From nobody Sat Dec 21 19:26:57 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YFvRk22MVz5WyCs; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YFvRk0nzYz4jwP; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2xV99gcERb0zwi0gMCwDOj7ArMpUqd2Lc3dYf9V4ffE=; b=AMAEwglP/6e30fKeGfznP2yfVFmZPySVWI8NlqSeAAGdL/JRq8ZCmWwudQW/yUKGiVujnz GEGPvWlEnaZkEiqcHCOQOeKW3dpiW1Rn1f+Wq+x+tif6v94slCpR4sHVb1Qr2OzILjVhna 13KsSB1jg6etsq7BMJgXHSSu8kctvhU8e7J3Tpa/JioVW950TK9AslKY1N9VcghyF1JJrd sr0Rp/I7VemYEfcub28TG3NbA55CSNt0ZdwejKyGxzI4RyE3J7dJsRWmEhIk+g82iFjkFt mrUz/emwWs9GfHgAzXATBzCL0BHKceij2j5WPCSQDaVFzNbyERkdB7gx1+wcsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734809218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2xV99gcERb0zwi0gMCwDOj7ArMpUqd2Lc3dYf9V4ffE=; b=shCZQA/Li1N/yqEVUetD3pVCbHr3phrKEJcQugXLfBKpyZpqwp85zN5Fo4a5QxU8Ut6+Rm /lax8eijBujckYueOeWftm2BlziajAkifMzxtp/sgf3voZXfxi7+BENjY6IWRmZIdnl2P9 m3sBdXqYiGT6ac2Rw/3f18K6RhNUuj8i4imduuLEjmA6idkQFLVetx9Ux+cCvR8X4jkBr6 NhZQDPXRP9LFA1NNLp+8fwdV2+NOBNjDfbxLwrwDxZpM04UrG7e2BXNMj3p28aKAVJ0p7c tMK1fbx5ueBtPpRmhM5Dg6wp/7Z7OOkoDGxV5r+/f17ggomkug2S2LbxzMUTSw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734809218; a=rsa-sha256; cv=none; b=Y6TEjYKioSG05BnUCzpQYQjQ6q7/ErHzHLVftZ1Gq2wi10N5SSJq3KFRMNb58D1MauKXc9 UV3Gh+yDzchD01evWDdIYmYMVTvpcl/ME6KJQgmiCvowdrtCsrq6EgDi3oDWPEh7bmduZ+ lk1jUpqoBO9JwEYmcwMwGU3pgXOVTiTVT3X0PQgWHXuGVdqkmkskAxFqUKTvr5SsCFXUZj iG3ZJOcBZuPhY2IfYJ8loKRuNIBJxotv5UPu77rInHMczSXB+vnyTFkwnV+RGloB5sI8gc 96OYbl5ddbDXq4o5rhueylxf/UcWTfYUXStT2nSnJo26pxyc1Bd/2ZCHEctETA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YFvRk03Qvzd3x; Sat, 21 Dec 2024 19:26:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BLJQvcm033200; Sat, 21 Dec 2024 19:26:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BLJQvgQ033197; Sat, 21 Dec 2024 19:26:57 GMT (envelope-from git) Date: Sat, 21 Dec 2024 19:26:57 GMT Message-Id: <202412211926.4BLJQvgQ033197@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 7d1d9cc440f8 - main - sysctl: Do not serialize requests when running as root List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d commit 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d Author: Mark Johnston AuthorDate: 2024-12-21 19:25:32 +0000 Commit: Mark Johnston CommitDate: 2024-12-21 19:25:32 +0000 sysctl: Do not serialize requests when running as root Bugs or unexpected behaviour can cause a user thread to block in a sysctl handler for a long time. "procstat -kka" is the most useful tool to see why this might happen, but it can block on sysctlmemlock too. Since the purpose of this lock is merely to ensure userspace can't wire too much memory, don't require it for requests from privileged threads. PR: 282994 Reviewed by: kib, jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47842 --- sys/kern/kern_sysctl.c | 10 ++++++---- sys/sys/priv.h | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index e139d9c39181..9d824fbd3cbd 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -2516,8 +2516,9 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, const void *new, size_t newlen, size_t *retval, int flags) { - int error = 0, memlocked; struct sysctl_req req; + int error = 0; + bool memlocked; bzero(&req, sizeof req); @@ -2549,9 +2550,10 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, if (KTRPOINT(curthread, KTR_SYSCTL)) ktrsysctl(name, namelen); #endif - memlocked = 0; - if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) { - memlocked = 1; + memlocked = false; + if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 && + req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) { + memlocked = true; sx_xlock(&sysctlmemlock); } CURVNET_SET(TD_TO_VNET(td)); diff --git a/sys/sys/priv.h b/sys/sys/priv.h index b570e4d7884a..9a1886454d86 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -211,6 +211,7 @@ #define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */ #define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */ #define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */ +#define PRIV_SYSCTL_MEMLOCK 243 /* Large requests are not serialized. */ /* * TTY privileges.