sysctl: Do not serialize requests when running as root
Bugs or unexpected behaviour can cause a user thread to block in a sysctl handler for a long time. "procstat -kka" is the most useful tool to see why this might happen, but it can block on sysctlmemlock too. Since the purpose of this lock is merely to ensure userspace can't wire too much memory, don't require it for requests from privileged threads. PR: 282994 Reviewed by: kib, jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D47842
This commit is contained in:
@@ -2516,8 +2516,9 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
|
||||
size_t *oldlenp, int inkernel, const void *new, size_t newlen,
|
||||
size_t *retval, int flags)
|
||||
{
|
||||
int error = 0, memlocked;
|
||||
struct sysctl_req req;
|
||||
int error = 0;
|
||||
bool memlocked;
|
||||
|
||||
bzero(&req, sizeof req);
|
||||
|
||||
@@ -2549,9 +2550,10 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
|
||||
if (KTRPOINT(curthread, KTR_SYSCTL))
|
||||
ktrsysctl(name, namelen);
|
||||
#endif
|
||||
memlocked = 0;
|
||||
if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) {
|
||||
memlocked = 1;
|
||||
memlocked = false;
|
||||
if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 &&
|
||||
req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) {
|
||||
memlocked = true;
|
||||
sx_xlock(&sysctlmemlock);
|
||||
}
|
||||
CURVNET_SET(TD_TO_VNET(td));
|
||||
|
||||
@@ -211,6 +211,7 @@
|
||||
#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
|
||||
#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
|
||||
#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
|
||||
#define PRIV_SYSCTL_MEMLOCK 243 /* Large requests are not serialized. */
|
||||
|
||||
/*
|
||||
* TTY privileges.
|
||||
|
||||
Reference in New Issue
Block a user