git: 13a5a46c49d0 - main - Fix new users of MAXPHYS and hide it from the kernel namespace

From: Andrew Gallatin <gallatin_at_FreeBSD.org>
Date: Tue, 30 Apr 2024 19:30:10 UTC
The branch main has been updated by gallatin:

URL: https://cgit.FreeBSD.org/src/commit/?id=13a5a46c49d0ec3e10e5476ad763947f165052e2

commit 13a5a46c49d0ec3e10e5476ad763947f165052e2
Author:     Andrew Gallatin <gallatin@FreeBSD.org>
AuthorDate: 2024-04-29 23:11:56 +0000
Commit:     Andrew Gallatin <gallatin@FreeBSD.org>
CommitDate: 2024-04-30 19:29:06 +0000

    Fix new users of MAXPHYS and hide it from the kernel namespace
    
    In cd8537910406, kib made maxphys a load-time tunable.  This made
    the #define MAXPHYS in sys/param.h  almost entirely obsolete, as
    it could now be overridden by kern.maxphys at boot time, or by
    opt_maxphys.h.
    
    However, decades of tradition have led to several new, incorrect, uses
    of MAXPHYS in other parts of the kernel, mostly by seasoned
    developers.  I've corrected those uses here in a mechanical fashion,
    and verified that it fixes a bug in the md driver that I was
    experiencing.
    
    Since using MAXPHYS is such an easy mistake to make, it is best to
    hide it from the kernel namespace.  So I've moved its definition to
    _maxphys.h, which is now included in param.h only for userspace.
    
    That brings up the fact that lots of userspace programs use MAXPHYS
    for different reasons, most of them probably wrong.  Userspace consumers
    that really need to know the value of maxphys should probably be
    changed to use the kern.maxphys sysctl.  But that's outside the scope
    of this change.
    
    Reviewed by: imp, jkim, kib, markj
    Fixes: 30038a8b4efc ("md: Get rid of the pbuf zone")
    Sponsored by: Netflix
    Differential Revision: https://reviews.freebsd.org/D44986
---
 sys/compat/linux/linux_socket.c |  2 +-
 sys/dev/md/md.c                 |  6 +++---
 sys/dev/rtsx/rtsx.c             |  4 ++--
 sys/kern/subr_param.c           |  1 +
 sys/sys/_maxphys.h              | 10 ++++++++++
 sys/sys/param.h                 |  8 +-------
 6 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index 36cffc979802..15431bf3127c 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -2468,7 +2468,7 @@ sendfile_fallback(struct thread *td, struct file *fp, l_int out,
 		out_offset = 0;
 
 	flags = FOF_OFFSET | FOF_NOUPDATE;
-	bufsz = min(count, MAXPHYS);
+	bufsz = min(count, maxphys);
 	buf = malloc(bufsz, M_LINUX, M_WAITOK);
 	bytes_sent = 0;
 	while (bytes_sent < count) {
diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c
index 27e63363767c..241517898ad4 100644
--- a/sys/dev/md/md.c
+++ b/sys/dev/md/md.c
@@ -965,7 +965,7 @@ unmapped_step:
 		    PAGE_MASK))));
 		iolen = min(ptoa(npages) - (ma_offs & PAGE_MASK), len);
 		KASSERT(iolen > 0, ("zero iolen"));
-		KASSERT(npages <= atop(MAXPHYS + PAGE_SIZE),
+		KASSERT(npages <= atop(maxphys + PAGE_SIZE),
 		    ("npages %d too large", npages));
 		pmap_qenter(sc->kva, &bp->bio_ma[atop(ma_offs)], npages);
 		aiov.iov_base = (void *)(sc->kva + (ma_offs & PAGE_MASK));
@@ -1487,7 +1487,7 @@ mdcreate_vnode(struct md_s *sc, struct md_req *mdr, struct thread *td)
 		goto bad;
 	}
 
