 0;
> }
>
> -static
> -int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int val = *valp;
> @@ -6232,9 +6229,8 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
> return ret;
> }
>
> -static
> -int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int ret;
> @@ -6275,7 +6271,7 @@ int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
> }
>
> static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int ret = 0;
> @@ -6337,7 +6333,7 @@ static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
> }
>
> static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> + void *buffer, size_t *lenp,
> loff_t *ppos)
> {
> int err;
> @@ -6404,8 +6400,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
>
> static
> int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
> - int write,
> - void __user *buffer,
> + int write, void *buffer,
> size_t *lenp,
> loff_t *ppos)
> {
> @@ -6505,10 +6500,8 @@ int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val)
> return 0;
> }
>
> -static
> -int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> +static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = ctl->data;
> int val = *valp;
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index 1ecd4e9b0bdf..58f1255295d3 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1835,7 +1835,8 @@ static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
> }
> }
>
> -int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
> +int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> {
> struct net_device *dev = ctl->extra1;
> struct inet6_dev *idev;
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index 310cbddaa533..acdb31e38412 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -6088,9 +6088,8 @@ static int rt6_stats_seq_show(struct seq_file *seq, void *v)
>
> #ifdef CONFIG_SYSCTL
>
> -static
> -int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +static int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net;
> int delay;
> diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
> index 63b657aa8d29..fac2135aa47b 100644
> --- a/net/ipv6/sysctl_net_ipv6.c
> +++ b/net/ipv6/sysctl_net_ipv6.c
> @@ -26,8 +26,7 @@ static int auto_flowlabels_min;
> static int auto_flowlabels_max = IP6_AUTO_FLOW_LABEL_MAX;
>
> static int proc_rt6_multipath_hash_policy(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net;
> int ret;
> diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
> index 4701edffb1f7..a42e4ed5ab0e 100644
> --- a/net/mpls/af_mpls.c
> +++ b/net/mpls/af_mpls.c
> @@ -1362,8 +1362,7 @@ static int mpls_netconf_dump_devconf(struct sk_buff *skb,
> (&((struct mpls_dev *)0)->field)
>
> static int mpls_conf_proc(struct ctl_table *ctl, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int oval = *(int *)ctl->data;
> int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
> @@ -2594,7 +2593,7 @@ static int resize_platform_label_table(struct net *net, size_t limit)
> }
>
> static int mpls_platform_labels(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = table->data;
> int platform_labels = net->mpls.platform_labels;
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 8d14a1acbc37..412656c34f20 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -1736,7 +1736,7 @@ static int three = 3;
>
> static int
> proc_do_defense_mode(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct netns_ipvs *ipvs = table->extra2;
> int *valp = table->data;
> @@ -1763,7 +1763,7 @@ proc_do_defense_mode(struct ctl_table *table, int write,
>
> static int
> proc_do_sync_threshold(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = table->data;
> int val[2];
> @@ -1788,7 +1788,7 @@ proc_do_sync_threshold(struct ctl_table *table, int write,
>
> static int
> proc_do_sync_ports(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int *valp = table->data;
> int val = *valp;
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 9b57330c81f8..31b027b12ff3 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -517,7 +517,7 @@ static unsigned int nf_conntrack_htable_size_user __read_mostly;
>
> static int
> nf_conntrack_hash_sysctl(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
> index bb25d4c794c7..6cb9f9474b05 100644
> --- a/net/netfilter/nf_log.c
> +++ b/net/netfilter/nf_log.c
> @@ -414,7 +414,7 @@ static struct ctl_table nf_log_sysctl_ftable[] = {
> };
>
> static int nf_log_proc_dostring(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> const struct nf_logger *logger;
> char buf[NFLOGGER_NAME_LEN];
> diff --git a/net/phonet/sysctl.c b/net/phonet/sysctl.c
> index 251e750fd9aa..0d0bf41381c2 100644
> --- a/net/phonet/sysctl.c
> +++ b/net/phonet/sysctl.c
> @@ -49,8 +49,7 @@ void phonet_get_local_port_range(int *min, int *max)
> }
>
> static int proc_local_port_range(struct ctl_table *table, int write,
> - void __user *buffer,
> - size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
> int range[2] = {local_port_range[0], local_port_range[1]};
> diff --git a/net/rds/tcp.c b/net/rds/tcp.c
> index 66121bc6f34e..46782fac4c16 100644
> --- a/net/rds/tcp.c
> +++ b/net/rds/tcp.c
> @@ -62,8 +62,7 @@ static atomic_t rds_tcp_unloading = ATOMIC_INIT(0);
> static struct kmem_cache *rds_tcp_conn_slab;
>
> static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *fpos);
> + void *buffer, size_t *lenp, loff_t *fpos);
>
> static int rds_tcp_min_sndbuf = SOCK_MIN_SNDBUF;
> static int rds_tcp_min_rcvbuf = SOCK_MIN_RCVBUF;
> @@ -676,8 +675,7 @@ static void rds_tcp_sysctl_reset(struct net *net)
> }
>
> static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *fpos)
> + void *buffer, size_t *lenp, loff_t *fpos)
> {
> struct net *net = current->nsproxy->net_ns;
