sysctl: Do not serialize requests when running as root

Bugs or unexpected behaviour can cause a user thread to block in a
sysctl handler for a long time.  "procstat -kka" is the most useful tool
to see why this might happen, but it can block on sysctlmemlock too.

Since the purpose of this lock is merely to ensure userspace can't wire
too much memory, don't require it for requests from privileged threads.

PR:		282994
Reviewed by:	kib, jhb
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D47842
This commit is contained in:
Mark Johnston
2024-12-21 19:25:32 +00:00
parent 8cf955f3f4
commit 7d1d9cc440
2 changed files with 7 additions and 4 deletions
+6 -4
View File
@@ -2516,8 +2516,9 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
size_t *oldlenp, int inkernel, const void *new, size_t newlen,
size_t *retval, int flags)
{
int error = 0, memlocked;
struct sysctl_req req;
int error = 0;
bool memlocked;
bzero(&req, sizeof req);
@@ -2549,9 +2550,10 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
if (KTRPOINT(curthread, KTR_SYSCTL))
ktrsysctl(name, namelen);
#endif
memlocked = 0;
if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) {
memlocked = 1;
memlocked = false;
if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 &&
req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) {
memlocked = true;
sx_xlock(&sysctlmemlock);
}
CURVNET_SET(TD_TO_VNET(td));
+1
View File
@@ -211,6 +211,7 @@
#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
#define PRIV_SYSCTL_MEMLOCK 243 /* Large requests are not serialized. */
/*
* TTY privileges.