-	sc->kva = kva_alloc(MAXPHYS + PAGE_SIZE);
+	sc->kva = kva_alloc(maxphys + PAGE_SIZE);
 	return (0);
 bad:
 	VOP_UNLOCK(nd.ni_vp);
@@ -1547,7 +1547,7 @@ mddestroy(struct md_s *sc, struct thread *td)
 	if (sc->uma)
 		uma_zdestroy(sc->uma);
 	if (sc->kva)
-		kva_free(sc->kva, MAXPHYS + PAGE_SIZE);
+		kva_free(sc->kva, maxphys + PAGE_SIZE);
 
 	LIST_REMOVE(sc, list);
 	free_unr(md_uh, sc->unit);
diff --git a/sys/dev/rtsx/rtsx.c b/sys/dev/rtsx/rtsx.c
index 464a155e66c2..a2f124f6c30d 100644
--- a/sys/dev/rtsx/rtsx.c
+++ b/sys/dev/rtsx/rtsx.c
@@ -311,7 +311,7 @@ static int	rtsx_resume(device_t dev);
 #define	RTSX_DMA_ALIGN		4
 #define	RTSX_HOSTCMD_MAX	256
 #define	RTSX_DMA_CMD_BIFSIZE	(sizeof(uint32_t) * RTSX_HOSTCMD_MAX)
-#define	RTSX_DMA_DATA_BUFSIZE	MAXPHYS
+#define	RTSX_DMA_DATA_BUFSIZE	maxphys
 
 #define	ISSET(t, f) ((t) & (f))
 
@@ -2762,7 +2762,7 @@ rtsx_xfer(struct rtsx_softc *sc, struct mmc_command *cmd)
 			      (unsigned long)cmd->data->len, (unsigned long)cmd->data->xfer_len);
 
 	if (cmd->data->len > RTSX_DMA_DATA_BUFSIZE) {
-		device_printf(sc->rtsx_dev, "rtsx_xfer() length too large: %ld > %d\n",
+		device_printf(sc->rtsx_dev, "rtsx_xfer() length too large: %ld > %ld\n",
 			      (unsigned long)cmd->data->len, RTSX_DMA_DATA_BUFSIZE);
 		cmd->error = MMC_ERR_INVALID;
 		return (MMC_ERR_INVALID);
diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
index 2a721c3c113f..ea5e8d02be2b 100644
--- a/sys/kern/subr_param.c
+++ b/sys/kern/subr_param.c
@@ -41,6 +41,7 @@
 #include "opt_maxusers.h"
 
 #include <sys/param.h>
+#include <sys/_maxphys.h>
 #include <sys/systm.h>
 #include <sys/buf.h>
 #include <sys/kernel.h>
diff --git a/sys/sys/_maxphys.h b/sys/sys/_maxphys.h
new file mode 100644
index 000000000000..48cfc4a054ff
--- /dev/null
+++ b/sys/sys/_maxphys.h
@@ -0,0 +1,10 @@
+/*-
+ * This file is in the public domain.
+ */
+#ifndef MAXPHYS
+#ifdef __ILP32__
+#define MAXPHYS		(128 * 1024)
+#else
+#define MAXPHYS		(1024 * 1024)
+#endif
+#endif
diff --git a/sys/sys/param.h b/sys/sys/param.h
index 7a091add62f3..e10b4f506520 100644
--- a/sys/sys/param.h
+++ b/sys/sys/param.h
@@ -161,6 +161,7 @@
 #include <machine/param.h>
 #ifndef _KERNEL
 #include <sys/limits.h>
+#include <sys/_maxphys.h>
 #endif
 
 #ifndef DEV_BSHIFT
@@ -174,13 +175,6 @@
 #ifndef DFLTPHYS
 #define DFLTPHYS	(64 * 1024)	/* default max raw I/O transfer size */
 #endif
-#ifndef MAXPHYS				/* max raw I/O transfer size */
-#ifdef __ILP32__
-#define MAXPHYS		(128 * 1024)
-#else
-#define MAXPHYS		(1024 * 1024)
-#endif
-#endif
 #ifndef MAXDUMPPGS
 #define MAXDUMPPGS	(DFLTPHYS/PAGE_SIZE)
 #endif