> int err;
> diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
> index 4740aa70e652..c16c80963e55 100644
> --- a/net/sctp/sysctl.c
> +++ b/net/sctp/sysctl.c
> @@ -43,20 +43,15 @@ static unsigned long max_autoclose_max =
> ? UINT_MAX : MAX_SCHEDULE_TIMEOUT / HZ;
>
> static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> -static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> +static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, void *buffer,
> + size_t *lenp, loff_t *ppos);
> static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
> static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos);
> + void *buffer, size_t *lenp, loff_t *ppos);
>
> static struct ctl_table sctp_table[] = {
> {
> @@ -343,8 +338,7 @@ static struct ctl_table sctp_net_table[] = {
> };
>
> static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = current->nsproxy->net_ns;
> struct ctl_table tbl;
> @@ -389,8 +383,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
> }
>
> static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = current->nsproxy->net_ns;
> unsigned int min = *(unsigned int *) ctl->extra1;
> @@ -418,8 +411,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
> }
>
> static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = current->nsproxy->net_ns;
> unsigned int min = *(unsigned int *) ctl->extra1;
> @@ -447,8 +439,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
> }
>
> static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (write)
> pr_warn_once("Changing rto_alpha or rto_beta may lead to "
> @@ -458,8 +449,7 @@ static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write,
> }
>
> static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct net *net = current->nsproxy->net_ns;
> struct ctl_table tbl;
> diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
> index d75f17b56f0e..999eee1ed61c 100644
> --- a/net/sunrpc/sysctl.c
> +++ b/net/sunrpc/sysctl.c
> @@ -60,7 +60,7 @@ rpc_unregister_sysctl(void)
> }
>
> static int proc_do_xprt(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> char tmpbuf[256];
> size_t len;
> @@ -70,15 +70,15 @@ static int proc_do_xprt(struct ctl_table *table, int write,
> return 0;
> }
> len = svc_print_xprts(tmpbuf, sizeof(tmpbuf));
> - return simple_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
> + return memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
> }
>
> static int
> -proc_dodebug(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> +proc_dodebug(struct ctl_table *table, int write, void *buffer, size_t *lenp,
> + loff_t *ppos)
> {
> - char tmpbuf[20], c, *s = NULL;
> - char __user *p;
> + char tmpbuf[20], *s = NULL;
> + char *p;
> unsigned int value;
> size_t left, len;
>
> @@ -90,18 +90,17 @@ proc_dodebug(struct ctl_table *table, int write,
> left = *lenp;
>
> if (write) {
> - if (!access_ok(buffer, left))
> - return -EFAULT;
> p = buffer;
> - while (left && __get_user(c, p) >= 0 && isspace(c))
> - left--, p++;
> + while (left && isspace(*p)) {
> + left--;
> + p++;
> + }
> if (!left)
> goto done;
>
> if (left > sizeof(tmpbuf) - 1)
> return -EINVAL;
> - if (copy_from_user(tmpbuf, p, left))
> - return -EFAULT;
> + memcpy(tmpbuf, p, left);
> tmpbuf[left] = '\0';
>
> value = simple_strtol(tmpbuf, &s, 0);
> @@ -121,11 +120,9 @@ proc_dodebug(struct ctl_table *table, int write,
> len = sprintf(tmpbuf, "0x%04x", *(unsigned int *) table->data);
> if (len > left)
> len = left;
> - if (copy_to_user(buffer, tmpbuf, len))
> - return -EFAULT;
> + memcpy(buffer, tmpbuf, len);
> if ((left -= len) > 0) {
> - if (put_user('\n', (char __user *)buffer + len))
> - return -EFAULT;
> + *((char *)buffer + len) = '\n';
> left--;
> }
> }
> diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
> index 97bca509a391..526da5d4710b 100644
> --- a/net/sunrpc/xprtrdma/svc_rdma.c
> +++ b/net/sunrpc/xprtrdma/svc_rdma.c
> @@ -80,8 +80,7 @@ atomic_t rdma_stat_sq_prod;
> * current value.
> */
> static int read_reset_stat(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp,
> - loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> atomic_t *stat = (atomic_t *)table->data;
>
> @@ -103,8 +102,8 @@ static int read_reset_stat(struct ctl_table *table, int write,
> len -= *ppos;
> if (len > *lenp)
> len = *lenp;
> - if (len && copy_to_user(buffer, str_buf, len))
> - return -EFAULT;
> + if (len)
> + memcpy(buffer, str_buf, len);
> *lenp = len;
> *ppos += len;
> }
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index b621ad74f54a..27e371b44dad 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -1696,7 +1696,7 @@ static int __init alloc_buffers(void)
>
> #ifdef CONFIG_SYSCTL
> static int apparmor_dointvec(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> if (!policy_admin_capable(NULL))
> return -EPERM;
> diff --git a/security/min_addr.c b/security/min_addr.c
> index 94d2b0cf0e7b..88c9a6a21f47 100644
> --- a/security/min_addr.c
> +++ b/security/min_addr.c
> @@ -30,7 +30,7 @@ static void update_mmap_min_addr(void)
> * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
> */
> int mmap_min_addr_handler(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> int ret;
>
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index 94dc346370b1..536c99646f6a 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -430,7 +430,7 @@ static struct security_hook_list yama_hooks[] __lsm_ro_after_init = {
>
> #ifdef CONFIG_SYSCTL
> static int yama_dointvec_minmax(struct ctl_table *table, int write,
> - void __user *buffer, size_t *lenp, loff_t *ppos)
> + void *buffer, size_t *lenp, loff_t *ppos)
> {
> struct ctl_table table_copy;
>
> --
> 2.25.1
>
--
Andrey Ignatov